Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Objections
Claim 14 is objected to because of the following informalities:  this claim recites the acronym MTBF but it does not spell out what the acronym stands for on its first occurrence.  Appropriate correction is required.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3 are rejected under 35 U.S.C. 103 as being unpatentable over CHENG (US-20190190939-A1) in view of TEDDY (US-20160182538-A1), hereinafter CHENG-TEDDY.
Regarding claim 1, CHENG teaches “A method for self-healing a plurality of IoT devices in an IoT system, the method comprising: establishing a baseline of the IoT system behavioral patterns by an IoT server; ([CHENG, abstract] “Data packets transmitted to and from an IoT device are obtained and at least one of the data packets are analyzed using deep packet inspection to identify transaction data from payload of the at least one of the data packets. An event log is generated for the IoT device from the transaction data, the event log, at least in part, used to generate a historical record for the IoT device. The IoT device is profiled into a device profile based on the historical record for the IoT device. The event log is updated in real-time to indicate current operation of the IoT device. Abnormal device behavior of the IoT device is determined using the event log and the device profile. The device profile is updated to indicate the abnormal device behavior of the IoT device.”) ([CHENG, para. 0026] “FIG. 1 depicts a diagram 100 of an example of a system for managing IoT devices based on packet analysis. The system of the example of FIG. 1 includes a computer-readable medium 102, IoT device 104-1 . . . 104-n (hereinafter referred to as “IoT devices 104”) coupled to the computer-readable medium 102, and a packet analysis based IoT device management system 106.”) ([CHENG, para. 0040] “The packet analysis based IoT device management system 106 functions to manage or facilitate management of IoT devices using packet analysis of data packets transmitted to and from the IoT devices. In various implementations, the packet analysis based IoT device management system 106 sniffs packets transmitted to and from IoT devices for the purposes of managing IoT devices. The IoT device management system 106 can sniff packets for purposes of managing security of IoT devices. For example, the packet analysis based IoT device management system 106 can sniff packets transmitted to and from an IoT device to determine that the IoT device is behaving abnormally, and subsequently stop transmission of data packets to the IoT device.”) ([CHENG, para. 0107] “In a specific implementation, the IoT device profiling engine 608 can model baseline behavior of IoT devices, as included as part of device profiles of the IoT devices. The IoT device profiling engine 608 can model baseline behavior of IoT devices based on historical records of IoT devices. Baseline behavior includes ways an IoT device typical acts, users a device interacts with, and applications and/or operating system that are typically executed at the IoT device.”) detecting abnormal system behavior based on the baseline; ([CHENG, para. 0050] “In a specific implementation, the packet analysis based IoT device management system 106 functions to perform analytic analysis and/or provide functionalities for performing analytics. In various implementations, the packet analysis based IoT device management system 106 can provide functionalities to perform analytics. For example, the packet analysis based IoT device management system 106 can provide functionalities for performing analytics to an administrator and/or an outside IoT device management entity. In various implementations, the packet analysis based IoT device management system 106 can perform analytics in managing security of IoT devices. Depending upon implementation-specific or other considerations the packet analysis based IoT device management system 106 can perform analytic analysis or provide functionalities for performing analytics using at least one of an access log, an event log, and a system log of IoT devices created, at least in part, through deep packet inspection. For example, the packet analysis based IoT device management system 106 can cluster devices together based on device type and use an event log of the clustered devices to generate a baseline device operating profile indicating how an IoT device of the device type normally operates. Further in the example, the packet analysis based IoT device management system 106 can use the baseline device operating profile to determine IoT devices of the device type which are behaving abnormally.”) ([CHENG, para. 0111] “The anomaly detection engine 612 functions to determine anomalies in IoT device behavior. The anomaly detection engine 612 can determine anomalies in real-time as events occur at an IoT device. In various implementations, the anomaly detection engine 612 can determine anomalies based on historical records of IoT devices and profiles of IoT devices. For example, the anomaly detection engine 612 can determine currently occurring events at an IoT device from a historical record of an IoT device and compare the currently occurring events with baseline behaviors of an IoT device to determine whether a device is behaving abnormally.”) matching the detected abnormal system behavior to any of a plurality of known …. patterns; ([CHENG, para. 0111] “the anomaly detection engine 612 can determine anomalies based on historical records of IoT devices and profiles of IoT devices. For example, the anomaly detection engine 612 can determine currently occurring events at an IoT device from a historical record of an IoT device and compare the currently occurring events with baseline behaviors of an IoT device to determine whether a device is behaving abnormally.”) ([CHENG, para. 0088] “In another example, the IoT device probing engine 504 can send a packet for gaining access to an IoT device using a default user id and/or password. Further in the example, if the IoT device probing engine 504 can gain access to the IoT device using the default user id and/or password, it can be determined that the IoT device is vulnerable to attacks and hacks. In various implementations, packets communicated between the IoT device probing engine 504 and an IoT device can be used to update event logs, system logs, and access logs, and subsequently IoT device historic data for the IoT device in real-time, for purposes of managing security of the IoT device, e.g. determining a vulnerability level of the IoT device.”) and remediating any damage done that corresponds with any of the matching known … patterns. ([CHENG, para. 0085] “if the packet based IoT device vulnerability determination system 502 determines that an IoT device is vulnerable to a specific attack, or has a vulnerability level above a vulnerability threshold, then the packet based IoT device vulnerability determination system 502 can instruct an applicable engine to stop the flow of data to and from the IoT device.”)
