DETAILED ACTION
Claims 1, 2, 4-11, and 13-18 are presented for consideration.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 11/04/2025 has been entered.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
3. Claim(s) 1, 4-7, 10, and 13-16 are rejected under 35 U.S.C. 103 as being unpatentable over Zou et al. [ US Patent Application No 2016/0212099 ], in view of.Chillappa et al. [ US Patent Application No 2016/0381030 ].
4. As per claim1, Zou discloses the invention as claimed including a method, comprising:
receiving, by a security device for a first network segment [ i.e. private cloud control center agents manage the IoT devices associated with the private clouds 104 ] [ Figure 1; and paragraph 0027 ], a request from a connected device to be configured to receive or transmit data on the first network segment [ i.e. receive a connection request from the IoT devices ] [ paragraphs 0052, 0053, and 0112 ];
determining, based on the request to be configured, a first profile for the connected device [ i.e. IoT device profiling engine determines a device type of an IoT device, and manage the IoT devices using IoT device data, IoT device data can specify device profiles of the IoT devices ] [ paragraphs 0046, 0048, 0076, and 0088 ];
receiving, by the security device, a data packet, the data packet being a data packet from the connected device, or a data packet addressed to the connected device [ i.e. the data flow management engine functions to control data transmitted to and from IoT devices through application of an IoT firewall ] [ 412, Figure 4; and paragraphs 0083, 0084, and 0129 ];
determining, by the security device, based on the first profile [ i.e. the IoT firewall is updated based on the device profile ] [ paragraph 0111 ], that forwarding of the data packet is not authorized [ i.e. block data from being transmitted between the thermostat and the television ] [ Figure 11; and paragraph 0074, and 0132 ]; and
not forwarding, by the security device, the data packet [ i.e. drop or stop data from being transmitted ] [ paragraphs 0060, and 0084 ].
Zou does not specifically disclose
wherein the determining that the forwarding of the data packet is not authorized comprises determining that a port of the connected device to which the data packet is addressed is not included in the first profile.
Chillappa discloses
wherein the determining that the forwarding of the data packet is not authorized comprises determining that a port of the connected device to which the data packet is addressed is not included in the first profile [ i.e. constraint profile enforcing module can put a given device with specific firewall rules that expressly limit its communications only to the appropriate known legitimate domains, ports, and a known smart thermostat device could be expected to transmit data and receive data from specific domains, only on ports 9543, 11095, 80 and 443, but not to communicate with any other domains on any other ports ] [ paragraphs 0008, 0038, and 0041 ].
It would have been obvious to a person skill in the art before the effective filing date of the claimed invention to combine the teaching of Zou, and Chillappa because the teaching of Chillappa would enable to configure to protect against the exploitation of the vulnerabilities [ Chillappa, paragraph 0046 ].
5. As per claim 4, Zou discloses wherein the determining that the forwarding of the data packet is not authorized comprises determining that: an Internet Protocol (IP) address to which the data packet is addressed is the IP address of another device directly connected to the security device [ i.e. IoT rules can include a block list or watch list of IP addresses ] [ paragraph 0053, and 0054 ]; and the sending of data packets to another device directly connected to the security device is not authorized for the first profile [ i.e. control transmission of data between a television and a thermostat within the same house ] [ paragraphs 0074, and 0083 ].
As per claim 5, Zou discloses wherein the determining that the forwarding of the data packet is not authorized comprises determining that: the data packet comprises a request for an update; and the time of receipt of the data packet, by the security device, is not within a range of times for which updates are authorized for the first profile [ paragraphs 0048, and 0077 ].
7. As per claim 6, Zou discloses wherein the determining that the forwarding of the data packet is not authorized comprises determining that: the data packet comprises a request for an update; and the data packet is addressed to an endpoint which is not in a list of endpoints for which updates are authorized for the first profile [ i.e. paragraphs 0048, and 0077 ].
8. As per claim 7, Zou discloses wherein the determining that the forwarding of the data packet is not authorized comprises determining that forwarding the data packet would cause a data rate limit associated with the first profile to be exceeded [ i.e. visits or amount of data transmitted between the IoT device and the sites ] [ paragraphs 0077, and 0081 ].
