Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments with respect to claim(s) 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Examiner has included Clarke US 2017/0048815 to meet the amended claims of record including determining whether to store or communicate a plurality of packets.
Applicant argues that the art of the prior office action fails to anticipate the claims as amended because that art is “directed to authentication of a user and not to a packet level decision as claimed”.
Examiner finds this argument unpersuasive. Examiner asserts that nowhere in the claim language is “packet level” authentication or a decision required. Examiner also asserts that it is well known that user authentication may be in part decided on a users location. Examiner asserts that a well known user authentication method is of users location or IP address, and said IP address is location based.
Examiner appreciates that Applicant has included “the communication includes a plurality of packets”. Examiner points out however, that the claims fail to recite that the location is determined based on each of the plurality of packets. The claims maintain that a geolocation assessment is based on “incoming network traffic communications”.
Examiner has incorporated Clarke US 2017/0048815 in an attempt to expedite prosecution, however, Examiner also asserts that the claims have not materially changed, and that network communications are well known to have packets of data.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-7, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Eltoft US 10,909240 in view of Zellner US 2005/0272445 in view of Crabtree US 2025/0039228 in view of Clarke US 2017/0048815.
As per claim 1. Eltoft teaches A network monitor to provide network security specific to equipment of a building automation system (BAS) and server assessment of network communication directed thereto, comprising: a server configured to couple to a building management network of the building automation system; the server configured to monitor communication that is on the building management network and determine whether such communication is directed to specific devices of the building automation system; (Column 2 lines 36-55) (Column 4 lines 12-40)(Column 10 lines 25-40) (Column 14 lines 42-63) (Column 16 lines 45-Column 17 line 8) (Column 18 line 34-60) (Column 19 lines 1-6) (teaches a building management system with network security that monitors users, and contains user profiles to determine whether to carry forth user instructions to specific devices based on user ID, authority status, time, and user location, in addition to importance of the specific device)
Zellner teaches the server configured to determine and perform at least one of store or communicate, for each of a plurality of incoming network traffic communications that is determined directed to one or more specific devices of the building automation system, a geo-location-based assessment of a server that originated said each of the plurality of incoming network traffic communications directed to the one or more specific devices of the building automation system. [0116]-[0117]; [0122] Table 2. (teaches different authentication procedures depending on security configuration, including location authentication, and being in the same office or building to access certain resources; additionally teaches blocking access to resources in different restricted locations which are user configured)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the teaching of Zellner with the prior art because it more specifically tailors security settings to increase network security.
Crabtree explicitly teaches that the incoming traffic is from a “server” [0088]. Examiner argues that one of ordinary skill in the art would equate a server and user terminal, and is described in Eltoft but includes Crabtree for explicit clarity.
It would have been obvious to one of ordinary skill in the art to use the teaching of Crabtree at the time the invention was filed with the prior art of record because it improves security to protect networks against malicious servers.
Clarke teaches communication includes a plurality of packets and based on the plurality of packets determining whether to store or communicate the based on a geolocation assessment of the traffic. [0012][0013][0014] (teaches classification and routing of packets based in part on packet metadata including location data, in order to enforce security policy)
It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the current invention to use the teaching of Clarke with the prior art because it enhances security.