However, CHENG does not teach explicitly of “cyberattack patterns”.
In analogous teaching TEDDY teach of “cyberattack patterns” ([TEDDY, para. 0003] “Malicious software (“malware”) that infects a host computer may be able to perform any number of malicious actions, such as stealing sensitive information from a business or individual associated with the host computer, propagating to other host computers, and/or assisting with distributed denial of service attacks, sending out spam or malicious emails from the host computer, etc.”) ([TEDDY, para. 0025] “Once a device is discovered, the system can be configured to understanding how the device typically behaves based on the size, frequency, application, protocol, etc. of the network traffic to and from the device. The process could also involve storing a profile of the device in a cloud or server. This would also allow multiple electronic devices on the same network to update the profile of other devices on the network. For example, P2P and C&C traffic may be identified by means of application signatures running on the content of the network traffic. IPS signatures can be used to identify known attacks using IPS signatures. Reputation and content monitoring may be used to understand the overall reputation of the IP addresses and URLs being visited by a device.”) ([TEDDY, para. 0037] “When a device acts outside the allowed characteristics, then some type of remedial action may be taken to try and prevent or mitigate malicious activity by the device. For example, the remedial action can include assigning an untrusted reputation to the device, removing the device from the network, reconfiguring the device, allowing only limited access to a network or restricting network access for the device, scanning the device for malware”).
Thus, given the teaching of TEDDY, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of cyberattacks as taught by TEDDY into the teaching of a method for self-healing IoT devices as taught by CHENG. One of ordinary skill in the art would have been motivated to do so because TEDDY recognizes the need to determine malicious activity on a device and take remedial action  ([TEDDY, para. 0020] “Currently, the various concepts around device reputation have been reliant on having a presence on the device, thereby limiting its application to only such devices. In addition, if a presence is on the device, the reputation is often static and does not account for data to and from the device and network characteristics. What is needed is a way to be able to understand and monitor the behavior of increasingly intelligent and network connected devices. It would be beneficial if the reputation of connected devices could be determined without having a presence on the device.”)

Regarding claim 2, CHENG-TEDDY teach all limitations of claim 1. CHENG teaches of IOT device and IOT server. The same rejection as in claim 1, applies. However, CHENG does not teach “causing the … server to receive a plurality of flight envelope parameters corresponding with the plurality of … devices from a plurality of … vendors and from a user of the plurality of IoT devices; determining whether any of the plurality of … devices are performing outside of the plurality of flight envelope parameters; if any of the plurality of flight envelope parameters are exceeded, activating a system reaction by a rules engine, wherein the system reaction corresponds with a plurality of operator settable rules.”.
TEDDY further teaches “further comprising: causing the … server to receive a plurality of flight envelope parameters corresponding with the plurality of … devices from a plurality of … vendors and from a user of the plurality of … devices; ([TEDDY, ABSTRACT] “Particular embodiments described herein provide for an electronic device that can be configured to monitor network traffic to and from a device, compare the monitored network traffic to characteristics of the device to determine if the monitored traffic is outside the characteristics of the device, and take remedial action if the monitored traffic is outside the characteristics of the device.”) ([TEDDY, claim 1] “monitor network traffic to and from a device; compare the monitored network traffic to characteristics of the device to determine if the monitored traffic is outside the characteristics of the device; and assign an untrusted reputation to the device if the monitored traffic is outside the characteristics of the device.”) ([TEDDY, para. 0063] “In Example C4, the subject matter of any one of Examples C1-C3 can optionally include where the device characteristics are obtained from an original equipment manufacturer.”) ([TEDDY, para. 0023] “In an embodiment, the system can be configured to passively listening to the network traffic and monitoring the network traffic going to and from each electronic device. In an example, one or more electronic devices in a network (e.g. electronic devices 102 a-102 e) could each include a behavior reputation module 122 to monitor the network traffic and to provide alerts based on the network traffic going to and from each electronic device. In another example, a central network gateway device (e.g., electronic device 102 f) could use behavior reputation module 122 to monitor the traffic and to automatically act on suspicious behavior in addition to providing information alerts.”) determining whether any of the plurality of IoT devices are performing outside of the plurality of flight envelope parameters; if any of the plurality of flight envelope parameters are exceeded, activating a system reaction by a rules engine, wherein the system reaction corresponds with a plurality of operator settable rules. ([TEDDY, para. 0038] “Turning to FIG. 3, FIG. 3 is an example flowchart illustrating possible operations of a flow 300 that may be associated with the determination of a reputation through network characteristics, in accordance with an embodiment. In an embodiment, one or more operations of flow 300 may be performed by behavior reputation module 112. At 302, a device is connected to a network. At 304, device characteristics for the device are determined. At 306, the device's activities on the network are monitored. At 308, the system determines if the device activities on the network are within the characteristics of the device. If the device's activates on the network are within the characteristics of the device, then the devices activities on the network continue to be monitored, as in 306. If the device's activities on the network are not within the characteristics of the device, then remedial action is taken, as in 310. The remedial action can include assigning an untrusted reputation to the device, removing the device from the network, reconfiguring the device, allowing only limited access to a network or restricting network access for the device, scanning the device for malware, etc.”) ([TEDDY, para. 0040] “At 508, the system determines if the activates are still outside the device characteristics. If the activities are now not outside the device characteristics, then the flow ends. If the activates are still outside the device characteristics, then the system determines if the activity outside the device characteristics can be resolved, as in 510. Going back to 504, if the device characteristics do not need to be updated, then the system determines if the activity outside the device characteristics can be resolved, as in 510. If the activity outside the device characteristics cannot be resolved, then the device is characterized as malicious. For example, if a device is uploading sensitive information and that is outside the device's characteristics, then the device may be characterized as malicious and access to and from the device may be restricted or stopped. If the activity outside the device characteristics can be resolved, then the activity is resolved. For example, the device may be accessing a port that is outside the device's characteristics and the activity may be resolved by reconfiguring the device.”) ([TEDDY, para. 0026] “Alerts about suspicious behavior can be sent to a user or an administrator by means of a text message, an app on a smartphone, a pop up on a screen, etc. The user or administrator can take remedial action based on the content of the alert. In one example, a network gateway device can be configured to performed remedial action automatically by means of reduced access, network quarantine, etc.”).
