DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 07/19/22.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 6, 10 are rejected under 35 U.S.C. 103 as being unpatentable over LI(US 20200344602 A1) in view of Vanderhulst at al(US 20150264564 A1).

With regards to claim 1, LI discloses, A system that provides cybersecurity comprising: 
several devices connected to a wireless network (FIG 1 and associated text; ); 
a monitoring device that monitors all the devices connected to a wireless network (FIG 1, 106 and associated text;); 
wherein the monitoring device can remove a device from the wireless network ([0003] The Dev can also allow the user to add (register) another handset, so the owner of said handset can have the same access to the vehicle/home control and monitor system, as the original user. The Dev also lets the user remove (deregister) a missing, stolen or no longer used handset.[0315] It will be automatically removed (deregistered) from the Dev 106 on its expiration date (2167B2).); 
wherein the monitoring device detects any new devices attempting to join the wireless network ([0035] The MSK provides enhanced security protection between the Dev and its registered device(s) during their communication (via cellular, internet, SRC and satellite) and if an unmatched MSK received by said Dev during the process, said Dev requests that the user is required to register his/her new unregistered device and alerts its users via text messages, voice and emails.);
wherein the monitoring device determines whether a new device should be allowed to join the wireless network (0006] The Dev can also alert the user when someone attempts to register his/her handset into its control and monitor system so the user can be aware of such attempt and has the option to allow or not allow it to take place. ); 
wherein the monitoring device keeps a registry of an electronic signature from each of the devices the monitoring device has approved to be on the wireless network (0003] The Dev can also allow the user to add (register) another handset, so the owner of said handset can have the same access to the vehicle/home control and monitor system, as the original user. The Dev also lets the user remove (deregister) a missing, stolen or no longer used handset. [0035] The MSK is a random generated encrypted security data parameter the Dev assigns for each of its registered devices (or commands as in the case of third-party command) and is transmitted by said Dev to its registering device during the activation or registration process; in other words, each MSK is associated with one of the Dev's registered handsets (devices) or a third-party command (transmitted to a third party who will has a time-limited control and monitor over the Dev).); 
wherein the monitoring device can use the registry in order to determine whether a device is new or anomalous ([0035] The MSK provides enhanced security protection between the Dev and its registered device(s) during their communication (via cellular, internet, SRC and satellite) and if an unmatched MSK received by said Dev during the process, said Dev requests that the user is required to register his/her new unregistered device and alerts its users via text messages, voice and emails [0145] During its communication with the Dev, the handset's IDs (i.e., its phone number in 1229/1429 of FIG. 12/14) and/or MSK are/is preferably encapsulated and its data encrypted (with the same security/encryption key provided in UTAID as mentioned earlier) in its command packet(s), and therefore the Dev, when it receives said packet(s), preferably decrypts the data, decapsulates (reverses the encapsulation) or separates the handset's phone number and/or associated MSK from the command packet(s). Next the Dev refers it with its stored handset numbers and/or verifies its associated MSK; and only responds if there is a match.[0173] ); 
wherein the monitoring device can integrate into a user's home security alarm system (abstract : A system for programming, controlling and monitoring wireless networks enabling a wireless device (Dev) being utilized and integrated into car electronic control module or home (or business) alarm/security system.. ); 
wherein the monitoring device can send alerts to a user through the user's home security alarm system ([0025] The Dev can also alert the home owner when an authorized or illegal entry takes place in his/her own house or business premises. It lets the owner know the exact location within the house or business premises, and time when it happened.).
LI does not exclusively but Vanderhulst teaches, 
wherein the monitoring device calculates the physical location of any new device attempting to join the wireless network (FIG 2 245 and associated text; ); 
wherein the monitoring device can use the physical location of any new device in order to determine whether the new device is new or anomalous (0038] At step 250, the GFS propagates a GFS access response message to the user device. The GFS access response message provides an indication as to whether or not the user device is authorized to access the GFS. If the user device is authorized to access the GFS, the access response message may include authentication information for use by the user device to access or use the GFS, authentication information for use by the user device to access or use an object controllable via the GFS, or the like. If the user device is not authorized to access the GFS, the access response message may include any suitable information (e.g., a reason that access is denied or any other suitable information).); 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify LI’s system/method with teaching of Vanderhulst in order for improved security associated with access to and control of smart objects and network-hosted services which may be used to control smart objects(Vanderhulst  [0002])

