Detailed Action
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This is the initial office action that has been issued in response to patent application, 16/643,891, filed on 03/03/2020. Claims 38-57, as originally filed, are currently pending and have been considered below. Claim 38, 54 and 57 are independent claim. Claims 1-37 are cancelled.

Priority
The application is a 371 of PCT/EP2017/072589 filed on 09/08/2017. 

Drawings
The drawings filed on 03/03/2020 are accepted by the examiner.

Information Disclosure Statement
The information disclosure statements (IDS's) submitted on 03/03/2020 is in compliance with provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claim 38-57 are rejected under 35 U.S.C. 103 as being unpatentable over Aziz (US Patent Application No 8,561,177 B1) in view of Muttik (US Patent Application Publication No 2016/0330172 A1). 

Regarding Claim 38, Aziz discloses a method, in a network node, of re-establishing a connection between a user controller device and a wireless device in a wireless communications network (Aziz, col 13, line 5-15, the interceptor module can manipulate the DHCP server to configure the bot server with a gateway IP address which is the same as the controller’s IP address to send all network data to the controller); 
wherein the wireless device has been corrupted such that it will only accept communications which appear to originate from an attacking controller device (Aziz, col 4, line 55-65, the bot server may attempt to control the network device by transmitting instructions or a bot to the network device), the method comprising: 
obtaining attacker information based on intercepted communications between the wireless device and the attacking controller device (Aziz, col 5, line 5-30, the tap 120 may comprise a digital data tap configured to monitor data and provide a copy of the network data to the controller 125. The bot server transmits metadata which is captured by the tap. Col 5, line 50-60, the controller 125 receives network data over the tap 120. If the controller 125 detects commands within network data that potentially establishes a C&C communications channel, the controller 125 may intercept the associated network data).
Aziz does not explicitly discuss the following limitation that Muttik teaches: 
wherein the attacker information can be used to modify communications such that modified communications mimic communications from the attacking controller device (Muttik, Fig-3, ¶[0054]- ¶[0059], at 312, client device 130 can send a response with authorization information provided by the user. Proxy 140 intercepts the response and determines whether the authorization information is valid and if it is valid proxy can obtain the requested private data items from data store. At 314, proxy can insert the private data items directly into the original HTML web page from server. At 316, proxy can upload the completed HTML web page to server 120); 
modifying user communications from the user controller device to the wireless device with the attacker information (Muttik, Fig-3, ¶[0058]- ¶[0059], at 312, client device 130 can send a response with authorization information provided by the user. Proxy 140 intercepts the response and determines whether the authorization information is valid and if it is valid proxy can obtain the requested private data items from data store. At 314, proxy can insert the private data items directly into the original HTML web page from server. At 316, proxy can upload the completed HTML web page to server 120); and 
sending the modified user communications to the wireless device (Muttik, Fig-3, ¶[0058]- ¶[0059], at 312, client device 130 can send a response with authorization information provided by the user. Proxy 140 intercepts the response and determines whether the authorization information is valid and if it is valid proxy can obtain the requested private data items from data store. At 314, proxy can insert the private data items directly into the original HTML web page from server. At 316, proxy can upload the completed HTML web page to server 120). 
Aziz in view of Muttik are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “wireless communication and synchronization between server and client”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Aziz in view of Muttik to include the idea of providing a secure proxy to protect data in network. The modification will reduce any fraudulent user to get access to the designated network. 

Regarding Claim 39, Aziz in view of Muttik discloses the method of claim 38, further comprising intercepting communications between the wireless device and the attacking controller device (Aziz, col 5, line 5-30, the tap 120 may comprise a digital data tap configured to monitor data and provide a copy of the network data to the controller 125. The bot server transmits metadata which is captured by the tap. Col 5, line 50-60, the controller 125 receives network data over the tap 120. If the controller 125 detects commands within network data that potentially establishes a C&C communications channel, the controller 125 may intercept the associated network data).

Regarding Claim 40, Aziz in view of Muttik discloses the method of claim 39, wherein the intercepting comprises routing all communications to and from the wireless device to a predetermined network gateway (Aziz, col 12, line 35-45, the interceptor module can provide the intercepted data to the heuristic module for analysis to detect any malware attack. Also Muttik, Fig-1, proxy, element 140).
 
