DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-22 are pending.
The claim objections have been withdrawn in view of the claim amendment. 
The 35 U.S.C. 101 rejection has been withdrawn in view of the claim amendment.

Response to Arguments
Applicant's arguments filed on 09/06/22 have been fully considered.  Although there are differences between Applicant’s invention and the cited prior art, the current claims have not successfully captured these differences to render the claims clearly distinguishable from the cited prior art as explained in more detail below.
In response to Applicant’s argument regarding the double patenting rejection (page 8 of Remarks), Examiner acknowledged Applicant’s perspective but because the current claims are not patentably distinct from the claims of the patents, the double patenting rejection has been maintained.
In response to Applicant’s argument that claim 1, as amended, is patentable over the proposed combination of cited references because Chillappa does not describe identifying a functionality of a device from a usage profile of the device and does not use a device functionality to select a subset corresponding to that functionality (page 10 of Remarks), Examiner acknowledged Applicant’s perspective but respectfully disagreed for the following reasons.
Firstly, since the claim only recites the term “functionality” and does not further clarify the type of “functionality”, the term “functionality” broadly covers any function(s), operation(s), task(s), role(s), process(es), or behavior(s) associated with the device including one(s) that is/are allowed/authorized, restricted/constrained/limited, or expected/trusted.  Moreover, since the claim also does not further clarify how the “identifying” step is being done, this “identifying” broadly covers any type of determining, detecting, or recognizing.
Secondly, Chillappa discloses “A constraint profile comprises local area network level directives specifying how to enable the corresponding IoT device to execute authorized functionality while maintaining local area network level security…the backend component 119 creates constraint profiles 301 governing the allowed communication and behaviors of the different IoT devices 123, and provides these profiles 301 to the router components 121. The router components 121 enforce the received profiles 301, thereby automatically constraining the communications and behaviors allowed for different IoT devices 123, to minimize possible threats to or from the IoT devices 123 themselves, as well other computing devices, services and data on the local area networks 107. The constraint profiles 301 are geared towards allowing IoT devices 123 to perform expected, trusted operations in order to function as intended, while restricting the devices 123 from performing operations beyond this, at least until a device 123 reaches a requisite trust threshold. In some instances, IoT devices 123 can be constrained in their operations by being isolated in virtual local area networks (VLANS) 309…the profile 301 could indicate to isolate the device 123 in restricted VLAN 309, not let the device 123 access any computers 210 on the local area network 107, monitor all of its attempted activity, and perform a variety of tests to check it for vulnerabilities…A constraint profile enforcing module of the router component 123 enforces the constraint profile 301 received for a given device 123. As noted above, the constraint profile 301 can be at any level of granularity as desired. In some embodiments, constraint profiles 301 specify to place devices 123 with differing levels of reputation score and/or expected behaviors in different corresponding VLANS 309 on local area networks 107” (e.g. ¶7, 30, 39, 40).
	Thus, Chillappa discloses identifying (a) communication (functionality) and behaviors (functionality) of the IoT device to be allowed/authorized, (b) operations (functionality) of the IoT device, access (functionality) of the IoT device to other computers and communication (functionality) of the IoT device to specific domains and ports, and/or to specific content to be restricted/constrained/limited, and/or (c) expected/trusted operations (functionality) and behaviors (functionality) of the IoT device indicated or specified by the constraint profile of the IoT device and based on the identified functionality, automatically selecting a corresponding VLAN to isolate or place the IoT device in to enforce the constraint profile of the IoT device.
	For at least the above reasons, the combination of McNeil and Chillappa does disclose or suggest the limitations recited in claim 1 (and similarly claims 12 and 16) and the combination of Mircescu, Hopprich, and Chillappa does disclose or suggest the limitations recited in claim 20.

