DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-15 are pending in this application.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 11/28/2023. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-15 are rejected under 35 U.S.C. 103 as being unpatentable over Yeh et al. (US 2008/0083029 A1) (hereinafter, “Yeh”) in view of ZAKARIA (US 2016/0292938 A1).
As to claim 1, Yeh discloses a computer-implemented method, comprising:
receiving a value for each of a plurality of measurements relating to a device (Fig. 2, Fig. 3, “…collect statistics 108 about different aspects of the "health" of the network device 100” -e.g., see, [0014]; herein, different aspects of the “health” referred to “a plurality of measurements relating to a device”), …
performing an inference process to determine a security policy for the device (“… fuzzy logic control rules located within a corresponding if-then-else table 208.sub.1 and 208.sub.k to determine a course of action 110 which the network device 100 can then follow to address the symptoms of an attack.” -e.g., see, [0014]); and
applying the determined security policy, wherein the inference process comprises: providing a plurality of membership functions for each of the measurements (Fig. 3; “… each membership function .mu..sub.1-.mu..sub.i collects statistics 108 about a specific aspect of the network device 100 and then produces a single metric to represent the "health" of that particular aspect of the network device 100. This metric has a score between 0 and 1 which means that the corresponding membership function can be represented as .mu. .epsilon. {0 . . . 1}. The metric score is a fraction of a network statistic that the network device 100 is currently collecting, e.g. the number of packets across a particular interface, the number of bits across a particular interface, the number of http connections across a particular interface, etc . . . , against a theoretical maximum. For example: .mu..sub.1=throughput of port A=(number of bits transmitted by port A/second)/(link speed per second of port A). Thus, a higher score of a metric is more desirable than a lower score because the former is indicative of a superior state of health. As can be appreciated, there is no limit as to what type of aspect (statistic associated with the network device 100) a membership function can convey in its value of .mu.. Plus, the more precise that a network administrator defines the membership functions .mu..sub.1-.mu..sub.i then the better the overall anomaly detector 102 is going to behave.” -e.g., see, [0015]), the membership functions corresponding respectively to a plurality of linguistic variables for describing the magnitude of the measurement's value, each membership function defining a mapping between the measurement's value and a truth value indicative of how well the measurement's value is described by the corresponding linguistic variable (“… a type II fuzzy neural network 112 is that one can train the type II fuzzy neural network 112 to learn about future attacks and network problems. For instance, when a network administrator anticipates a rash of new worm attacks on the public network 106, then they can unleash the suspected worm on an experimental network and use this mechanism to track the pattern of attack. Thereafter, the network administrator can program this newly learned pattern into a live anomaly detector 102 and then the private network 104 would be inoculated to such attacks. The operator can effect the inoculation in two ways: (1) they can modify the rule tables 208.sub.1-208.sub.k with actions that can shut down the impending attack; and/or (2) they can alter how the second tier 204 evaluates the observation(s) by updating the membership function(s) .mu..sub.1-.mu..sub.n (e.g., the weighting of an observation) or by adding new membership function(s).” -e.g., see, [0023]);
for each of the measurements, using the plurality of membership functions provided for the measurement to determine a plurality of truth values, respectively ([0014]; herein, the first tier 202 has multiple membership functions .mu..sub.1-.mu..sub.i that collect statistics 108 about different aspects of the "health" of the network device 100);
providing for each of the measurements a plurality of variable-value pairs each comprising a said linguistic variable and its corresponding determined truth value (“The second tier 204 has multiple summers .PI..sub.1-.PI..sub.m each of which interfaces with selected membership functions .mu..sub.1-.mu..sub.i to obtain their metrics and then process/output a running sum (probabilistic, not numerical). The third tier 206 has multiple aggregators .SIGMA..sub.1-.SIGMA..sub.k each of which aggregates the sums from selected summers .PI..sub.1-.PI..sub.m and computes a running average which is compared to fuzzy logic control rules located within a corresponding if-then-else table 208.sub.1 and 208.sub.k to determine a course of action 110 which the network device 100 can then follow to address the symptoms of an attack.” -e.g., see, [0014]; herein, the fuzzy logic includes linguistic values. Here are variables whose values are words rather than numbers, i.e., “Temperature” is a linguistic variable); and
