DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

The following is a quotation of pre-AIA  35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA  35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

Claim 6 is rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends.  In this case, the claim fails to further limit the subject matter of claim 1. Claim 6 recites “wherein defining the logical network slices comprises defining a group of slices that are able to facilitate communication of the subscriber device in response to the malicious activity being determined.” The logical slices are already defined in the parent claim; a “group” is not positively differentiated from a simple plurality of slices, which already exist in the parent claim; and it is considered that any generic network slice would be “able to facilitate communication of the subscriber device in response to the malicious activity being determined” since facilitating communication is the purpose of a network slice. For instance, a malicious device may send malicious traffic over a generic network slice. It is not clear whether the “defining” is performed responsive to the malicious activity being determined, or if the facilitating is responsive to the malicious activity being determined. In the latter case, this does not appear to be different from the aforementioned example. Finally, it is not clear whether the “facilitate communication of the subscriber device in response to the malicious activity being determined” actually takes place as it is not positively recited.
Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Stammers (US 2019/0026094 A1) and “Quarantining Malicious IoT Devices in Intelligent Sliced Mobile Networks,” hereinafter “Candal-Ventureira.”

Regarding claim 1, Stammers discloses:  A device, comprising: 
a processor (e.g., 22 in FIG. 1 of Stammers) configured to leverage a network slicing capability of network equipment to increase network security of the network equipment according to a defined security criterion; and 
Refer to at least FIG. 1, [0008], and [0010] of Stammers with respect to network slice selection capability for providing security protection.
a memory (e.g., [0032]-[0033] of Stammers) that stores executable instructions that, when executed by the processor, facilitate performance of operations, comprising: 
defining logical network slices, wherein a first slice of the logical network slices represents a virtualized logical network that is [separate from] other slices of the logical network slices other than the first slice; 
assigning a subscriber device to the first slice based on a type of the subscriber device; and 
Refer to at least [0014]-[0016] and [0019] of Stammers with respect to obtaining device characteristics for assigning a network slice to counter security risks associated with the characteristics. 
in response to determining that a behavior of the subscriber device satisfies a malicious activity criterion indicative of malicious activity, reassigning the subscriber device from the first slice to a second slice of the other slices.
Refer to at least [0018] and [0023]-[0027] of Stammers with respect to assigning devices to network slices with, e.g., behavioral monitoring security services. The device is monitored and it is determined the security services are redundant / that the device is to be reassigned to a different security slice. For instance, see [0031] of Stammers concerning an upgraded OS and applied patches as behavior influencing a network slice assignment.  
Stammers does not specifically disclose: wherein a first slice of the logical network slices represents a virtualized logical network that is isolated from, and independent of, other slices of the logical network slices other than the first slice. However, Stammers in view of Candal-Ventureira discloses: a virtualized logical network that is isolated from, and independent of, other slices of the logical network slices other than the first slice.
Refer to at least Figure 1 on page 4 and to section 3 of Candal-Ventureira with respect to a quarantine network slice and normal IoT slice. Suspect traffic is moved to the quarantine slice and back to the IoT slice after being deemed legitimate. 
The teachings of Stammers and Candal-Ventureira both concern selection of network slices for security, and are considered to be within the same field of endeavor and combinable as such.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Stammers to include a quarantine slice with monitoring functionality for at least the reasons discussed in the last paragraph of section 2 of Candal-Ventureira (i.e., ensuring QoS requirements of legitimate devices and improving security while still allowing for QoS requirements of suspect devices subject to constraints).

Regarding claim 2, Stammers-Candal-Ventureira discloses: The device of claim 1, wherein the subscriber device is a machine-to-machine device, and wherein the subscriber device utilizes the network equipment without user input or predicted user input.
Refer to at least [0009] and [0018] of Stammers with respect to IoT devices and, e.g., connected car IoT.

Regarding claim 3, Stammers-Candal-Ventureira discloses: The device of claim 1, wherein defining the logical network slices comprises defining a group of slices that facilitate communication of a certified subscriber device with respect to which a certification procedure relating to expected behavior of the certified subscriber device has been performed.
Refer to at least FIG. 1 and [0022] of Stammers with respect to selectable network slices.
Refer to at least Figure 1 and section 3 of Candal-Ventureira with respect to a quarantine and IoT network slice, where the latter is for verified legitimate traffic.
This claim would have been obvious for substantially the same reasons as claim 1 above.