With regards to claim 6 LI in view of Vanderhulst further discloses, wherein the monitoring device calculates the physical location of any new device attempting to join the wireless network by measuring the direction of a signal connection between the monitoring device and each new device attempting to join the wireless network; wherein the monitoring device also measures the time of the signal connection between the monitoring device and each new device attempting to join the wireless network (Vanderhulst [0018] In at least some embodiments, the various distances associated with the boundaries of a shape or shapes of the spatial region 116 defined by the witness devices 115 may be determined based on one or more of signal strength information (e.g., where witness devices 115 measure the signal strength of signals received from user device 101 for use in triangulating the position of the user device 115 relative to the witness devices 115 defining the spatial region 116), time-of-flight measurement information from one or more time-of-flight cameras, or the like, as well as various combinations thereof.); wherein the monitoring device then calculates the distance and direction of each new device attempting to join the wireless network (Vanderhulst [0022]; The definition of the spatial region 116 of the mapping 132 may include information which may be used by GFS 131 to determine whether user device 101 is located within the spatial region 116 responsive to a request by the user device 101 to access GFS 131 (e.g., various rules according to which the area covered by spatial region 116 is defined, such as in terms of presence or absence of signals, distance-indicative or position-indicative information (e.g., based on signal strength measurements, time-of-flight measurements, or the like), or the like, as well as various combinations thereof).). Motivation would be same as stated in claim 1. 

With regards to claim 10, LI further discloses, wherein the electronic signature of each device can be anything unique about each device, including: a unique pattern of data that is inflowing to each device (0019] The Dev can also allow a user, who loans out his/her car to a friend or relative (i.e., borrower), to program the Dev remotely via his/her handset to restrict borrower's usage of said vehicle to a time limit. The user's handset does it by having the Dev generated a unique one-time and time-limited MSK and then transmitted it to the borrower's handset); a unique pattern of data that is outflowing from each device; a unique type of communication from each device; a unique type of communication to each device; any communication with the device that is not through the wireless network, Bluetooth or a cellular network.

Claim(s) 2, are rejected under 35 U.S.C. 103 as being unpatentable over LI(US 20200344602 A1) in view of Vanderhulst at al(US 20150264564 A1) and Wolosewicz  (US 20220191240 A1 considering Provisional priority).

With regards claim 2, LI in view of Vanderhulst discloses, the monitoring device will send a notification to the user with the details of the malicious or potential rogue device (LI [0006] The Dev can also alert the user when someone attempts to register his/her handset into its control and monitor system so the user can be aware of such attempt and has the option to allow or not allow it to take place. [0023] The Dev can also alert the vehicle owner if someone or something attempts to plant an adverse object: alien or harmful device such as GPS tracker, explosive device, illegal substance or the likes, by detecting its presence via its external smart motion, video, audio, frequency sensors; and/or especially, in the case of a GPS tracker, via its Frequency Hopper (i.e., TMSI, IMSI detector)).
LI in view of Vanderhulst do not Wolosewicz  teaches, wherein the monitoring device utilizes machine learning to learn how a user typically uses a computer, printer, cell phone and other internet of things devices; wherein the monitoring device utilizes machine learning in order to determine if any actions by any internet of things devices are anomalous or unusual in any way, by comparing actual actions to expected actions ([0018] In embodiments, AI engines include machine learning which can establish a baseline of a system owner's IoT system behavioral pattern and detect abnormal system behavior. ); wherein if the monitoring device determines that an internet of things device is acting unusual, then the internet of things device will be flagged as a malicious or a potential rogue device ([0018] The AI can then attempt to match the detected abnormal system behavior to known cyberattack patterns. ),  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify LI in view of Vanderhulst’s system/method with teaching of Wolosewicz  in order to provide security from cyber attack in IOT networks. (Wolosewicz   [0002]).

