DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 08/03/2022 has been entered.
 
Response to Amendment
This action is responsive to an amendment filed on 08/03/2022.
Claims 1, 10 and 16 have been amended.
Claims 3, 5, 12, 14, 18 and 20 have been canceled.
Claim 21 has been added.
Claims 1, 4, 6-10,  13, 15, 16, 19 and 21 are pending.

Response to Arguments
Applicant's arguments filed 08/03/2022, with respect to the rejection of the pending claims under 35 U.S.C. §103 have been fully considered but they are not persuasive.
Applicant argues that Dubuc does not describe that the RADIUS server returns a URL of a remote server to connect with the IoT device and a second attribute indistinctive of a predefined VLAN for grouping the IoT device with other IoT devices, as claimed. (Rem./Arg. Page 8)
Examiner respectfully disagrees. Dubuc teaches after successfully authenticate user device, RADIUS server return an interface name, a VLAN identifier, a VLAN name, a VDOM name within a Vendor-Specific attribute (VSA) of the RADIUS Access-Accept response packet. The value of the VSA provided in the RADIUS Access-Accept response packet may then be used to establish a routing entry to forward traffic from the user's source IP address to an identified destination VLAN [¶ 0071]. Dubuc also teaches a routing table include at least a destination field, identifying the IP address of the packet's final destination [¶ 0081]. Given the broadest reasonable interpretation, Examiner considers a VLAN identifier as a first attribute and VLAN name as a second attribute. 
However, Dubuc does not explicitly teaches that the VLAN Identifier is associated with a URL of a remote server to connect. Examiner relies on a new reference, Chen, to teach that the VLAN is associated with a URL of a remote server. See the newly crafted rejection, infra.

Claim Objections
Claims 4, 6, 13, 19 and 21 are objected to because of the following informalities. 
Claims 4, 6, 13 and 19 are dependent of Claims 4, 12 and 18, however, Claims 4, 12 and 18 have been canceled.
Claim 21 recites “…the IP address of the IoT device is assigned to the IP address…”, which appears a typographical error and likely intended to recite “…the IP address of the IoT device is assigned to the IoT device…”.
Appropriate correction is required.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 6-7, 10, and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over US 2019/0089704 (Nagaraju et al.) in view of US 2008/0028445 (Dubuc et al.), further in view of CN 113972988 (Chen et al.), CN 108366083 (Yu) and US 2020/0162474 (Zou et al.).

