DETAILED ACTION
1. This action is responsive to an Response After Final Action filed on 1/26/2026.
2. Claims 1-6, 8-14, 16-22 and 24-26 are pending. Claims 1, 9 and 17 are independent.
Response to Arguments
3. Applicant's arguments filed 1/26/2026 have been fully considered; however, they are not persuasive.
In responding to Applicant’s argument “there is no evidence that Phillipps teaches or suggests "learning data usage pattern for the one or more devices using a combination of performing machine learning in a cloud and performing machine learning locally," Examiners respectfully disagree. Phillipps discloses that “The machine learning module 102 may be integrated with, co-located with, or otherwise in communication with the systems management system 108. For example, the machine learning module 102 may execute on the same host computing device 104 as the systems management system 108 and may communicate with the systems management system 108” [para. 56]. Thus, the learning machine co-located in both the host computing device 104 and the system management system 108 in a cloud to perform learning data. Therefore, Phillipps’s performing learning data in the host computing device and performing learning data in the system management system 108 is the same as "learning data usage pattern for the one or more devices using a combination of performing machine learning in a cloud and performing machine learning locally" as recited in claim 1 and similarly recited in claims 9 and 17.
Accordingly, art rejections under 35 U.S.C. 103 are maintained.
Claim Rejections - 35 USC § 103
4. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
5. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
6. Claims 1-5, 8-13, 16-21, 24 and 26 are rejected under 35 U.S.C. 103 as being unpatentable over Ruppin (US PG Pub. 2021/0152529) in view of Phillipps (US PG Pub. 2014/0180738).
As regarding claim 1, Ruppin discloses A computer-implemented method for providing distributed policy-based security for one or more devices enabled for connectivity over a communications network, the method comprises:
providing a policy enforcement agent for each of one or more devices enabled for connectivity [para. 45 and 121; providing an enforcing module for the node];
providing policy rules to the policy enforcement agent, wherein the policy rules comprise one or more of: traffic filter policy rules, network access policy rules, power management policy rules and application management policy rules [para. 35, 45-46, 58 and 121; receiving policy rules pertaining to network]; and
managing policy-based security for the one or more devices by the policy enforcement agent by applying the provided policy rules immediately or based on the provided criteria evaluated on the device [para. 35, 45-46, 58 and 121; enforcing the policies restrictions based on the policy rules].
Ruppin does not explicitly disclose learning data usage pattern for the one or more devices using a combination of performing machine learning in a cloud and performing machine learning locally on the one or more devices and defining the policy rules based on learned data usage pattern. However, Phillipps discloses it [para. 6-7, 77, 89 and claims 1 and 2; receiving, by the learning machine co-located in the host computing device 104 and the system management system 108 in a cloud [para. 56], data to recognize patterns and determining or modifying rules or policies based on the recognized patterns].
It would have been obvious to one of ordinary skill in the art at the time the effective filing of the invention to modify Ruppin’s system to further comprise the missing claim features, as disclosed by Phillipps, to make the system more efficient.
As regarding claims 2, 10 and 18, Ruppin further discloses The method of claim 1, wherein the communications network comprises any one or more of: a cellular network, a wireless network and a satellite network [para. 52, 63, 80 and 98].
As regarding claims 3, 11 and 19, Ruppin further discloses The method of claim 1, wherein the policy rules are provided as pre-defined general policy rules; specific policy rules; or policy rules based on a specified criteria for the one or more devices, and wherein the pre-defined general policy rules and the specific policy rules are applied immediately to each of one or more devices enabled for connectivity; and policy rules based on a specified criteria for the one or more devices are applied when the specified criteria is satisfied [para. para. 35, 45-46, 58, 121 and 114].
As regarding claims 4, 12 and 20, Ruppin further discloses The method of claim 3, wherein the pre-defined general policy rules for the one or more devices includes any one or more of: deny all network traffic; allow all network traffic; block all network access (data); deny all network access (data); put the device in sleep mode for a duration [para. 121; allowing all protocols].
As regarding claims 5, 13 and 21, Ruppin further discloses The method of claim 3, wherein the specific policy rules for the one or more devices includes any one or more of: allow a subset of traffic and deny all others; deny a subset of traffic and allow all others; and block network access on certain access point names (APNs) or certain networks for specific duration [para. 121; blocking FTP].
As regarding claims 8, 16 and 24, Ruppin further discloses The method of claim 1, wherein the policy rules are defined for individual devices, a group of devices or a combination thereof [para. 57].