Claim(s) 3, 12, 16 are rejected under 35 U.S.C. 103 as being unpatentable over LI(US 20200344602 A1) in view of Vanderhulst at al(US 20150264564 A1) and Wang et al(US 20210273951 A1).

With regards to claim 3, LI in view of Vanderhulst disclose, wherein the monitoring device follows the following steps: 
first, a user turning on a monitoring device that monitors all the devices connected to a wireless network (LI [0144]; After activation, the Dev does a power-on reset 249 (FIG. 2/3/4) and then is registered and recognized by the network (in 1519A/1519B, 1619A/1619B, and 1719/1719A of FIGS. 15A/15B, 16A/16B and 17/17A) as are known to those of ordinary skill in the art. Preferably the user has to acknowledge back with an Ok message so the Dev knows its communication link to the handset has been accomplished and user can start the Dev's initialization/configuration process right after. Note: when dev in vehicle, its starts with vehicle ignition switch turn on); 
second, the monitoring device joining a wireless network (LI [0144]; After activation, the Dev does a power-on reset 249 (FIG. 2/3/4) and then is registered and recognized by the network); 
third, the monitoring device detecting all devices connected to the wireless network (LI [0202] According to one aspect of the invention (FIG. 50), the user utilizes the handset's Home Appliance Configuration icon 1373 in the Home Dev Facility Menu 1352 of FIG. 13, to configure the Dev as a Dynamic Host Configuration Protocol (DHCP) web-server (executed by its DHCP Server layer block 619 of FIG. 6) which in turn is able to assign its IP address dynamically to one or more of its household appliances or premises equipment (in other words—Connected Devices) as soon as said device(s)/host(s) is(are) connected to its private Local Area Network (non-public wired/wireless LAN or LAN/WLAN). [0203] According to one aspect of the invention (FIG. 51), the user communicates with his/her household/premises appliances either interacting with the Dev directly or via his/her handset. It also presents an alert text message the user receives from the Dev on his/her registered handset when an external household/premises device attempts to connect to its private (wired/wireless LAN) LAN/WLAN network; it only allows said attempt into its network with the user's permission.); 
fourth, the system creating a registry of all devices connected to the wireless network(LI [0202] According to one aspect of the invention (FIG. 50), the user utilizes the handset's Home Appliance Configuration icon 1373 in the Home Dev Facility Menu 1352 of FIG. 13, to configure the Dev as a Dynamic Host Configuration Protocol (DHCP) web-server (executed by its DHCP Server layer block 619 of FIG. 6) which in turn is able to assign its IP address dynamically to one or more of its household appliances or premises equipment (in other words—Connected Devices) as soon as said device(s)/host(s) is(are) connected to its private Local Area Network (non-public wired/wireless LAN or LAN/WLAN).); 
fifth, the monitoring device analyzing the users connected to the network (LI [0217] According to one aspect of the invention (FIG. 62), Dev 106 integrating in the robotic application, allows a plurality of users to program, control, direct, command, and monitor its functions in its surrounding environment, while at the same time, be informed of any expected and unexpected events relating to its application.); 
sixth, the monitoring device analyzing whether any devices should not be connected to the network (LI [0251] During subsequent registration from another handset/device with an unmatched MSK, the Dev will alert and transmit an allowance/non-allowance command to its registered handset(s) and only when it receives an affirmative response from its registered user or one of its registered users, it will allow said registration to come to a successful conclusion and thus transmitting a MSK to the newly registered handset.); 
seventh, the monitoring device analyzing whether any users should not be connected to the network (LI [0333] When the account security password does not match, the Dev 106 transmits the message “PW not Matched” (step 2576) to the handset 102 and lets it attempt 3 times (step 2580) and if it fails, the Dev 106 goes to password recovery 2588 and also sends messages to other registered handsets 102 informing them of the action (step 2592). This feature allows users to be informed if there is any illegal registration from an unauthorized source. ); 
eighth, the monitoring device determining the location of all the devices connected to the wireless network(LI [0376]; The Dev 106 processes the data, then transmits the handset locator command to the missing handset 102 (phone number 916-987-6500) in step 3956, and also transmits back its searching its status 3922 to the inquiry handset 102, as shown onscreen 3920. When the Dev 106 receives the GPS position of the missing handset 102 from said handset (3958), it sends the information 3960 back to the inquiry handset 102, which displays its location 3926 accompanied by the icon 3928. The inquiry handset 102 displays the graphic location of the missing handset 102 (3932 of screen 3930) after the icon 3928 is executed (expanded).[037] In the case of a vehicle, it also contains finance account application to facilitate the toll fee transaction, when bridge toll or road toll requires. It also contains features, which allow user to locate the GPS location of other registered handset(s). ); 
ninth, the monitoring device determining whether any of the locations of the devices connected to the wireless network are inappropriate, such as outside the house, or some other illogical location (Vanderhulst FIG 2 254 and associated text; ); 
tenth, if the monitoring device determines a device has connected to the wireless network when that device is not supposed to be connected ([0464] By functioning as a DHCP server or web server, the Dev 106 frees the owner from having to have an Internet connection and thus not having to pay extra for said service. In other words, no Internet connection is necessary. Communication between the Dev and one or more of its household devices or office/business/commercial/industrial equipment (or vehicle equipment accessories in auto application), in other words, its Connected Devices or “Connected Devices”, is through the private LAN network or SRC (i.e. WIFI) network and therefore shields these devices from being breached by unwanted guests (via the Internet or public WIFI). Communication between the Dev and one or more of its registered handsets 102 is via the cellular network (with its encrypted and dynamic MSK embedded in the communication data control stream) and thus allows the user to communicate, control and monitor these Connected Devices only via the said Dev.), 
eleventh, if necessary and capable, the monitoring device takes action to remove the anomalous device from the wireless network ([0003] The Dev can also allow the user to add (register) another handset, so the owner of said handset can have the same access to the vehicle/home control and monitor system, as the original user. The Dev also lets the user remove (deregister) a missing, stolen or no longer used handset.[0315] ); 
twelfth, the monitoring device might alert an administrator level human user about the anomalous device, either to inform the user that the anomalous device has been removed, or to ask the user to take some action to remove the anomalous device (LI [0003] The Dev can also allow the user to add (register) another handset, so the owner of said handset can have the same access to the vehicle/home control and monitor system, as the original user. The Dev also lets the user remove (deregister) a missing, stolen or no longer used handset.[0315] It will be automatically removed (deregistered) from the Dev 106 on its expiration date (2167B2)).