determining a plurality of output variable-value pairs corresponding respectively to a plurality of variable-value pair combinations, wherein each output variable-value pair comprises one of a plurality of risk linguistic variables for describing the magnitude of risk of attack on the device and a risk truth value (“The metric score is a fraction of a network statistic that the network device 100 is currently collecting, e.g. the number of packets across a particular interface, the number of bits across a particular interface, the number of http connections across a particular interface, etc . . . , against a theoretical maximum. For example: .mu..sub.1=throughput of port A=(number of bits transmitted by port A/second)/(link speed per second of port A). Thus, a higher score of a metric is more desirable than a lower score because the former is indicative of a superior state of health.” -e.g., see, [0015]),
wherein for each output variable-value pair the risk linguistic variable is determined based on the linguistic variables of the corresponding variable-value pair combination and using rules defining mappings between the risk linguistic variables and combinations of linguistic variables of the measurements (“… three-tiered type II fuzzy neural network 112 functions to help protect the private network 104 in accordance with the present invention. In step 302, the first tier entities 202 function to observe system status by collecting statistics and processing them into fractional values that can be manipulated by using fuzzy logic math. In step 304, the second tier entities 204 function to link diverse statistics to draw inferences. In step 306, the third tier entities 206 (only one .SIGMA..sub.1 and one if-then-else table 208, are shown) function to use a series of the hunches received from selected second tier entities 204 to make a decision about what action 110 the network device 100 can take to protect the private network 104. “ -e.g., see, [0022]), and
wherein for each output variable-value pair the risk truth value is determined based on the truth values of the corresponding variable-value pair combination (“In the third tier 206, selected ones of the weighted geometric means (overall scores .mu..sub.overall) are summed by one of the aggregators .SIGMA..sub.1-.SIGMA..sub.k and the result is compared against a corresponding table 208.sub.1 and 208.sub.k of if-then-else actions. As shown, each aggregator .SIGMA..sub.1-.SIGMA..sub.k has only one table association and each table 208.sub.1 and 208.sub.k can been programmed to look for a specific attack/anomaly and to address the symptoms of that specific attack/anomaly. The following is an illustration of a sample table 208.sub.1 and 208.sub.k:” -e.g., see, [0017]),
wherein the inference process (“… the anomaly detector 102 may have detected potential network congestion on a particular interface in the network device 100 based on the current traffic pattern, i.e. when it's aggregator .SIGMA..sub.1 for congestion exceeds a particular threshold. If this aggregator's sum is in between a severe threshold and a mild threshold, then the action 110 triggered by the aggregator .SIGMA..sub.1 may be to have the networking device 100 mark all subsequent traffic with a low Differentiated Services Code Point (DSCP) priority. If the aggregator's sum exceeds the severe threshold, then the action 110 triggered by the aggregator .SIGMA..sub.1 may be to have the networking device 100 drop all of the subsequent traffic on the interface under congestion.” -e.g., see, [0018]) further comprises:
aggregating the plurality of output variable-value pairs to determine a numerical value representing the risk of attack on the device (“The anomaly detector 102 could track this pattern by aggregating both of these variables and then address this problem by outputting an action 110 which can be implemented by the networking device 100. In this example, it is assumed that the network operator has a-priori knowledge about this particular anomaly, thus they can properly configured the membership functions .mu..sub.1-.mu..sub.n (and also weight the membership functions .mu..sub.1-.mu..sub.n), the summers .PI..sub.1-.PI..sub.m, the aggregators .SIGMA..sub.1-.SIGMA..sub.k and/or the if-then-else tables 208.sub.1 and 208.sub.k.” -e.g., see, [0019]); and
determining the security policy to apply according to the determined numerical value representing the risk of attack on the device (“… take corrective actions to correct the symptoms of the attack/anomaly.” -e.g., see, [0005]; herein, take corrective actions, i.e., the security policy to correct the symptoms of the attack/anomaly; see also: “The table 208.sub.1 and 208.sub.k may also contain multiple actions, e.g. if (aggregator 1 > threshold 1) then do (action 1 and action 2 and action 3) else do (action 4 and action 5).” -e.g., see, [0017]; see also: “… the type II fuzzy neural network 112 would adapt faster if the membership functions .mu..sub.1-.mu..sub.i had properly chosen weights rather than if the membership functions .mu..sub.1-.mu..sub.i had ill-chosen weights. Finally, the summers .PI..sub.1-.PI..sub.m feed their outputs .mu..sub.overalls into selected ones of the tier 3 aggregators .SIGMA..sub.1-.SIGMA..sub.k each of which aggregates the received .mu..sub.overalls and computes a running average that is compared to fuzzy logic control rules (located in the corresponding if-then-else table 208, and 208.sub.k) to determine a course of action 110 that the network device 100 can implement to address the symptoms of an attack.” -e.g., see, [0021]).
