Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claim(s) 1-3, 6-7, 9-14, 16-22 is/are rejected under 35 U.S.C. 103 as being unpatentable over Stockdale US 2017/0220801 in view of Cheng US 2016/0301707.
As per claim 1. Stockdale teaches A method for determining a weakness or risk for devices of an Internet-of-things (IoT) network, comprising: determining a representation of a physical environment of the IoT network and expected physical and cyber interactions between the devices of the IoT network based at least in part on operating characteristics of the devices of the IoT network; monitoring the physical environment and actual interactions between the devices of the IoT network to generate a network model including at least one of uncharacteristic physical or cyber interaction paths between the devices of the IoT network over which physical or cyber interactions can potentially occur; based on the determined network model, (teaches monitoring elements/devices in a network and generating a network model based on the behavior of each device in the network; and topology/environment; teaches observing and modeling all network traffic and user interaction with said devices; teaches that the network may be an IoT network; teaches providing a security metric/ threat risk parameter indicative of a threat)  [0014]-[0019]; [0039][0047][0050][0080][0081][0082][0087]

Cheng teaches determining at least one weakness or risk of at least one of the IoT network or of at least one of the devices of the IoT network; and providing a metric of security of at least one of the IoT network or of at least one of the devices of the IoT network based on at least one of the determined weakness or risk. [0041][0048][0093]  (teaches determining profiles of IoT devices, monitoring the behavior of IoT devices and assigning vulnerability score)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the specific IoT teachings of Cheng with the system of Stockdale because it helps prevent attacks on IoT devices [0003].As per claim 2. Cheng teaches The method of claim 1, wherein the operating characteristics comprise at least one of security policies, device features and capabilities, physical location, proximity to other devices, mobility, time and states or security properties and determining at least one weakness or risk comprises determining a security posture for the IoT network. [0041][0048] (teaches device features, locations, capabilities)As per claim 3. Cheng teaches The method of claim 1, wherein providing a metric of security comprises determining a relative security score for at least one of the IoT network or the devices of the IoT network based on the determined at least one weakness or risk. [0093] (vulnerability score)As per claim 6. Stockdale teaches The method of claim 1, further comprising comparing the expected physical and cyber interactions between the devices of the IoT network and the monitored, actual interactions between the devices of the network to identify an anomaly. [0018][0019]
Cheng additionally teaches this functionality [0040][0046]As per claim 7. Stockdale teaches The method of claim 6, wherein the anomaly is representative of at least one of uncharacteristic physical or cyber interaction paths between the devices of the IoT network over which physical or cyber interactions can potentially occur. [0018][0019]
Cheng additionally teaches this functionality [0040][0046]As per claim 9. Cheng teaches The method of claim 1, further comprising communicating a probe signal, including at least one of a network packet or a side channel input, to at least one of the devices of the IoT network and monitoring an output of the at least one of the devices of the IoT network to determine if the at least one of the devices of the IoT network is a cause of the at least one uncharacteristic physical or cyber interaction paths between the devices of the IoT network over which physical or cyber interactions can potentially occur. [0049][0161][0162] (teaches probing IoT devices with packet and determine response in order to determine vulnerability)As per claim 10. Stockdale teaches The method of claim 1, further comprising determining a cause of the at least one uncharacteristic physical or cyber interaction paths between the devices of the IoT network by using historical observations of a functionality of at least one of the devices of the IoT network. [0017][0019][0080][0087]
Cheng [0092][0093]As per claim 11. Cheng teaches The method of claim 1, wherein the uncharacteristic physical or cyber interaction paths between the devices of the IoT network over which physical or cyber interactions can potentially occur are representative of actual interactions between the devices of the IoT network that are outside of a security policy. [0108][0111][0152] (teaches anomaly detection engine that detects new interactions outside the scope of determined normal behavior policy)As per claim 12. Stockdale teaches The method of claim 1, further comprising comparing the monitored actual interactions between the devices of the IoT network with expected physical and cyber interactions between the devices of the IoT network that are authorized by security policies included in the operating characteristics of the devices of the IoT network to determine the uncharacteristic physical or cyber interaction paths between the devices of the IoT network.  [0017]-[0019]As per claim 13. Cheng teaches The method of claim 1, wherein the operating characteristics of the devices of the IoT network are determined using at least one of sniffers, user input, or information obtained from the at least one of the Internet and the IoT network. [0047] [0070] [0100][0102]  (teaches profiling of IoT devices including operating characteristics and this is done locally in the IoT network or through the Internet via the cloud)As per claim 14. Cheng teaches The method of claim 1, further comprising providing the metric of security of the IoT network or of at least one of the devices of the IoT network to a user on a graphical user interface. [0109] (user interface)As per claim 16. Stockdale teaches The method of claim 1, further comprising: determining if at least one of the operating characteristics or the actual interactions between the devices of the IoT network has changed; and in response to a determined change, re-generating the network model. [0019] (updating model)As per claim 17. Stockdale teaches The method of claim 1, further comprising periodically re-generating the network model to capture dynamic operating characteristics of at least one of the IoT network or the devices of the IoT network. [0019] (updating model)As per claim 18, Stockdale teaches An apparatus for determining a weakness or risk for devices of an Internet-of-things (IoT) network, comprising: a processor; and a memory coupled to the processor, the memory having stored therein at least one of programs or instructions executable by the processor to configure the apparatus to: determine a representation of a physical environment of the IoT network and expected physical and cyber interactions between the devices of the IoT network based at least in part on operating characteristics of the devices of the IoT network; monitor the physical environment and actual interactions between the devices of the IoT network to generate a network model including at least one of uncharacteristic physical or cyber interaction paths between the devices of the IoT network over which physical or cyber interactions can potentially occur; based on the determined network model,  (teaches monitoring elements/devices in a network and generating a network model based on the behavior of each device in the network; and topology/environment; teaches observing and modeling all network traffic and user interaction with said devices; teaches monitoring all interactions between the devices on the system to detect abnormal behavior; teaches that the network may be an IoT network; teaches providing a security metric/ threat risk parameter indicative of a threat)  [0014]-[0019]; [0039][0047][0050][0080][0081][0082][0087]