LI in view of Vanderhulst do not but Wang teaches, tenth, if the monitoring device determines a device has connected to the wireless network when that device is not supposed to be connected, then the monitoring device creates a vulnerability profile based on the potential threat from that device to the wireless network and the other devices on the wireless network ([0029] A risk assessment service 1-8 is a front end for the risk assessment engine 1-11. The servicel-8 allows components outside the invention's core to make authenticated connections and then request service from the risk assessment engine 1-11. Service is typically something such as assessing risk for a provided event or for an attempted event such as login.); It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify LI in view of Vanderhulst’s system/method with teaching of Wang in order to provide risk assessment for network access control through data analytics (Wang [0001]).


With regards to claim 12, LI discloses, A method that provides cybersecurity comprising: 
several devices being connected to a wireless network (FIG 1 and associated text; ); 
first, a user turning on a monitoring device that monitors all the devices connected to a wireless network (LI [0144]; After activation, the Dev does a power-on reset 249 (FIG. 2/3/4) and then is registered and recognized by the network (in 1519A/1519B, 1619A/1619B, and 1719/1719A of FIGS. 15A/15B, 16A/16B and 17/17A) as are known to those of ordinary skill in the art. Preferably the user has to acknowledge back with an Ok message so the Dev knows its communication link to the handset has been accomplished and user can start the Dev's initialization/configuration process right after. Note: when dev in vehicle, its starts with vehicle ignition switch turn on); 
second, the monitoring device joining a wireless network (LI [0144]; After activation, the Dev does a power-on reset 249 (FIG. 2/3/4) and then is registered and recognized by the network); 
third, the monitoring device detecting all devices connected to the wireless network (LI [0202] According to one aspect of the invention (FIG. 50), the user utilizes the handset's Home Appliance Configuration icon 1373 in the Home Dev Facility Menu 1352 of FIG. 13, to configure the Dev as a Dynamic Host Configuration Protocol (DHCP) web-server (executed by its DHCP Server layer block 619 of FIG. 6) which in turn is able to assign its IP address dynamically to one or more of its household appliances or premises equipment (in other words—Connected Devices) as soon as said device(s)/host(s) is(are) connected to its private Local Area Network (non-public wired/wireless LAN or LAN/WLAN). [0203] According to one aspect of the invention (FIG. 51), the user communicates with his/her household/premises appliances either interacting with the Dev directly or via his/her handset. It also presents an alert text message the user receives from the Dev on his/her registered handset when an external household/premises device attempts to connect to its private (wired/wireless LAN) LAN/WLAN network; it only allows said attempt into its network with the user's permission.); 
fourth, the system creating a registry of all devices connected to the wireless network(LI [0202] According to one aspect of the invention (FIG. 50), the user utilizes the handset's Home Appliance Configuration icon 1373 in the Home Dev Facility Menu 1352 of FIG. 13, to configure the Dev as a Dynamic Host Configuration Protocol (DHCP) web-server (executed by its DHCP Server layer block 619 of FIG. 6) which in turn is able to assign its IP address dynamically to one or more of its household appliances or premises equipment (in other words—Connected Devices) as soon as said device(s)/host(s) is(are) connected to its private Local Area Network (non-public wired/wireless LAN or LAN/WLAN).); 
fifth, the monitoring device analyzing the users connected to the network (LI [0217] According to one aspect of the invention (FIG. 62), Dev 106 integrating in the robotic application, allows a plurality of users to program, control, direct, command, and monitor its functions in its surrounding environment, while at the same time, be informed of any expected and unexpected events relating to its application.); 