Regarding claim 4, it is rejected for substantially the same reasons as claims 1 and 3 above (i.e., the citations and obviousness rationale; Stammers discloses selecting network slices with security services while Candal-Ventureira discloses selecting a quarantine slice).

Regarding claim 5, Stammers-Candal-Ventureira discloses: The device of claim 1, wherein defining the logical network slices comprises defining a group of slices that facilitate communication of the subscriber device during a maintenance procedure.
Refer to at least [0030]-[0031] of Stammers with respect to identifying software update behavior, upgraded software, and patching for adding and/or removing services which are associated with network slices (e.g., [0026] of Stammers).

Regarding claim 6, it is rejected for substantially the same reasons as claims 1 and 3 above (i.e., the citations and obviousness rationale; Stammers discloses selecting network slices with security services while Candal-Ventureira discloses selecting a quarantine slice with guaranteed QoS subject to constraints). It is additionally noted that any generic network slice should be “able to facilitate communication” since that is the purpose of a network slice; e.g., a malicious device sending malicious traffic over a generic network slice.

Regarding claim 7, it is rejected for substantially the same reason as claim 1 above (i.e., citations concerning monitoring—e.g., [0018] of Stammers with respect to IDS and IPS security services).

Regarding claim 8, Stammers-Candal-Ventureira discloses: The device of claim 7, wherein the anomaly detection procedure comprises: in response to determining that the behavior of the subscriber device satisfies a suspicious activity criterion indicative of suspicious activity, monitoring the behavior for a defined monitoring period; and determining the malicious activity criterion is satisfied in response to the suspicious activity criterion being maintained for the defined period and that the suspicious activity is determined to affect operation of other subscriber devices, other than the subscriber device.
Refer to at least section 3 of Candal-Ventureira with respect to identifying suspicious traffic, quarantining the suspect traffic for further monitoring, and thereafter deeming the traffic as being malicious.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Stammers to include specifically quarantining and further monitoring of suspect device traffic for at least the same reasons as discussed in the rejection of claim 1 above (i.e., improved QoS and security).

Regarding claim 9, it is rejected for substantially the same reasons as claim 1 above (e.g., [0018] and [0031] of Stammers with respect to behavior baselines and fingerprinting).

Regarding claim 10, Stammers-Candal-Ventureira discloses: The device of claim 9, wherein the predicted behavior of the subscriber device is determined based on an output from a certification procedure.
Refer to at least [0011] of Stammers with respect to learning device behavior over time during monitoring. 

Regarding claim 11, Stammers-Candal-Ventureira discloses: The device of claim 9, wherein the predicted behavior of the subscriber device is determined based on the type of the subscriber device.
Refer to at least [0014]-[0019] of Stammers with respect to a database of known device characteristics, associated security risks, and associated services.

Regarding claim 12, it is rejected for substantially the same reasons as claims 9-10 above.

Regarding claim 13, it is rejected for substantially the same reasons as claim 1 above (i.e., monitoring or quarantining devices whose traffic is not yet fully analyzed).

Regarding independent claim 14, it is substantially similar to independent claim 1 above, and is therefore likewise rejected for substantially the same reasons (i.e., the citations and obviousness rationale).

Regarding claims 15-16, they are rejected for substantially the same reasons as claim 14 above (e.g., figure 1 and section 3 of Candal-Ventureira with respect to a quarantine slice for suspect traffic to be further analyzed).

Regarding independent claim 17, it is substantially similar to independent claim 1 above, and is therefore likewise rejected for substantially the same reasons (i.e., the citations and obviousness rationale).

Regarding claims 18-20, they are substantially similar to elements of claims 3-4 and 9-13, and are therefore likewise rejected. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VADIM SAVENKOV whose telephone number is (571)270-5751. The examiner can normally be reached 12PM-8PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432                                                                                                                                                                                                        
/V.S/Examiner, Art Unit 2432