Yeh does not explicitly disclose the measurements representing at least two of:
an energy level of a battery in the device;
an available memory of a processor in the device;
a clock speed of a processor in the device;
a bandwidth of a communication channel of the device;
a distance between the device and another device with which the device is configured to communicate;
a frequency of movement of the device; and
a received signal strength indication, RSSI, of a signal from the other device with which the device is configured to communicate;
However, in an analogous art, ZAKARIA discloses computer-implemented method, comprising: receiving a value for each of a plurality of measurements relating to a device (Fig. 1, “… the database 122 may be continually updated to store the data collected by the IoT devices 101-105.” -e.g., see, [0030]; see also, [0095]; herein, each of the individual IoT devices 1101-1105 may collect the RSSI values and communicate these values back to the IoT hub 1110 via the short range wireless protocol; see also, [0078]), disclose the measurements representing at least two of:
an energy level of a battery in the device (“… the IoT devices 101-105 are ultra low-power devices capable of operating for extended periods of time on battery power (e.g., years). To conserve power, the local communication channels 130 may be implemented using a low-power wireless communication technology such as Bluetooth Low Energy (LE).” -e.g., see, [0033]);
an available memory of a processor in the device (“…the memory to allow the IoT hub to pair with new IoT devices. In one embodiment, each new IoT device 101-105 is assigned a unique code which is communicated to the IoT hub 110 during the pairing process.” -e.g., see, [0049]);
a clock speed of a processor in the device; a bandwidth of a communication channel of the device; a distance between the device and another device with which the device is configured to communicate (Fig. 9, [0074]; herein, the user is a particular distance from the IoT lock 702 inside or outside the home);
a frequency of movement of the device ([0046]; herein, energy is transmitted via radio frequency signals from the transmitter 307 to the receiver 207 when the hub 110 needs to wake the IoT device 101 from a very low power state.); and
a received signal strength indication, RSSI, of a signal from the other device with which the device is configured to communicate (“The RSSI1 value is associated with the wireless lock and is set to a threshold value of −60 dbm. Thus, in one embodiment, the signal strength analysis module 911 will not perform its evaluation to determine the location of the user unless the RSSI1 value is at least −60 dmb. The RSSI2 and RSSI3 values are signal strength values measured between the user's wireless device and two different IoT hubs/devices.” -e.g., see, [0079], see also, [0080], [0082]; herein, the system calibration module 910 system continues to train, i.e., applying, the system by measuring dbm values, i.e., determined security policy, each time the user enters through a door; see also, [0095]);
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yeh to incorporate the teaching of Zakaria and provide RSSI signal detection for anomaly prevention.
As to claims 13 and 14, these are rejected using the similar rationale as for the rejection of claim 1.