Cheng teaches determine at least one weakness or risk of at least one of the IoT network or of at least one of the devices of the IoT network; and provide a metric of security of at least one of the IoT network or of at least one of the devices of the IoT network based on at least one of the determined weakness or risk. [0041][0048][0093]  (teaches determining profiles of IoT devices, monitoring the behavior of IoT devices and assigning vulnerability score)
As per claim 19. Cheng teaches The apparatus of claim 18, wherein the apparatus is further configured to generate a graphical user interface to enable information to be communicated between the apparatus and a user. [0109] (user interface)As per claim 20. Cheng teaches The apparatus of claim 18, wherein the apparatus is further configured to search the Internet or the IoT network for at least information related to the operating characteristics of the devices of the IoT network. [0047] [0070] [0100][0102]  (teaches profiling of IoT devices including operating characteristics and this is done locally in the IoT network or through the Internet via the cloud)As per claim 21. Stockdale teaches A system for determining a weakness or risk for devices of an Internet-of-things (IoT) network, comprising: at least one sniffer to determine operating characteristics of the devices of the IoT network; and an apparatus comprising a processor and a memory coupled to the processor, the memory having stored therein at least one of programs or instructions executable by the processor to configure the apparatus to: determine a representation of a physical environment of the IoT network and expected physical and cyber interactions between the devices of the IoT network based at least in part on operating characteristics of the devices of the IoT network; monitor the physical environment and actual interactions between the devices of the IoT network to generate a network model including at least one of uncharacteristic physical or cyber interaction paths between the devices of the IoT network over which physical or cyber interactions can potentially occur; (teaches monitoring elements/devices in a network and generating a network model based on the behavior of each device in the network; and topology/environment; teaches observing and modeling all network traffic (sniffing) and user interaction with said devices; teaches monitoring all interactions between the devices (sniffing) on the system to detect abnormal behavior; teaches that the network may be an IoT network; teaches providing a security metric/ threat risk parameter indicative of a threat)  [0014]-[0019]; [0039][0047][0050][0080][0081][0082][0087]

Cheng teaches based on the determined network model, determine at least one weakness or risk of at least one of the IoT network or of at least one of the devices of the IoT network; and provide a metric of security of at least one of the IoT network or of at least one of the devices of the IoT network based on at least one of the determined weakness or risk.[0040][0041][0048][0052][0053][0093]  (teaches determining profiles of IoT devices, monitoring the behavior of IoT devices including sniffing packets and assigning vulnerability score)