Claim Objections
Claims 1, 12, 16, and 20 are objected to because of the following informalities:  
“the functionality of device” in line 8 of claim 1, line 10 of claim 12, line 11 of claim 16 should read “the functionality of the device”.
“the functionality of device from the usage profile” in line 12 of claim 20 should read “the functionality of the device identified from the usage profile”.
Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-22 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement.  The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention.  
Claim 1 recites “identifying a functionality of the device from the usage profile of the device” and “automatically selecting a subnet…based on the functionality of device identified from the usage profile of the device”.  Upon reviewing the specification including ¶16, 42-43, and 70 mentioned in the Remarks as providing support for the underlined limitation, although the specification discloses “In some exemplary embodiments, devices are assigned to subnets based on their functionality” in ¶16, the specification does not disclose that the functionality is identified from the usage profile of the device.  Claims 2-11 depend from claim 1 and thus also have this issue.  Similar issue also exists in independent claims 12, 16, and 20.  Claims 13-15, 17-19, and 21-22 depend from claims 12, 16, and 20 and thus also have this issue.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-22 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-15 and 17-19 of U.S. Patent No. 10965758 in view of Chillappa (US 20160381030).
Claims 1-15 and 17-19 of U.S. Patent No. 10965758 include most of the limitations recited in claims 1-22 of the instant application except for “automatically selecting a subnet of the subnets of the local network to connect the device based on the functionality of device identified from the usage profile of the device, the selected subnet corresponding to the functionality of the device” (claim 1), “identify a functionality of the device based on the usage profile of the device; automatically select a subnet of the local network to connect the device based on the functionality of device identified from the usage profile of the device, the selected subnet corresponding to the functionality of the device” (claims 12 and 16), and “identify a functionality of the device from a usage profile of the device; select a subnet based on the functionality of device from the usage profile of the device, the selected subnet corresponding to the functionality of the device” (claims 20 and 22).  
Chillapa discloses the above missing limitations (e.g. ¶8, 15, 30, 32, 38-40).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Chillappa into the device of the patent claim for the purpose of minimizing possible threats to or from the IoT devices themselves, as well other computing devices, services and data on the local area networks (Chillappa, ¶30).

Claims 1, 6, 12, 16, and 20-22 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-2 of U.S. Patent No. 10237351 in view of Chillappa (US 20160381030).
Claims 1-2 of U.S. Patent No. 10237351 include most of the limitations recited in claims 1, 6, 12, 16, and 20-22 of the instant application except for “determining a usage profile of the device, wherein the usage profile is indicative of content of packets transmitted by the device; identifying a functionality of the device from the usage profile of the device; automatically selecting a subnet of the subnets of the local network to connect the device based on the functionality of device identified from the usage profile of the device, the selected subnet corresponding to the functionality of the device” (claim 1), “determine a usage profile of the device, wherein the usage profile is indicative of content and target of packets transmitted by the device; identify a functionality of the device based on the usage profile of the device; automatically select a subnet of the local network to connect the device based on the functionality of device identified from the usage profile of the device, the selected subnet corresponding to the functionality of the device” (claims 12 and 16), and “identify a functionality of the device from a usage profile of the device; select a subnet based on the functionality of device from the usage profile of the device, the selected subnet corresponding to the functionality of the device” (claims 20 and 22).  
Chillapa discloses the above missing limitations (e.g. ¶7-8, 15, 30, 32, 38-40).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Chillappa into the device of the patent claim for the purpose of minimizing possible threats to or from the IoT devices themselves, as well other computing devices, services and data on the local area networks (Chillappa, ¶30).

Instant application 17211643
US Patent No. 10965758
1
1 and Chillapa
2-11
2-11
12
12 and Chillapa
13-15
13-15
16
12 and Chillapa
17-19
13-15
20
17 and Chillapa
21-22
18-19


Instant application 17211643
US Patent No. 10237351
1
1 and Chillapa
6
1
12
1 and Chillapa
16
1 and Chillapa
20
1 and Chillapa
21
2
22
1 and Chillapa


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 4-8, 10-12, 14-16, and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over McNeill (US 6167052) in view of Chillappa (US 20160381030).