Regarding Claim 41, Aziz in view of Muttik discloses the method of claim 40, wherein the network node comprises the predetermined network gateway (Aziz, col 5, line 5-30, the tap 120 may comprise a digital data tap configured to monitor data and provide a copy of the network data to the controller 125. The bot server transmits metadata which is captured by the tap. Col 5, line 50-60, the controller 125 receives network data over the tap 120. If the controller 125 detects commands within network data that potentially establishes a C&C communications channel, the controller 125 may intercept the associated network data. Also Muttik, Fig-1, proxy, element 140). 

Regarding Claim 42, Aziz in view of Muttik discloses the method of claim 40, further comprising terminating traffic between the wireless device and the attacking controller device in the predetermined network gateway (Aziz, col 12, line 40-45, if a malware attack is detected within the intercepted data, the unauthorized activity signature may be generated by the signature module and transmitted to the controller. Col 17, line 1-10, nodes that are observed to be actively propagating an infection may be placed in a red category).

Regarding Claim 43, Aziz in view of Muttik discloses the method of claim 40, wherein the predetermined network gateway is a packet data gateway (Aziz, col 5, line 15-20, the tap 120 can receive and copy any number of data packets of the network data. The tap can monitor and copy data transmitted from multiple devices).
 
Regarding Claim 44, Aziz in view of Muttik discloses the method of claim 40, further comprising receiving the intercepted communications from the predetermined network gateway (Aziz, col 12, line 35-45, the interceptor module can provide the intercepted data to the heuristic module for analysis to detect any malware attack. Also Muttik, Fig-1, proxy, element 140).

Regarding Claim 45, Aziz in view of Muttik discloses the method of claim 38, further comprising analyzing the intercepted communications to generate the attacker information (Aziz, col 12, line 35-45, the interceptor module can provide the intercepted data to the heuristic module for analysis to detect any malware attack. Also Muttik, Fig-1, proxy, element 140). 

Regarding Claim 46, Aziz in view of Muttik discloses the method of claim 38, further comprising: 
receiving an attacking communication from the attacking controller device (Aziz, col 5, line 5-30, the tap 120 may comprise a digital data tap configured to monitor data and provide a copy of the network data to the controller 125. The bot server transmits metadata which is captured by the tap. Col 5, line 50-60, the controller 125 receives network data over the tap 120. If the controller 125 detects commands within network data that potentially establishes a C&C communications channel, the controller 125 may intercept the associated network data); and 
responding to the attacking communication as a virtual wireless device with an appropriate response related to the received attacking communication (Muttik, Fig-3, ¶[0054]- ¶[0059], at 312, client device 130 can send a response with authorization information provided by the user. Proxy 140 intercepts the response and determines whether the authorization information is valid and if it is valid proxy can obtain the requested private data items from data store. At 314, proxy can insert the private data items directly into the original HTML web page from server. At 316, proxy can upload the completed HTML web page to server 120).

Regarding Claim 47, Aziz in view of Muttik discloses the method of claim 38, wherein the obtaining comprises determining, from the intercepted communications, a source address of the attacking controller device (Muttik, Fig-3, ¶[0054]- ¶[0059], at 312, client device 130 can send a response with authorization information provided by the user. Proxy 140 intercepts the response and determines whether the authorization information is valid and if it is valid proxy can obtain the requested private data items from data store. At 314, proxy can insert the private data items directly into the original HTML web page from server. At 316, proxy can upload the completed HTML web page to server 120). 

Regarding Claim 48, Aziz in view of Muttik discloses the method of claim 47, wherein the modifying comprises replacing a source address of the user controller device with the determined source address of the attacking controller device in the modified user communications (Muttik, Fig-3, ¶[0054]- ¶[0059], at 312, client device 130 can send a response with authorization information provided by the user. Proxy 140 intercepts the response and determines whether the authorization information is valid and if it is valid proxy can obtain the requested private data items from data store. At 314, proxy can insert the private data items directly into the original HTML web page from server. At 316, proxy can upload the completed HTML web page to server 120).

Regarding Claim 49, Aziz in view of Muttik discloses the method of claim 38, further comprising analyzing the intercepted communications to determine an encryption model to be used to mimic attacking communications from the attacking controller device (Aziz, col 10, line 45-50, transmission of unencrypted or decrypted network data between the bot server and the network device is simulated. Also Muttik, ¶[0016], communication between a client device and server is encrypted).

