DETAILED ACTION
This office action is in response to the correspondence filed on 10/31/2022. Claims 1-20 are pending and are examined. Claims 11-15 are withdrawn.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Election/Restrictions
Applicant’s election without traverse of claims 1-10, and 16-20 in the reply filed on 10/31/2022 is acknowledged.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 3-4, 7, 10, 17, and 20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention. 
Regarding claims 3-4, although it seems like “(the) detected communications” are different detected communications from the ones in independent claim 1, the meaning could be confusing since the same terms are used. 
Examiner suggests that “(the) second detected communications” can be used in claims 3-4 to distinguish the two detected communications.
Regarding claims 7 and 17, taking claim 7 as exemplary, it is unclear what is the difference in meaning of “the function of each of the electronic devices” and “a function of each of the electronic devices”, and therefore, what additional function is being determined by the circuitry.
Regarding claims 10 and 20, taking claim 10 as exemplary, “the manufacturer” in “one of the manufacturer, function, or function of the electronic device” was never recited before. There is insufficient antecedent basis for this limitation in the claim.
Regarding claim 10, It is unclear what is the difference in meaning of “one of the manufacturer, function, or function of the electronic device” in order to understand the limitation. It appears “model” should replace one of the functions by reading a similar dependent claim 20.
Appropriate correction is required.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 5-7, and 16-17 are rejected under 35 U.S.C. 103 as being unpatentable over Poder et al. (US Pub No. 2016/0234232 A1, referred to as Poder), in view of Branca (US Pub No. 2017/0195294 A1, referred to as Branca).
Regarding claim 1, Poder discloses,
1. (original) A method executed by circuitry for determining and sharing network profiles for electronic devices connected to a network, the method comprising: 
determining with the circuitry a make and a function of each of the electronic devices; (Poder: [0035]; the access node device 140a (circuitry) may detect (determining) and report to the local office 103 (or other entity) identifying information of any of the devices (e.g., location, IP address, type of device, MAC address, etc.). [0044]; smart device 117 and the smart device 118 are of a same or similar type (e.g., both a particular brand smart thermostat). [0045]; after identifying a device type, the local office 103 (or other entity) may have knowledge of a known communication profile for that type of device. For example, a manufacturer of the smart device 117 may provide the local office 103 with a typical communication profile for that type of smart device 117 (identifying information of the devices can be determined including the make and function).) 
for each of the electronic devices, using the circuitry to detect communications in the network involving the electronic device over a duration of time, wherein the detected communications include both incoming messages to the electronic device and outgoing messages from the electronic device; (Poder: Fig. 3; [0029]; at step 304, the access node device 140a may monitor (detect) communications to and/or from one or more devices (incoming and outgoing messages) in communication with the premises network 180a… and may monitor these communications over time.)
generating profiles for the electronic devices using the circuitry, comprising: (Poder: Fig. 3; [0036].)
for each of the electronic devices, determining properties of the detected communications involving the electronic device including: (Poder: [0035]; the access node device 140a may detect and report to the local office 103 (or other entity) identifying information of any of the devices (e.g., location, IP address, type of device, MAC address, etc.), type of communication protocol used ( e.g., wireless, cellular, wired, ZigBee, etc.), the size of the packets used in the communication exchange, the frequency of communications, a time associated with each communication, and the like.)
for each of the detected communications, determining at least one of a protocol of the communication, a source of the communication, or a destination of the communication; (Poder: Fig. 3; [0029]; at step 304, the access node device 140a may monitor (detect) communications to and/or from one or more devices in communication with the premises network 180a. [0035]; the access node device 140a may detect and report to the local office 103 (or other entity) identifying information of any of the devices (e.g., location, IP address, type of device, MAC address, etc.), type of communication protocol used (e.g., wireless, cellular, wired, ZigBee, etc.), the size of the packets used in the communication exchange, the frequency of communications, a time associated with each communication, and the like.)
generate a profile for each of the electronic devices based on the determined properties of the detected communications, including: (Poder: Fig. 3; [0036]; at step 306, the local office 103 (or other entity) may generate a communication profile for a device.)
a make and function of the electronic device; (Poder: [0035]; the access node device 140a may detect and report to the local office 103 (or other entity) identifying information of any of the devices (e.g., location, IP address, type of device, MAC address, etc.). [0044]; smart device 117 and the smart device 118 are of a same or similar type (e.g., both a particular brand smart thermostat). [0045]; after identifying a device type, the local office 103 (or other entity) may have knowledge of a known communication profile for that type of device. For example, a manufacturer of the smart device 117 may provide the local office 103 with a typical communication profile for that type of smart device 117 (identifying information of the devices can include the make and function).) 
acceptable communications enabled by the profile, wherein each of the acceptable communications includes a protocol, a source, and a destination; (Poder: [0036]; the communication profile may comprise an expected (acceptable) communication behavior of a particular device, and thus may act like or be a fingerprint for that particular device. [0037]; the communication profile and expected communication behavior of a device may include information such as the identification of the devices with which a particular device typical exchanges communications. For example, the smart device 117 may send information (source) via the access node device 140a to an external temperature service device 161 multiple times a day at regular intervals (e.g., every 5 minutes). Thus, the communication profile for that smart device 117 may indicate that the smart device 117 typically sends information to that external temperature service device 161 located at a particular location, IP address, MAC address, (destination) or some other device location identifier, etc. every 5 minutes. [0039]; the communication profile and the expected communication behavior of a device may also describe characteristics of the communication or protocol used (protocol).)
Poder does not explicitly disclose, however Branca teaches,
sending the generated profiles with the circuitry to a server. (Branca: [0039]; the device profile data 400 for the newly associated device is generated and written to the local database's 220 device profile database 222 (generated profile is sent to a database server).)
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teachings of Branca into the teachings of Poder with a motivation to have a system of the smart devices, network access point, local database and remote database working together for securing and protecting smart devices within the internet of things ecosystem by communicating device profile information and generating firewall rules (Branca abstract).