sixth, the monitoring device analyzing whether any devices should not be connected to the network (LI [0251] During subsequent registration from another handset/device with an unmatched MSK, the Dev will alert and transmit an allowance/non-allowance command to its registered handset(s) and only when it receives an affirmative response from its registered user or one of its registered users, it will allow said registration to come to a successful conclusion and thus transmitting a MSK to the newly registered handset.); 
seventh, the monitoring device analyzing whether any users should not be connected to the network (LI [0333] When the account security password does not match, the Dev 106 transmits the message “PW not Matched” (step 2576) to the handset 102 and lets it attempt 3 times (step 2580) and if it fails, the Dev 106 goes to password recovery 2588 and also sends messages to other registered handsets 102 informing them of the action (step 2592). This feature allows users to be informed if there is any illegal registration from an unauthorized source. ); 
eighth, the monitoring device determining the location of all the devices connected to the wireless network(LI [0376]; The Dev 106 processes the data, then transmits the handset locator command to the missing handset 102 (phone number 916-987-6500) in step 3956, and also transmits back its searching its status 3922 to the inquiry handset 102, as shown onscreen 3920. When the Dev 106 receives the GPS position of the missing handset 102 from said handset (3958), it sends the information 3960 back to the inquiry handset 102, which displays its location 3926 accompanied by the icon 3928. The inquiry handset 102 displays the graphic location of the missing handset 102 (3932 of screen 3930) after the icon 3928 is executed (expanded).[037] In the case of a vehicle, it also contains finance account application to facilitate the toll fee transaction, when bridge toll or road toll requires. It also contains features, which allow user to locate the GPS location of other registered handset(s). ); 
tenth, if the monitoring device determines a device has connected to the wireless network when that device is not supposed to be connected ([0464] By functioning as a DHCP server or web server, the Dev 106 frees the owner from having to have an Internet connection and thus not having to pay extra for said service. In other words, no Internet connection is necessary. Communication between the Dev and one or more of its household devices or office/business/commercial/industrial equipment (or vehicle equipment accessories in auto application), in other words, its Connected Devices or “Connected Devices”, is through the private LAN network or SRC (i.e. WIFI) network and therefore shields these devices from being breached by unwanted guests (via the Internet or public WIFI). Communication between the Dev and one or more of its registered handsets 102 is via the cellular network (with its encrypted and dynamic MSK embedded in the communication data control stream) and thus allows the user to communicate, control and monitor these Connected Devices only via the said Dev.), 
eleventh, if necessary and capable, the monitoring device takes action to remove the anomalous device from the wireless network ([0003] The Dev can also allow the user to add (register) another handset, so the owner of said handset can have the same access to the vehicle/home control and monitor system, as the original user. The Dev also lets the user remove (deregister) a missing, stolen or no longer used handset.[0315]); 
twelfth, the monitoring device might alert an administrator level human user about the anomalous device, either to inform the user that the anomalous device has been removed, or to ask the user to take some action to remove the anomalous device (LI [0003] The Dev can also allow the user to add (register) another handset, so the owner of said handset can have the same access to the vehicle/home control and monitor system, as the original user. The Dev also lets the user remove (deregister) a missing, stolen or no longer used handset.[0315] It will be automatically removed (deregistered) from the Dev 106 on its expiration date (2167B2)).

