Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority
This application claims priority to and the benefit of Korean Patent Applications, No. 10-2019-0027801 filed on Mar. 11, 2019 and No. 10-2019-0034594 filed on Mar. 26, 2019, the disclosures of which are incorporated herein by reference in its entirety.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 03/10/2020 and 02/18/2021 were filed along and after the mailing date of the Non-Provisional Patent Application on 03/10/2020. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
DETAILED ACTION
This Office Action is in response to a Non-Provisional Patent Application filed on 03/10/2020. In the application, claims 1-20 have been received for consideration and have been examined. 
Drawings
Applicant’s submitted drawings on 03/10/2020 have been reviewed and have been accepted.


Specification
Applicant’s submitted specification on 03/10/2020 has been reviewed and has been accepted.
Preliminary Amendments
Applicant’s submission of Preliminary Amendments to claims on 05/25/2022 have been entered. See attached Interview summary for details. 

Allowable Subject Matter
Claims 3-4 and 14-15 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f), because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) are: 
“a security control policy determiner configured to” in second limitation of claim 1,
“a security control policy distributor configured to” in third limitation of claim 1,
“a connection blocking sub module configured to” in first limitation of claim 2 and 
“a connection blocking release sub module configured to” in second limitation of claim 2.
Because these claim limitation(s) are being interpreted under 35 U.S.C. 112(f), they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have these limitation(s) interpreted under 35 U.S.C. 112(f), applicant may:  (1) amend the claim limitation(s) to avoid them being interpreted under 35 U.S.C. 112(f) (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid them being interpreted under 35 U.S.C. 112(f).

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


Claim 1 recites the "the apparatus" in the preamble. There is insufficient antecedent basis for this term in the claim.
Claims 1-11 are rejected under 35 U.S.C. 112(b), as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, regards as the invention.
Claim 1 is “a system for security control in a network infrastructure including at least one device”. As claim has been drafted, it is unclear if ‘at least one device’ is part of the system or it is part of the network infrastructure. 
Furthermore, dependent claim 5 recites “the system of claim 1, wherein the device …” renders the claim indefinite as it is unclear if “the device” is part of the system or it is part of the network infrastructure. 
Similarly, dependent claim 6 which is dependent of claim 5 inherit this deficiency. 
For the purpose of examination, “the device” will be interpreted as part of the claimed system. 

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


The claimed invention is directed to non-statutory subject matter. The claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more. The claims 1-6 and 10-20 recites an abstract idea. This judicial exception is not integrated into a practical application because the claims either considered independently or as a whole mention the general functions of a computer. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception.
The independent claims 1 and 12 recites the following limitations, which fall under patent eligibility guidance as an abstract idea:
Claim 1:
a security control policy determiner configured to determine a policy of security control on a device in which a security threat is expected; and 
a security control policy distributor configured to generate a security control message on the basis of the determined policy of security control and 
transmit the generated security control message to the device in which the security threat is expected.
	Claim 12:
	determining a policy of security control on the device in which a security threat is expected; and 
generating a security control message on the basis of the determined policy of security control and 
transmitting the generated security control message to the device in which the security threat is expected.
Below is two step analysis of the above mentioned limitations:
Step 1: Identifying Statutory Categories
In the present case, the claims recites a series of steps and therefore, is a process or method claim. Nevertheless, the claims fall within the Judicial exception of an abstract idea.
Claim 1:
a security control policy determiner configured to determine a policy of security control on a device in which a security threat is expected; and 
a security control policy distributor configured to generate a security control message on the basis of the determined policy of security control and 
transmit the generated security control message to the device in which the security threat is expected.
	Claim 12:
	determining a policy of security control on the device in which a security threat is expected; and 
generating a security control message on the basis of the determined policy of security control and 
transmitting the generated security control message to the device in which the security threat is expected.