As per claim 22. Stockdale teaches A non-transitory computer-readable storage device having stored thereon a plurality of instructions, the plurality of instructions including instructions which, when executed by a processor, cause the processor to perform a method for determining a weakness or risk for devices of an Internet-of-things (IoT) network, comprising: determining a representation of a physical environment of the IoT network and expected physical and cyber interactions between the devices of the IoT network based at least in part on operating characteristics of the devices of the IoT network; monitoring the physical environment and actual interactions between the devices of the IoT network to generate a network model including at least one of uncharacteristic physical or cyber interaction paths between the devices of the IoT network over which physical or cyber interactions can potentially occur; based on the determined network model, (teaches monitoring elements/devices in a network and generating a network model based on the behavior of each device in the network; and topology/environment; teaches observing and modeling all network traffic (sniffing) and user interaction with said devices; teaches monitoring all interactions between the devices (sniffing) on the system to detect abnormal behavior; teaches that the network may be an IoT network; teaches providing a security metric/ threat risk parameter indicative of a threat)  [0014]-[0019]; [0039][0047][0050][0080][0081][0082][0087]


Cheng teaches determining at least one weakness or risk of at least one of the IoT network or of at least one of the devices of the IoT network; and providing a metric of security of at least one of the IoT network or of at least one of the devices of the IoT network based on at least one of the determined weakness or risk.
[0040][0041][0048][0052][0053][0093]  (teaches determining profiles of IoT devices, monitoring the behavior of IoT devices including sniffing packets and assigning vulnerability score)


Claim(s) 4, 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Stockdale US 2017/0220801 in view of Cheng US 2016/0301707 in view of Mayer US 8,307,444.

As per claim 4. Mayer teaches The method of claim 1, further comprising predicting, using the network model, an effect of adding a new device to the IoT network on the determined at least one weakness or risk of at least one of the IoT network or at least one of the devices of the IoT network based on operating characteristics of the new device. (Column 13 line 58 to Column 14 line 20) (teaches predicting security changes based on changes to the network including updating/adding devices)

It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the security evaluation of Mayer with the previous combination because it helps administrators make informed decisions (Column 1 lines 60-65; Column 2 lines 1-11)
As per claim 5. Cheng reaches The method of claim 4, further comprising determining a relative security score for the new device based on the affected at least one weakness or risk. [0093]

Claim(s) 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Stockdale US 2017/0220801 in view of Cheng US 2016/0301707 in view of Prvulovic US 2018/0012020.

As per claim 8.  Prvulovic teaches The method of claim 1, further comprising monitoring at least one output of at least one side channel, including at least one of lights, heat, facial recognition, human interaction, timing details, a power profile, an electromagnetic profile, and acoustic properties, associated with at least one of the Internet devices of the network to identify an anomaly in the at least one output of the at least one side channel associated with the at least one of the devices of the IoT network, wherein the identified anomaly provides an indication that the at least one device associated with the at least one side channel having the identified anomaly is a cause of the at least one uncharacteristic physical or cyber interaction paths between the devices of the IoT network over which physical or cyber interactions can potentially occur. [0072][0074] (teaches side channel monitoring of an IoT device in order to identify an anomaly) 
It would have been obvious to one of ordinary skill in the art to use the side channel of Prvulovic with the prior art combination because it helps protect the device and improves the system [0007][0010]

Claim(s) 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Stockdale US 2017/0220801 in view of Cheng US 2016/0301707 in view of Beatty US 2016/0315955.

As per claim 15. Beatty teaches The method of claim 1, wherein a cause of at least one uncharacteristic physical or cyber interaction path between the Internet devices of the network over which physical or cyber interactions can potentially occur comprises a device either (1) not capable of communicating outside of the IoT network, (2) not within the IoT network, or (3) not within a physical space of the IoT network. [0047][0048] (teaches monitoring paths from outside of the IoT network)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the paths of Beatty with the previous art combination because it helps prevent malicious activity [0003][0004]


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER BROWN whose telephone number is (571)272-3833. The examiner can normally be reached M-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439