LI does not exclusively but Vanderhulst teaches, 
ninth, the monitoring device determining whether any of the locations of the devices connected to the wireless network are inappropriate, such as outside the house, or some other illogical location (Vanderhulst FIG 2 254 and associated text; ); 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify LI’s system/method with teaching of Vanderhulst in order for improved security associated with access to and control of smart objects and network-hosted services which may be used to control smart objects(Vanderhulst  [0002])

LI in view of Vanderhulst do not but Wang teaches, tenth, if the monitoring device determines a device has connected to the wireless network when that device is not supposed to be connected, then the monitoring device creates a vulnerability profile based on the potential threat from that device to the wireless network and the other devices on the wireless network ([0029] A risk assessment service 1-8 is a front end for the risk assessment engine 1-11. The servicel-8 allows components outside the invention's core to make authenticated connections and then request service from the risk assessment engine 1-11. Service is typically something such as assessing risk for a provided event or for an attempted event such as login.); It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify LI in view of Vanderhulst’s system/method with teaching of Wang in order to provide risk assessment for network access control through data analytics (Wang [0001]).

With regards to claim 16 LI in view of Vanderhulst, Wang further discloses, wherein the monitoring device calculates the physical location of any new device attempting to join the wireless network by measuring the direction of a signal connection between the monitoring device and each new device attempting to join the wireless network; wherein the monitoring device also measures the time of the signal connection between the monitoring device and each new device attempting to join the wireless network (Vanderhulst [0018] In at least some embodiments, the various distances associated with the boundaries of a shape or shapes of the spatial region 116 defined by the witness devices 115 may be determined based on one or more of signal strength information (e.g., where witness devices 115 measure the signal strength of signals received from user device 101 for use in triangulating the position of the user device 115 relative to the witness devices 115 defining the spatial region 116), time-of-flight measurement information from one or more time-of-flight cameras, or the like, as well as various combinations thereof.); wherein the monitoring device then calculates the distance and direction of each new device attempting to join the wireless network (Vanderhulst [0022]; The definition of the spatial region 116 of the mapping 132 may include information which may be used by GFS 131 to determine whether user device 101 is located within the spatial region 116 responsive to a request by the user device 101 to access GFS 131 (e.g., various rules according to which the area covered by spatial region 116 is defined, such as in terms of presence or absence of signals, distance-indicative or position-indicative information (e.g., based on signal strength measurements, time-of-flight measurements, or the like), or the like, as well as various combinations thereof).). Motivation would be same as stated in claim 12. 
	