Regarding Claim 1, Nagaraju teaches a method for authentication and firewall enforcement for an Internet of Things (IoT) device coupled to a network device ([⁋ 0010], teaches authenticates an IoT device by sending MAC address of the IoT device to an authentication server), the method comprising: sending, by the network device to an authentication server, a request to authenticate the IoT device, the request including a Media Access Control (MAC) address of the IoT device ([⁋ 0019-0020], determine, in response to a device joining a network, a media access control (MAC) address of device. …the device  may include an IoT device…send the MAC address to an authentication server for authenticating the MAC address . [see also, ⁋⁋ 0027, 0030]);
receiving, by the network device from the authentication server, a response indicative of successful authentication of the IoT device based on the MAC address, wherein the response includes Vendor Specific Attribute (VSA) (emphasis added) ([⁋ 0010], In response to the authentication request, receive a Vendor Specific Attribute (VSA) associated with the MAC address from the authentication server. [⁋ 0021]. Once the MAC address is authenticated by authentication server, authentication server may provide the VSA associated with the MAC address. [see also, ⁋⁋ 0027, 0030, Fig. 4, instruction 410, ⁋ 0031];
Nagaraju does not explicitly teach, however, Dubuc teaches a first attribute including VLAN Identifier to connect with the IoT device and a second attribute indicative of a predefined Virtual Local Area Network (VLAN) for grouping the IoT device with other IoT devices (emphasis added) ([⁋ 0053], during authentication with a authentication server one or more authentication attributes may be returned by the authentication server to facilitate routing of an end user traffic flow. For example, information regarding a destination virtual network, such as a destination VLAN can be returned by the authentication server. [⁋ 0071], successful authentication by a RADIUS server may cause the RADIUS server to return an interface name, a VLAN identifier [i.e., network address of a remote server], a VLAN name or a VDOM name within a Vendor-Specific attribute (VSA) of the RADIUS Access-Accept response packet. [Fig. 1, ⁋ 0044], Each subscriber [e.g., IoT device] has a corresponding virtual local area network (VLAN) (i.e., Customer A VLAN 111, Customer B VLAN 112, Customer C VLAN 113 and Customer D VLAN 114) within the co-location network 110 with which the customer's telecommunications and/or network equipment is associated); generating,  by the network  device,  a firewall role for the IoT device based on a combination of an Internet Protocol (IP) address of the IoT device and the first attribute  ([⁋ 0053], during authentication with a authentication server one or more authentication attributes may be returned by the authentication server to facilitate routing of an end user traffic flow. For example, information regarding a destination virtual network, such as a destination VLAN can be returned by the authentication server and then used by a network device to install a policy route from the client's source IP address [e.g., IP address of the IoT device] to the desired virtual network. [Fig. 2, ⁋⁋ 0070-0071], At decision block 225, the gateway waits for the authentication result from the authentication process. If the authentication is successful, processing continues with block 230. At block 230, the gateway adds a firewall policy specifically for the source IP address associated with the now authenticated user thereby granting the user access through the gateway. At block 235, a specific routing entry may be created within the gateway for the authenticated user's source IP address ….The value of the VSA provided in the RADIUS Access-Accept response packet may then be used to establish a routing entry to forward traffic from the user's source IP address to a gateway interface associated with an identified destination VLAN. [⁋ 0073] At block 245, If authentication was successful, subsequent traffic from the source IP address associated with the authenticated user will be forwarded to the VLAN identified based on the authentication response); controlling, by the network device, data traffic between the IoT device and the remote server based on policies defined in the generated firewall role ([¶ 0080] the firewall matches the intercepted connection request from the remote client against the policy table to determine whether to allow, block or authenticate the connection request. [¶ 0081], routing table contains a set of rules that are used to determine where data packets originated by the remote client will be directed. …the routing table include at least a destination field, identifying the IP address of the packet's final destination, …should be used when forwarding the packet to the final destination).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Nagaraju with Dubuc in order to add a firewall policy for granting access of a particular device based on the IP address of the device and the destination as taught by Dubuc, because it would have enabled the system to assist traffic forwarding/routing form distinct device based on the authentication results [Dubuc, ⁋ 0004].
However, Dubuc does not explicitly teaches the VLAN Identifier is associated with a URL of a remote server to connect. Therefore, Nagaraju in view of Dubuc do not explicitly teach, but Chen teaches response includes a first attribute including a Universal Resource Locator of a remote server to connect ([Disclosure of Invention, Page 2], routing device receives the network access request sent by the terminal; wherein virtual local area network is associated with the uniform resource locator (URL) of the server; responding to the network access request sent by the terminal, sending the URL of the server to the terminal).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Chen with Nagaraju and Dubuc in order to include in the response a URL of a remote server to connect as taught by Chen, because it would have enabled the device to communicate with the server associated with the VLAN, using the URL.
While, Dubuc teaches an attribute-to-interface table that represents a mapping of attribute values (e.g., VLAN-name, VLAN-id, VDOM-name, interface-name, etc.) that may be returned with successful authentication responses, however, Nagaraju in view of Dubuc do not explicitly teach, but Yu teaches wherein the IoT device is authenticated based on a predefined mapping that links the MAC address of the IoT device with the first attribute and the second attribute ([Page 4, para. 2-4] received a request for accessing a certain website, triggers the authentication server to perform MAC authentication on the MAC address 1_1 that is the MAC address of the user… the authentication server authenticates the MAC address 1_1 and sends an authorized Virtual Switch Instance (VSI) corresponding to the user, a Uniform Resource Locator (URL) and an ACL policy when the authentication passes. …the ACL entry includes the MAC address 1_1 and the URL [i.e., the first attribute], and the ACL entry is used to redirect the network access request carrying the MAC address 1_1 to the corresponding URL).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Nagaraju, Dubuc and Chen with Yu in order to map the MAC address of the user  device and the URL of the destination  in a ACL as taught by Yu, because it would have enabled the system to control the transfer of data between a device and a specific destination.
Nagaraju in view of Dubuc, Chen and Yu do not explicitly teach, but Zou teaches wherein the firewall role is indicative of a permission to exchange a specific type of data traffic between the IoT device and the remote server ([¶ 0053] an IoT firewall includes IoT rules for transmission of data through a private cloud in managing the IoT devices. IoT rules can include what IoT devices can be onboarded or authenticated, what types of data are allowed to be transferred through a private cloud for managing and onboarding IoT devices, what destinations [i.e. remote server] IoT devices are allowed to send data to and receive data from).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Nagaraju, Dubuc, Chen and Yu with Zou in order to  implementing a firewall rule specifying which type of data are allowed to be sent as taught by Zou, because it would have enabled the system to implement proper rules for forwarding message based on the implementation-specific consideration of  IoT device [Zou, ⁋ 0063].