9. As per claim 10, it is rejected for similar reasons as stated above in claim 1.
10. As per claims 13-16, they are rejected for similar reasons as stated above in claims 4-7.
11. Claim(s) 2, 8, 11, and 17, are rejected under 35 U.S.C. 103 as being unpatentable over Zou et al. [ US Patent Application No 2016/0212099 ], in view of Chillappa et al. [ US Patent Application No 2016/0381030 ], and further in view of Pandian et al. [ US Patent Application No 2020/0076853 ].
12. As per claim 2, Zou in view of Chillappa does not specifically disclose wherein the request to be configured comprises a dynamic host configuration protocol (DHCP) message, and wherein the request to be configured comprises an indication of the first profile. Pandian discloses wherein the request to be configured comprises a dynamic host configuration protocol (DHCP) message, and wherein the request to be configured comprises an indication of the first profile [ i.e. DHCP attribute ] [ paragraphs 0039, 0072, and 0152 ]. It would have been obvious to a person skill in the art before the effective filing date of the claimed invention to combine the teaching of Zou, Chillappa and Pandian because the teaching of Pandian would enable to determine a device profile and anomalous behavior associated with a device in a network [ Pandian, paragraph 0003 ].
13. As per claim 8, Zou in view of Chillappa does not specifically disclose determining that the data packet comprises a Domain Name System (DNS) query; determining that the data packet is addressed to a DNS resolver other than a DNS resolver of the security device; and determining that the sending of a DNS query to a DNS resolver other than the DNS resolver of the security device is not authorized under the first profile. Pandian discloses determining that the data packet comprises a Domain Name System (DNS) query; determining that the data packet is addressed to a DNS resolver other than a DNS resolver of the security device; and determining that the sending of a DNS query to a DNS resolver other than the DNS resolver of the security device is not authorized under the first profile [ i.e. query type of a DNS query ] [ paragraphs 0038, 0071, and 0102 ]. It would have been obvious to a person skill in the art before the effective filing date of the claimed invention to combine the teaching of Zou, Chillappa and Pandian because the teaching of Pandian would enable to determine a device profile and anomalous behavior associated with a device in a network [ Pandian, paragraph 0003 ].
14. As per claim 11, it is rejected for similar reasons as stated above in claim 2.
15. As per claim 17, it is rejected for similar reasons as stated above in claim 8.
16. Claim(s) 9, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Zou et al. [ US Patent Application No 2016/0212099 ], in view of Chillappa et al. [ US Patent Application No 2016/0381030 ], and further in view of Lee et al. [ US Patent Application No 2020/0252239 ].
17. As per claim 9, Zou discloses determining that the forwarding of the data packet is not authorized under the first profile [ i.e. block data from being transmitted between the thermostat and the television ] [ Figure 11; and paragraph 0074, and 0132 ]. Zou in view of Chillippa does not specifically disclose determining, based on the request to be configured, a second profile for the connected device; and determining that the forwarding of the data packet is not authorized under the second profile. Lee discloses determining, based on the request to be configured, a second profile for the connected device [ i.e. profile for a device is updated with new or modified information ] [ Figure 3; and paragraphs 0045 ]; and determining that the forwarding of the data packet is not authorized under the second profile [ i.e. enforce one or more policies ] [ Figure 5; and paragraphs 0051, and 0060 ]. It would have been obvious to a person skill in the art before the effective filing date of the claimed invention to combine the teaching of Zou, Chillappa and Lee because the teaching of Lee would enable information about devices connected behind a gateway, such as a home gateway, to be made available to other entities, such as servers and routers, on a communications gateway [ Lee, paragraph 0003 ].
18. As per claim 18, it is rejected for similar reasons as stated above in claim 9.
Response to Arguments
19. Applicant’s arguments with respect to claim(s) 1, 2, 4-11, and 13-18 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Conclusion
20. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Cheng et al. [ US Patent Application No 2018/0144139 ] discloses IoT device risk assessment
Tikhomirov et al. [ US Patent Application No 2022/0294854 ] discloses system for configuring IoT devices depending on network type
21. Any inquiry concerning this communication or earlier communications from the examiner should be directed to DUSTIN NGUYEN whose telephone number is (571)272-3971. The examiner can normally be reached Monday-Friday 9-6 PST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Brian Gillis can be reached on 571-2727952. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/DUSTIN NGUYEN/Primary Examiner, Art Unit 2446