Step 2A (prong 1): Identifying a Judicial Exception
	The Supreme Court and Federal Circuit have identified abstract ideas in patent claims by making comparisons to concepts found in past decisions to be judicial exceptions to eligibility. Under 2019 Revised Patent Subject Matter Eligibility Guidance on Subject Matter Eligibility, (Dated January 7, 2019), the Update summarizes concepts the courts have considered to be abstract ideas by associating eligibility decisions with judicial descriptors (e.g., “an idea of itself,” “certain methods of organizing human activities”, “mathematical relationships and formulas”) based on common characteristics. These associations define the judicial descriptors in a manner that stays within the confines of the judicial precedent, with the understanding that these associations are not mutually exclusive, i.e., some concepts may be associated with more than one judicial descriptor.
The abstract idea in limitations above, as drafted, is a process that, under broadest reasonable interpretation, covers performance of the limitation in the mind and is thus an abstract idea in and of itself.  For example, a human can determine a policy for a device in which there is potential of occurrence of a security threat; based on the determination, human can mentally determine a policy for the potential security threat and create a security control message which can be transmitted or sent to the device in which a security threat is expected. 
The claim recites the following limitations which are directed to additional elements:
A system for security control … comprising … a storage; and a processor: (Claim 1)
A method for security control … the method comprising: (Claim 12).
The additional elements include a recitation of generic computing components at a high level of generality to implement the abstract idea on a computer; and further recite a storage device and a processor which merely serve to perform the recited steps in an automated manner and is recited at high level of generality. 
This determining step, as drafted, is a process that under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting “by a processor”, nothing in the claim element precludes the step from practically being performed in the human mind.
For example, but for the “by a processor” language, the claim encompasses the user manually determining a policy for a device in which a security threat is expected.
Additionally, the mere nominal recitation of a generic processor does not take the claim limitation out of the mental processes grouping.
Thus, the claim recites a mental process.
Each of the additional limitations is not more than mere instructions to apply the exception using a generic computer component.  There is no improvement achieved to a computer or a technology by the claim as drafted.  The claim does not recite a technical solution to a technical problem, as drafted.
 Accordingly, alone, and in combination, these additional elements do not integrate abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea.
Step 2A (prong 2) Identifying an integrated practical application
	Under step 2A (prong 1) of the 101 analysis, claims recite abstract idea of the additional elements in the claim amount to no more than mere instructions to apply the exception using a generic computer component.
Claims do not integrate a practical application of the abstract idea in the claims (step 2A, prong 2).
Finding the claims to be directed toward an abstract idea, however, is not the end of the inquiry. See Mayo Collaborative Servs. v. Prometheus Labs. Inc., 132 S. Ct. 1289, 1297 (2012). Rather, the second step requires determining whether additional substantive limitations narrow, confine, or otherwise tie down the claim so that, in practical terms, it does not cover the full abstract idea itself. Another way of stating the test is whether the claim language provides “significantly more” than the abstract idea itself.   
Step 2B: Considering Additional Elements
The considerations are whether the claim includes:
•    Improvements to another technology or technical field;
•    Improvements to the functioning of the computer itself;
•    Applying the judicial exception with, or by use of, a particular machine;
•    Effecting a transformation or reduction of a particular article to a different state or thing;
•    Adding a specific limitation other than what is well-understood, routine and conventional in the field, or adding unconventional steps that confine the claim to a particular useful application;
•    Other meaningful limitations beyond generally linking the use of the judicial exception to a particular technological environment. 
Applying the test to the claims in the application, the structural elements of the claims, which include a generic device, modules when taken in combination with the functional elements claim(s) are directed to Mental Processes concepts performed in the human mind (including an observation, evaluation, judgment, opinion), together do not offer “significantly more” than the abstract idea itself because the claims do not recite an improvement to another technology or technical field, an improvement to the functioning of any computer itself, or provide meaningful limitations beyond generally linking an abstract idea to a particular technological environment (a general purpose device). When considered as an ordered combination, the Examiner does not find any combination of the additional elements that amounts to more than the sum of the parts. The Examiner finds that the Individual elements of the claims are performing their intended roles and functions. In most cases, the additional elements are applied merely to carry out data processing, as discussed above, which fall under well-understood, routine, and conventional functions of generic computers – in our common day-to-day interactions. 
