Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Claims 1-23 are presented for examination.
This is a first action on the merits based on Applicant’s claims submitted 2/12/2021.                     

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 2/18/2021 and 4/05/2022 is/are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Applicant is respectfully reminded of the duty to disclose 37 C.F.R. 1.56 all pertinent information and material pertaining to the patentability of applicant’s claimed invention, by continuing to submitting in a timely manner PTO-1449, Information Disclosure Statement (IDS) with the filing of applicant’s application or thereafter.

Claim Rejections - 35 U.S.C. 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 3, 14 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claim 3, the limitation reading “when the time interval is substantially shorter than…” is unclear as to what the inventor regards as the invention.  The term “substantially” deems the claim language unclear and indefinite.  The specification does not explicitly define what substantially mean, therefore the terms of degree that this limitation seems to define is questionable as the scope of the term is not clearly defined in light of the specification.  This term (i.e. substantially) is a relative and broad term and is unclear as to the scope of how much shorter should the time interval be.  Appropriate correction is required.
For purposes of examination, Examiner will interpret this limitation as the time interval being shorter than the reference value.
For claims 3 and 14, the claim limitation reading “is substantially shorter than the reference value…” lacks proper antecedent basis.  The underlined term has not been positively recited.  The term “pre-determined reference value” has been positively recited however, it is not clear as to whether these two terms, i.e. the reference value and predetermined reference value, are referencing each other and are the same terms.  Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.
Claims 1-4, 8-15, 19-23 rejected under 35 U.S.C. 103 as being unpatentable over Ohtsu et al. (US 2018/352434 A1, hereinafter “Ohtsu”) in view of Zolfaghar et al. (NPL: “Securing Bluetooth-based Payment System Using Honeypot”, hereinafter “Zolfaghar”)

Regarding claim 1, Ohtsu teaches: 
1. A security appliance configured to protect a client device against computer security threats (par 6), the security appliance comprising 
at least one hardware processor (fig. 2, information processing device 200, par 45, i.e. CPU in the device controls the operation) configured to: 
in response to detecting a first wireless communication (i.e. reception interval pattern) comprising an availability notification emitted in preparation for establishing a peer-to-peer connection with an administration device (i.e. the beacon device sends the reception interval pattern to establish wireless connection, see par 26-27), determine whether the first wireless communication fits a notification pattern specific to the client device (par 27; i.e. determining that the reception interval pattern matches a predetermined transmission interval pattern, see also par 63); 
	Ohtsu does not explicitly teach yet Zolfaghar suggests: 
in response, when the first wireless communication does not fit the notification pattern (Section 4.1 -  “After collecting the required data from detection module (5), Honeypots then analyze the gathered data and performs the correlation of collected attacking information to predefine attack scenarios in order to detect the attack type(6).”), transmit a second wireless communication configured to mimic a response by the administration device to the first wireless communication (figs. 1 and 3, Section 4.1 – “Upon finishing the analysis, the system designs an appropriate response to counter the attackers effectively”); and 
in response to transmitting the second wireless communication, perform a security action (i.e. distract the attacker to protect the client) to protect the client device or the administration device (Section 4.1 – “honeypot reaction is initiating direct communication with the attacker to distract him from the real client”).  
	Accordingly, it would have been obvious to one having ordinary skill in the art before the effective filing date of the invention to have implemented the transmission of a second wireless communication mimicking an administration device in response to a first wireless communication not fitting the notification pattern, as taught by Zolfaghar, to Ohtsu’s invention.  The motivation to do so would have been to use Bluetooth honeypots that receive the malicious inquiries and communicate with attackers in order to counter the attackers effectively (Zolfaghar: Section 4 (on page 24) and Section 4.1).
Regarding claim 2, the combination of Ohtsu and Zolfaghar teach:
2. The security appliance of claim 1, wherein the at least one hardware processor is configured to determine whether the first wireless communication fits the notification pattern according to a time interval separating the first wireless communication from a previously-detected wireless communication comprising another availability notification emitted by the client device (Ohtsu: fig. 3B, par 40, i.e. plurality of transmission interval patterns).  
Regarding claim 3, the combination of Ohtsu and Zolfaghar teach:
3. The security appliance of claim 2, wherein the at least one hardware processor is configured to: 
compare a size of the time interval (Ohtsu: fig. 3B) to a pre-determined reference value (see par 70; i.e. interval patterns represent an index number) associated with the client device (Ohtsu: par 64; i.e. a legitimate device sends a reception interval pattern that matches the identified transmission interval pattern, see also par. 40); and 
in response, determine that the first wireless communication does not fit the notification pattern when the time interval is substantially shorter (par 40-41; interval patterns are represented by fixed and unfixed time intervals, indicative of transmission intervals used to determine the match of received patterns (i.e. reception interval pattern) with expected patterns (i.e. predetermined transmission interval pattern) ) than the reference value (Ohtsu: par 70; i.e. the patterns do not match).  
Regarding claim 4, the combination of Ohtsu and Zolfaghar teach:
4. The security appliance of claim 1, wherein the at least one hardware processor is configured to determine whether the first wireless communication fits the notification pattern according to a count of availability notifications (i.e. beacon signals) emitted by the client device (Ohtsu: fig. 3B, par 40-41; i.e. count of beacon signals based on transmission interval patterns).  

