Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
	This action is in response to the communication filed on 8/20/2021.
 	Claims 1-20 are examined and rejected. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-13 and 15-20 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Publication 2019/0149570 to Nakata et al. (hereinafter known as “Nakata”) and in view of U.S. Publication 2021/0360407 to Obaidi et al (hereinafter “Obaidi”). 

As per claim 1 Nakata teaches, a method comprising: identifying a device type of a device transmitting data over a network (Nakata Fig 1 element 20, 30, 40 and para 20); 
obtaining one or more uniform resource locators (URLs) from the data, wherein the one or more URLs form a portion of a request transmitted over the network by the device (Nakata Fig 1 and 2 element 20, 30, 40 and para 24-26 and para 32-33, 38-40); 
determining that the device is a rogue device if: 
the pattern of network data deviates from a baseline pattern of the device type, or at least one of the one or more URLs matches a rogue URL criteria (Nakata para 32-33 and 34-35, 38-40); and 
taking an action in response to determining the device is a rogue device to improve security of the network (Nakata para 57-58).
Nakta does not teach however Obaidi teaches, 
programmatically analyzing the data to determine a pattern of network data within a given time period (Obaidi Fig 4 element 404, 408 and 412 and para 48-50); 
Nakata teaches detection of malicious terminal device based on communication log for detecting the terminal infected with malware based on analysis of log analysis (abstract). Nakata does not however Obaidi teaches determination of pattern of network data in given time period (Obaidi para 48-50). Nakata – Obaidi are analogous art because they both are from the same area, detection of malware device(s) / terminals.  
It would have been obvious to one of ordinary skill in the art before the filing date of the claimed invention, having the teachings of Nakata before him or her and to include Obaidi’s pattern detection in terminal.  The suggestion/motivation for doing so would have been to enhance security by detecting malicious application on user devices from third-party application platforms (Obaidi para 1). 

As per claim 3 combination of Nakata – Obaidi teaches, the method of claim 1, wherein the rogue URL criteria includes one or more of: 
two or more simultaneous URL requests, a request for an invalid URL, a count of URL requests within a particular time period that exceeds a threshold number of URLs, or a rate at which of URL requests are transmitted to the network (Nakata para 31-33).
As per claim 4 combination of Nakata – Obaidi teaches, the method of claim 3, wherein the invalid URL includes one or more of a URL with a DNS failure, a URL associated with a request response that is indicative of invalidity of the URL, or multiple instances of a same URL in the data (Nakata para 31-33 and 38-40).
As per claim 5 combination of Nakata – Obaidi teaches, the method of claim 1, wherein the action includes one or more of: 
isolating the device, disconnecting the device from the network (Obaidi para 56 and para 59 teaches blocking or disconnecting the device), or moving a connection to the device to a separate network (motivation as explained in claim 1).
As per claim 6 combination of Nakata – Obaidi teaches, the method of claim 1, wherein the device type includes information from a device registry, wherein the information includes one or more of device manufacturer, device model, device operating system, device hardware version, or device software version (Obaidi para 44 teaches device identifier, para 33 teaches application identifier).
As per claim 7 combination of Nakata – Obaidi teaches, the method of claim 1, wherein the baseline pattern includes one or more of device historical data or aggregate historical data for devices of a same type as the device type (Nakata para 29-30 teaches normalizing of data for pattern matching).
As per claim 8 combination of Nakata – Obaidi teaches, the method of claim 1, wherein the baseline pattern includes one or more URLs accessed at one or more times within a baseline monitoring time period (Nakata para 31-33 teaches timestamp associated with URL access).
As per claim 9 combination of Nakata – Obaidi teaches, the method of claim 1, further comprising generating the baseline pattern by analyzing one or more of device historical data or aggregate historical data for devices of a same type as the device type (Nakata para 27-29).
As per claim 10 combination of Nakata – Obaidi teaches, the method of claim 1, further comprising generating the baseline pattern by collecting a list of URLs previously accessed by the device (Nakata para 32, 38-40).
As per claim 11 combination of Nakata – Obaidi teaches, the method of claim 10, further comprising collecting a time of day when each URL in the list of URLs is accessed by the device (Nakata para 32-33).
As per claim 12 combination of Nakata – Obaidi teaches, the method of claim 1, wherein the baseline pattern includes time period information indicating a time when data for the device type was accessed (Nakata para 32-33).
Claim 13, 
Claim 13 is rejected in accordance with claim 1. 
Claim 15, 
Claim 15 is rejected in accordance with claim 3. 
Claim 16, 
Claim 16 is rejected in accordance with claim 4. 
Claim 17, 
Claim 17 is rejected in accordance with claim 5. 

Claims 2 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Publication 2019/0149570 to Nakata et al. (hereinafter known as “Nakata”) and in view of U.S. Publication 2021/0360407 to Obaidi et al (hereinafter “Obaidi”) and further in view of US Publication 2017/0103674 to Sadeh–Koniecpol et al (hereinafter “Sadeh-Koniecpol).  
As per claim 2 combination of Nakata – Obaidi teaches, the method of claim 1, further comprising: 
Nakata- Obaide does not teach Sadeh–Koniecpol teaches, 
determining that the device is an authenticated device that has been authenticated to a cloud-based network security system (Sadeh–Koniecpol para 75); and 
based on the determining, marking the device as a potentially compromised device (Sadeh–Koniecpol para 91).
Nakata – Obaidi teaches detection of malicious terminal device based on communication log for detecting the terminal infected with malware based on analysis of log analysis with patter detection in network data in time period. Nakata – Obaidi does not however Sadeh–Koniecpol teaches authenticated device as compromised device (Sadeh–Koniecpol para 75/91). Nakata – Obaidi - Sadeh–Koniecpol are analogous art because they both are from the same area, detection of malware device(s) / terminals.  
It would have been obvious to one of ordinary skill in the art before the filing date of the claimed invention, having the teachings of Nakata - Obaidi before him or her and to include Sadeh–Koniecpol’s detection of authenticated device as compromised device.  The suggestion/motivation for doing so would have been to enhance security by providing cybersecurity in personalized interactive modules (Sadeh–Koniecpol para 5). 
Claim 14, 
Claim 14 is rejected in accordance with claim 2. 
Conclusion
	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Obaidi et al US Publication 20210360407 
Nakata et al US Publication 20190149570
Shah et al US Publication 2020/0252803 
Sadeh-Koniecpol et al US Publication 2017/0103674 
Arnoth et al US Patent 11140129 
Dods et al US Patent 10972508 
Yumer et al US Patent 10623426 
Mesdaq et al US Patent 10601865 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to VIRAL S LAKHIA whose telephone number is (571)270-3363.  The examiner can normally be reached on 8 am - 6 pm.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/VIRAL S LAKHIA/Examiner, Art Unit 2431