For these reasons, there is no inventive concept in these claim, and thus it is ineligible.

Claim 2 fails to recites any limitation that create a difference in the 101 analysis as indicated for claim 1, because claim 2 merely recites detecting an occurrence of a security threat and determining a policy of blocking or releasing the network connection which can be performed by a human. Thus claim 2 is ineligible. 
Claim 3 fails to recites any limitation that create a difference in the 101 analysis as indicated for claim 1, because claim 3 merely recites determining a policy of security control release on the device based on various criteria and in a certain order of occurrence of the criteria which can be performed by a human. This claim 3 is ineligible.  
 Claim 4 fails to recites any limitation that create a difference in the 101 analysis as indicated for claim 1, because claim 4 merely recites determining a policy of security control release on the device based on various criteria and in a certain order of occurrence of the criteria which can be performed by a human. This claim 4 is ineligible.
Claim 5 recites the following limitation directed to an abstract idea: “wherein the device comprises a security status inspection and recovery module configured to inspect a security status of the device and recover the device to have a normal status when the security status is determined to be an abnormal status”. This limitation are directed to mention processes performable by a human being which can inspect the security status of the device if the device is in normal status or in an abnormal status. Claim 5 recites additional element as “a security status inspection and recovery module” which fail to integrate the abstract idea into a practical application because they merely apply the exception using a generic computer component.  There is no improvement achieved to a computer or a technology by the claim as drafted.  The claim does not recite a technical solution to a technical problem, as drafted.
Similar to the analysis for claim 1, the additional elements, alone and in combination with the abstract idea, fail to provide significantly more than the abstract idea itself.
 Claim 6 recites the following limitation directed to an abstract idea: “wherein the security status inspection and recovery module of the device inspects the security status by measuring integrity values of a booting image, an execution object, and a setting file in the device”. This limitation are directed to mention processes performable by a human being which can inspect the security status of the device by measuring/checking different values of the device. Claim 6 recites additional element as “a security status inspection and recovery module” which fail to integrate the abstract idea into a practical application because they merely apply the exception using a generic computer component.  There is no improvement achieved to a computer or a technology by the claim as drafted.  The claim does not recite a technical solution to a technical problem, as drafted.
Similar to the analysis for claim 1, the additional elements, alone and in combination with the abstract idea, fail to provide significantly more than the abstract idea itself.
Claim 7 found eligible under 35 USC § 101 because claim 7 recites 
“comprising a gateway, and a security control server” configured to control, monitor and operate the device in order to enhance the security of the device where a security threat is expected. These functions are found to integrate the abstract idea into a practical application because now they improve the functioning of a computer by increasing the security of the device/network based on employing the gateway and the security control server.
Claim 8 recites a limitation that merely discloses monitoring a status of the device which further narrows the abstract idea. Thus claim 8 is ineligible. 
Claim 9 recites a limitation that merely discloses generating a policy for the potential security threat which further narrows the abstract idea. Thus claim 9 is ineligible. 
Claim 10 recites a limitation that merely defines the message contents which further narrows the abstract idea. Thus claim 10 is ineligible. 
Claim 11 recites a limitation which is generating and distributing a policy when threshold value of occurrence of a threat is greater than the predetermined value which is an idea performable by a human being in the mind. Thus claim 11 is ineligible. 
Claim 13 fails to recites any limitation that create a difference in the 101 analysis as indicated for claim 12, because claim 13 merely recites detecting an occurrence of a security threat and determining a policy of blocking or releasing the network connection which can be performed by a human. Thus claim 13 is ineligible. 
Claim 14 fails to recites any limitation that create a difference in the 101 analysis as indicated for claim 12, because claim 14 merely recites determining a policy of security control release on the device based on various criteria and in a certain order of occurrence of the criteria which can be performed by a human. This claim 14 is ineligible.
Claim 15 fails to recites any limitation that create a difference in the 101 analysis as indicated for claim 12, because claim 15 merely recites determining a policy of security control release on the device based on various criteria and in a certain order of occurrence of the criteria which can be performed by a human. This claim 15 is ineligible.