The same motivation to modify CHENG with TEDDY as in the rejection of claim 1, applies. 

Regarding claim 3, CHENG-TEDDY teaches all limitations of claim 2. Furthermore, CHENG teaches of IOT. The same rejection as claim 1, applies. However, CHENG does not teach “wherein the flight envelope parameters comprise at least: a maximum operating range parameter for each … device provided by the plurality of … vendors; and a pre-settable operating range parameter for each … device provided by the user.”
TEDDY further teaches “wherein the flight envelope parameters comprise at least: a maximum operating range parameter for each … device provided by the plurality of … vendors; ([TEDDY, para. 0017] “Device characteristics modules 126 a and 126 b can obtain device characterizes for one or more electronic devices 102 a-102 f from OEM server 108 and from the previous activities of each electronic device. OEM server 108 may include allowed device characteristics for one or more electronic devices 102 a-102 f. While OEM server 108 is illustrated as a single server or network element, OEM server 108 may be a plurality of network elements where device characteristics for one or more electronic devices 102 a-102 f can be located.”) ([TEDDY, para. 0037] “Device characteristics 118 can include the type of network activity that is allowed for each device. When a device acts outside the allowed characteristics, then some type of remedial action may be taken to try and prevent or mitigate malicious activity by the device.”) ([TEDDY, para. 0063] “In Example C4, the subject matter of any one of Examples C1-C3 can optionally include where the device characteristics are obtained from an original equipment manufacturer.”) and a pre-settable operating range parameter for each IoT device provided by the user. ([TEDDY, para. 0039] “At 416, the system determines if the created characteristics need to be changed. For example, a new security policy may be implemented in the network or the device's role in the network may have changed (e.g., a user's laptop may have been passed down to a child of the user). If the created characteristics for the device need to be changed, then the characteristics for the device are changed as needed, as in 418. If the created characteristics do not need to be changed, then the flow ends.”) ([TEDDY, para. 0040] “At 504, the system determines if the device characteristics need to be updated. For example, a device that was used to only connect to a limited number of web sites may now be used as a primary web browsing device or, a device may have been upgraded with new features that caused the device to have characteristics that are outside the current characteristics for the device. If the device characteristics need to be updated, then the device characteristics are updated, as in 506.”) ([TEDDY, para. 0026] “Alerts about suspicious behavior can be sent to a user or an administrator by means of a text message, an app on a smartphone, a pop up on a screen, etc. The user or administrator can take remedial action based on the content of the alert. In one example, a network gateway device can be configured to performed remedial action automatically by means of reduced access, network quarantine, etc.”).
The same motivation to modify CHENG with TEDDY as in the rejection of claim 1, applies. 

Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over CHENG-TEDDY in view of ERKISSON (US-20180364135-A1).
Regarding claim 4, CHENG-TEDDY teach all limitations of claim 1. However, CHENG-TEDDY does not teach “further comprising: performing predictive analytics and anomaly detection to predict IoT device failure in the system based on Meantime Between Failure (MTBF) statistics provided by the plurality of IoT device vendors.”.
