DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 4 and 8 are rejected under 35 U.S.C. 103 as being unpatentable over Talpade (US 20060239203), and further in view of Shi (CN 109548030 A).

Regarding claims 1 and 8, Talpade teaches A device (see [0073]: “A coordinator node”. And see [0028]: “Referring to FIG. 1, every network node 102 on a path of flow in an ad hoc network 100 sends summarized information about the flow periodically to associated coordinator nodes 104”) comprising: one or more processors; and one or more non-transitory computer-readable media storing instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising: 
assigning a first rating to a plurality of nodes (see [0073]: “A coordinator node receives reports from every network node periodically. It maintains information about nodes (Network-Node-List) in the network, with each node identified by a unique IP address. Each Network-Node-List entry includes the Suspect-Counter for the node, which is initially set to zero”. And see [0038]: “Suspect-Counter: Value used at coordinator to represent "maliciousness" of network node; the higher the value, the more malicious the node is considered to be”. The Examiner interprets initially setting Suspect-Counter to zero for all nodes as assigning a first rating to a plurality of nodes) within a mesh network (see [0004]: “Ad hoc networks are generally described as those comprised of mobile, wireless nodes, where any node is capable of forwarding IP packets”); 
determining a number of drops of a plurality of messages sent to a first node of the plurality of nodes (see [0084]: “Based on information available in the Flow-Node-List for the flow in the first part above, the coordinator compares the number of packets received and transmitted by a node to those indicated by its next-hop neighbors”. And see [0085]: “Step 2 below handles the case where there is a mismatch between the number of flow packets reported as transmitted by a node and the number of flow packets reported as received by its next-hop neighbors. This mismatch can be attributed to "natural" packet-loss, which is taken into account using a configurable threshold (Permissible-Packet-Loss)”. And see [0091], [0092] and Fig. 8: “3. For each node entry X in Flow-Node-List belonging to flow
If abs(Received-Packet-Count)/(sum of Forwarded-Packet-Count)>Permissible-Packet-Loss 804”); 
determining that the number of drops of the plurality of messages exceeds a threshold number of drops (see [0091], [0092] and Fig. 8: “3. For each node entry X in Flow-Node-List belonging to flow
If abs(Received-Packet-Count)/(sum of Forwarded-Packet-Count)>Permissible-Packet-Loss 804”. The Examiner interprets “a configurable threshold (Permissible-Packet-Loss)” as a threshold number of drops ) for a time period (see [0082]: “each node sends one report per flow during each Reporting-Time-Slot”. And see [0031]: “Reporting-Time-Slot: Configurable period for nodes to send reports on flows to coordinator. Set to same value at all nodes in network”. The Examiner interprets the Reporting-Time-Slot as a time period); 
based at least in part on the number of drops of the plurality of messages exceeding the threshold number of drops for the time period, incrementing the first rating assigned to the first node to a second rating assigned to the first node (emphasis added to show the difference between the reference and the claim. see [0091]-[0093] and Fig. 8: “ 3. For each node entry X in Flow-Node-List belonging to flow
If abs(Received-Packet-Count)/(sum of Forwarded-Packet-Count)>Permissible-Packet-Loss 804
Increment Suspect-Counter in Network-Node-List entry for node X, by abs(Received-Packet-Count)/(sum of Forwarded-Packet-Count)”); and 
based at least in part on the second rating (see [0038]: “Suspect-Counter: Value used at coordinator to represent "maliciousness" of network node; the higher the value, the more malicious the node is considered to be”. And see [0099]: “The third part of the coordinator node algorithm, shown in FIG. 9, is triggered by a LiPaD-Timer, which periodically goes through the Network-Node-List and ranks nodes by their Suspect-Counter values. The higher the Suspect-Counter, the more the node is likely to have dropped packets”. And see abstract: “A method and system for detection of packet-drop attacks in ad hoc networks requires network nodes to report statistics on IP flow packets originated, received, or forwarded to neighbors. These statistics are analyzed and correlated to determine nodes suspected of dropping packets”. The Examiner interprets determining nodes suspected of dropping packets and being potentially malicious based on the Suspect-Counter value of a node as based at least in part on the second rating, determining that the first node is a potentially malicious node).
Talpade differs from claims 1 and 8 in that it teaches incrementing the first rating to a second rating instead of decrementing the first rating to a second rating based at least in part on the number of drops of the plurality of messages exceeding the threshold number of drops for the time period. Additionally, Talpade fails to teach determining that the second rating assigned to the first node is below a rating threshold. Also, Talpade fails to teach determining that the first node is a potentially malicious node based at least in part on the second rating being below the rating threshold (emphasis added).