Claim 16 merely discloses the concept of monitoring the security status of the device which is a step performable by a human in the mind. This claim 16 is ineligible. 
Claim 17 discloses a determining a security policy for the device based on a potential security threat which is a step performable by a human in the mind. This claim 17 is ineligible.
Claim 18 discloses a determining a security policy for the device based on a potential security threat and determining a level of security control as per the policy, which is a step performable by a human in the mind. This claim 18 is ineligible.
Claim 19 recites a limitation which is generating and distributing a policy when threshold value of occurrence of a threat is greater than the predetermined value which is an idea performable by a human being in the mind. Thus claim 19 is ineligible. 
Claim 20 recites a limitation which is generating and distributing a policy of releasing the connection on the device when threshold value of occurrence of a threat is less than the predetermined value which is an idea performable by a human being in the mind. Thus claim 20 
is ineligible. 
	
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1, 7-12, and 16-20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Mehr., (US10812521B1).
Regarding claim 1, Mehr discloses:
A system for security control in a network infrastructure including at least one device (i.e., IoT Device 104), an apparatus (i.e., IoT Security Service 110) comprising:
a storage (i.e., IoT Device Data Store) configured to store device information (i.e., device profile data is collected and sent to IoT Security Service 110; See FIG. 1) (Col. 6, Line # 44-47; at circle “2,” the IoT security service 110 optionally stores the IoT device data 120 collected at any of circles “1A,” “1B,” and “1C” for subsequent processing and analysis) and 
a standard security control policy generated (i.e., based on breach likelihood score, administrator develop a response [policy] for the potentially impacted device) with regard to a security threat (Col. 26, Line # 2-11; Upon receiving an alert or viewing a graph 400, the breach likelihood score associated with a device can help with remediation because it can help determine how aggressively to remediate. If the breach likelihood score for a device is low, for example, an administrator of the device might only perform a scan. If the breach likelihood value is higher, a more detailed scan of an image of the device can be performed offline. If the value is even higher, an administrator might rotate credentials for the device, remotely kill the device, and so forth); and
a processor, wherein the processor is configured to operate:
a security control policy determiner configured to determine a policy (i.e., if the breach likelihood score is low, administrator might only perform a scan of the device OR if the breach likelihood is high or higher administrator perform a detailed scan of the device or  remotely shut down the device) of security control on a device in which a security threat is expected (Col. 26, Line # 2-11; Upon receiving an alert or viewing a graph 400, the breach likelihood score associated with a device can help with remediation because it can help determine how aggressively to remediate. If the breach likelihood score for a device is low, for example, an administrator of the device might only perform a scan. If the breach likelihood value is higher, a more detailed scan of an image of the device can be performed offline. If the value is even higher, an administrator might rotate credentials for the device, remotely kill the device, and so forth); and
a security control policy distributor configured to generate a security control message (i.e., one or more security alerts are generated based on breach likelihood score) on the basis of the determined policy of security control and transmit the generated security control message to the device in which the security threat is expected (Col. 25, Line # 63-67; In an embodiment, the determination that the breach likelihood score or threat score crosses a threshold optionally can trigger the generation of one or more security alerts (for example, a notification, an interface something, and so forth). A security alert can be configured to trigger at different threshold level; Col. 26; Line # 2-11; Upon receiving an alert or viewing a graph 400, the breach likelihood score associated with a device can help with remediation because it can help determine how aggressively to remediate. If the breach likelihood score for a device is low, for example, an administrator of the device might only perform a scan. If the breach likelihood value is higher, a more detailed scan of an image of the device can be performed offline. If the value is even higher, an administrator might rotate credentials for the device, remotely kill the device, and so forth).
Regarding claim 7, Mehr discloses:
The apparatus of claim 1, further comprising a gateway (i.e., network monitors 126 (for example, network traffic and entry point scanners)) configured to control the device and release the control of the device by receiving the security control message and a security control release message from a security control server (IoT Management Service 108) (Col. 6, Line # 4-11).