Claim(s) 4, 15, are rejected under 35 U.S.C. 103 as being unpatentable over LI(US 20200344602 A1) in view of Vanderhulst at al(US 20150264564 A1) and Wang et al(US 20210273951 A1) and further in view of BONAR et al(US 20200228539 A1).

With regards to claim 4, 15 LI discloses, wherein the monitoring device follows the additional steps: the monitoring device determining that only the correct devices are connected to the wireless network ([0035] The MSK provides enhanced security protection between the Dev and its registered device(s) during their communication (via cellular, internet, SRC and satellite) and if an unmatched MSK received by said Dev during the process, said Dev requests that the user is required to register his/her new unregistered device and alerts its users via text messages, voice and emails); 
LI in view of Vanderhoulst and Wang do not but BONAR teaches, the monitoring device taking a snapshot of the location of the devices (FIG 1 209 and associated text; ); the monitoring device creating a registry of unique signatures of the devices connected to the network, so as to preserve the locations for use in the future in case a user wants to duplicate the setup of electronic devices in a new location ([0066] controlling the augment based on determination of the geospatial coordinate data 209; verifying the authenticity of the augment request 104 and the associated capture data (e.g., the capture image 205); and/or validating a physical environment of the computing device 200 tied to the augment marker 300 (e.g., utilizing location signature 615 of the location authentication device 600 of FIG. 6).). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify LI in view of Vanderhulst and Wang’s system/method with teaching of BONAR in order to provide ability to verify a user's interaction with the intended physical environment. (BONAR [0008]).

Claim(s) 13, are rejected under 35 U.S.C. 103 as being unpatentable over LI(US 20200344602 A1) in view of Vanderhulst at al(US 20150264564 A1) and Wang et al(US 20210273951 A1) and Wolosewicz  (US 20220191240 A1: considering Provisional priority ).

With regards claim 13, LI in view of Vanderhulst, and Wang discloses, the monitoring device will send a notification to the user with the details of the malicious or potential rogue device (LI [0006] The Dev can also alert the user when someone attempts to register his/her handset into its control and monitor system so the user can be aware of such attempt and has the option to allow or not allow it to take place. [0023] The Dev can also alert the vehicle owner if someone or something attempts to plant an adverse object: alien or harmful device such as GPS tracker, explosive device, illegal substance or the likes, by detecting its presence via its external smart motion, video, audio, frequency sensors; and/or especially, in the case of a GPS tracker, via its Frequency Hopper (i.e., TMSI, IMSI detector)).
LI in view of Vanderhulst and Wangdo not Wolosewicz  teaches, wherein the monitoring device utilizes machine learning to learn how a user typically uses a computer, printer, cell phone and other internet of things devices; wherein the monitoring device utilizes machine learning in order to determine if any actions by any internet of things devices are anomalous or unusual in any way, by comparing actual actions to expected actions ([0018] In embodiments, AI engines include machine learning which can establish a baseline of a system owner's IoT system behavioral pattern and detect abnormal system behavior. ); wherein if the monitoring device determines that an internet of things device is acting unusual, then the internet of things device will be flagged as a malicious or a potential rogue device ([0018] The AI can then attempt to match the detected abnormal system behavior to known cyberattack patterns. ),  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify LI in view of Vanderhulst and Wang’s system/method with teaching of Wolosewicz  in order to provide security from cyber attack in IOT networks. (Wolosewicz  [0002]).