Regarding Claim 50, Aziz in view of Muttik discloses the method of claim 38, further comprising: 
transmitting the intercepted communications to an analyzing node (Aziz, col 12, line 35-45, the interceptor module can provide the intercepted data to the heuristic module for analysis to detect any malware attack. Also Muttik, Fig-1, proxy, element 140); and
receiving the attacker information from the analyzing node (Aziz, col 5, line 5-30, the tap 120 may comprise a digital data tap configured to monitor data and provide a copy of the network data to the controller 125. The bot server transmits metadata which is captured by the tap. Col 5, line 50-60, the controller 125 receives network data over the tap 120. If the controller 125 detects commands within network data that potentially establishes a C&C communications channel, the controller 125 may intercept the associated network data).

Regarding Claim 51, Aziz in view of Muttik discloses the method of claim 38, further comprising: 
identifying, in the intercepted communications, a trigger signal necessary to maintain proper operation of the wireless device; and transmitting a signal derived from the trigger signal to the wireless device (Aziz, col 12, line 40-45, if a malware attack is detected within the intercepted data, the unauthorized activity signature may be generated by the signature module and transmitted to the controller. Col 17, line 1-10, nodes that are observed to be actively propagating an infection may be placed in a red category).

Regarding Claim 52, Aziz in view of Muttik discloses the method of claim 51, wherein the transmitting comprises forwarding the trigger signal to the wireless device (Aziz, col 12, line 40-45, if a malware attack is detected within the intercepted data, the unauthorized activity signature may be generated by the signature module and transmitted to the controller. Col 17, line 1-10, nodes that are observed to be actively propagating an infection may be placed in a red category).

Regarding Claim 53, Aziz in view of Muttik discloses the method of claim 38, further comprising performing the obtaining, the modifying, and the sending in response to obtaining user authentication confirming that a user of the user controller device is the rightful owner of the wireless device (Muttik, Fig-3, ¶[0054]- ¶[0059], at 312, client device 130 can send a response with authorization information provided by the user. Proxy 140 intercepts the response and determines whether the authorization information is valid and if it is valid proxy can obtain the requested private data items from data store. At 314, proxy can insert the private data items directly into the original HTML web page from server. At 316, proxy can upload the completed HTML web page to server 120).

Regarding Claim 54, Aziz discloses a network node for re-establishing a connection between a user controller device and a wireless device in a wireless communications network (Aziz, col 13, line 5-15, the interceptor module can manipulate the DHCP server to configure the bot server with a gateway IP address which is the same as the controller’s IP address to send all network data to the controller); 
wherein the wireless device has been corrupted such that it will only accept communications which appear to originate from an attacking controller device (Aziz, col 4, line 55-65, the bot server may attempt to control the network device by transmitting instructions or a bot to the network device); 
the network node comprising: 
processing circuitry (Aziz, Fig-6, element 600); 
memory containing instructions executable by the processing circuitry whereby the network node is operative to (Aziz, Fig-6, memory, 605): 
obtain attacker information based on intercepted communications between the wireless device and the attacking controller device (Aziz, col 5, line 5-30, the tap 120 may comprise a digital data tap configured to monitor data and provide a copy of the network data to the controller 125. The bot server transmits metadata which is captured by the tap. Col 5, line 50-60, the controller 125 receives network data over the tap 120. If the controller 125 detects commands within network data that potentially establishes a C&C communications channel, the controller 125 may intercept the associated network data), 
Aziz does not explicitly discuss the following limitation that Muttik teaches: 
wherein the attacker information can be used to modify communications such that modified communications mimic communications from the attacking controller device (Muttik, Fig-3, ¶[0054]- ¶[0059], at 312, client device 130 can send a response with authorization information provided by the user. Proxy 140 intercepts the response and determines whether the authorization information is valid and if it is valid proxy can obtain the requested private data items from data store. At 314, proxy can insert the private data items directly into the original HTML web page from server. At 316, proxy can upload the completed HTML web page to server 120); 
modify user communications from the user controller device to the wireless device with the attacker information (Muttik, Fig-3, ¶[0058]- ¶[0059], at 312, client device 130 can send a response with authorization information provided by the user. Proxy 140 intercepts the response and determines whether the authorization information is valid and if it is valid proxy can obtain the requested private data items from data store. At 314, proxy can insert the private data items directly into the original HTML web page from server. At 316, proxy can upload the completed HTML web page to server 120); and 
send the modified user communications to the wireless device (Muttik, Fig-3, ¶[0058]- ¶[0059], at 312, client device 130 can send a response with authorization information provided by the user. Proxy 140 intercepts the response and determines whether the authorization information is valid and if it is valid proxy can obtain the requested private data items from data store. At 314, proxy can insert the private data items directly into the original HTML web page from server. At 316, proxy can upload the completed HTML web page to server 120).
Aziz in view of Muttik are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “wireless communication and synchronization between server and client”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Aziz in view of Muttik to include the idea of providing a secure proxy to protect data in network. The modification will reduce any fraudulent user to get access to the designated network.