Regarding Claim 6, Nagaraju teaches the method of claim 3, wherein the first and second attributes are Vendor- specific attributes included in the response ([⁋ 0010], In response to the authentication request, receive a Vendor Specific Attribute (VSA) associated with the MAC address from the authentication server. [⁋ 0021]. Once the MAC address is authenticated by authentication server, authentication server may provide the VSA associated with the MAC address. [see also, ⁋⁋ 0027, 0030, Fig. 4, instruction 410, ⁋ 0031].

Regarding Claim 7, Nagaraju teaches the method of claim 1, wherein the request is a Remote Authentication Dial-In User Service (RADIUS): Access-Request message and the response is a RADIUS: Access-Accept message ([⁋ 0020], authentication server 118 may include a Remote Authentication Dial-In User Service (RADIUS) server. The RADIUS server may refer to an authentication server 118 that operates according to the RADIUS protocol. [⁋ 0027], send the MAC address to a Remote Authentication Dial-In User Service (RADIUS) server. In response, receive a Vendor Specific Attribute (VSA) associated with the MAC address from the RADIUS server.

Regarding Claim 10, Nagaraju teaches an access point (AP) comprising: a processor; and a memory coupled to the processor, the memory storing  instructions executable by the processor ([Fig. 4, 0031], Internet of Things (IoT) device on a network switch. …includes a processor 402 and a machine-readable storage medium 404 communicatively coupled…processing logic that interprets and executes machine-readable instructions stored in machine-readable storage medium).
The rest of the limitations of Claim 10 are rejected under the same rationale of Claim 1.

Claim 15 is rejected under the same rationale of Claim 7.

Regarding Claim 16, Nagaraju teaches a non-transitory computer-readable medium comprising computer-readable instructions, the computer-readable instructions when executed by a processor, cause the processor to ([Fig. 4, 0031] … machine-readable storage medium may be a non-transitory machine-readable medium. Machine-readable storage medium 404 may store instructions 406, 408, 410, 412, and 414. …instructions may be executed by processor 402 to…).
The rest of the limitations of Claim 16 are rejected under the same rationale of Claim 1.

Claims 4, 13 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Nagaraju in view of Dubuc, Chen, Yu and Zou, further in view of US 2016/0381030 (Chillappa et al.).