Regarding claim 8, the combination of Ohtsu and Zolfaghar teach:
8. The security appliance of claim 1, wherein the at least one hardware processor is further configured, in preparation for determining whether the first wireless communication fits the notification pattern: 
detect a plurality of availability notifications emitted by the client device (Ohtsu: fig. 3B, par 40, i.e. detection of beacon signals, see also par 9); and 
in response, determine the notification pattern according to the plurality of availability notifications (Ohtsu: par 40; i.e. notification patterns, fig. 3A).  
Regarding claim 9, the combination of Ohtsu and Zolfaghar teach:
9. The security appliance of claim 1, wherein mimicking the response by the  administration device comprises initiating another peer-to-peer connection with a sender of the first wireless communication while impersonating the administration device (Zolfaghar: Section 4.1: “Most of the time, honeypot reaction is initiating direct communication with the attacker to distract him from the real client (8)”, see also fig. 3 and Section 4; i.e. Honeypots create “self-generated traffic that simulates the Honeypot clients [7]”).  
Regarding claim 10, the combination of Ohtsu and Zolfaghar teach:
10. The security appliance of claim 9, wherein the security action comprises maintaining the other peer-to-peer connection active for a pre-determined amount of time (Zolfaghar: Section 4 “we should increase the time required for an attacker to find a target device [18]. To achieve this, in this paper we suggest using honeypots
in Bluetooth network to use its capability in distracting attackers from the real client connect to bank servers via Bluetooth and trapping them in honeypot systems to delay any potential attacks. Honeypots in this system should be employed randomly in different locations so as not to give an attacker obvious knowledge of the boundaries of system [19].”).  
Regarding claim 11, the combination of Ohtsu and Zolfaghar teach:
11. The security appliance of claim 9, wherein the security action comprises transmitting a set of surrogate data to the sender of the first wireless communication over the other peer-to-peer connection (Zolfaghar: Section 4; i.e. Honeypots create “self-generated traffic that simulates the Honeypot clients [7]”).  

Regarding claim 12, all claim limitations are set forth and rejected as it has been discussed in claim 1.
Regarding claim 13, all claim limitations are set forth and rejected as it has been discussed in claim 2.

Regarding claim 14, all claim limitations are set forth and rejected as it has been discussed in claim 3.

Regarding claim 15, all claim limitations are set forth and rejected as it has been discussed in claim 4.

Regarding claim 19, all claim limitations are set forth and rejected as it has been discussed in claim 8.

Regarding claim 20, all claim limitations are set forth and rejected as it has been discussed in claim 9.
Regarding claim 21, all claim limitations are set forth and rejected as it has been discussed in claim 10.

Regarding claim 22, all claim limitations are set forth and rejected as it has been discussed in claim 11.

Regarding claim 23, all claim limitations are set forth and rejected as it has been discussed in claim 1.  Furthermore, the additional limitations are also taught by Ohtsu and Zolfaghar, as discussed below:
23. A non-transitory computer-readable medium storing instructions which, when executed by at least one hardware processor of a security appliance (Ohtsu: fig. 2, device 200)…  

Claims 5-7, 16-18 rejected under 35 U.S.C. 103 as being unpatentable over Ohtsu et al. (US 2018/352434 A1, hereinafter “Ohtsu”) in view of Zolfaghar et al. (NPL: “Securing Bluetooth-based Payment System Using Honeypot”, hereinafter “Zolfaghar”) in further view of Wu et al. (NPL: “Blueshield: Detecting Spoofing Attacks in Bluetooth Low Energy Networks”, hereinafter “Wu”)

Regarding claim 5, the combination of Ohtsu and Zolfaghar do not teach yet Wu suggests:
5. The security appliance of claim 1, wherein the at least one hardware processor is configured to determine whether the first wireless communication fits the notification pattern according to an indicator of an intensity of a carrier signal of the first wireless communication (Section 4.1.1 “Received Signal Strength Indicator (RSSI) ….estimate of the signal power in the received RF signal…”).  
	Accordingly, it would have been obvious to one having ordinary skill in the art before the effective filing date of the invention to have implemented a determination of matching notification pattern based on intensity of a carrier signal, as taught by Wu, to Ohtsu and Zolfaghar’s invention.  The motivation to do so would have been in order to discover spoofing attacks (Wu: Section 4.1.1, page 400).
Regarding claim 6, same rationale for combination of Ohtsu, Zolfaghar, and Wu, which combined in claim 5, applies here as it encompasses same subject matter.  Therefore, Ohtsu, Zolfaghar, and Wu teach:
6. The security appliance of claim 1, wherein the at least one hardware processor is configured to determine whether the first wireless communication fits the notification pattern according to a frequency of a carrier signal of the first wireless communication (Wu: Section 4.1.1 “Carrier Frequency Offset (CFO)…induces a unique/offset between the designated and the actual carrier frequency of the transmitted signal….CFO can be utilized as a fingerprint of a wireless device” Examine notes that this CFO, according to Wu, differentiates between a benign BLE and an attacker.).  
Regarding claim 7, the combination of Ohtsu, Zolfaghar, and Wu teach:
7. The security appliance of claim 6, wherein the at least one hardware processor is configured to determine whether the first wireless communication fits the notification pattern further according to another frequency of another carrier signal of a previously-detected communication comprising another availability notification emitted by the client device (Wu: Section 4.1.1: “Advertising Interval… two consecutive packets on the same … channel”; Examiner notes that the “INT” is utilized to detect the attacker).  
Regarding claim 16, all claim limitations are set forth and rejected as it has been discussed in claim 5.

Regarding claim 17, all claim limitations are set forth and rejected as it has been discussed in claim 6.

Regarding claim 18, all claim limitations are set forth and rejected as it has been discussed in claim 7.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892 Notice of References Cited.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to LIZBETH TORRES-DIAZ whose telephone number is (571)272-178772-1787.  The examiner can normally be reached on 9:00a-4:30p.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr, can be reached on (571)272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/LIZBETH TORRES-DIAZ/Examiner, Art Unit 2495                                                                                                                                                                                                        
/November 17, 2022/
/ltd/