DETAILED ACTION
	This is in response to the application filed August 28th 2019.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
Receipt is acknowledged of certified copies of papers required by 37 CFR 1.55.

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 8/28/19 and 4/30/20 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-3, 5 and 8-13 are rejected under 35 U.S.C. 102(a)(1) as being clearly anticipated by S. V. Radhakrishnan, A. S. Uluagac and R. Beyah, "GTID: A Technique for Physical Device and Device Type Fingerprinting," in IEEE Transactions on Dependable and Secure Computing, vol. 12, no. 5, pp. 519-532, 1 Sept.-Oct. 2015, hereinafter “Beyah”.

Regarding claim 1, Beyah discloses: a method of determining an identity of an unknown IoT device in a communication network (technique for network device fingerprinting – see abstract);
receiving network traffic generated by the unknown IoT device (capture network traffic – Section 1);
extracting device network behavior from the generated network traffic (analyze packet for device characteristics – see Section 2; also see Section 3 which teaches that devices generate distinct patterns which allows for fingerprinting via network traffic analysis); and
determining the identity of the unknown IoT device from a list of known IoT devices by applying a selected machine learning based classifier from a set of machine learning based classifiers to analyze the device network behavior (neural network is used for classification – see Abstract and Section 1), each machine learning based classifier of the set is trained by a dataset including a plurality of features representing network behavior of a respective known IoT device from the list and the known IoT device’s identity (this is merely supervised learning, a well-known technique, see Section 5 which teaches signature generation and using signatures to train neural networks); wherein the plurality of features being associated with the corresponding device network behavior of the generated network traffic (network traffic features match signature resulting in identification of unknown device – see Section 5.2).

Regarding claim 2, Beyah discloses the network traffic includes a number of communication sessions having respective unlabeled feature vectors representing the device network behavior of the unknown IoT device and wherein each machine learning based classifier includes a single session classifier associated with a respective known IoT device in the list and for outputting a probability; a classification threshold for comparing with the probability to determine if the session being analyzed is generated by a particular device in the known IoT device list; and a session sequence size defining the number of communication sessions to analyze (plurality of sessions wherein network traffic has multiple properties, including “feature vector” – see Sections 1 and 5, 5.1; known device signatures – see Section 5.2; and sample size limit corresponds to session sequence size – see Section 6 and Section 8 which teaches both sample size and number of samples parameters, Section 6 also teaches the use of a threshold).

Regarding claim 3, Beyah discloses the steps of analyzing the unlabeled feature vector of the communication sessions using the single session classifier of the selected machine learning classifier to output the probability; comparing the probability with the classification threshold, and if the probability is higher than the threshold, classifying the session is generated by a particular IoT device form the known IoT device list; and determining the identity of the unknown IoT device from the classification (user classifier to determine device identify based on network feature vectors – see Sections 1, 5).

Regarding claim 5, Beyah discloses analyzing the device network behavior includes analyzing the unlabeled feature vectors of consecutive communication sessions using the single session classifier of the selected machine learning based classifier to output corresponding probabilities; comparing each of the probabilities with the respective classification thresholds, if any probabilities are higher than the classification thresholds, classifying those communication sessions as being generated by a particular device from the known IoT device list associated with the classifier; and determining the identity of the unknown IoT device based on the classification (use device signatures and threshold to identify unknown devices based on classifier – see Sections 1, 5 and 6; this claim largely corresponds to claim 3 but recites “consecutive” sessions, Beyah teaches the network traffic is capture and analyzed which would include consecutive sessions).

Regarding claim 8, Beyah discloses the identify of each known IoT devices includes the device’s make and model (device type includes make/model, see Tables 2, 3).

Regarding claim 9, Beyah discloses generating network traffic from a plurality of IoT devices with known identities (abstract, Section 1); extracting a plurality of features from the network traffic which are relevant to represent network behavior of each one of the plurality of IoT device (Sections 2 and 3 explain how packet creation provides network traffic features which represent specific devices); associating the extracted plurality of features with the corresponding identity of each one of the plurality of IoT devices (create signatures for devices – see Sections 1 and 5.1); and creating the training dataset based on the association (train neural network – Section 5.1).

Regarding claim 10, Beyah discloses converting and extracting the plurality of features from each communication session (Sections 1, 5).

Regarding claim 11, Beyah discloses wherein the plurality of features is extracted from network, transport and application layers of the network (works with IP, TCP and application layer protocols – see Section 3).

Regarding claim 12, it is an apparatus claim that corresponds to the method of claim 1.  Beyah teaches an apparatus to perform the method (see Fig. 5) and so the claim is rejected for the same reasons.

Regarding claim 13, Beyah discloses a plurality of IoT devices (network includes IoT devices such as mobile phones, iPads, etc. – see abstract, Fig. 8b and Section 6).



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 4 and 6-7 are rejected under 35 U.S.C. 103 as being unpatentable over Beyah in view of Curtin et al. US 10,452,839 B1.

Regarding claim 4, Beyah discloses if the probability is not higher than the classification threshold (device is unknown if it does not match threshold probability – see Sections 5.2, 6).  Beyah does not explicitly disclose selecting a next machine learning based classifier in the set and using the selected machine learning based classifier to analyze the unlabeled feature vector and repeating steps but this is known in the art as a set of cascade classifiers, and is explicitly taught by Curtin (automatic selection of machine learning classifier from set of classifiers when first classifier produces unsatisfactory result – see col. 4 ln. 1-20).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Beyah with the cascade classifier taught by Curtin.  Curtin suggests that cascade classifiers are useful for the situation where the first algorithm/classifier cannot make a determination (see col. 3 ln. 65 – col 4 ln. 2).

Regarding claim 6, it corresponds to claim 4 in that Beyah does not explicitly disclose “selecting a next machine learning based classifier” but this is taught by Curtin as explained above.  The motivation to combine is the same.

Regarding claim 7, Beyah suggests “using” a machine learning based classifier from the set having the lowest session sequence size to the highest session sequence size for analyzing the unlabeled feature vectors (see Sections 6 and 8.2 which teaches that lower sequence size is preferred as increasing the sample size requires greater processing resources/time while only providing a small improvement in accuracy).  As explained above, Beyah does not explicitly disclose “selecting” a machine learning classifier but this is taught by Curtin.  The motivation to combine is the same.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 

Kanonakis et al. US 2016/0105364 A1 discloses using machine learning to manage network traffic flow (abstract).
Kennedy et al. US 10,489,587 B1 discloses using machine learning to classify unknown files (abstract).
Curtin US 10,484,399 B1 discloses identifying and selecting a suitable machine learning classifier to classify an unknown sample (col. 3 ln. 55 – col. 4 ln. 6).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON D RECEK whose telephone number is (571)270-1975. The examiner can normally be reached Flex M-F 9-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kevin Bates can be reached on 5712723980. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JASON D RECEK/
Primary Examiner, Art Unit 2458                                                                                                                                                                                           
(571) 270-1975