DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to communication filed on 06/15/2022.
Status of claims in the instant application:
Claims 1-20 are pending.
No claim has been canceled.
Claims 1, 7, 8, 9, 10, 11, 16  and 17 have been amended.
No new claim has been newly added.
Response to Arguments
Applicant’s arguments, see page [9] of the remarks filed on 06/15/2022, with respect to rejections of claims under 35 USC 101 have been fully considered in view of the claim amendments, and they are persuasive. Therefore, the claim rejections are withdrawn.
Applicant’s arguments, see page [10-11] of the remarks filed on 06/15/2022, with respect to rejections of claims under 35 USC 103 have been fully considered in view of the claim amendments, and they are persuasive. Therefore, the claim rejections are withdrawn.
Although the Applicant has not made any arguments, see the remarks filed on 06/15/2022, with respect to rejections of claims under 35 USC 112, the claim amendments filed by the Applicant has overcome the rejection. Therefore, the claim rejections are withdrawn.
Allowable Subject Matter
Claims 1-20 are allowed.
The following are examiner's statement of reasons for allowance: The following prior arts were yielded during the examination of applicant’s amended claim set filed on 06/15/2022  in response to office action mailed on 04/14/2022. They do not explicitly teach the applicant’s claimed invention, in view of the amended claims, but are in general realm of applicant’s field of endeavor:
PGPUB US 20200344203 A1, Mermoud et al.: Mermoud discloses a service maintains a database of media access control (MAC) addresses of devices in a network and their associated telemetry data captured from the network. The service identifies a new MAC address being used by a particular device in the network. The service matches telemetry data associated with the new MAC address with telemetry data in the database associated with another MAC address, by using the telemetry data associated with the new MAC address as input to a machine learning-based classifier. The service determines, based on the matching, that the MAC address in the database associated with the matched telemetry data has been updated to the new MAC address by the particular device.
The present disclosure relates generally to computer networks, and, more particularly, to the tracking of devices across media access control (MAC) address updates.
NPL: IoT Device Fingerprint using Deep Learning; Aneja et al.: Aneja discloses methods for Device Fingerprinting (DFP) for the identification of a device without using its network or other assigned identities including IP address, Medium Access Control (MAC) address, or International Mobile Equipment Identity (IMEI) number. DFP identifies a device using information from the packets which the device uses to communicate over the network. Packets are received at a router and processed to extract the information. In this paper, we worked on the DFP using Inter Arrival Time (IAT). IAT is the time interval between the two consecutive packets received. This has been observed that the IAT is unique for a device because of different hardware and the software used for the device. The existing work on the DFP uses the statistical techniques to analyze the IAT and to further generate the information using which a device can be identified uniquely. This work presents a novel idea of DFP by plotting graphs of IAT for packets with each graph plotting 100 IATs and subsequently processing the resulting graphs for the identification of the device. This approach improves the efficiency to identify a device DFP due to achieved benchmark of the deep learning libraries in the image processing. We configured Raspberry Pi to work as a router and installed our packet sniffer application on the Raspberry Pi . The packet sniffer application captured the packet information from the connected devices in a log file. We connected two Apple devices iPad4 and iPhone 7 Plus to the router and created IAT graphs for these two devices. We used Convolution Neural Network (CNN) to identify the devices and observed the accuracy of 86.7%.
NPL: AUDI: Toward Autonomous IoT Device-Type Identification Using Periodic Communication; Marchal et al.: Marchal discloses techniques to identify IOT devices based on their data communication attributes. IoT devices are being widely deployed. But the huge variance among them in the level of security and requirements for network resources makes it unfeasible to manage IoT networks using a common generic policy. One solution to this challenge is to define policies for classes of devices based on device type. In this paper, we present AUDI, a system for quickly and effectively identifying the type of a device in an IoT network by analyzing their network communications. AUDI models the periodic communication traffic of IoT devices using an unsupervised learning method to perform identification. In contrast to prior work, AUDI operates autonomously after initial setup, learning, without human intervention nor labeled data, to identify previously unseen device types. AUDI can identify the type of a device in any mode of operation or stage of lifecycle of the device.
PGPUB US 20100088747 A1, Fink et al.: Fink discloses a system and method for identifying and verifying a client to access a secure network. Timing characteristics are acquired from the client, such as a peripheral device, and further verified and identified via a policy enforcement points and a policy decision points, or a measurer device in the secure network.
The device fingerprinting method employs a processor, for example, that computes a clock skew by capturing multiple samples of TCP timestamps from a client that requests a connection to a protected network, where the timestamps reflect the client's uncorrected system time. The method then computes a clock skew--an average value of time gained or lost relative to a measurer, computed from the timestamp samples--and compares the clock skew to a reference clock skew created during a training phase of the method. Clock skews are probabilistically unique to each client in that multiple clients will exhibit distinct clock skews with high probability when compared to one another. The benefit of this method is that clock skews reflect actual, immutable physical characteristics of the client. This method is costly to subvert: an attacker would have to adjust the natural clock skew characteristic of an imposter device to impersonate a characteristic of some other, valid device, requiring prior training data from the valid device as well as modifying the imposter client's network software and firmware to reflect the proper timestamps.