As per claim 2. Zellner teaches The network monitor of claim 1, wherein the geo-location-based assessment of the server comprises: determination of an origin server of the incoming communication and a corresponding geo-location-based characterization of the origin server. [0116]-[0117]; [0122] Table 2. (teaches different authentication procedures depending on security configuration, including location authentication, and being in the same office or building to access certain resources; additionally teaches blocking access to resources in different restricted locations which are user configured)
As per claim 3. Zellner teaches The network monitor of claim 1, wherein the geo-location-based assessment of the server comprises: a determination of geo-location of an origin server of said each of a plurality of incoming network traffic communications; and a determination of geo-location proximity of the origin server to the one or more specific devices of the building automation system. [0116]-[0117]; [0122] Table 2. (teaches different authentication procedures depending on security configuration, including location authentication, and being in the same office or building to access certain resources; additionally teaches blocking access to resources in different restricted locations which are user configured)
As per claim 4. Zellner teaches The network monitor of claim 1, wherein the geo-location-based assessment of the server comprises: comparison of geo-location proximity an origin server of said each of a plurality of incoming network traffic communications and at least one approved geo-location proximity range relative to the one or more specific devices of the building automation system. [0116]-[0117]; [0122] Table 2. (teaches different authentication procedures depending on security configuration, including location authentication, and being in the same office or building to access certain resources; additionally teaches blocking access to resources in different restricted locations which are user configured)
As per claim 5. Zellner teaches The network monitor of claim 1, wherein the geo-location-based assessment of the server comprises: comparison of geo-location of an origin server of the incoming communication and approved geo-location ranges of service providers for the building automation system. [0116]-[0117]; [0122] Table 2. (teaches different authentication procedures depending on security configuration, including location authentication, and being in the same office or building to access certain resources; additionally teaches blocking access to resources in different restricted locations which are user configured)
As per claim 6. Zellner teaches The network monitor of claim 1, wherein the geo-location-based assessment of the server comprises: comparison of geo-location of an origin server of the incoming communication and one or more unapproved geo-location ranges for origins of communication to the building automation system. [0116]-[0117]; [0122] Table 2. (teaches different authentication procedures depending on security configuration, including location authentication, and being in the same office or building to access certain resources; additionally teaches blocking access to resources in different restricted locations which are user configured)
As per claim 7. Zellner teaches The network monitor of claim 1, further comprising: the server configured to determine, for each of the plurality of incoming network traffic communications that is determined directed to the one or more specific devices of the building automation system, whether to block or allow connection based on the geo-location-based assessment. [0116]-[0117]; [0122] Table 2. (teaches different authentication procedures depending on security configuration, including location authentication, and being in the same office or building to access certain resources; additionally teaches blocking access to resources in different restricted locations which are user configured)
As per claim 19. Zellner teaches The processor-based method of claim 18, wherein: the determining and performing at least one of store or communicate comprises: determining and storing a geo-location-based server assessment of the server that originated said each of a plurality of incoming network traffic communications directed to the one or more specific devices of the building automation system; and determining whether to block or allow connection based on the stored geo-location-based server assessment. [0116]-[0117]; [0122] Table 2. (teaches different authentication procedures depending on security configuration, including location authentication, and being in the same office or building to access certain resources; additionally teaches blocking access to resources in different restricted locations which are user configured)
Claim(s) 8-10, 12, 13, 15-18, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Eltoft US 10,909240 in view of Crabtree US 2025/0039228 in view of Clarke US 2017/0048815.
As per claim 8. Eltoft teaches A network monitor to provide network security specific to equipment of a building automation system (BAS) and server assessment of network communication directed thereto, comprising: a server configured to couple to a building management network of the building automation system; the server configured to monitor communication that is on the building management network and determine whether such communication is directed to specific devices of the building automation system; (Column 2 lines 36-55) (Column 4 lines 12-40)(Column 10 lines 25-40) (Column 14 lines 42-63) (Column 16 lines 45-Column 17 line 8) (Column 18 line 34-60) (Column 19 lines 1-6) (teaches a building management system with network security that monitors users, and contains user profiles to determine whether to carry forth user instructions to specific devices based on user ID, authority status, time, and user location, in addition to importance of the specific device)
Crabtree teaches the server configured to determine and perform at least one of store or communicate, for each of a plurality of incoming network traffic communications that is determined directed to one or more specific devices of the building automation system, a security assessment of a server that originated said each of the plurality of incoming network traffic communications directed to the one or more specific devices of the building automation system. [0030] [0094][0095] [0083]-[0085][0088][0089] (teaches security assessment of incoming traffic, including servers, and taking remedial action)
Clarke teaches communication includes a plurality of packets and based on the plurality of packets determining whether to store or communicate the based on a geolocation assessment of the traffic. [0012][0013][0014] (teaches classification and routing of packets based in part on packet metadata including location data, in order to enforce security policy)
It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the current invention to use the teaching of Clarke with the prior art because it enhances security.