Claim 1, McNeill discloses A method comprising: 
detecting a device connecting to a local network, (e.g. col. 11, ll. 8-12: When a network station is powered up, it is placed in a "default" VLAN (a default VLAN exists in each layer 2 domain 116…the station sends a request to the UBNC server)) wherein the local network is divided into subnets; (e.g. fig. 2: network 110 is divided into a plurality of subnets)
determining a usage profile of the device; (e.g. col. 11, ll. 14-26: The UBNC server determines the associated VLAN from a UBNC server database…for each user name, the database contains identification of associated VLAN(s)…the database contains the following information provided by the management station: (A) for each user name, an identification of the connectivity group to which the user name belongs; (B) identifications of VLANs belonging to each connectivity group; (C) for each VLAN, the associated subnet(s))
automatically selecting a subnet of the subnets of the local network to connect the device based on the usage profile of the device; (e.g. col. 11, ll. 16-17: The UBNC server determines the associated VLAN from a UBNC server database) and 
connecting the device to the selected subnet in the local network (e.g. col. 11, ll. 36-39: the UBNC server sends an appropriate command to a switch or switches 128 in the layer 2 domain 116 that contains the station. The switches place the station into the VLAN assigned to the user).
Although McNeil discloses a usage profile of the device and automatically selecting a subnet of the subnets of the local network to connect the device based on the usage profile of the device  (see above), McNeil does not explicitly disclose but Chillappa discloses wherein the usage profile is indicative of content of packets transmitted by the device (e.g. ¶38-40: Expected activity for a device 123 indicates what behaviors the device 123 is known to execute in order to perform its authorized functionality. This can include factors such as domains with which the device communicates, protocols used, ports used, the direction, content and format of known legitimate communications, etc. This information can be tracked per device 123 at any level of granularity. For example, a known smart thermostat device could be expected to, e.g., transmit data to and receive data from specific domains (e.g., that of its own manufacturer and google.com), only on ports 9543, 11095, 80, and 443, but not to communicate with any other domains on any other ports, and not to directly communicate with other devices 123 on the local area network 107. Based on…what is known about the expected communication and other activity for the device 123, a constraint profile creating module of the backend component 119 creates and dynamically maintains a constraint profile 301 for the device 123, and provides the constraint profile 301 to the various router components 121 of the install base…A constraint profile enforcing module of the router component 123 enforces the constraint profile 301 received for a given device 123. As noted above, the constraint profile 301 can be at any level of granularity as desired. In some embodiments, constraint profiles 301 specify to place devices 123 with differing levels of reputation score and/or expected behaviors in different corresponding VLANS 309 on local area networks 107) identifying a functionality of the device from the usage profile of the device; automatically selecting a subnet of the subnets of the local network to connect the device based on the functionality of device identified from the usage profile of the device, the selected subnet corresponding to the functionality of the device; (e.g. ¶7, 30, 39, 40: A constraint profile comprises local area network level directives specifying how to enable the corresponding IoT device to execute authorized functionality while maintaining local area network level security…the backend component 119 creates constraint profiles 301 governing the allowed communication and behaviors of the different IoT devices 123, and provides these profiles 301 to the router components 121. The router components 121 enforce the received profiles 301, thereby automatically constraining the communications and behaviors allowed for different IoT devices 123, to minimize possible threats to or from the IoT devices 123 themselves, as well other computing devices, services and data on the local area networks 107. The constraint profiles 301 are geared towards allowing IoT devices 123 to perform expected, trusted operations in order to function as intended, while restricting the devices 123 from performing operations beyond this, at least until a device 123 reaches a requisite trust threshold. In some instances, IoT devices 123 can be constrained in their operations by being isolated in virtual local area networks (VLANS) 309…the profile 301 could indicate to isolate the device 123 in restricted VLAN 309, not let the device 123 access any computers 210 on the local area network 107, monitor all of its attempted activity, and perform a variety of tests to check it for vulnerabilities…A constraint profile enforcing module of the router component 123 enforces the constraint profile 301 received for a given device 123. As noted above, the constraint profile 301 can be at any level of granularity as desired. In some embodiments, constraint profiles 301 specify to place devices 123 with differing levels of reputation score and/or expected behaviors in different corresponding VLANS 309 on local area networks 107.)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Chillappa into the invention of McNeil for the purpose of minimizing possible threats to or from the IoT devices themselves, as well other computing devices, services and data on the local area networks (Chillappa, ¶30).

