DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
This office action is in response to applicant’s RCE amendment filed, 22 September 2025, of application filed, with the above serial number, on 19 January 2024 in which claims 1, 9, 11 have been amended. Claims 1-4, 6-9, 11 are pending in the application.
Drawings
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they do not include the following reference sign(s) mentioned in the description: 201, 202, 203. Further, the amendment to the drawings with Fig. 3 now having corresponding 101, 102, 103 does not align with the description.
Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claim(s) 1-4, 6-9, 11 is/are rejected under 35 U.S.C. 102a2 as being anticipated by Suski et al (hereinafter “Suski”, 2021/0326644).
As per Claim 1, Suski discloses a device searching method comprising:
acquiring unique fingerprint information of a first device accessing a first network (at least paragraph 40; classify devices by exploiting intrinsic physical features of the communication signals from these devices. This technique can be referred to as fingerprinting, in reference to the use of unique characteristics of a physical device imprinted on its communication signals; par. 34, classification can be indicative of whether or not the device is an interfering device or an allowed network device, for example. Thus, in some examples, the classification can be a binary classification such as, for example, a binary classification that classifies the device as belonging to the network (e.g., in-distribution) and/or not belonging to the network (e.g., out-of-distribution));
acquiring unique fingerprint information of each device of a plurality of devices assigned to a second network separate from the first network (at least paragraph 49; a set of known device fingerprints);
for each device in the plurality of devices, calculating a similarity between the fingerprint information of said device and the fingerprint information of the first device (at least paragraph 49; generate device fingerprints for one or more unknown devices based on a similarity score to each known device of the set of known devices; Physical signal samples can then be processed by the trained first machine-learned model to output a similarity score relative to each of the twenty known devices); and
according to all the calculated similarities, judging whether the first device should be removed from the first network and assigned to the second network (at least paragraph 49-51; one or more classifications can include an authentication classification that is descriptive of an authorization prediction. The authentication classification can be a binary prediction of whether the device is authorized or not. The binary prediction can be based on whether the device is determined to be known or unknown by the model. Additionally and/or alternatively, the authentication classification can be a scalar output descriptive of a level of authorization. For example, some devices may be given a limited guest authorization, a semi-restricted employee authorization, or a full authorization with no restriction based on the authentication classification; par. 34; classification can be indicative of whether or not the device is an interfering device or an allowed network device).
As per Claim 2. The method as claimed in claim 1 wherein the fingerprint information comprises:
at least one piece of first type fingerprint information comprised in the first device and each device in the second network (at least paragraph 46-47; eg. signal type; sampling from a physical layer, it can be difficult and/or impossible to misrepresent these characteristics, especially without disrupting the (possibly illicit) function of the interfering device. Thus, determining a device fingerprint based on physical layer characteristics), and at least one piece of second type fingerprint information comprised in only some devices among all devices including the first device and each device in the second network (at least paragraph 35-36, 103, 57; eg. one or more sensors that device may have for sampled dat; eg. wired signal samples in some devices and wireless signal characteristics in other devices); and
calculating a similarity between the fingerprint information of said device and the fingerprint information of the first device, comprises: for each piece of the first type fingerprint information, the closer a value of the first type fingerprint information of said device to a value of the first type fingerprint information of the first device, the higher the similarity between the fingerprint information of said device and the fingerprint information of the first device (at least paragraph 49; if one of these known devices sends signals, the first machine-learned model can provide a very high score indicating that the device is the previously known device, and very low scores associated to the other devices descriptive of the device fingerprint belonging to that specific known device and not the other known devices. Physical signal samples can then be processed by the trained first machine-learned model to output a similarity score relative to each of the twenty known devices. Each individual score related to each known device can be stored as the device fingerprint for the unknown device); and for the at least one piece of second type fingerprint information, the closer the structure of the at least one piece of second type fingerprint information contained in said device to the structure of the at least one piece of second type fingerprint information contained in the first device, and the closer the values of the same item of the second type fingerprint information, the higher the similarity between the fingerprint information of said device and the fingerprint information of the first device (at least paragraph 65, 49-50, 55-57; eg using voltage or other physical data; the device fingerprint can be provided (e.g., input) into a second modeling component. The second modeling component can be a second machine-learned model. In some implementations, the second machine-learned model can be a classifier model, such as, for example, a support vector machine (SVM) model. In another example, the second model can be a neural network. The second machine-learned model can be configured to provide a classification of the sampled network device based on the device fingerprint. For example, the sampled network device can be classified as an in-distribution device and/or an out-of-distribution device based at least in part on the device fingerprint. As one example, the second machine-learned model can be trained using training data including device fingerprints labeled with an appropriate classification (e.g., ID and/or OOD). The second model can thus be trained to distinguish between ID devices and OOD devices; sampled data from known devices having different hardware configuration and thus different types of data in fingerprints and similarity score being based on inputs of samples whereas a router would have different samples than a controller (par. 64) but can still be compared for similarity for network authentication).
As per Claim 3. The method as claimed in claim 1 wherein the first type fingerprint information comprises at least one of the following: IP address, MAC address, host name, operating system information, and open port information (at least paragraph 38; the device fingerprint can be determined based on samples taken from a physical layer of the network (e.g., hardware). For instance, some systems attempt to identify a device based on higher-level characteristics, such as, for example, medium address control (MAC) addresses, IP addresses, etc.).
As per Claim 4. The method as claimed in claim 1, wherein the first network comprises an Information Technology network, and the second network comprises an Operational Technology network (at least paragraph 4, 39; some information technology (IT) and operational technology (OT) networks share much of the same hardware and communications infrastructure and often the same host operating system software. However, OT networks have more stringent requirements on availability, reliability and data integrity than most corporate enterprise-type networks. Despite these requirements, OT is less commonly equipped with intrusion detection, intrusion prevention, access control, and virus detection systems).
Claims 6-9, 11 do not, in substance, add or define any additional limitations over claims 1-4 and therefore are rejected for similar reasons, supra.
Response to Arguments
Applicant's arguments filed 21 May 2025 have been fully considered but they are not persuasive.
Regarding the drawing objections: Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Applicant responded on p. 2 that proposed amendments to the figures were presented herein, but no proposed amendments appear to have been filed. The specification has been amended to replace ‘42’ with ‘41’ to overcome that reference number objection.
Applicant’s arguments with respect to claim(s) 1-4, 6-9, 11 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Grimm, see 2/19/25 IDS, par. 198-200, 153, 140 describes network admission based on device (network adapter/ MAC) fingerprint.
See also Fransen from IDS abstract “A similarity score is generated for pairs of IoT devices by comparing their respective sets of fingerprints to identify matching fingerprints.”
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GREGORY TODD whose telephone number is (303)297-4763. The examiner can normally be reached 8:30-5 MST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas Taylor can be reached on 571-272-3889. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/GREGORY TODD/Primary Examiner, Art Unit 2443