In analogous teaching, ERIKSSON “further comprising: performing predictive analytics and anomaly detection to predict IoT device failure in the system based on Meantime Between Failure (MTBF) statistics provided by the plurality of IoT device vendors.” ([ERIKSSON, para. 0021] “Sensors may be added to each appliance, such as a group of dedicated sensors for a refrigerator, but the sensor set may have to be duplicated for each appliance where it is desirable to perform operational analysis monitoring or failure prediction. A better choice is to utilize a group of sensors in rough proximity to an appliance to be monitored. …… Using a set of device profiles (generated via stored device data, a user training step, or learned automatically), the disclosure determines which appliances in the environment are currently active. Using this information, the IoT sensor signals are filtered before detecting an appliance anomaly or failure.”) ([ERIKSSON, para. 0022] “In an aspect of the disclosure, IoT sensor data is aggregated on a device, such as a gateway device, and machine learning techniques are used to build an anomaly detection model that identifies unexpected behavior from an appliance based on the historical data and may notify a user on his/her smartphone about an appliance having a problem.”) ([ERIKSSON, para. 0025] “In the example environment of FIG. 1, the gateway 120 has a network interface to network 110 for obtaining profile data on appliances in the home. For example, if a clothes dryer is one of the multiple monitored appliances, manufacturer data may provide energy consumption profile expectations of a typical build of the clothes dryer according to model number. Other profile information may also be obtained such as audio noise level, vibration level, operating time, temperature rise while operational, expected mean time between failure (MTBF). and other operational criteria.”) ([ERIKSSON, para. 0036] “At step 325, results of the compare are tested. If the data indicates an anomaly, such as operation outside the range of the normal appliance operational profile data stored in the database 210, then step 330 is invoked and a user is notified of an anomaly in the specific appliance. This detected anomaly may be associated with a potential failure of the appliance. In one embodiment, the results of the comparison of step 320 are tested in step 325 as exceeding a threshold. In this instance, the threshold can be user determined via an input from a user interface.”).
Thus, given the teaching of ERIKSSON, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of performing predictive analytics as taught by ERIKSSON into the teaching of a method for self-healing IoT devices as taught by CHENG-TEDDY. One of ordinary skill in the art would have been motivated to do so because ERIKSSON recognizes the need to detect failure in devices ([ERIKSSON, para. 0020] “The configuration disclosed herein is useful to collect, filter, and disambiguate sensor measurements so that appliance data may be analyzed to perform failure prediction and provide alerts to a user. In one aspect of the disclosure, using a collection of sensors in an environment, such as IoT sensors in a home environment, is useful to detect failure of a nearby appliance device.”)


Claims 5, and 11-13 are rejected under 35 U.S.C. 103 as being unpatentable over OJHA (US-20200213360-A1) in view of MYADAM (US-20170264511-A1), hereinafter OJHA-MYADAM
Regarding claim 5, OJHA teaches “A system for managing Internet of Things (IoT) devices comprising: a plurality of IoT devices operable by a user; ([OJHA, ABSTRACT] “A technique uses a managed computing device to extend management control by an organization to IoT (Internet of Things) devices in a local environment of the computing device. The computing device discovers any local IoT devices and participates in a communication with a server to bring one or more of the IoT devices under management control. In some examples, extending management control involves enrolling selected IoT devices into a management framework of the organization and directing communications between the server and the respective IoT devices through the managed device, which provides a point-of-presence for administering management of the selected IoT devices in the local environment.”) ([OJHA, para. 0009] “In contrast with prior approaches, an improved technique employs a managed device that extends management control by an organization to IoT (Internet of Things) devices in a local environment of the managed device. The managed device discovers any local IoT devices and participates in a communication with a server to bring one or more of the devices under management control.”) ([OJHA, para. 0110] “the managed device 110 displays a list of discovered IoT devices to the user 102 and prompts the user 102 to select one or more of the listed IoT devices for management control by the organization. In some examples, the list of IoT devices includes fewer than all IoT devices discovered, as the list may be limited to IoT devices that the IoT manager 1150 supports. The user 102 then selects desired IoT device(s) from the list, and the managed device 110 accepts the user selection(s). The managed device 110 then participates in a communication with the server 120 to extend management control by the organization to the selected IoT devices.”) a hub for electronically coupling the plurality of IoT devices to the user; ([OJHA, para. 0111] “As shown, the logical network 1200 has a hub 1210 formed by the managed device 110 and spokes 1220 that connect the hub 1210 to respective IoT devices 1140. The depicted hub-and-spoke arrangement directs data ingress (input) 1222 to any IoT device 1140 through the managed device 110 and likewise directs any data egress (output) 1224 from any IoT device 1140 to the managed device 110.”) an IOT server for electronically coupling the plurality of IoT devices with a plurality of IoT vendors; ([OJHA, para. 0104] “As further shown in FIG. 11, the server 120 may include an IoT manager 1150, an analytics manager 1160, and user profiles 1170. The IoT manager 1150 is configured to enroll selected IoT devices into a management framework of the organization and to manage the IoT devices once they are enrolled. Activities of the IoT manager 1150 may include, for example, scanning IoT devices for malware, updating IoT software and/or firmware, and downloading skills to IoT devices. “Skills” as used herein refer to software features which can be installed on IoT devices to enhance their native functionality. Some vendors may use the term “Actions” or “Apps” to describe similar features, and “skills” is intended to cover all such variants. Skills as used herein include native skills available from the manufacturer and custom skills developed for the organization. For example, a custom skill for a smart speaker might be to respond to voice control by initiating a program, feature, or other resource of the organization. Some manufacturers provide SDKs (Software Development Kits) for enabling third parties to design and