As to claim 15, Yeh discloses a computer-implemented method comprising:
receiving a value for each of a plurality of measurements relating to a device (Fig. 2, Fig. 3, “…collect statistics 108 about different aspects of the "health" of the network device 100” -e.g., see, [0014]; herein, different aspects of the “health” referred to “a plurality of measurements relating to a device”), …
performing an inference process to determine a security policy for the device (“… fuzzy logic control rules located within a corresponding if-then-else table 208.sub.1 and 208.sub.k to determine a course of action 110 which the network device 100 can then follow to address the symptoms of an attack.” -e.g., see, [0014]); and
applying the determined security policy, wherein the inference process comprises: using a plurality of membership functions provided for each of the measurements to determine truth values indicative of how well the measurement's value is described by respective linguistic variables corresponding to the respective membership functions (“… a type II fuzzy neural network 112 is that one can train the type II fuzzy neural network 112 to learn about future attacks and network problems. For instance, when a network administrator anticipates a rash of new worm attacks on the public network 106, then they can unleash the suspected worm on an experimental network and use this mechanism to track the pattern of attack. Thereafter, the network administrator can program this newly learned pattern into a live anomaly detector 102 and then the private network 104 would be inoculated to such attacks. The operator can effect the inoculation in two ways: (1) they can modify the rule tables 208.sub.1-208.sub.k with actions that can shut down the impending attack; and/or (2) they can alter how the second tier 204 evaluates the observation(s) by updating the membership function(s) .mu..sub.1-.mu..sub.n (e.g., the weighting of an observation) or by adding new membership function(s).” -e.g., see, [0023]; see also: [0014]; herein, the first tier 202 has multiple membership functions .mu..sub.1-.mu..sub.i that collect statistics 108 about different aspects of the "health" of the network device 100);
determining a plurality of risk linguistic variables based at least on combinations of the said linguistic variables (“The second tier 204 has multiple summers .PI..sub.1-.PI..sub.m each of which interfaces with selected membership functions .mu..sub.1-.mu..sub.i to obtain their metrics and then process/output a running sum (probabilistic, not numerical). The third tier 206 has multiple aggregators .SIGMA..sub.1-.SIGMA..sub.k each of which aggregates the sums from selected summers .PI..sub.1-.PI..sub.m and computes a running average which is compared to fuzzy logic control rules located within a corresponding if-then-else table 208.sub.1 and 208.sub.k to determine a course of action 110 which the network device 100 can then follow to address the symptoms of an attack.” -e.g., see, [0014]; herein, the fuzzy logic includes linguistic values. Here are variables whose values are words rather than numbers, i.e., “Temperature” is a linguistic variable), and determining a plurality of corresponding risk truth values based on the truth values of the linguistic variables of the combinations (“The metric score is a fraction of a network statistic that the network device 100 is currently collecting, e.g. the number of packets across a particular interface, the number of bits across a particular interface, the number of http connections across a particular interface, etc . . . , against a theoretical maximum. For example: .mu..sub.1=throughput of port A=(number of bits transmitted by port A/second)/(link speed per second of port A). Thus, a higher score of a metric is more desirable than a lower score because the former is indicative of a superior state of health.” -e.g., see, [0015]); and
determining a numerical value representing a risk of attack on the device based on the risk linguistic variables and the corresponding risk truth values (“The anomaly detector 102 could track this pattern by aggregating both of these variables and then address this problem by outputting an action 110 which can be implemented by the networking device 100. In this example, it is assumed that the network operator has a-priori knowledge about this particular anomaly, thus they can properly configured the membership functions .mu..sub.1-.mu..sub.n (and also weight the membership functions .mu..sub.1-.mu..sub.n), the summers .PI..sub.1-.PI..sub.m, the aggregators .SIGMA..sub.1-.SIGMA..sub.k and/or the if-then-else tables 208.sub.1 and 208.sub.k.” -e.g., see, [0019]), and determining the security policy according to the numerical value (“… take corrective actions to correct the symptoms of the attack/anomaly.” -e.g., see, [0005]; herein, take corrective actions, i.e., the security policy to correct the symptoms of the attack/anomaly; see also: “The table 208.sub.1 and 208.sub.k may also contain multiple actions, e.g. if (aggregator 1 > threshold 1) then do (action 1 and action 2 and action 3) else do (action 4 and action 5).” -e.g., see, [0017]; see also: “… the type II fuzzy neural network 112 would adapt faster if the membership functions .mu..sub.1-.mu..sub.i had properly chosen weights rather than if the membership functions .mu..sub.1-.mu..sub.i had ill-chosen weights. Finally, the summers .PI..sub.1-.PI..sub.m feed their outputs .mu..sub.overalls into selected ones of the tier 3 aggregators .SIGMA..sub.1-.SIGMA..sub.k each of which aggregates the received .mu..sub.overalls and computes a running average that is compared to fuzzy logic control rules (located in the corresponding if-then-else table 208, and 208.sub.k) to determine a course of action 110 that the network device 100 can implement to address the symptoms of an attack.” -e.g., see, [0021]).