Regarding Claim 55, Aziz in view of Muttik discloses the network node of claim 54, wherein the instructions are such that the network node is operative to intercept communications between the wireless device and the attacking controller device (Aziz, col 5, line 5-30, the tap 120 may comprise a digital data tap configured to monitor data and provide a copy of the network data to the controller 125. The bot server transmits metadata which is captured by the tap. Col 5, line 50-60, the controller 125 receives network data over the tap 120. If the controller 125 detects commands within network data that potentially establishes a C&C communications channel, the controller 125 may intercept the associated network data).

Regarding Claim 56, Aziz in view of Muttik discloses the network node of claim 54, wherein the instructions are such that the network node is operative to analyze the intercepted communications to generate the attacker information (Aziz, col 12, line 35-45, the interceptor module can provide the intercepted data to the heuristic module for analysis to detect any malware attack. Also Muttik, Fig-1, proxy, element 140).

Regarding Claim 57, Aziz discloses a non-transitory computer readable recording medium storing a computer program product for controlling a network node for re-establishing a connection between a user controller device and a wireless device in a wireless communications network (Aziz, col 13, line 5-15, the interceptor module can manipulate the DHCP server to configure the bot server with a gateway IP address which is the same as the controller’s IP address to send all network data to the controller); 
wherein the wireless device has been corrupted such that it will only accept communications which appear to originate from an attacking controller device (Aziz, col 4, line 55-65, the bot server may attempt to control the network device by transmitting instructions or a bot to the network device); 
the computer program product comprising program instructions which, when run on processing circuitry of the network node, causes the network node to: 
obtain attacker information based on intercepted communications between the wireless device and the attacking controller device, wherein the attacker information can be used to modify communications such that modified communications mimic communications from the attacking controller device (Aziz, col 5, line 5-30, the tap 120 may comprise a digital data tap configured to monitor data and provide a copy of the network data to the controller 125. The bot server transmits metadata which is captured by the tap. Col 5, line 50-60, the controller 125 receives network data over the tap 120. If the controller 125 detects commands within network data that potentially establishes a C&C communications channel, the controller 125 may intercept the associated network data).
Aziz does not explicitly discuss the following limitation that Muttik teaches:  
modify user communications from the user controller device to the wireless device with the attacker information (Muttik, Fig-3, ¶[0054]- ¶[0059], at 312, client device 130 can send a response with authorization information provided by the user. Proxy 140 intercepts the response and determines whether the authorization information is valid and if it is valid proxy can obtain the requested private data items from data store. At 314, proxy can insert the private data items directly into the original HTML web page from server. At 316, proxy can upload the completed HTML web page to server 120); and 
send the modified user communications to the wireless device (Muttik, Fig-3, ¶[0054]- ¶[0059], at 312, client device 130 can send a response with authorization information provided by the user. Proxy 140 intercepts the response and determines whether the authorization information is valid and if it is valid proxy can obtain the requested private data items from data store. At 314, proxy can insert the private data items directly into the original HTML web page from server. At 316, proxy can upload the completed HTML web page to server 120).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-Form 892).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WASIKA NIPA whose telephone number is (571)272-8923.  The examiner can normally be reached on M-F, 8 am to 5 pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/WASIKA NIPA/           Primary Examiner, Art Unit 2433