deploy custom skills.”) a plurality of application programming interfaces (API) for enabling data sharing between the plurality of IoT vendors and the plurality of IoT devices; ([OJHA, para. 0035] “As shown, the client 110 includes one or more communication interfaces”) ([OJHA, para. 0039] “In an example, the micro-VPN client 134 c and the link bonding client 140 c are provided as respective software libraries, with each library having its own API (Application Program Interface) for exposing its respective functions.”) ([OJHA, para. 0040] “In an example, the application program 132 is a SaaS application. The client component 132 c may be a web browser or other client-side program that runs web pages and/or other content downloaded from the server component 132 s. In an example, the application program 132 is a workspace framework, i.e., a software environment that provides user access to multiple sub-applications from a single interface. Such sub-applications run within the workspace framework, with incoming and outgoing data of those sub-applications passing through the tunnel 134 via the link bonding component 140 c. According to some examples, the tunnel 134 applies to all application traffic to and from the application framework.”) ([OJHA, para. 0104] “The IoT manager 1150 is configured to enroll selected IoT devices into a management framework of the organization and to manage the IoT devices once they are enrolled. Activities of the IoT manager 1150 may include, for example, scanning IoT devices for malware, updating IoT software and/or firmware, and downloading skills to IoT devices. “Skills” as used herein refer to software features which can be installed on IoT devices to enhance their native functionality. Some vendors may use the term “Actions” or “Apps” to describe similar features, and “skills” is intended to cover all such variants. Skills as used herein include native skills available from the manufacturer and custom skills developed for the organization.”) and a plurality of dashboard graphical user interfaces (GUI) for enabling communication between … the user, wherein the IoT server enables the plurality of APIs. ([OJHA, para. 0064] “FIG. 5 shows an example of such embodiments, in which an overall GUI 118 includes the above-described GUI portions 118 a-118 d. For example, user 102 may invoke the GUI portions 118 a-118 d by clicking an arrow 510 on the overall GUI 118. The overall GUI 118 provides a user interface for the application program 132, which in this example is a workspace framework application. The workspace framework application runs as a SaaS application, e.g., in a web browser or other container, and enables the user 102 to select and run any of its registered sub-applications. The registered sub-applications all run within the context of the application program 132, such that they all communicate via the micro-VPN client 134 c and the link bonding client 140 c. The depicted arrangement thus uniquely supports operation of a SaaS application over a micro-VPN using multiple paths 180, which are seamlessly switched to maintain a quality connection, even in the presence of dead spots.”) ([OJHA, para. 0039] “In an example, the micro-VPN client 134 c and the link bonding client 140 c are provided as respective software libraries, with each library having its own API (Application Program Interface) for exposing its respective functions.”) ([OJHA, para. 0061] “FIGS. 4a-4d show various screenshots 118 a-118 d, which represent portions of the GUI 118 as rendered by the client component 132 s of the application program 132, and as viewed on the display 116 of the client device 110. One may recognize the layout of the depicted GUIs as that of a common smartphone app; however, the GUIs 118 a-118 d are not limited to smartphone applications. For instance, screenshots 118 a-118 d may be displayed on a laptop computer or on any other computing device. The laptop may have a Wi-Fi connection and may be tethered, via Bluetooth, to a smart phone that has an LTE connection (tethering is an ability of many smart phones to share data via a PAN—Personal Area Network).”).
However, OJHA does not teach “dashboard … for enabling communication between the plurality of IoT vendors”.
In analogous teaching MYADAM teaches “dashboard … for enabling communication between the plurality of … vendors”. ([MYADAM, para. 0022] “The cloud gateway 126 may have two outlets to exchange information. For example, the single view devices dashboard 112 and the external manufacturer applications device 114. The single view devices dashboard 112 may be a user interface of the electronic device 124 through which the user may view and control the one or more electronic devices. The external manufacturer applications device 114 may be the one or more device manufacturer's utility application for the purpose of receiving the real-time events of the one or more electronic devices and further sending real-time PUSH notifications to the user via the electronic device 124.”)
Thus, given the teaching of MYADAM, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of communicating with device vendors as taught by MYADAM into the teaching of a system for managing IoT devices as taught by OHJA. One of ordinary skill in the art would have been motivated to do so because MYADAM recognizes the need to manage IoT devices ([MYADAM, para. 0002] “Mankind dependency on electronic items is only fast growing.”) ([MYADAM, para. 0003] “Manufactures today can monitor and provide feedbacks periodically but not in real time, causing wrong or insufficient usage of the appliances”) ([MYADAM, para. 0004] “there exists a need for a system and method governing or managing performances of the hardware devices.”)


Regarding 11, OJHA-MYADAM teaches all limitations of claim 5. OJHA further teaches “wherein the plurality of IoT vendors comprise a plurality of IoT device vendors and a plurality of 3rd party sources.” ([OJHA, para. 0104] “As further shown in FIG. 11, the server 120 may include an IoT manager 1150, an analytics manager 1160, and user profiles 1170. The IoT manager 1150 is configured to enroll selected IoT devices into a management framework of the organization and to manage the IoT devices once they are enrolled. Activities of the IoT manager 1150 may include, for example, scanning IoT devices for malware, updating IoT software and/or firmware, and downloading skills to IoT devices. “Skills” as used herein refer to software features which can be installed on IoT devices to enhance their native functionality. Some vendors may use the term “Actions” or “Apps” to describe similar features, and “skills” is intended to cover all such variants. Skills as used herein include native skills available from the manufacturer and custom skills developed for the organization. For example, a custom skill for a smart speaker might be to respond to voice control by initiating a program, feature, or other resource of the organization. Some manufacturers provide SDKs (Software Development Kits) for enabling third parties to design and deploy custom skills.”).