Regarding claim 2, the combination of Poder and Branca discloses, 
2. (original) The method of claim 1, further comprising:
Poder does not explicitly disclose, however Branca teaches,
receiving with the server a request for a profile, wherein the request includes a make and a function; (Branca: Fig. 4; [0046]; the manufacturer's models database 206 is queried (receiving a request) using the device model 406 criteria selected by the user (make and model in the databases).)
identifying a profile associated with the make and function of the request; and (Branca: [0046]; based on the model criteria, an image 408, device type 410 (e.g. light, switch, motion sensor), and the communication protocol(s) 412 and communication port(s) 414 of the device are returned. This data is then saved as individual fields in the device profile data 400.)
outputting with the server the identified profile. (Branca: [0046]; this data is then saved (output is saved) as individual fields in the device profile data 400.)
The same motivation that was utilized for combining Poder and Branca as set forth in claim 1 is equally applicable to claim 2.


Regarding claim 5, the combination of Poder and Branca discloses, 
5. (previously presented) The method of claim 1, further comprising:
Poder does not explicitly disclose, however Branca teaches,
for at least one of the generated profiles, converting the at least one generated profile to a network policy; (Branca: [0014]; generate (converting) the internal firewall rules based on device profile information of each of the plurality of smart devices received from a remote database on an external network via the network access point.).
implementing the network policy, such that a device connected to a network is prevented from: (Branca: [0059]; initial device configuration 214 creates new firewall policies that are immediately enforced. For example, when a device is paired with the gateway device 110, as described in FIG. 3, new firewall rules are created in the firewall database 226 automatically. The newly created firewall rules enable communication between the gateway device 110 and the newly paired device in order to allow the pairing process to occur.) 
sending outgoing communications other than the acceptable outgoing communications; and (Branca: [0062]; when a device is paired with the gateway device 110, it may not be able to send or receive network traffic from the Internet 100 (not acceptable). Preventing ingress and egress network communication is an inbound firewall rule policy and an outbound firewall rule policy that drops network traffic of protocols and ports between devices 122-128 and the Internet 100. [0064]; FIG. 8 describes the components of the firewall rule data 800. This data is structured to support inbound and outbound firewall rules for which the firewall engine 210 loads to enforce network communication policies.)
receiving incoming communications other than the acceptable incoming communications. (Branca: [0062]; when a device is paired with the gateway device 110, it may not be able to send or receive network traffic from the Internet 100 (not acceptable). Preventing ingress and egress network communication is an inbound firewall rule policy and an outbound firewall rule policy that drops network traffic of protocols and ports between devices 122-128 and the Internet 100. [0064]; FIG. 8 describes the components of the firewall rule data 800. This data is structured to support inbound and outbound firewall rules for which the firewall engine 210 loads to enforce network communication policies.)
The same motivation that was utilized for combining Poder and Branca as set forth in claim 1 is equally applicable to claim 5.