As regarding claim 9, Ruppin discloses A system for providing distributed policy-based security for one or more devices enabled for connectivity over a communications network comprises one or more devices enabled for connectivity, one or more IoT services, a usage analytics module/service, and a policy management module/service, and a policy enforcement agent [para. 44-47], wherein
the policy enforcement agent is provided with policy rules comprising one or more of: traffic filter policy rules, network access policy rules, power management policy rules and application management policy rules [para. 35, 45-46, 58 and 121; receiving policy rules pertaining to network];
the policy enforcement agent manages policy-based security for the one or more devices by applying the provided policy rules immediately or based on the provided criteria evaluated on the device [para. 35, 45-46, 58 and 121; enforcing the policies restrictions based on the policy rules].
Ruppin does not explicitly disclose the usage analytics module learns data usage pattern for an individual device using a combination of performing machine learning in a cloud and machine learning performed locally on the individual device and defines the policy rules based on learned data usage pattern. However, Phillipps discloses it [para. 6-7, 77, 89 and claims 1 and 2; receiving, by the learning machine co-located in the host computing device 104 and the system management system 108 in a cloud [para. 56], data to recognize patterns and determining or modifying rules or policies based on the recognized patterns].
It would have been obvious to one of ordinary skill in the art at the time the effective filing of the invention to modify Ruppin’s system to further comprise the missing claim features, as disclosed by Phillipps, to make the system more efficient.
As regarding claim 17, Ruppin discloses A computer program product stored on a non-transitory computer readable medium for providing distributed policy-based security for one or more devices enabled for connectivity over a communications network, comprising computer readable instructions for causing a computer to control an execution of an application for providing distributed policy-based security for one or more devices enabled for connectivity, the providing the distributed policy-based security comprising:
providing a policy enforcement agent for each of one or more devices enabled for connectivity [para. 45 and 121; providing an enforcing module for the node];;
providing policy rules to the policy enforcement agent, wherein the policy rules comprise one or more of: traffic filter policy rules, network access policy rules, power management policy rules and application management policy rules [para. 35, 45-46, 58 and 121; receiving policy rules pertaining to network];
managing policy-based security for the one or more devices by the policy enforcement agent by applying the provided policy rules immediately or based on the provided criteria evaluated on the device [para. 35, 45-46, 58 and 121; enforcing the policies restrictions based on the policy rules].
Ruppin does not explicitly disclose learning data usage pattern for the one or more devices using a combination of performing machine learning in the cloud and machine learning performed locally on the one or more devices and defining the policy rules based on learned data usage pattern. However, Phillipps discloses it [para. 6-7, 77, 89 and claims 1 and 2; receiving, by the learning machine co-located in the host computing device 104 and the system management system 108 in a cloud [para. 56], data to recognize patterns and determining or modifying rules or policies based on the recognized patterns].
It would have been obvious to one of ordinary skill in the art at the time the effective filing of the invention to modify Ruppin’s system to further comprise the missing claim features, as disclosed by Phillipps, to make the system more efficient.
As regarding claim 26, Phillipps further discloses The method of claim 1, wherein the learning data usage pattern for the one or more devices further uses a combination of artificial intelligence and the machine learning in the public or hybrid cloud and artificial intelligence and the machine learning locally on the one or more devices and defining the policy rules based on the learned data usage pattern [para. 6-7, 77, 89 and claims 1 and 2; receiving, by the learning machine co-located in the host computing device 104 and the system management system 108 in a public internet cloud [para. 56], data to recognize patterns and determining or modifying rules or policies based on the recognized patterns].
7. Claims 6, 14, 22 and 25 are rejected under 35 U.S.C. 103 as being unpatentable over Ruppin (US PG Pub. 2021/0152529) in view of Phillipps (US PG Pub. 2014/0180738) and further in view of Horowitz (US Patent 7,624,447).
As regarding claims 6, 14 and 22, Ruppin and Phillipps do not explicitly disclose that the policy rules based on a specified criteria for the one or more devices includes any one or more of: deny traffic to a destination if the number of connection attempts within a given duration exceeds a pre-defined threshold and block network access if data usage within a given duration exceeds a pre-defined threshold; however, Horowitz discloses it [col. 3 lines 44-50].
It would have been obvious to one of ordinary skill in the art at the time the effective filing of the invention to modify Ruppin and Phillipps’s system to further comprise the missing claim features, as disclosed by Horowitz, so as to prevent the system from being infected with worms [Horowitz col. 5 lines 12-31].
As regarding claim 25, Ruppin, Phillipps and Horowitz further disclose The method of claim 1, further comprising flagging anomalous data usage patterns that departs from the learned data usage pattern and blocking such attempts for a pre-defined duration or at least until a back-end service overrides the blocking [Ruppin para. 58; blocking connection activities that are outside of time-of-day that allows connection activities || Horowitz col. 3 lines 44-46].
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THONG P TRUONG whose telephone number is (571)270-7905. The examiner can normally be reached on M-F 8:30AM - 5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 57127267986798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/THONG TRUONG/
Examiner, Art Unit 2433
/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433