Claim 4, McNeill-Chillappa combination discloses The method of claim 1, wherein the subnets comprise an Internet of Things (IoT) subnet, wherein the IoT subnet is a subnet to which only IoT devices are connected; wherein the device is an IoT device, wherein the determining of the usage profile comprises determining a usage profile that is consistent with the device being the IoT device, wherein the automatically selecting comprises selecting the IoT subnet for the IoT device. (Chillappa, e.g. ¶32, 39-40).  Same motivation would apply.

Claim 5, McNeill-Chillappa combination discloses The method of claim 1, wherein the subnets comprise two or more Internet of Things (IoT) subnets, wherein each of the two or more IoT subnets is a subnet to which only IoT devices are connected, wherein the automatically selecting comprises selecting one of the two or more IoT subnets for an IoT device, wherein the selected IoT subnet is selected based on the IoT device being expected to communicate with other IoT devices in the selected IoT subnet and based on the IoT device being restricted from communicating with IoT devices in other subnets of the two or more IoT subnets. (Chillappa, e.g. fig. 3, ¶8, 28, 30, 32, 38-41).  Same motivation would apply.

Claim 6, McNeill-Chillappa combination discloses The method of claim 1, further comprising monitoring network activity in each of the subnets of the local network, wherein the monitoring of the network activity comprises applying different security rules to each of the subnets. (McNeil, e.g. col. 13, ll. 5-15).

Claim 7, McNeill-Chillappa combination discloses The method of claim 1, wherein the determining of the usage profile comprises: performing fingerprinting of the device to detect expected functionality of the device. (Chillappa, ¶38-39). Same motivation would apply.

Claim 8, McNeill-Chillappa combination discloses The method of claim 1, wherein the determining of the usage profile comprises identifying a cloud server with which the device communicates, wherein the cloud server is in a network external to the local network. (Chillappa, e.g. ¶38).  Same motivation would apply.

Claim 10, McNeill-Chillappa combination discloses The method of claim 1, wherein the determining of the usage profile of the device is performed in response to the device being connected to the local network, wherein the determining of the usage profile comprises determining a first usage profile based on a fingerprint of the device, and wherein the method further comprises: monitoring traffic pattern of the device when the device is connected to the selected subnet; determining a second usage profile based on the traffic pattern of the device; and in response to the determining of the second usage profile, removing the device from the selected subnet and connecting the device to a second selected subnet. (Chillappa, e.g. fig. 3, ¶9, 30-32, 38-42).  Same motivation would apply.

Claim 11, McNeill-Chillappa combination discloses The method of claim 1, wherein the determining of the usage profile comprises: determining a type of the device, wherein the type is a class of an electric device the device implements, wherein obtaining an implicit expected usage profile is based on the type of the device, wherein the automatic subnet selection is based on the type of the device. (Chillappa, e.g. ¶38-41).  Same motivation would apply.