Regarding claim 8, Mehr discloses:
The apparatus of claim 1, wherein the processor is configured to operate a device manager that monitors a security control status for the security threat to the at least one device (Col. 6, Line # 44-50).
Regarding claim 9, Mehr discloses:
The apparatus of claim 1, wherein the processor is further configured to operate a security control policy manager that generates the standard security control policy for the potential security threat (Col. 25, Line # 63-67 & Col. 26; Line # 2-11).
Regarding claim 10, Mehr discloses:
The apparatus of claim 1, wherein the security control message comprises at least one of a security control policy identification (ID), a security control condition, a security control action, and target information (Col. 26, Line # 2-11; security control action to remotely block the device connection).
Regarding claim 11, Mehr discloses:
The apparatus of claim 1, wherein the security control policy distributor further configured to generates, when a magnitude of security threat occurrence is greater than or equal to a threshold value predetermined by the policy of security control, a security control message that is to be transmitted to a device group which may be affected by the generated security threat, including the device in which the security threat is expected (Col. 25, Line # 10-35).
Regarding claim 12, Mehr discloses:
A method for security control in a network infrastructure comprising at least one device, the method comprising: 
determining a policy of security control (i.e., if the breach likelihood score is low, administrator might only perform a scan of the device OR if the breach likelihood is high or higher administrator perform a detailed scan of the device or  remotely shut down the device) on the device in which a security threat is expected (Col. 26, Line # 2-11; Upon receiving an alert or viewing a graph 400, the breach likelihood score associated with a device can help with remediation because it can help determine how aggressively to remediate. If the breach likelihood score for a device is low, for example, an administrator of the device might only perform a scan. If the breach likelihood value is higher, a more detailed scan of an image of the device can be performed offline. If the value is even higher, an administrator might rotate credentials for the device, remotely kill the device, and so forth); and 
generating a security control message (i.e., one or more security alerts are generated based on breach likelihood score) on the basis of the determined policy of security control and transmitting the generated security control message to the device in which the security threat is expected (Col. 25, Line # 63-67; In an embodiment, the determination that the breach likelihood score or threat score crosses a threshold optionally can trigger the generation of one or more security alerts (for example, a notification, an interface something, and so forth). A security alert can be configured to trigger at different threshold level; Col. 26; Line # 2-11; Upon receiving an alert or viewing a graph 400, the breach likelihood score associated with a device can help with remediation because it can help determine how aggressively to remediate. If the breach likelihood score for a device is low, for example, an administrator of the device might only perform a scan. If the breach likelihood value is higher, a more detailed scan of an image of the device can be performed offline. If the value is even higher, an administrator might rotate credentials for the device, remotely kill the device, and so forth).
Regarding claim 16, Mehr discloses:
The method of claim 12, further comprising
monitoring a security control status for the security threat to the at least one device (Col. 6, Line # 4-11).
Regarding claim 17, Mehr discloses:
The method of claim 12, wherein the determining of the policy of security control comprises:
determining a policy of security on the device in which the security threat is expected on the basis of a standard security control policy generated with regard to a potential security threat (Col. 26, Line # 2-11).
Regarding claim 18, Mehr discloses:
	The method of claim 12, wherein the determining of the policy of security control comprises:
determining a target for security control with respect to the device in which the security threat is expected; and determining a level of security control in response to the security threat (Col. 26, Line # 2-11).
Regarding claim 19, Mehr discloses:
The method of claim 12, wherein the generating of the security control message further comprises:
generating, when a magnitude of security threat occurrence is greater than or equal to a threshold value predetermined by the policy of security control, a security control message that is to be transmitted to a device group which may be affected by the generated security threat, including the device in which the security threat is expected (Col. 25, Line # 10-35).
Regarding claim 20, Mehr discloses:
The method of claim 12, further comprising generating a security control release message on the basis of the policy of security control,
wherein the generating of the security control release message comprises generating the security control release message when a magnitude of security threat occurrence is less than or equal to a threshold value determined by the policy of security control (Col. 26, Line # 2-7).