Yeh doesn’t explicitly disclose the measurements representing at least two of:
an energy level of a battery in the device;
an available memory of a processor in the device;
a clock speed of a processor in the device;
a bandwidth of a communication channel of the device;
a distance between the device and another device with which the device is configured to communicate;
a frequency of movement of the device; and
a received signal strength indication, RSSI, of a signal from the other device with which the device is configured to communicate;
However, in an analogous art, ZAKARIA discloses computer-implemented method, comprising: receiving a value for each of a plurality of measurements relating to a device (Fig. 1, “… the database 122 may be continually updated to store the data collected by the IoT devices 101-105.” -e.g., see, [0030]; see also, [0095]; herein, each of the individual IoT devices 1101-1105 may collect the RSSI values and communicate these values back to the IoT hub 1110 via the short range wireless protocol; see also, [0078]), disclose the measurements representing at least two of:
an energy level of a battery in the device (“… the IoT devices 101-105 are ultra low-power devices capable of operating for extended periods of time on battery power (e.g., years). To conserve power, the local communication channels 130 may be implemented using a low-power wireless communication technology such as Bluetooth Low Energy (LE).” -e.g., see, [0033]);
an available memory of a processor in the device (“…the memory to allow the IoT hub to pair with new IoT devices. In one embodiment, each new IoT device 101-105 is assigned a unique code which is communicated to the IoT hub 110 during the pairing process.” -e.g., see, [0049]);
a clock speed of a processor in the device; a bandwidth of a communication channel of the device; a distance between the device and another device with which the device is configured to communicate (Fig. 9, [0074]; herein, the user is a particular distance from the IoT lock 702 inside or outside the home);
a frequency of movement of the device ([0046]; herein, energy is transmitted via radio frequency signals from the transmitter 307 to the receiver 207 when the hub 110 needs to wake the IoT device 101 from a very low power state.); and
a received signal strength indication, RSSI, of a signal from the other device with which the device is configured to communicate (“The RSSI1 value is associated with the wireless lock and is set to a threshold value of −60 dbm. Thus, in one embodiment, the signal strength analysis module 911 will not perform its evaluation to determine the location of the user unless the RSSI1 value is at least −60 dmb. The RSSI2 and RSSI3 values are signal strength values measured between the user's wireless device and two different IoT hubs/devices.” -e.g., see, [0079], see also, [0080], [0082]; herein, the system calibration module 910 system continues to train, i.e., applying, the system by measuring dbm values, i.e., determined security policy, each time the user enters through a door; see also, [0095]);
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yeh to incorporate the teaching of Zakaria and provide RSSI signal detection for anomaly prevention.
As to claim 2, Yeh in view of ZAKARIA discloses the computer-implemented method as claimed in claim 1, Yeh further discloses wherein determining the security policy comprises determining to apply a first security policy when the determined numerical value is in a first range and determining to apply a second security policy when the numerical value is in a second range (“… a type II fuzzy neural network 112 is that one can train the type II fuzzy neural network 112 to learn about future attacks and network problems. For instance, when a network administrator anticipates a rash of new worm attacks on the public network 106, then they can unleash the suspected worm on an experimental network and use this mechanism to track the pattern of attack. Thereafter, the network administrator can program this newly learned pattern into a live anomaly detector 102 and then the private network 104 would be inoculated to such attacks. The operator can effect the inoculation in two ways: (1) they can modify the rule tables 208.sub.1-208.sub.k with actions that can shut down the impending attack; and/or (2) they can alter how the second tier 204 evaluates the observation(s) by updating the membership function(s) .mu..sub.1-.mu..sub.n (e.g., the weighting of an observation) or by adding new membership function(s).” -e.g., see, [0023]; see also, [0015]).