In the same field of endeavor, Shi teaches a method for detecting a malicious node in a wireless ad-hoc network based on behavioural cognition (see abstract). Shi further teaches determining a number of drops of a plurality of messages sent to a first node of the plurality of nodes (see Machine Translation, page 11, [0037] and [0038]: “The node periodically monitors the behavior of all neighbor nodes, that is, monitors the following three situations: Packet loss situation: The specific statistical parameters are the number of correctly forwarded packets s1i and the number of lost packets f1i in the packets sent by this node and forwarded by node i”);
based at least in part on the number of drops of the plurality of messages (see Machine Translation, page 13, [0044]- [0049]: “According to the statistical results, the following trust degree parameters are calculated: Loss-based trust level Tai: …Delay-based trust degree Tbi: …Out-of-order trust degree Tci:…”. And see the original Chinese Patent [0039]-[0041] which correspond to Machine Translation, page 13, [0044] and [0045] and reproduced below:

    PNG
    media_image1.png
    200
    400
    media_image1.png
    Greyscale
);


And see Machine Translation, pages 16-19, [0059]-[0075]: Step 4: Calculate the direct trust degree of the node. (4a) Calculate the periodic trust degree Tpi of node i in this cycle according to the following formula: Tpi=wa×Tai+wb×Tbi+wc×Tci, Among them, wa, wb, and wc are the weights assigned to the three trust degrees based on packet loss, delay, and disorder, respectively, and satisfy wa+wb+wc=1; (4b) Calculate the direct trust according to the time sliding window: Step 5: Calculate the recommended trust degree and the overall trust degree for the node. (5a) All nodes in the network send a broadcast message to their neighbors, including the numbers of all their neighbors and their corresponding direct trust degrees; (5b) After the node receives broadcast messages from other nodes, in order to reduce the influence of malicious recommendation, the node's direct trust degree is used as the weight of its recommendation of other nodes' trust degrees, and the recommended trust degree Tri is calculated according to the following formula: (5c) Calculate the overall trust degree Ti of node i according to the direct trust degree Tdi and the recommended trust degree Tri: Ti=wd×Tdi+wr×Tri, Among them, wd and wr are the weights assigned to the direct trust degree and the recommended trust degree, respectively, and satisfy wd>wr and wd+wr=1 at the same time. The Examiner interprets the overall trust degree Ti of node i as the first rating assigned to the first node.
As shown in the original Chinese Patent [0041], the packet loss- based trust level Tai decrements as the number of lost packets f1i increments. Because the overall trust degree Ti of node i decrements as the packet loss- based trust level Tai  decrements, the Examiner interprets Shi as teaching  based at least in part on the number of drops of the plurality of messages, decrementing the first rating assigned to the first node to a second rating assigned to the first node.);
determining that the second rating assigned to the first node is below a rating threshold; and
based at least in part on the second rating being below the rating threshold, determining that the first node is a potentially malicious node (see Machine Translation, page 19, [0076] and [0077]: Step 6: Determine malicious nodes and isolate them. (6a) Set the overall trust threshold Th, and compare the overall trust degree of all neighboring nodes with Th: if there is Ti<Th for node i, then mark node i as a malicious node”).