Allowable Subject Matter
Claims 5, 7-9, 11, 14, 17-19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Claim 20 is allowed based on prior art of search. The following is an examiner’s statement of reasons for allowance:
The prior art of record does not teach or fairly suggest in combination of steps as recited in the Applicant’s independent claim, several devices connected to a wireless network; a monitoring device that monitors all the devices connected to a wireless network; wherein the monitoring device can remove a device from the wireless network; wherein the monitoring device detects any new devices attempting to join the wireless network; wherein the monitoring device determines whether a new device should be allowed to join the wireless network; wherein the monitoring device calculates the physical location of any new device attempting to join the wireless network; wherein the monitoring device can use the physical location of any new device in order to determine whether the new device is new or anomalous; wherein the monitoring device keeps a registry of the electronic signature of all the devices the monitoring device has approved to be on the wireless network; wherein the monitoring device can use the registry in order to determine whether a device is new or anomalous; wherein the monitoring device utilizes machine learning to learn how a user typically uses a computer, printer, cell phone and other internet of things devices; wherein the monitoring device utilizes machine learning in order to determine if any actions by any internet of things devices are anomalous or unusual in any way, by comparing actual actions to expected actions; wherein if the monitoring device determines that an internet of things device is acting unusual, then the internet of things device could be flagged as malicious or a potential rogue device; wherein the monitoring device follows the following steps: first, a user turning on a monitoring device that monitors all the devices connected to a wireless network; second, the monitoring device joining a wireless network; third, the monitoring device detecting all devices connected to the wireless network; fourth, the system creating a registry of all devices connected to the wireless network; fifth, the monitoring device analyzing the users connected to the network; sixth, the monitoring device analyzing whether any devices should not be connected to the network; seventh, the monitoring device analyzing whether any users should not be connected to the network; eighth, the monitoring device determining the location of all the devices connected to the wireless network; ninth, the monitoring device determining whether any of the locations of the devices connected to the wireless network are inappropriate, such as outside the house, or some other illogical location; tenth, if the monitoring device determines a device has connected to the wireless network when that device is not supposed to be connected, then the monitoring device creates a vulnerability profile based on the potential threat from that device to the wireless network and the other devices on the wireless network; eleventh, if necessary and capable, the monitoring device takes action to remove the anomalous device from the wireless network; twelfth, the monitoring device might alert an administrator level human user about the anomalous device, either to inform the user that the anomalous device has been removed, or to ask the user to take some action to remove the anomalous device; thirteenth, the monitoring device determining that only the correct devices are connected to the wireless network; fourteenth, the monitoring device taking a snapshot of the location of the devices; fifteenth, the monitoring device creating a registry of unique signatures of the devices connected to the network, so as to preserve the locations for use in the future in case a user wants to duplicate the setup of electronic devices in a new location; wherein the vulnerability profile includes information on the type of data that a device is supposed to send over the internet; wherein the type of data that a device is supposed to send over the internet is based on the type of device, the normal use of the device, the intended use of the device, as well as a machine learning analysis of the typical use of the device; wherein the monitoring device determines whether a device is actually sending data consistent with the type of data that the device is supposed to send over the internet; wherein if the device is not sending data consistent with the type of data the device is supposed to send over the internet, then the monitoring device will consider the device a rogue or malicious device; wherein the monitoring device calculates the physical location of any new device attempting to join the wireless network by measuring the direction of a signal connection between the monitoring device and each new device attempting to join the wireless network; wherein the monitoring device also measures the time of the signal connection between the monitoring device and each new device attempting to join the wireless network; wherein the monitoring device then calculates the distance and direction of each new device attempting to join the wireless network; wherein the monitoring device uses the physical location of a new device attempting to join the network in order to determine whether the new device is new or anomalous by analyzing whether the physical location is in a logical or normal physical location or not; wherein the monitoring device determines if a physical location is logical based on whether the physical location is within the same structure as the monitoring device or within the same floor as the monitoring device or within some other physically bounded area set by an administrator; wherein the monitoring device determines if a physical location is normal based on machine learning analysis of where devices already connected to the wireless network are usually utilized, and including these locations as normal locations; wherein if the monitoring device determines that the new device is not in a normal or logical location, then the monitoring device will consider the new device to be a malicious or rogue device, and the monitoring device will send a notification to the user with the details of the malicious or potential rogue device.

	
Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED WALIULLAH whose telephone number is (571)270-7987. The examiner can normally be reached 8.30 to 430 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 1-571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MOHAMMED WALIULLAH/Primary Examiner, Art Unit 2498