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 2, 5 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Mehr., (US10812521B1) in view of Lim., (US20160277436A1).
Regarding claim 2, Mehr fails to disclose:
The system of claim 1, wherein the security control policy determiner comprises: a connection blocking sub module configured, in response to detecting an occurrence of a security threat to the device in the network infrastructure, to determine a policy of blocking a network connection of the device; and a connection blocking release sub module configured to determine a policy of network connection blocking release on the device to be released from the connection blocking.
However, Lim discloses:
	a connection blocking sub module configured, in response to detecting an occurrence of a security threat to the device in the network infrastructure, to determine a policy of blocking a network connection of the device (See FIG. 4; Step 410 [0054] & FIG. 5; Step 515 [0059-0060]); and 
a connection blocking release sub module configured to determine a policy of network connection blocking release on the device to be released from the connection blocking (See FIG. 4; Step 430 [0057] & FIG. 5; Step 535 [0064]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the Mehr reference and include a system which is able to block/add and release/remove device(s) from access control list based on the network security attack information, as disclosed by Lim.
The motivation to include Lim’s system is to automatically and efficiently block and release device’s access to network based on security attack information.
Regarding claim 5, Mehr fails to disclose:
The apparatus of claim 1, wherein the device comprises a security status inspection and recovery module configured to inspect a security status of the device and recover the device to have a normal status when the security status is determined to be an abnormal status.
However, Lim discloses:
	wherein the device comprises a security status inspection and recovery module configured to inspect a security status of the device and recover the device to have a normal status when the security status is determined to be an abnormal status ([0064] See FIG. 5; step 535 instructs the gateway to remove the IP address of the device from the access control list and allow the normal network connection).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the Mehr reference and include a system which is able to block/add and release/remove device(s) from access control list based on the network security attack information, as disclosed by Lim.
The motivation to include Lim’s system is to automatically and efficiently block and release device’s access to network based on security attack information.
Regarding claim 13, Mehr fails to disclose:
The method of claim 12, wherein the determining of the policy of security policy comprises:
a connection blocking determining sub-operation for, in response to detecting an occurrence of a security threat to the device in an Internet of Things (IoT) infrastructure, determining a policy of blocking an IoT network connection of the device; and a connection blocking release determining sub-operation for determining a policy of network connection blocking release on the device to be released from the connection blocking.
However, Lim discloses:
	a connection blocking sub module configured, in response to detecting an occurrence of a security threat to the device in the network infrastructure, to determine a policy of blocking a network connection of the device (See FIG. 4; Step 410 [0054] & FIG. 5; Step 515 [0059-0060]); and 
a connection blocking release sub module configured to determine a policy of network connection blocking release on the device to be released from the connection blocking (See FIG. 4; Step 430 [0057] & FIG. 5; Step 535 [0064]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the Meher reference and include a system which is able to block/add and release/remove device(s) from access control list based on the network security attack information, as disclosed by Lim.
The motivation to include Lim’s system is to automatically and efficiently block and release device’s access to network based on security attack information.

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Mehr., (US10812521B1) in view of Lim., (US20160277436A1) and further in view of Carpenter et al., (US20160379000A1).
Regarding claim 6, the combination of Meher and Lim fails to disclose:
The apparatus of claim 5, wherein the security status inspection and recovery module of the device inspects the security status by measuring integrity values of a booting image, an execution object, and a setting file in the device.
However, Carpenter discloses:
	wherein the security status inspection and recovery module of the device inspects the security status by measuring integrity values of a booting image, an execution object, and a setting file in the device ([0017], [0042] & [0046] discloses measuring integrity values of the device to detect health status of the device).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the Meher and Lim references and include systems for measuring the integrity of a device, as disclosed by Carpenter.
The motivation to measure the integrity of the device is to ensure if the device is trustworthy or untrustworthy for the network. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED M AHSAN whose telephone number is (571)272-5018. The examiner can normally be reached 8:30 AM - 6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffery L. Nickerson can be reached on 469-295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/SYED M AHSAN/Patent Examiner, Art Unit 2432