As to claim 3, Yeh in view of ZAKARIA discloses the computer-implemented method as claimed in claim 1, Yeh further discloses wherein the rules defining mappings between the risk linguistic variables and combinations of linguistic variables of the measurements comprise if-then rules and/or if-and-then rules (“… take corrective actions to correct the symptoms of the attack/anomaly.” -e.g., see, [0005]; herein, take corrective actions, i.e., the security policy to correct the symptoms of the attack/anomaly; see also: “The table 208.sub.1 and 208.sub.k may also contain multiple actions, e.g. if (aggregator 1 > threshold 1) then do (action 1 and action 2 and action 3) else do (action 4 and action 5).” -e.g., see, [0017]; see also: “… the type II fuzzy neural network 112 would adapt faster if the membership functions .mu..sub.1-.mu..sub.i had properly chosen weights rather than if the membership functions .mu..sub.1-.mu..sub.i had ill-chosen weights. Finally, the summers .PI..sub.1-.PI..sub.m feed their outputs .mu..sub.overalls into selected ones of the tier 3 aggregators .SIGMA..sub.1-.SIGMA..sub.k each of which aggregates the received .mu..sub.overalls and computes a running average that is compared to fuzzy logic control rules (located in the corresponding if-then-else table 208, and 208.sub.k) to determine a course of action 110 that the network device 100 can implement to address the symptoms of an attack.” -e.g., see, [0021]).
As to claim 4, Yeh in view of ZAKARIA discloses the computer-implemented method as claimed in claim 1, ZAKARIA further discloses wherein the device is a sensor for detecting a physiological measurement of a patient (“The IoT devices 101-105 may be equipped with various types of sensors to collect information about themselves and their surroundings and provide the collected information to the IoT service 120, user devices 135 and/or external Websites 130 via the IoT hub 110. Some of the IoT devices 101-105 may perform a specified function in response to control commands sent through the IoT hub 110. Various specific examples of information collected by the IoT devices 101-105 and control commands are provided below. In one embodiment described below, the IoT device 101 is a user input device designed to record user selections and send the user selections to the IoT service 120 and/or Website.” -e.g., see, ZAKAEIA: [0031]). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yeh to incorporate the teaching of Zakaria and provide RSSI signal detection for anomaly prevention.
As to claim 5, Yeh in view of ZAKARIA discloses the computer-implemented method as claimed in claim 1, Yeh further discloses comprising performing the inference process and applying the security policy determined as a result of the inference process when a threshold amount of time has expired since the most recent occurrence of performing the inference process (“… the anomaly detector 102 may have detected potential network congestion on a particular interface in the network device 100 based on the current traffic pattern, i.e. when it's aggregator .SIGMA..sub.1 for congestion exceeds a particular threshold. If this aggregator's sum is in between a severe threshold and a mild threshold, then the action 110 triggered by the aggregator .SIGMA..sub.1 may be to have the networking device 100 mark all subsequent traffic with a low Differentiated Services Code Point (DSCP) priority. If the aggregator's sum exceeds the severe threshold, then the action 110 triggered by the aggregator .SIGMA..sub.1 may be to have the networking device 100 drop all of the subsequent traffic on the interface under congestion.” -e.g., see, [0018]).