Claim 12, McNeill discloses A non-transitory computer program product comprising a computer readable storage medium retaining program instructions, which program instructions when read by a hardware processor, cause the hardware processor to: 
detect a device connecting to a local network, (e.g. col. 11, ll. 8-12: When a network station is powered up, it is placed in a "default" VLAN (a default VLAN exists in each layer 2 domain 116… the station sends a request to the UBNC server)) wherein the local network is divided into subnets; (e.g. fig. 2: network 110 is divided into a plurality of subnets)
determine a usage profile of the device; (e.g. col. 11, ll. 14-26: The UBNC server determines the associated VLAN from a UBNC server database…for each user name, the database contains identification of associated VLAN(s)…the database contains the following information provided by the management station: (A) for each user name, an identification of the connectivity group to which the user name belongs; (B) identifications of VLANs belonging to each connectivity group; (C) for each VLAN, the associated subnet(s))
automatically select a subnet of the subnets of the local network to connect the device based on the usage profile of the device; (e.g. col. 11, ll. 16-17: The UBNC server determines the associated VLAN from a UBNC server database) and 
connect the device to the selected subnet in the local network (e.g. col. 11, ll. 36-39: the UBNC server sends an appropriate command to a switch or switches 128 in the layer 2 domain 116 that contains the station. The switches place the station into the VLAN assigned to the user).
Although McNeil discloses a usage profile of the device and automatically select a subnet of the subnets of the local network to connect the device based on the usage profile of the device (see above), McNeil does not explicitly disclose but Chillappa discloses wherein the usage profile is indicative of content and target of packets transmitted by the device (e.g. ¶38-40: Expected activity for a device 123 indicates what behaviors the device 123 is known to execute in order to perform its authorized functionality. This can include factors such as domains with which the device communicates, protocols used, ports used, the direction, content and format of known legitimate communications, etc. This information can be tracked per device 123 at any level of granularity. For example, a known smart thermostat device could be expected to, e.g., transmit data to and receive data from specific domains (e.g., that of its own manufacturer and google.com), only on ports 9543, 11095, 80, and 443, but not to communicate with any other domains on any other ports, and not to directly communicate with other devices 123 on the local area network 107. Based on…what is known about the expected communication and other activity for the device 123, a constraint profile creating module of the backend component 119 creates and dynamically maintains a constraint profile 301 for the device 123, and provides the constraint profile 301 to the various router components 121 of the install base…A constraint profile enforcing module of the router component 123 enforces the constraint profile 301 received for a given device 123. As noted above, the constraint profile 301 can be at any level of granularity as desired. In some embodiments, constraint profiles 301 specify to place devices 123 with differing levels of reputation score and/or expected behaviors in different corresponding VLANS 309 on local area networks 107) identify a functionality of the device from the usage profile of the device; automatically select a subnet of the local network to connect the device based on the functionality of device identified from the usage profile of the device, the selected subnet corresponding to the functionality of the device; (e.g. ¶7, 30, 39, 40: A constraint profile comprises local area network level directives specifying how to enable the corresponding IoT device to execute authorized functionality while maintaining local area network level security…the backend component 119 creates constraint profiles 301 governing the allowed communication and behaviors of the different IoT devices 123, and provides these profiles 301 to the router components 121. The router components 121 enforce the received profiles 301, thereby automatically constraining the communications and behaviors allowed for different IoT devices 123, to minimize possible threats to or from the IoT devices 123 themselves, as well other computing devices, services and data on the local area networks 107. The constraint profiles 301 are geared towards allowing IoT devices 123 to perform expected, trusted operations in order to function as intended, while restricting the devices 123 from performing operations beyond this, at least until a device 123 reaches a requisite trust threshold. In some instances, IoT devices 123 can be constrained in their operations by being isolated in virtual local area networks (VLANS) 309…the profile 301 could indicate to isolate the device 123 in restricted VLAN 309, not let the device 123 access any computers 210 on the local area network 107, monitor all of its attempted activity, and perform a variety of tests to check it for vulnerabilities…A constraint profile enforcing module of the router component 123 enforces the constraint profile 301 received for a given device 123. As noted above, the constraint profile 301 can be at any level of granularity as desired. In some embodiments, constraint profiles 301 specify to place devices 123 with differing levels of reputation score and/or expected behaviors in different corresponding VLANS 309 on local area networks 107.)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Chillappa into the invention of McNeil for the purpose of minimizing possible threats to or from the IoT devices themselves, as well other computing devices, services and data on the local area networks (Chillappa, ¶30).

Claim 14, McNeill-Chillappa combination discloses The non-transitory computer program product of claim 12, wherein the subnets comprise an Internet of Things (IoT) subnet, wherein the IoT subnet is a subnet to which only IoT devices are connected, wherein to automatically select comprises selecting the IoT subnet for an IoT device. (Chillappa, e.g. ¶32, 39-40).  Same motivation would apply.

Claim 15, McNeill-Chillappa combination discloses The non-transitory computer program product of claim 12, wherein the subnets comprise two or more Internet of Things (IoT) subnets, wherein each of the two or more IoT subnets is a subnet to which only IoT devices are connected, wherein to automatically select comprises selecting one of the two or more IoT subnets for an IoT device, wherein the selected IoT subnet is selected based on the IoT device being expected to communicate with other IoT devices in the selected IoT subnet. (Chillappa, e.g. fig. 3, ¶8, 28, 30, 32, 38-41).  Same motivation would apply.

Claim 16, is rejected for similar reasons as in claim 12.  Also see (McNeil, e.g. col. 11, ll. 6-8 and/or Chillappa, e.g. ¶18, 27).

Claim 18, is rejected for similar reasons as in claim 14.