Regarding claim 6, the combination of Poder and Branca discloses, 
6. (original) The method of claim 5, 
Poder does not explicitly disclose, however Branca teaches,
wherein the network policy includes at least one of a firewall policy or a network access control. (Branca: [0064]; FIG. 8 describes the components of the firewall rule data 800 (firewall policy). This data is structured to support inbound and outbound firewall rules for which the firewall engine 210 loads to enforce network communication policies.)
The same motivation that was utilized for combining Poder and Branca as set forth in claim 1 is equally applicable to claim 6.


Regarding claims 7 and 17, taking claim 7 as exemplary, the combination of Poder and Branca discloses, 
7. (previously presented) The method of claim 1, 
Poder discloses,
wherein in addition to the circuitry determining the make and the function of each of the electronic devices, the circuitry also determines a function of each of the electronic devices. (Poder: [0035]; the access node device 140a (circuitry) may detect (determining) and report to the local office 103 (or other entity) identifying information of any of the devices (e.g., location, IP address, type of device, MAC address, etc.). [0044]; smart device 117 and the smart device 118 are of a same or similar type (e.g., both a particular brand smart thermostat). [0045]; after identifying a device type, the local office 103 (or other entity) may have knowledge of a known communication profile for that type of device. For example, a manufacturer of the smart device 117 may provide the local office 103 with a typical communication profile for that type of smart device 117 (identifying information of the devices can be determined including the make and function).) 