Regarding claim 12, OJHA-MYADAM teaches all limitations of claim 5. OJHA further teaches “wherein the hub is voice-activated.” ([OJHA, para. 0117] “One should appreciate that commercial smart speakers do not generally understand a voice command like, “Hey Smart Speaker, tell ACME to start my meeting.” For this purpose, the smart speaker 1140-4 may be equipped with a custom skill. The skill recognizes the word “ACME” and directs the command to an ACME server, which interprets the command and takes appropriate action. If ACME is the organization managing the managed device 110 and IoT devices 1140, then the server 120 may be ACME' s server and the custom skill may be configured to access any resource available on or by the server 120. For example, the skill may access the corporate calendar of the user 102, check for a meeting around the current time, obtain the meeting parameters, and direct the managed device 110 to launch the meeting with the specified parameters in a meeting application. If the user approves, the meeting may proceed using the smart speakers, smart TV, and smart webcam. In this manner, the IoT orchestrator 1240 can stitch together available IoT devices 1140 and enable their use in responding to voice commands. The IoT orchestrator 1240 is not limited to voice commands but rather may respond to commands arriving from any source and/or in response to any events or scheduled activities.”)

Regarding claim 13, OJHA-MYADAM teaches all limitations of claim 5. OJHA further teaches a “wherein the plurality of dashboard graphical user interfaces comprises: a user dashboard for retrieving IoT device information” ([OJHA, para. 0034] “The client 110 has a display 116, such as a monitor, touch screen, or the like, and the display 116 is configured to render a graphical user interface (GUI) 118, which may be operated by a user 102.”) ([OJHA, para. 0064] “FIG. 5 shows an example of such embodiments, in which an overall GUI 118 includes the above-described GUI portions 118 a-118 d. For example, user 102 may invoke the GUI portions 118 a-118 d by clicking an arrow 510 on the overall GUI 118. The overall GUI 118 provides a user interface for the application program 132, which in this example is a workspace framework application. The workspace framework application runs as a SaaS application, e.g., in a web browser or other container, and enables the user 102 to select and run any of its registered sub-applications. The registered sub-applications all run within the context of the application program 132, such that they all communicate via the micro-VPN client 134 c and the link bonding client 140 c. The depicted arrangement thus uniquely supports operation of a SaaS application over a micro-VPN using multiple paths 180, which are seamlessly switched to maintain a quality connection, even in the presence of dead spots.”) ([OJHA, para. 0039] “In an example, the micro-VPN client 134 c and the link bonding client 140 c are provided as respective software libraries, with each library having its own API (Application Program Interface) for exposing its respective functions.”) ([OJHA, para. 0061] “FIGS. 4a-4d show various screenshots 118 a-118 d, which represent portions of the GUI 118 as rendered by the client component 132 s of the application program 132, and as viewed on the display 116 of the client device 110. One may recognize the layout of the depicted GUIs as that of a common smartphone app; however, the GUIs 118 a-118 d are not limited to smartphone applications. For instance, screenshots 118 a-118 d may be displayed on a laptop computer or on any other computing device. The laptop may have a Wi-Fi connection and may be tethered, via Bluetooth, to a smart phone that has an LTE connection (tethering is an ability of many smart phones to share data via a PAN—Personal Area Network).”).
MYADAM teaches “and for enabling data sharing with the plurality of IoT vendors, an IoT vendor dashboard for retrieving and sharing data corresponding with the data sharing enabled by the user.” ([MYADAM, para. 0022] “The cloud gateway 126 may have two outlets to exchange information. For example, the single view devices dashboard 112 and the external manufacturer applications device 114. The single view devices dashboard 112 may be a user interface of the electronic device 124 through which the user may view and control the one or more electronic devices. The external manufacturer applications device 114 may be the one or more device manufacturer's utility application for the purpose of receiving the real-time events of the one or more electronic devices and further sending real-time PUSH notifications to the user via the electronic device 124.”).
The same motivation to modify OJHA with MYADAM as in the rejection of claim 5 applies.


Claims 6-9 are rejected under 35 U.S.C. 103 as being unpatentable over OJHA-MYADAM in view of TEDDY (US-20160182538-A1) and further in view of ERIKSSON (US-20180364135-A1), hereinafter OJHA-MYADAM -TEDDY-ERIKSSON
Regarding claim 6, OJHA-MYADAM teaches all limitations of claim 5. OJHA teaches of IoT as seen in the rejection of claim 5. However, OJHA-MYADAM does not teach “a server repository for storing flight envelope parameters associated with the plurality of … devices as provided by the plurality of … vendors; and an artificial intelligence (AI) engine for performing predictive analytics and anomaly detection to predict … device failure in the system based on Meantime Between Failure (MTBF) statistics provided by the plurality of … device vendors.”