Claim 19, is rejected for similar reasons as in claim 15.

Claims 2-3, 13 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over McNeill (US 6167052) in view of Chillappa (US 20160381030) and further in view of Hopprich (US 6792474).

Claim 2, McNeill-Chillappa combination discloses The method of claim 1, and does not explicitly disclose but Hopprich discloses wherein the subnets comprise a guest subnet and at least one non-guest subnet, (e.g. abstract, fig.3, col. 13, ll. 35-39: sets of address 122 associated with the domain of the local network 102 are divided into guest addresses 124 and local addresses 126) wherein guest devices are connected temporarily to the guest subnet, (e.g. abstract, fig. 3, col. 16, ll. 30-37: the guest computer system is allowed to use an assigned guest address for a limited amount of time such as for the duration of a single data communication session) wherein non-guest devices are connected to the non-guest subnet, wherein the guest and non-guest devices are automatically separated; wherein the device is a non-guest device, wherein the automatically selecting comprises selecting the subnet from the at least one non-guest subnet. (e.g. abstract, fig. 3, col. 13, ll. 51-67: If the address server 120 assigns either a guest or local address to the requesting computer system (it may deny access and assign no address), the address server 120 then provides the assigned guest or local address to the requesting computer system to allow the computer system to perform data communications on the local network 102).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Hopprich into the invention of McNeill-Chillappa for the purpose of providing significantly enhanced network security (Hopprich, col. 4, ll. 23-25).

Claim 3, McNeill-Chillappa-Hopprich combination discloses The method of claim 2, wherein the guest devices in the guest subnet are blocked from accessing other subnets of the local network and are allowed to access an external network to block potential malicious activity by the guest devices. (Hopprich, e.g. col. 6, ll. 38-42).  Same motivation would apply.

Claim 13, McNeill-Chillappa combination discloses The non-transitory computer program product of claim 12, (see above) and does not explicitly disclose but Hopprich discloses wherein the subnets comprise a guest subnet and a non-guest subnet, (e.g. abstract, fig.3, col. 13, ll. 35-39: sets of address 122 associated with the domain of the local network 102 are divided into guest addresses 124 and local addresses 126) wherein guest devices are connected temporarily to the guest subnet, (e.g. abstract, fig. 3, col. 16, ll. 30-37: the guest computer system is allowed to use an assigned guest address for a limited amount of time such as for the duration of a single data communication session) wherein non-guest devices are connected to the non-guest subnet, wherein the guest and non-guest devices are automatically separated, (e.g. abstract, fig. 3, col. 13, ll. 51-67: If the address server 120 assigns either a guest or local address to the requesting computer system (it may deny access and assign no address), the address server 120 then provides the assigned guest or local address to the requesting computer system to allow the computer system to perform data communications on the local network 102) wherein the guest devices in the guest subnet are blocked from accessing other subnets of the local network and are allowed to access an external network to block potential malicious activity by the guest devices. (e.g. col. 6, ll. 38-42: guest devices may have no access to any components within the local network but may be allowed access to the Internet).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Hopprich into the invention of McNeill-Chillappa for the purpose of providing significantly enhanced network security (Hopprich, col. 4, ll. 23-25).

Claim 17, is rejected for similar reasons as in claim 13.

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over McNeill (US 6167052) in view of Chillappa (US 20160381030) and further in view of Mundy (US 6317792).

Claim 9, McNeill-Chillappa combination discloses The method of claim 1, wherein the determining of the usage profile comprises: determining a fingerprint of the device; (Chillappa, e.g. ¶38-40).  Same motivation would apply.
 McNeill-Chillappa combination does not explicitly disclose but Mundy discloses obtaining an expected usage profile based on crowd-sourced data that corresponds to devices having similar fingerprints to the fingerprint of the device, wherein the automatically selecting of the subnet is based on the crowd-sourced data. (e.g. col. 3, ll. 41-47: comparing the usage profiles of multiple client systems with the available POPs in a given geographic area. For instance, based on the usage profiles, the systems of the invention can predict that certain users are likely to access the Internet at certain hours, such as peak or non-peak hours. In response, the subscribers can be assigned POPs that are likely to be available during those hours).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Mundy into the invention of McNeill-Chillappa for the purpose of appropriately selecting cost-effective POPs for particular client systems (Mundy, col. 3, ll. 36-38).