Both Talpade and Shi teach detecting a malicious node in a wireless ad-hoc network using a rating of a node, wherein the rating changes based on dropped packets. The Suspect-Counter value of Talpade and the trust degree of Shi are inverse ratings characterizing how malicious/trustworthy the node is. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to substitute the Suspect-Counter value of Talpade with the trust degree of Shi as the rating that changes based on dropped packets. It would have been obvious because doing so predictably obtains a rating of the first node that indicates how malicious/trustworthy the first node is. When such a modification is made, Talpade in view of Shi would teach based at least in part on the number of drops of the plurality of messages exceeding the threshold number of drops for the time period, decrementing the first rating assigned to the first node to a second rating assigned to the first node, as recited in claims 1 and 8.
Additionally, before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to improve the device of Talpade by letting the operations performed by the one or more processors of the device include the step of determining that the second rating assigned to the first node is below a rating threshold taught by Shi and by letting determining that the first node is a potentially malicious node be based at least in part on the second rating being below the rating threshold, as taught by Shi. It would have been obvious because doing so achieves the commonly understood benefit of using a rating threshold to accurately judge whether the second rating assigned to the first node is low enough to determine that the first node is a potentially malicious node.

Regarding claim 4, Talpade further teaches wherein the mesh network is a wireless network, a wireless mesh network (see [0004]: “Ad hoc networks are generally described as those comprised of mobile, wireless nodes, where any node is capable of forwarding IP packets”), or a wireless sensor network.

Claims 2, 3, 7, 9, 10, 13, 15, 17, 19 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Talpade (US 20060239203), further in view of Shi (CN 109548030 A), and further in view of Zhu (US 2021/0281986).

Regarding claims 2 and 9, Talpade modified in view of Shi fails to teach sending a first request to the first node for first location information of the first node; sending a second request to at least a second node for second location information of the at least the second node; receiving the first location information of the first node from the first node; receiving the second location information of the at least the second node from the at least the second node; determining a distance threshold based at least in part on a second distance indicated by the second location information; determining that a first distance to the first node is greater than or equal to the distance threshold; and based at least in part on the first distance to the first node being larger than the distance threshold, identifying that the first node is a malicious node.
In the same field of endeavor, Zhu teaches sending a first request to the first node for first location information of the first node; sending a second request to at least a second node for second location information of the at least the second node; receiving the first location information of the first node from the first node; receiving the second location information of the at least the second node from the at least the second node (see [0032]: “The V2X sending terminal and the V2X receiving terminal each may send a periodic report message…. The periodic report message includes a position of a V2X communications terminal”); 
determining a distance threshold based at least in part on a second distance indicated by the second location information; determining that a first distance to the first node is greater than or equal to the distance threshold; and based at least in part on the first distance to the first node being larger than the distance threshold, identifying that the first node is a malicious node (see [0032]: “it may be determined whether a position difference between a current position of the V2X sending terminal and a current position of the V2X receiving terminal is greater than the geographical position spoofing threshold. For example, the abnormal position behavior feature includes determining of geographical position spoofing, and comparing a position difference between a position in a position field in a CAM of the sender and a position of a receiver with the geographical position spoofing threshold. If the position difference is greater than the geographical position spoofing threshold, it is determined, based on the first V2X message, that there is an abnormal position behavior feature”).
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to improve the device of Talpade modified in view of Shi by letting the operations performed by the one or more processors of the device include the steps of sending a first request to the first node for first location information of the first node; sending a second request to at least a second node for second location information of the at least the second node; receiving the first location information of the first node from the first node; receiving the second location information of the at least the second node from the at least the second node; determining a distance threshold based at least in part on a second distance indicated by the second location information; determining that a first distance to the first node is greater than or equal to the distance threshold; and based at least in part on the first distance to the first node being larger than the distance threshold, identifying that the first node is a malicious node; which are taught by Zhu. It would have been obvious because doing so predictably achieves the commonly understood benefit of detecting a malicious node based on a distance between nodes in the mesh network.

Claim 15 essentially recites the same limitations as claims 2 and 9. Therefore, claim 15 is rejected for the same reason as explained above in the rejection of claims 2 and 9.