In analogous teaching, TEDDY teaches “wherein the … server further comprises: a server repository for storing flight envelope parameters associated with the plurality of … devices as provided by the plurality of … vendors;” ([TEDDY, para. 0017] “A device profile (e.g., device characteristics 118) and a malicious profile (e.g., malicious characteristics 120) can be used by behavior reputation module 112 to analyze traffic to and from each device and to generate a reputation based on the network traffic. The system can use passive network monitoring to be able to build a device reputation and thereby control the security of devices on the network. Malicious characteristics modules 124 a and 124 b can analyze know malicious behavior and populate malicious characteristics 120. Device characteristics modules 126 a and 126 b can obtain device characterizes for one or more electronic devices 102 a-102 f from OEM server 108 and from the previous activities of each electronic device. OEM server 108 may include allowed device characteristics for one or more electronic devices 102 a-102 f. While OEM server 108 is illustrated as a single server or network element, OEM server 108 may be a plurality of network elements where device characteristics for one or more electronic devices 102 a-102 f can be located.”) ([TEDDY, para. 0039] “If the device characteristics for the device are available from outside the network, then the device characteristics are obtained from outside the network, as in 406. For example, the device characteristics may be available from OEM server 108, from server 104, or cloud 106 (e.g., device characteristics module 126 a in server 104 may have created the device characteristics).”) ([TEDDY, para. 0063] “the device characteristics are obtained from an original equipment manufacturer.”).
The same motivation to modify CHENG with TEDDY as in the rejection of claim 1, applies. 
However, OJHA-MYADAM-TEDDY does not teach “and an artificial intelligence (AI) engine for performing predictive analytics and anomaly detection to predict IoT device failure in the system based on Meantime Between Failure (MTBF) statistics provided by the plurality of IoT device vendors.”.
In analogous teaching, ERIKSSON teaches “and an artificial intelligence (AI) engine for performing predictive analytics and anomaly detection to predict IoT device failure in the system based on Meantime Between Failure (MTBF) statistics provided by the plurality of IoT device vendors.” ([ERIKSSON, para. 0022] “In an aspect of the disclosure, IoT sensor data is aggregated on a device, such as a gateway device, and machine learning techniques are used to build an anomaly detection model that identifies unexpected behavior from an appliance based on the historical data and may notify a user on his/her smartphone about an appliance having a problem.”) ([ERIKSSON, para. 0023] “Additionally, data from these sensors can be combined with energy data to get more insightful information to exactly identify the problem with the appliance. For example, in the case of a refrigerator, a temperature sensor can help identify if it is heating up more than normal which may be caused of accumulation of dust in the exhaust fan's vents which prevents the heat from dissipating and thus causing the refrigerator to heat up. Identifying this problem in the early stages and notifying the user gives the user an opportunity to clean the vent and prevent the appliance from breaking down prematurely.”) ([ERIKSSON, para. 0025] “the gateway 120 has a network interface to network 110 for obtaining profile data on appliances in the home. For example, if a clothes dryer is one of the multiple monitored appliances, manufacturer data may provide energy consumption profile expectations of a typical build of the clothes dryer according to model number. Other profile information may also be obtained such as audio noise level, vibration level, operating time, temperature rise while operational, expected mean time between failure (MTBF). and other operational criteria.”) ([ERIKSSON, para. 0036] “At step 320 a comparison of the appliance-specific sensor data is made with reference operational information from the appliance profile information for the specific appliance stored in database 210. Comparing the sensor information for a particular appliance with reference information for the particular appliance includes comparing the information for a particular appliance with reference information indicating one of more of (a) an existing profile of the particular appliance, and (b) historical data measurements for the particular appliance. At step 325, results of the compare are tested. If the data indicates an anomaly, such as operation outside the range of the normal appliance operational profile data stored in the database 210, then step 330 is invoked and a user is notified of an anomaly in the specific appliance. This detected anomaly may be associated with a potential failure of the appliance. In one embodiment, the results of the comparison of step 320 are tested in step 325 as exceeding a threshold. In this instance, the threshold can be user determined via an input from a user interface.”).
The same motivation to modify CHENG-TEDDY with ERIKSSON as in the rejection of claim 4, applies. 

Regarding claim 7, OJHA-MYADAM-TEDDY-ERIKSSON teach all limitations of claim 6. OJHA further teaches “wherein the IoT server further comprises an IoT hub.” ([OJHA, para. 0111] “As shown, the logical network 1200 has a hub 1210 formed by the managed device 110 and spokes 1220 that connect the hub 1210 to respective IoT devices 1140. The depicted hub-and-spoke arrangement directs data ingress (input) 1222 to any IoT device 1140 through the managed device 110 and likewise directs any data egress (output) 1224 from any IoT device 1140 to the managed device 110.”).



Regarding claim 8, OJHA-MYADAM-TEDDY-ERIKSSON teach all limitations of claim 6. Furthermore, this claim recites features similar to those of claim 3. Therefore, claim 8 is rejected in a similar manner as in the rejection of claim 3. 