Regarding Claim 4, while Dubuc teaches the method of claim 3, further comprising: associating, by the network device, the subscriber with the predefined VLAN ([Fig. 1, ⁋ 0044], each subscriber has a corresponding virtual local area network (VLAN) (i.e., Customer A VLAN 111, Customer B VLAN 112, Customer C VLAN 113 and Customer D VLAN 114) within the co-location network 110 with which the customer's telecommunications and/or network equipment is associated and monitoring resources associated with the co-location network 110 within which customer VLAN located [Fig. 1, ⁋ 0049], however, Nagaraju in view of Dubuc, Chen, Yu and Zou do not explicitly teach, but, Chillappa teaches, associating, by the network device, the IoT device with the predefined VLAN ([⁋ 0008], …creating a virtual local area network (VLAN) with restricted privileges on the local area network, and isolating the corresponding IoT device in the VLAN. …various IoT devices are isolated in specific ones of the VLANs based on their reputation scores); and monitoring, by the network device, performance characteristics of the IoT device based on the association with the predefined VLAN ([Fig. 3, ⁋ 0032], a constraint profile 301 for an unknown IoT device 123 can direct the router component 123 to segregate the given device 123 to a separate VLAN 309, monitor all attempts by the IoT device 123 to communicate with other devices. Over time as the IoT device 123 becomes known and specific communications it executes are deemed legitimate, the constraint profile 301 can be updated for running the IoT device 123 in a less restrictive VLAN 309, but the router component 121 continues to monitor the device. [⁋ 0035], the default constraint profile 301 for an unknown device 123 indicates to isolate the device 123 in a separate VLAN 309, monitor its communications and other behaviors, and report all monitored information to the backend component).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Chillappa with the references in order to  isolating IoT devices in specific VLAN to monitor the IoT devices activity and behaviors  in that VLAN as taught by Chillappa, because it would have enabled the system to grouping the IoT devices to properly monitoring a particular types of IoT devices in a particular group.

Claims 13  and 19 are rejected under the same rationale of Claim 4.

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Nagaraju in view of Dubuc, Chen, Yu and Zou, further in view of US 2019/0089813 (Choi et al.).

Regarding Claim 8, Nagaraju in view of Dubuc, Chen, Yu and Zou do not explicitly teach, however, Choi teaches, the method of claim 1, wherein the IoT device is an IoT dongle coupled to the network device through a Universal Serial Bus (USB) port of the network device ([⁋ 0027], a model of a newly-launched product according to performances, and the user may be provided with an option for the IoT function via the dongle. [⁋ 0075], a dongle is connected to a device via a USB connector).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Choi with the references in order to  use a USB dongle to provide an IoT function as taught by Choi, because it would have been an advantageous addition to use a dongle to provide IoT function for a device not supporting IoT function to a home network [Choi, ⁋ 0005].

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Nagaraju in view of Dubuc, Chen, Yu and Zou, further in view of US 2017/0180380 (Bagasra).

Regarding Claim 9, Nagaraju in view of Dubuc, Chen, Yu and Zou do not explicitly teach, however, Bagasra teaches the method of claim 1, wherein the IP address is assigned to the IoT device using Dynamic Host Configuration Protocol (DHCP) ([Fig. 1, ⁋ 0029] DHCP server 140 implement the DHCP protocol for assigning an IP address to a requesting IoT device 105. [Fig. 4, ⁋ 0036], PGW 315, using the DHCP protocol, assigns 405 an IP address to IoT device 105).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Bagasra with the references in order to  assign IP address of an IoT device using DHCP server as taught by Bagasra, because it would have ensure providing a reliable IP address to the IoT device without any address conflict caused by the assignment of an IP address.

Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over Nagaraju in view of Dubuc, Chen, Yu and Zou, further in view of CN  110071984 (Xie et al.).

Regarding Claim 21, while Nagaraju teaches each Internet of Things may be assigned a unique identifier (for example, an IP address) and provided with the ability to collect and exchange data over a network [0007], However, Nagaraju in view of Dubuc, Chen, Yu and Zou do not explicitly teach, however, Xie teaches the method of claim 1, wherein the IP address of the IoT device is assigned to the IP address after receiving the response indicative of successful authentication of the IoT device ([Fig. 7, Page 12] step 701, after the authentication is passed, the access gateway allocates first IP address for the terminal).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Xie with the references in order to  assign IP address of an IoT device after the device is authenticated as taught by Xie, because it would have ensure providing IP address to only the IoT device that is authenticated.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD YOUSUF A MIAN whose telephone number is (571)272-9206. The examiner can normally be reached Monday-Friday 9am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, PETER-ANTHONY PAPPAS can be reached on 571-272-7646. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/MOHAMMAD YOUSUF A. MIAN/Examiner, Art Unit 2448                                                                                                                                                                                                        
/LANCE LEONARD BARRY/Primary Examiner, Art Unit 2448