As to claim 6, Yeh in view of ZAKARIA discloses the computer-implemented method as claimed in claim 1, Yeh further discloses comprising: monitoring the values of the measurements; and performing the inference process and applying the security policy determined as a result of the inference process when, for any of the measurements, a difference between a current value and a value used in the most recent occurrence of the inference process is above a threshold change amount (“… take corrective actions to correct the symptoms of the attack/anomaly.” -e.g., see, [0005]; herein, take corrective actions, i.e., the security policy to correct the symptoms of the attack/anomaly; see also: “The table 208.sub.1 and 208.sub.k may also contain multiple actions, e.g. if (aggregator 1 > threshold 1) then do (action 1 and action 2 and action 3) else do (action 4 and action 5).” -e.g., see, [0017]; see also: “… the type II fuzzy neural network 112 would adapt faster if the membership functions .mu..sub.1-.mu..sub.i had properly chosen weights rather than if the membership functions .mu..sub.1-.mu..sub.i had ill-chosen weights. Finally, the summers .PI..sub.1-.PI..sub.m feed their outputs .mu..sub.overalls into selected ones of the tier 3 aggregators .SIGMA..sub.1-.SIGMA..sub.k each of which aggregates the received .mu..sub.overalls and computes a running average that is compared to fuzzy logic control rules (located in the corresponding if-then-else table 208, and 208.sub.k) to determine a course of action 110 that the network device 100 can implement to address the symptoms of an attack.” -e.g., see, [0021]; see also, Yeh: [0018]).
As to claim 7, Yeh in view of ZAKARIA discloses the computer-implemented method as claimed in claim 1, Yeh further discloses comprising performing the inference process and applying the security policy determined as a result of the inference process when the device changes location (“…n step 302, the first tier entities 202 function to observe system status by collecting statistics and processing them into fractional values that can be manipulated by using fuzzy logic math. In step 304, the second tier entities 204 function to link diverse statistics to draw inferences. In step 306, the third tier entities 206 (only one .SIGMA..sub.1 and one if-then-else table 208, are shown) function to use a series of the hunches received from selected second tier entities 204 to make a decision about what action 110 the network device 100 can take to protect the private network 104.” -e.g., see, [0022]).
As to claim 8, Yeh in view of ZAKARIA discloses the computer-implemented method as claimed in claim 1, Yeh further discloses comprising receiving a value of a measurement representing an environment of the device, the value of the measurement being a score indicating a threat of attack on the device based on the environment (“… take corrective actions to correct the symptoms of the attack/anomaly.” -e.g., see, [0005]; herein, take corrective actions, i.e., the security policy to correct the symptoms of the attack/anomaly; see also: “The table 208.sub.1 and 208.sub.k may also contain multiple actions, e.g. if (aggregator 1 > threshold 1) then do (action 1 and action 2 and action 3) else do (action 4 and action 5).” -e.g., see, [0017]; see also: “… the type II fuzzy neural network 112 would adapt faster if the membership functions .mu..sub.1-.mu..sub.i had properly chosen weights rather than if the membership functions .mu..sub.1-.mu..sub.i had ill-chosen weights. Finally, the summers .PI..sub.1-.PI..sub.m feed their outputs .mu..sub.overalls into selected ones of the tier 3 aggregators .SIGMA..sub.1-.SIGMA..sub.k each of which aggregates the received .mu..sub.overalls and computes a running average that is compared to fuzzy logic control rules (located in the corresponding if-then-else table 208, and 208.sub.k) to determine a course of action 110 that the network device 100 can implement to address the symptoms of an attack.” -e.g., see, [0021]).
As to claim 9, Yeh in view of ZAKARIA discloses the computer-implemented method as claimed in claim 1, Yeh further discloses comprising determining the security policy for communication with another device (“…the anomaly detector 102 may have detected potential network congestion on a particular interface in the network device 100 based on the current traffic pattern, i.e. when it's aggregator .SIGMA..sub.1 for congestion exceeds a particular threshold.” -e.g., see, [0018]).