Regarding claim 9, OJHA-MYADAM-TEDDY-ERIKSSON teach all limitations of claim 6. ERIKSSON further teaches “wherein the Al engine comprises a rules engine having a machine learning function to establish a baseline of the user's IoT devices behavioral pattern and to detect abnormal system behavior corresponding with a cyberattack pattern.” ([ERIKSSON, para. 0022] “In an aspect of the disclosure, IoT sensor data is aggregated on a device, such as a gateway device, and machine learning techniques are used to build an anomaly detection model that identifies unexpected behavior from an appliance based on the historical data and may notify a user on his/her smartphone about an appliance having a problem.”) ([ERIKSSON, para. 0028] “Appliance profiles can be downloaded via network 110, accessed via previously stored data on device 210, generated via a user training step, or learned automatically from the IoT sensor data from the environment. Storage device 210 also stores normal behavior sensor signals for appliances, such as, for example, normal audio for a dryer, normal gas consumption for a water heater, and the like.”) ([ERIKSSON, para. 0036] “At step 325, results of the compare are tested. If the data indicates an anomaly, such as operation outside the range of the normal appliance operational profile data stored in the database 210, then step 330 is invoked and a user is notified of an anomaly in the specific appliance. This detected anomaly may be associated with a potential failure of the appliance. In one embodiment, the results of the comparison of step 320 are tested in step 325 as exceeding a threshold. In this instance, the threshold can be user determined via an input from a user interface.”).
The same motivation to modify CHENG-TEDDY with ERIKSSON as in the rejection of claim 4, applies. 

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over OJHA-MYADAM-TEDDY-ERIKSSON in view of LYLE (US-11050763-B1)
Regarding claim 10, OJHA-MYADAM-TEDDY-ERIKSSON teach all limitations of claim 6. However, OJHA-MYADAM-TEDDY-ERIKSSON does not teach “wherein the plurality of APIs comprises: an IoT marketplace function through which the user purchases a replacement IoT device from any of the plurality of IoT vendors based on an analysis of the Al engine.”.
In analogous teaching, LYLE teaches “wherein the plurality of APIs comprises: an IoT marketplace function through which the user purchases a replacement IoT device from any of the plurality of IoT vendors based on an analysis of the Al engine.” ([LYLE, Col. 4 lines 21-22] “In some implementations, artificial intelligence (AI) is used to manage resources across multiple homes.”) ([LYLE, Col. 6 lines 11-31] “In some implementations, the security device may operate as a payment and/or transaction hub or gateway for the IoT devices, such that transactions between the IoT devices and external service(s) go through the security device. For example, a payment component may be executing on the security device and/or the security device may store payment information for a payment instrument such as a credit card. The IoT device may request a particular payment be provided to an external service by the security device. Payment information may be securely stored on the blockchain. For example, an IoT device may be a lamp or light fixture, or a sensor module that monitors the lamp or light fixture. The IoT device may detect that the bulb in the lamp has burned out, and the IoT device may send a message to the security device to request that the security device use the payment information to purchase a new replacement bulb from an online retailer. In some instances, such purchases may be performed automatically without requiring user intervention, e.g., after an authorized user has initially set up the payment information and authorized the security device to automatically perform such transactions.”) ([LYLE, Col. 6 lines 33-37] “In some implementations, the security device may expose an interface. The interface may be a user interface, such as a web interface or other graphical user interface (GUI). The interface may also be an application programming interface (API) that enables other processes to securely interact with the security device.”) ([LYLE, Col. 13 lines 23-28] “The platform may be configured to interface with IoT device(s) that are home-IoT ready, support cloud-based offerings, are API/SDK capable, are able to integrate with existing IoT platforms, hubs, and home networks, and/or are data ingestion capable for tracking, analyzing, and modeling data.”).
Thus, given the teaching of LYLE, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of an API with IoT marketplace functionality as taught by LYLE into the teaching of a managing IoT devices as taught by OJHA-MYADAM-TEDDY-ERIKSSON. One of ordinary skill in the art would have been motivated to do so because LYLE recognizes the need for better control and security of IoT devices ([LYLE, Col. 2 lines 53-64] “the platform provides a single interface that the user can employ to view and manage IoT devices, providing for greater security and a better user experience compared to traditional solutions in which a user may need to interface with multiple applications to manage different types of IoT devices supplied by different vendors. Moreover, the implementations described herein enables an individual (e.g., the homeowner) to better control their space (e.g., their home), given that the implementations provide control over the security of IoT device(s), the data generated from these devices, and the privacy of the actions they take and device's) they use.”)

Allowable Subject Matter
Claim 14 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

The prior art made of record and not relied upon is considered pertinent to applicant’s
disclosure.
SAMUEL (US-10528725-B2) : This prior art teaches of an IoT security system, the disclosed technology is generally directed to device security in an IoT environment. For example, such technology is usable in IoT security. In one example of the technology, a set of security rules that is associated with an expected condition of at least one IoT device is stored. IoT data associated with the at least one IoT device is received. The IoT data may be aggregated data that includes at least two different types of data. A determination is made, based on the IoT data, as to whether the set of security rules has been violated. An alert is selectively sent based on the determination.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AFAQ ALI whose telephone number is (571)272-1571. The examiner can normally be reached Mon - Fri 7:30am - 5:30pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/AFAQ ALI/Examiner, Art Unit 2434                                                                                                                                                                                                        /KAMBIZ ZAND/Supervisory Patent Examiner, Art Unit 2434