Claims 20-21 are rejected under 35 U.S.C. 103 as being unpatentable over Mircescu (US 20160173450) in view of Hopprich (US 6792474) and further in view of Chillappa (US 20160381030).

Claim 20, Mircescu discloses An apparatus connectable to a local network that is connected to an external network, the apparatus comprising: a memory; and a hardware processor, operatively coupled to the memory, to: (e.g. fig. 1A or 1B, ¶35, 37-38) wherein the processor being configured to perform: 
shut down a Dynamic Host Configuration Protocol (DHCP) functionality of a networking device, wherein the networking device is a DHCP server of the local network; (e.g. ¶57, 62: Exemplary router configuration commands 63 may instruct router 19 to shut down, to restart, to expose a configuration interface, and to change a configuration setting, among others…In a step 338, network regulator 18 may transmit configuration commands 63 to router 19)
become the DHCP server of the local network instead of the networking device; (e.g. ¶63: To complete the takeover of DHCP services from router 19, regulator 18 may employ DHCP module 43 (FIG. 7) to broadcast its own DHCP lease offer to client systems 12a-f)
Mircescu does not explicitly disclose but Hopprich discloses
create at least two subnets for the local network; (e.g. abstract, col. 5, ll. 42-45 and col. 6, ll. 25-26: maintaining a plurality of sets of guest addresses and a set of local addresses for the local network)
for each device connected to the local network: select a subnet based on a usage profile of the device and connect the device to the selected subnet to divide the local network into two or more sub-networks; and (e.g. col. 4, ll. 58-66, col. 5, ll. 17-23, col. 12, ll. 26-36: providing an assigned guest address from the plurality of sets of guest addresses to a guest computer system to allow the guest computer system to perform data communications on the network and providing an assigned local address from the set of local addresses to a local computer system to allow the local computer system to perform data communications on the network based on identity of the requesting computer, a domain associated with the requesting computer system or another characteristic of the requesting computer system)
monitor communication traffic in the local network by applying a different set of security rules for different subnets. (e.g. col. 6, ll. 35-45, col. 12, ll. 44-46 and 53-55: enforcing one different level of access control within the network for one set of guest addresses such as allowing the guest computer system to only perform limited data communications within the local computer network and enforcing network access control within the network for the set of local addresses such as providing unrestricted data communications to the computer systems configured with a local address)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Hopprich into the invention of Mircescu for the purpose of providing significantly enhanced network security (Hopprich, col. 4, ll. 23-25).
Although Mircescu-Hopprich discloses select a subnet based o the usage profile of the device (see above), the combination does not appear to explicitly disclose but Chillappa discloses identify a functionality of the device from a usage profile of the device; select a subnet based on the functionality of device from the usage profile of the device, the selected subnet corresponding to the functionality of the device (e.g. ¶7, 30, 39, 40: A constraint profile comprises local area network level directives specifying how to enable the corresponding IoT device to execute authorized functionality while maintaining local area network level security…the backend component 119 creates constraint profiles 301 governing the allowed communication and behaviors of the different IoT devices 123, and provides these profiles 301 to the router components 121. The router components 121 enforce the received profiles 301, thereby automatically constraining the communications and behaviors allowed for different IoT devices 123, to minimize possible threats to or from the IoT devices 123 themselves, as well other computing devices, services and data on the local area networks 107. The constraint profiles 301 are geared towards allowing IoT devices 123 to perform expected, trusted operations in order to function as intended, while restricting the devices 123 from performing operations beyond this, at least until a device 123 reaches a requisite trust threshold. In some instances, IoT devices 123 can be constrained in their operations by being isolated in virtual local area networks (VLANS) 309…the profile 301 could indicate to isolate the device 123 in restricted VLAN 309, not let the device 123 access any computers 210 on the local area network 107, monitor all of its attempted activity, and perform a variety of tests to check it for vulnerabilities…A constraint profile enforcing module of the router component 123 enforces the constraint profile 301 received for a given device 123. As noted above, the constraint profile 301 can be at any level of granularity as desired. In some embodiments, constraint profiles 301 specify to place devices 123 with differing levels of reputation score and/or expected behaviors in different corresponding VLANS 309 on local area networks 107.)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Chillappa into the invention of Mircescu-Hopprich for the purpose of minimizing possible threats to or from the IoT devices themselves, as well other computing devices, services and data on the local area networks (Chillappa, ¶30). 