As to claim 10, Yeh in view of ZAKARIA discloses the computer-implemented method as claimed in claim 1, Yeh further comprising transmitting information indicating the determined security policy to the other device with which the device is configured to communicate (“…the anomaly detector 102 may have detected potential network congestion on a particular interface in the network device 100 based on the current traffic pattern, i.e. when it's aggregator .SIGMA..sub.1 for congestion exceeds a particular threshold.” -e.g., see, [0018]; see also: “… take corrective actions to correct the symptoms of the attack/anomaly.” -e.g., see, [0005]; herein, take corrective actions, i.e., the security policy to correct the symptoms of the attack/anomaly; see also: “The table 208.sub.1 and 208.sub.k may also contain multiple actions, e.g. if (aggregator 1 > threshold 1) then do (action 1 and action 2 and action 3) else do (action 4 and action 5).” -e.g., see, [0017]; see also: “… the type II fuzzy neural network 112 would adapt faster if the membership functions .mu..sub.1-.mu..sub.i had properly chosen weights rather than if the membership functions .mu..sub.1-.mu..sub.i had ill-chosen weights. Finally, the summers .PI..sub.1-.PI..sub.m feed their outputs .mu..sub.overalls into selected ones of the tier 3 aggregators .SIGMA..sub.1-.SIGMA..sub.k each of which aggregates the received .mu..sub.overalls and computes a running average that is compared to fuzzy logic control rules (located in the corresponding if-then-else table 208, and 208.sub.k) to determine a course of action 110 that the network device 100 can implement to address the symptoms of an attack.” -e.g., see, [0021]).
As to claim 11, Yeh in view of ZAKARIA discloses the computer-implemented method as claimed in claim 1, Yeh further discloses wherein applying the determined security policy comprises encrypting communications transmitted from the device according to an encryption policy corresponding to the security policy (“… take corrective actions to correct the symptoms of the attack/anomaly.” -e.g., see, [0005]; herein, take corrective actions, i.e., the security policy to correct the symptoms of the attack/anomaly; see also: “The table 208.sub.1 and 208.sub.k may also contain multiple actions, e.g. if (aggregator 1 > threshold 1) then do (action 1 and action 2 and action 3) else do (action 4 and action 5).” -e.g., see, [0017]; see also: “… the type II fuzzy neural network 112 would adapt faster if the membership functions .mu..sub.1-.mu..sub.i had properly chosen weights rather than if the membership functions .mu..sub.1-.mu..sub.i had ill-chosen weights. Finally, the summers .PI..sub.1-.PI..sub.m feed their outputs .mu..sub.overalls into selected ones of the tier 3 aggregators .SIGMA..sub.1-.SIGMA..sub.k each of which aggregates the received .mu..sub.overalls and computes a running average that is compared to fuzzy logic control rules (located in the corresponding if-then-else table 208, and 208.sub.k) to determine a course of action 110 that the network device 100 can implement to address the symptoms of an attack.” -e.g., see, [0021]).
As to claim 12, Yeh in view of ZAKARIA discloses the computer-implemented method as claimed in claim 1, ZAKARIA further discloses wherein the measurement representing the threat of attack on the device comprises: the distance between the device and another device with which the device is configured to communicate; or the RSSI of a signal from the other device with which the device is configured to communicate; or a combination of the distance between the device and another device with which the device is configured to communicate and the RSSI of a signal from the other device with which the device is configured to communicate (Fig. 9, [0074]; herein, the user is a particular distance from the IoT lock 702 inside or outside the home; see also: “The RSSI1 value is associated with the wireless lock and is set to a threshold value of −60 dbm. Thus, in one embodiment, the signal strength analysis module 911 will not perform its evaluation to determine the location of the user unless the RSSI1 value is at least −60 dmb. The RSSI2 and RSSI3 values are signal strength values measured between the user's wireless device and two different IoT hubs/devices.” -e.g., see, [0079], see also, [0080], [0082]; herein, the system calibration module 910 system continues to train, i.e., applying, the system by measuring dbm values, i.e., determined security policy, each time the user enters through a door; see also, [0095]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yeh to incorporate the teaching of Zakaria and provide RSSI signal detection for anomaly prevention.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SUMAN DEBNATH whose telephone number is (571)270-1256. The examiner can normally be reached Mon-Fri; 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached at 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
SUMAN DEBNATH
Patent Examiner
Art Unit 2495
/S.D/Examiner, Art Unit 2495
/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495