The device fingerprinting method overcomes the problems of existing NAC solutions that can use only time-invariant protocol details such as Media Access Control (MAC) addresses that could be imitated easily by adversaries. Further, it overcomes the problem of optional TCP timestamps, e.g., situations when the client is configured to omit the timestamp, in cases where the connecting client can, and cannot be modified. When the client cannot be modified, other parts of protocols can be analyzed to determine time drift. Two examples include: (a) the rate of change of the Initial Sequence Numbers (ISN)--used when establishing connections--can be correlated to clock drift; and (b) packet inter-arrival times can be correlated to clock drift for Voice over IP (VoIP) phones. Alternatively, if the connecting systems can be modified, the device fingerprinting method can enforce a network policy that requires timestamps for all connecting devices, such that any device that supports timestamps but chooses to not present them is denied access to the network. Either technique would raise the bar for adversaries to impose on the network and passively capture sensitive corporate data
PGPUB US 20130242795 A1, Heen et al.: Heen discloses a method for fingerprinting wireless devices and a method for using a device fingerprint for identifying wireless devices. A monitoring station listens to a channel. For each received frame, the station measures the inter-arrival time from the end of the previously received frame to the end of the present frame, if possible, the station obtains the identity of the sender of the frame. If the sender is known, then the station stores the inter-arrival time in a histogram for the sender; the histogram becomes the fingerprint for the sender. Identification of a device begins by obtaining a number of inter-arrival times for an unknown sender and then matching these to stored fingerprints using a suitable similarity measure. The invention is particularly suitable for IEEE 802.11 and may for example be used to detect so-called MAC spoofing and as an additional layer of an identification protocol.
The device fingerprinting enables identification of devices, an identification that is independent of the purported identity of the device. A primary application of 802.11 device fingerprinting is the prevention of Media Access Control (MAC) address spoofing. This refers to the action of usurping the MAC address of another device in order to benefit from its authorization.
PGPUB  US 20190190920 A1, Connell et al.: Connell discloses a system, method and program product for authenticating a device. An authentication service is provided having: a data management system for periodically collecting and storing signature data from each of a set of registered devices, wherein the signature data includes a plurality of data points, and wherein at least one of the data points includes a device usage characteristic; a system for obtaining a temporal signature state (TSS) vector of a device in response to a transaction request from the device, wherein the TSS vector includes values for a selected subset of the data points forming the signature data; and an authenticator for comparing the TSS vector of the device with stored signature data in order to authenticate the device.
The subject matter of this invention relates to device authentication and more particularly to a system and method of authenticating user devices by analyzing activity signatures.
The analysis may be handled in any manner. For example, signature data for a given data point may be averaged and compared against the associated TSS vector value. Is other case, signature data for a given data point may provide a range to determine if the associated TSS vector value falls therein. In still other cases, signature data for a given data point be analyzed as a time based function (e.g., having a slope) to predict an expected value of an associated TSS vector value. Thus, for example, if the number of active text conversations from a given user device 30 ranged from two to five, a low score could assessed if the associated TSS vector value was 20. Likewise, if the number of photos stored on the device 30 increased on average by five per week based on the stored signature data, a failing score could be assessed if the associated TSS vector value reported a doubling in the number of photos.
However, none of the prior arts of record, alone or in combination, discloses the combination of limitations of the amended independent claims 1 and 11, including the newly added limitations of the independent claims, “converting the first temporal communication data into a first image, wherein the converting comprises: performing a windowing operation on the first temporal communication data; embedding the windowed first temporal communication data into a first vector; merging first information associated with the first vector, wherein the first information includes packet features and WiFi sniff features; normalizing the first vector; combining the first vector with a further plurality of additional vectors to generate a first data matrix; and interpreting the first data matrix as a first image; accessing second temporal communication data associated with the computing device for a second time interval; generating a second data matrix from the second temporal communication data; interpreting the second data matrix as a second image;2Attorney Docket No. WOOT-00401 analyzing an image ensemble, including the first image and the second image, using a neural network, each image in the image ensemble converted from temporal communication data associated with the computing device; learning, by the neural network, a temporal pattern associated with the image ensemble; accessing current temporal communication data associated with the computing device; generating a current data matrix from the current temporal communication data; interpreting the current data matrix as a current image; comparing, by a processing system, the current image with the temporal pattern, wherein the comparing includes processing network communication data included in the current image and the temporal pattern, and wherein the network communication data is associated with the computing device”. Examiner also notes that it’s the combination of claim limitations in the independent claims that are allowable, but not any of the specific limitation by itself is allowable.
Therefore, the independent claims are allowable over the prior arts. The dependent claims being definite, further limiting, and fully enabled by the specification are also allowed because of their dependence on the independent claims.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAHABUB S AHMED whose telephone number is (571)272-0364.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/MAHABUB S AHMED/Examiner, Art Unit 2434
/KAMBIZ ZAND/Supervisory Patent Examiner, Art Unit 2434