Regarding claims 3, 10 and 17, Talpade fails to teach ending communications with the first node; and selecting a parent node from the plurality of nodes other than the first node based on a presumption that any of the plurality of nodes other than the first node are non-malicious.
In the same field of endeavor, Shi teaches ending communications with the first node (see Machine Translation, page 19, [0079]: “The processing of malicious nodes includes the hard processing method of directly moving out of the network”); and 
selecting a parent node from the plurality of nodes other than the first node based on a presumption that any of the plurality of nodes other than the first node are non-malicious (see Machine Translation, page 19, [0079]: “The processing of malicious nodes includes … the soft processing method of selecting the malicious node as the forwarding node with a small probability”).
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to improve the device of Talpade by letting the operations performed by the one or more processors of the device include the steps of ending communications with the first node and selecting a parent node from the plurality of nodes other than the first node based on a presumption that any of the plurality of nodes other than the first node are non-malicious taught by Shi. It would have been obvious because doing so predictably achieves the benefit of improving the communication performance of the mesh network by removing malicious black hole nodes.

Regarding claims 7, 13 and 19, Talpade fails to reporting the first node as being the malicious node to at least a third node of the plurality of nodes or a network control device.
In the same field of endeavor, Shi further teaches reporting the first node as being the malicious node to at least a third node of the plurality of nodes or a network control device (see Machine Translation, page 19, [0079]: “The processing of malicious nodes includes the hard processing method of directly moving out of the network and the soft processing method of selecting the malicious node as the forwarding node with a small probability. Broadcast an alert message for node i to the entire network”).
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to improve the device of Talpade by letting the operations performed by the one or more processors of the device include the step of reporting the first node as being the malicious node to at least a third node of the plurality of nodes or a network control device taught by Shi. It would have been obvious because Shi teaches that doing so enables other nodes in the mesh network to isolate the malicious node in routing  (see Shi, Machine Translation, page 20, [0080]).

Regarding claim 20, Talpade fails to teach that the mesh network includes a low-power and lossy network (LLN).
In the same field of endeavor, Shi teaches that the mesh network includes a low-power and lossy network (LLN) (see [0004]: “Ad hoc networks are generally described as those comprised of mobile, wireless nodes, where any node is capable of forwarding IP packets. …The problem of detecting such malicious nodes is complicated due to the wireless, and hence "lossy" nature of the network links as this blurs the distinction between malicious and accidental dropping”).
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to improve the device of Talpade by letting the mesh network of Talpade include a low-power and lossy network (LLN), as taught by Shi. It would have been obvious because doing so predictably achieves the benefit of detecting malicious nodes in a low-power and lossy network (LLN).
Talpade modified in view of Shi fails to teach that the plurality of nodes include sensory devices within a mesh network to sense at least one environmental event at locations where the plurality of nodes are located.
In the same field of endeavor, Zhu teaches that the plurality of nodes include sensory devices within a mesh network to sense at least one environmental event at locations where the plurality of nodes are located (see [0111]: “The comprehensive check policy for the periodic report message parameter and the trigger report message parameter may include a comprehensive check type for CAM and DENM parameters. For example, a traffic condition includes a case in which a quantity of vehicles increases, the quantity of vehicles slowly increases, the quantity of vehicles decreases, or the like. For example, a vehicle M reports a DENM indicating that traffic congestion increases on a road section. A speed field in a CAM sent by any vehicle on the congested road section is checked. If a speed is higher than a threshold T_TrafficUpSpeed, traffic congestion information reported by the vehicle M is considered to be abnormal. The vehicle parameter check policy based on the V2X receiving terminal may include a check type based on a sensor of the V2X receiving terminal and another data source”).
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to improve the device of Talpade modified in view of Shi by letting the plurality of nodes include sensory devices within a mesh network to sense at least one environmental event at locations where the plurality of nodes are located, as taught by Zhu. It would have been obvious because Zhu teaches that doing so enables autonomous driving vehicles (see Zhu [0003]).

Claims 5 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Talpade (US 20060239203), further in view of Shi (CN 109548030 A), and further in view of Official Notice 1.