Regarding claim 16, Poder discloses,
16. (original) A detecting electronic device for determining and sharing network profiles for electronic devices connected to a network, the detecting electronic device comprising:
a network interface (Poder: Fig. 1; Network Interface 170.) configured to, for each of the electronic devices, detect communications in the network involving the electronic device over a duration of time, wherein the detected communications include both incoming messages to the electronic device and outgoing messages from the electronic device; and (Poder: Fig. 3; [0029]; at step 304, the access node device 140a may monitor (detect) communications to and/or from one or more devices (incoming and outgoing messages) in communication with the premises network 180a… and may monitor these communications over time.)
circuitry configured to: (Poder: [0035]; the access node device 140a (circuitry).)
determine a make and a function of each of the electronic devices; ; (Poder: [0035]; the access node device 140a may detect (determining) and report to the local office 103 (or other entity) identifying information of any of the devices (e.g., location, IP address, type of device, MAC address, etc.). [0044]; smart device 117 and the smart device 118 are of a same or similar type (e.g., both a particular brand smart thermostat). [0045]; after identifying a device type, the local office 103 (or other entity) may have knowledge of a known communication profile for that type of device. For example, a manufacturer of the smart device 117 may provide the local office 103 with a typical communication profile for that type of smart device 117 (identifying information of the devices can be determined including the make and function).) 
generate profiles for the electronic devices comprising: (Poder: Fig. 3; [0036].)
for each of the electronic devices, determining properties of the detected communications including: (Poder: [0035]; the access node device 140a may detect and report to the local office 103 (or other entity) identifying information of any of the devices (e.g., location, IP address, type of device, MAC address, etc.), type of communication protocol used ( e.g., wireless, cellular, wired, ZigBee, etc.), the size of the packets used in the communication exchange, the frequency of communications, a time associated with each communication, and the like.)
for each of the detected communications, determining at least one of a protocol of the communication, a source of the communication, or a destination of the communication; (Poder: Fig. 3; [0029]; at step 304, the access node device 140a may monitor (detect) communications to and/or from one or more devices in communication with the premises network 180a. [0035]; the access node device 140a may detect and report to the local office 103 (or other entity) identifying information of any of the devices (e.g., location, IP address, type of device, MAC address, etc.), type of communication protocol used (e.g., wireless, cellular, wired, ZigBee, etc.), the size of the packets used in the communication exchange, the frequency of communications, a time associated with each communication, and the like.)
generate a profile for each of the electronic devices based on the determined properties of the detected communications, including: (Poder: Fig. 3; [0036]; at step 306, the local office 103 (or other entity) may generate a communication profile for a device.)
a make and function of the electronic device; and (Poder: [0035]; the access node device 140a may detect and report to the local office 103 (or other entity) identifying information of any of the devices (e.g., location, IP address, type of device, MAC address, etc.). [0044]; smart device 117 and the smart device 118 are of a same or similar type (e.g., both a particular brand smart thermostat). [0045]; after identifying a device type, the local office 103 (or other entity) may have knowledge of a known communication profile for that type of device. For example, a manufacturer of the smart device 117 may provide the local office 103 with a typical communication profile for that type of smart device 117 (identifying information of the devices can include the make and function).) 
acceptable communications each comprising a protocol, a source, and a destination; (Poder: [0036]; the communication profile may comprise an expected (acceptable) communication behavior of a particular device, and thus may act like or be a fingerprint for that particular device. [0037]; the communication profile and expected communication behavior of a device may include information such as the identification of the devices with which a particular device typical exchanges communications. For example, the smart device 117 may send information (source) via the access node device 140a to an external temperature service device 161 multiple times a day at regular intervals (e.g., every 5 minutes). Thus, the communication profile for that smart device 117 may indicate that the smart device 117 typically sends information to that external temperature service device 161 located at a particular location, IP address, MAC address, (destination) or some other device location identifier, etc. every 5 minutes. [0039]; the communication profile and the expected communication behavior of a device may also describe characteristics of the communication or protocol used (protocol).)
Poder does not explicitly disclose, however Branca teaches,
output the generated profiles. (Branca: [0039]; the device profile data 400 for the newly associated device is generated and written to the local database's 220 device profile database 222 (generated profile is sent to a database server).)
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teachings of Branca into the teachings of Poder with a motivation to have a system of the smart devices, network access point, local database and remote database working together for securing and protecting smart devices within the internet of things ecosystem by communicating device profile information and generating firewall rules (Branca abstract).


Allowable Subject Matter
Claims 3-4, 10, and 20 contains allowable subject matter but remain rejected under 112 rejection. It is also objected to as being dependent upon rejected base claims, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims; and the stated rejection(s) are resolved.
Claims 8-9, and 18-19 are objected to as being dependent upon rejected base claims, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is an examiner’s statement of reasons for allowance: 
Although prior arts Poder and Branca above disclose all the limitations of the prior claims (see rejections above), none of the prior arts of record alone or in combination discloses the request additionally includes detected communications for the make and the function of the request; and in addition to the identified profile being associated with the make and the function of the request, the identified profile enables the detected communications included with the request; splitting the communications into external communications and internal communications and in the device profile, specifying at least one approved external or internal communication source or destination; applying a noise removal process to the detected communications including various steps as described in the claims.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Maturana; Francisco P. et al.	US-PGPUB	US 20220103591 A1	Methods for detecting anomolies in network communication
Davis, III; Charles K. et al.	USPAT		US 11140180 B2	Guard system for automatic network flow controls for internet of things (IoT) devices
WEINBERG; Adam et al.		US-PGPUB	US 20190387399 A1	Method for securing communication and information of IoT devices through a controlled cellular communication network

Any inquiry concerning this communication or earlier communications from the examiner should be directed to KA SHAN CHOY whose telephone number is (571) 272-1569.  The examiner can normally be reached on MON - FRI: 9AM-5:30PM EST Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571) 272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/KA SHAN CHOY/Examiner, Art Unit 2435