Claim 21, Mircescu-Hopprich-Chillappa combination discloses The apparatus of claim 20, wherein the communication traffic in the local network is at least one of a communication between two devices that are connected to the local network; (Hopprich, e.g. col. 6, ll. 37-42) and communication between a local device and an external device, wherein the local device is connected to the local network, (Hopprich, e.g. fig. 1, col. 17, ll. 29-36) wherein the external device is not connected to the local network and is connected to the external network, (Hopprich, e.g. fig. 1, col. 17, ll. 29-36) wherein the communication between the local device and the external device is routed via the external network. (Hopprich, e.g. fig. 1, col. 17, ll. 29-36).  Same motivation would apply.

Claim 22, Mircescu-Hopprich-Chillappa combination discloses The apparatus of claim 20, wherein to create the at least two subnets for the local network, the hardware processor to create a user device subnet; (Hopprich, abstract, col. 5, ll. 42-45 and col. 6, ll. 25-26) and wherein to connect the device, the hardware processor to: identify user devices and connect the user devices to the user device subnet; wherein the user devices are separated to be on different subnets in the local network, (Hopprich, e.g. col. 4, ll. 58-66, col. 5, ll. 17-23, col. 12, ll. 26-36)  and limiting communication between the different subnets. (Hopprich, e.g. col. 6, ll. 35-45, col. 12, ll. 44-46 and 53-55).
Mircescu-Hopprich combination does not explicitly disclose but Chillappa discloses creating an Internet of Things (IoT) subnet, identifying IoT devices and connecting the IoT devices to the IoT subnet, wherein the user devices and the IoT devices are separated to be on different subnets in the local network, and limiting communication between the different subnets (e.g. ¶8, 15, 30, 32, 39, 41: Enforcing a constraint profile can include, for example, creating a virtual local area network (VLAN) with restricted privileges on the local area network, and isolating the corresponding IoT device in the VLAN…a plurality of VLANs with varying levels of restricted privileges are created on a given local area network, and various IoT devices are isolated in specific ones of the VLANs…The illustrated local area network 107 comprises multiple computers 210 which are connected to a router 111, which is in turn connected the Internet 109 (or in other embodiments to a different wide area network). The computers 210 present in a local area network 107 can comprise any combination of desktop computers 115, mobile computing devices 113 and or IoT devices 123, acting in the capacity of clients 103 and/or servers 105 as desired…Constraint profiles can specify to enforce specific firewall rules, and/or to limit an IoT device's communication to specific domains and ports, and/or to specific content...the profile 301 could indicate to isolate the device 123 in restricted VLAN 309, not let the device 123 access any computers 210 on the local area network 107).  Same motivation as in claim 20 would apply.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 


US 20170187703 discloses storing profiles of devices and selecting a subnetwork to connect a device based on the role of the device identified from the stored profiles (e.g. ¶176, 178-179).

US 20130103811 discloses the devices of the network may be assigned to a plurality of functional groups, each functional group being assigned to a subnet…an assignment may also be made in accordance with functional groups. For example, the devices configured as sensors and the devices configured as actuators may be assigned to separate subnets taking into account the functions thereof (e.g. ¶4, 6).

US 20100107215 discloses the servers and hosts can be grouped into subnets at each site. Also, such devices, either individually, or as part of a subnet can be associated with one or more roles that are indicative or otherwise specify a service to be provided from those devices. For example, a role can indicate that the device functions as an e-mail server, or if roles are assigned on a subnet by subnet basis, then a role can indicate that devices within that subnet function as e-mail servers (e.g. ¶38).

Applicant’s amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRONG NGUYEN whose telephone number is (571)270-7312.  The examiner can normally be reached on Monday through Thursday 9:30 AM - 5:00 PM EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, GELAGAY SHEWAYE can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/TRONG H NGUYEN/Primary Examiner, Art Unit 2436