Regarding claims 5 and 11, Talpade modified in view of Shi fails to teach determining that an intermediary node exists within a network route to the first node; and based at least in part on a determination that the intermediary node exists within the network route to the first node, instructing the intermediary node to perform the operations of claim 1.
The Examiner takes Official Notice 1 that the following is a well-known technique: determining that an intermediary node exists within a network route to the first node; and based at least in part on a determination that the intermediary node exists within the network route to the first node, instructing the intermediary node to perform the operations of claim 1.
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to improve the device of Talpade modified in view of Shi by letting the operations performed by the one or more processors of the device include the steps of determining that an intermediary node exists within a network route to the first node; and based at least in part on a determination that the intermediary node exists within the network route to the first node, instructing the intermediary node to perform the operations of claim 1, as taught by Official Notice 1. It would have been obvious because doing so predictably achieves the commonly understood benefit of determining the actual malicious node in the presence of an intermediary node. 

Claims 6, 12 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Talpade (US 20060239203), further in view of Shi (CN 109548030 A), further in view of Zhu (US 2021/0281986), and further in view of Official Notice 2.

Regarding claims 6, 12 and 16, Talpade modified in view of Shi and Zhu fails to teach wherein the distance threshold is at least two times a radius of a wireless communication distance of at least the second node.
The Examiner takes Official Notice 2 that it is a well-known technique to let a distance threshold be at least two times a radius of a wireless communication distance of at least the second node.
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to improve the device of Talpade modified in view of Shi and Zhu by letting a distance threshold be at least two times a radius of a wireless communication distance of at least the second node, as taught by Official Notice 2. It would have been obvious because doing so predictably obtains a distance threshold.


Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Talpade (US 20060239203), further in view of Shi (CN 109548030 A), further in view of Zhu (US 2021/0281986), and further in view of Park (US 2018/0054698).

Regarding claim 14, Talpade modified in view of Shi and Zhu fails to teach wherein the first location information and the second location information are determined via at least one of a distance vector-hop (DV-Hop) algorithm, an approximate point in triangulation (APIT) algorithm, or a centroid localization algorithm.
However, Park teaches wherein the first location information and the second location information are determined via at least one of a distance vector-hop (DV-Hop) algorithm, an approximate point in triangulation (APIT) algorithm, or a centroid localization algorithm (see [0089]: “The APIT method estimates location of an STA by determining whether the STA belongs to a triangular area formed by individual Aps”).
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to improve the device of Talpade modified in view of Shi and Zhu by letting the first location information and the second location information be determined via at least one of a distance vector-hop (DV-Hop) algorithm, an approximate point in triangulation (APIT) algorithm, or a centroid localization algorithm, as taught by Park. It would have been obvious because applying the known technique would have predictably yielded the result of determining the first location information and the second location information.

Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Talpade (US 20060239203), further in view of Shi (CN 109548030 A), further in view of Zhu (US 2021/0281986), and further in view of Official Notice 1.

Regarding claim 18, Talpade modified in view of Shi and Zhu fails to teach determining that an intermediary node exists within a network route to the first node; and based at least in part on a determination that the intermediary node exists within the network route to the first node, instructing the intermediary node to perform the operations of claim 1.
The Examiner takes Official Notice 1 that the following is a well-known technique: determining that an intermediary node exists within a network route to the first node; and based at least in part on a determination that the intermediary node exists within the network route to the first node, instructing the intermediary node to perform the operations of claim 1.
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to improve the device of Talpade modified in view of Shi and Zhu by letting the operations performed by the one or more processors of the device include the steps of determining that an intermediary node exists within a network route to the first node; and based at least in part on a determination that the intermediary node exists within the network route to the first node, instructing the intermediary node to perform the operations of claim 1, as taught by Official Notice 1. It would have been obvious because doing so predictably achieves the commonly understood benefit of determining the actual malicious node in the presence of an intermediary node. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHIMEI ZHU whose telephone number is (571)270-7990. The examiner can normally be reached 10am-6pm Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ZHIMEI ZHU/Examiner, Art Unit 2495