As per claim 9. Crabtree teaches The network monitor of claim 8, wherein the security assessment of the server comprises: an assessment relative to external server anomalies. [0030] [0094][0095] [0083]-[0085] [0088][0089] (assessment of incoming external traffic)
As per claim 10. Crabtree teaches The network monitor of claim 8, wherein the security assessment of the server comprises: an assessment relative to whitelist or blacklist of server IP addresses. [0088] (whitelist blacklist)
As per claim 12. Crabtree teaches The network monitor of claim 8, wherein the security assessment of the server comprises: an assessment relative to identified servers that respond with malicious traffic. [0088][0089] (whitelist blacklist, known malicious)
As per claim 13. Crabtree teaches The network monitor of claim 8, further comprising: the server configured to perform network governance of the one or more specific devices of the building automation system, the network governance comprising authenticating network access only of authorized devices to operate and communicate in the network. [0089] (only authorized entities permitted)
As per claim 15. Crabtree teaches The network monitor of claim 8, further comprising: the server configured to perform network governance of the one or more specific devices of the building automation system, the network governance comprising blocking access to the building management network by denying communication between an unauthorized device and the building management network. [0088][0089] (whitelist blacklist, blocking known malicious)
As per claim 16. Crabtree teaches The network monitor of claim 8, further comprising: the server configured to perform network governance of the one or more specific devices of the building automation system, the network governance comprising monitoring and controlling connectivity of devices and networks of the building automation system with external networks. [0030] [0094][0095] [0104]-[0106] (controlling connectivity, monitoring in realtime)
As per claim 17. Crabtree teaches The network monitor of claim 8, further comprising: the server configured to perform network governance of the one or more specific devices of the building automation system, the network governance comprising providing real-time analysis of security alerts generated by devices and networks of the building automation system to contain and remediate security threats. [0030] [0094][0095] (real time security analysis and remediation)
As per claim 18. Eltoft teaches A processor-based method to provide network security specific to equipment of a building automation system (BAS) and server assessment of network communication directed thereto, comprising: coupling a server to a building management network of the building automation system; monitoring, by the server, communication that is on the building management network; determining, by the server, whether such communication is directed to specific devices of the building automation system; (Column 2 lines 36-55) (Column 4 lines 12-40)(Column 10 lines 25-40) (Column 14 lines 42-63) (Column 16 lines 45-Column 17 line 8) (Column 18 line 34-60) (Column 19 lines 1-6) (teaches a building management system with network security that monitors users, and contains user profiles to determine whether to carry forth user instructions to specific devices based on user ID, authority status, time, and user location, in addition to importance of the specific device)
Crabtree teaches determining and performing at least one of store or communicate, for each of a plurality of incoming network traffic communications that is determined directed to one or more specific devices of the building automation system, a security-centric assessment of a server that originated said each of a plurality of incoming network traffic communications directed to the one or more specific devices of the building automation system. [0030] [0094][0095] [0083]-[0085][0088][0089] (teaches security assessment of incoming traffic, including servers, and taking remedial action)
It would have been obvious to one of ordinary skill in the art to use the teaching of Crabtree at the time the invention was filed with the prior art of record because it improves security to protect networks against malicious servers.
Clarke teaches communication includes a plurality of packets and based on the plurality of packets determining whether to store or communicate the based on a geolocation assessment of the traffic. [0012][0013][0014] (teaches classification and routing of packets based in part on packet metadata including location data, in order to enforce security policy)
It would have been obvious to one of ordinary skill in the art prior to the effective filing date of the current invention to use the teaching of Clarke with the prior art because it enhances security.
As per claim 20. Crabtree teaches The processor-based method of claim 18, wherein: the determining and performing at least one of store or communicate comprises: performing the security assessment of the server at least one of: assessment relative to external server anomalies; assessment relative to whitelist or blacklist of server IP addresses; assessment relative to server signature or certificate-based verification; or assessment relative to identified servers that respond with malicious traffic; and determining whether to block or allow connection based on the stored security assessment of the server that originated said each of a plurality of incoming network traffic communications directed to the one or more specific devices of the building automation system. [0030] [0094][0095] [0083]-[0085] [0088][0089] (assessment of incoming external traffic, filtering and blocking via white list black list, server IP address, known malicious entities)
Claim(s) 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Eltoft US 10,909240 in view of Crabtree US 2025/0039228 in view of Clarke US 2017/0048815 in view of Barbosa De Moura US 2024/0244062.
As per claim 11. Barbosa De Moura teaches The network monitor of claim 8, wherein the security assessment of the server comprises: an assessment relative to server signature or certificate-based verification. [0030][0070] (teaches verification of server certificate in order to prevent malicious connections)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the teaching o f Barbosa De Moura with the prior art because it increases security.
Claim(s) 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Eltoft US 10,909240 in view of Crabtree US 2025/0039228 in view of Clarke US 2017/0048815 in view of Ding US 2018/0063079
As per claim 14. Crabtree teaches The network monitor of claim 8, further comprising: the server configured to perform network governance of the one or more specific devices of the building automation system, the network governance comprising governing and regulating network communication to specific ports and protocols on authorized devices. [0050][0052][0053][0054] (monitors ports and protocols)
Ding teaches filtering by specific ports to local devices to prevent unauthorized access. [0015][0045]
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the filter of Ding with the prior art to improve security.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER BROWN whose telephone number is (571)272-3833. The examiner can normally be reached M-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached at (571) 270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439