Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Detail Action
This office action is response to the application 18/890,106 filed on 09/19/2024. Claims 1-20 are pending in this communication.
Priority
This application is a CON of 17/719,464 04/13/2022 PAT 12,132,742. Priority date has been accepted.
Examiner’s Note
The examiner is requesting the applicant’s representative to provide direct phone number and/or mobile phone number in next communication, which will be very helpful to advance the prosecution. The primary examiner appreciates submission of Terminal Disclaimer on 01/22/2026, however, new search teaches independent claim limitations.
Claim Rejections - 35 USC § 103
The following is a quotation of AIA 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-4, 8 & 17-20 are rejected under AIA 35 U.S.C. 103 as being unpatentable over KIRSCH; A et al. (US 11,972,013 B2) in view of HANSELL; Jeffrey Stuart et al. (US 7,386,628 B1).
Regarding Claim 1, KIRSCH discloses a first communication device, comprising:
detect a defined signature, associated with a data packet, based on the conversion of the data signal; and trigger, based on the detection of the defined signature, an event in a communication network at a datalink layer of the network architecture {col. 27 lines 5-13, “Since Bluetooth MAC address can be easily determined and easily forged, … the Bluetooth and the keyboard only issues a signature if the Bluetooth device can mutually authenticate with it that they both have a signed OneID certificate with your OneID so they both store secret keys associated”. Examiner’s note: applying rules, detects signature of malware and allow/deny the frame as per security rule. All data conversions are happening between ISO 7-layer network architecture. OneID is cloud-based identity verification server. Cited Bluetooth MAC operates in data-link layer and triggers to check signature to verify data intrusion} …
KIRSCH, however, does not explicitly disclose
… of a network architecture;
In an analogous reference HANSELL discloses
a processor configured to: receive a data signal from a second communication device; convert the data signal to a bit stream at a physical layer; … of a network architecture … irrespective of an involvement of an application layer of the network architecture {Fig. 1B & col. 4 lines 36-40, “FIG. 1B shows … network architecture illustrating seven network layers defined by the ISO ... The network architecture 110 includes physical layer 112 coupled to the network medium 111, data link layer 113, network layer 114, transport layer 115, session layer 116, presentation layer 117, and application layer 118”. Examiner’s note: it is well settled that signal/bits are received in layer-1 physical layer. Upper layer, like claimed application layer do not see data (see data frame/packet in Fig. 1C) unless handled by lower layer, starting from L-2 data-link layer, or MAC}.
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify KIRSCH’s technique of ‘receiving bits in physical layer and detecting malware by upper layers’ for ‘implementing the ISO 7-layer network architecture where layer-7 application layer has nothing to do bottom physical or data-link layers’, as taught by HANSELL, in order to apply hardware level un-authorized data intrusion detection. The motivation is - receiving bits at the Physical Layer (Layer 1) while detecting malware at the Application Layer (Layer 7) optimizes performance by separating hardware-level transmission from, intelligent, content-aware, and contextual security analysis. This allows raw, high-speed data transmission, while upper layers focus on identifying complex, payload-level threats.
All references are inventions in analogous area but each invention teaches specific claimed limitation specifically and other references mutually cure each other’s deficiencies. When all claimed techniques are combined, they teach claimed invention. The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims unless addressed separately.
Regarding Claim 2, KIRSCH as modified by HANSELL discloses all the features of claim 1. The combination further discloses
execute a frame level inspection of the bit stream at the datalink layer for the defined signature; and detect the defined signature based on the execution of the frame level inspection of the bit stream at the datalink layer {KIRSCH: col. 27 lines 5-13, “Since Bluetooth MAC address can be easily determined and easily forged, … the Bluetooth and the keyboard only issues a signature if the Bluetooth device can mutually authenticate with it that they both have a signed OneID certificate with your OneID so they both store secret keys associated”. Examiner’s note: applying rules, detects signature of malware and allow/deny the frame as per security rule. All data conversions are happening between ISO 7-layer network architecture. OneID is cloud-based identity verification server. Cited Bluetooth MAC operates in data-link layer and triggers to check signature to verify data intrusion}.
Regarding Claim 3, KIRSCH as modified by HANSELL discloses all the features of claim 1. The combination further discloses
wherein the defined signature associated with the data packet is a unique indicator {KIRSCH: col. 5 lines 4-7, “OneID uses secure signature private keys that cannot be forged, extracted, or duplicated by anyone, including the owner or an attacker who has complete control of the user's hardware and software”}.
Regarding Claim 4, KIRSCH as modified by HANSELL discloses all the features of claim 1. The combination further discloses
wherein the processor is further configured to communicate the defined signature to a cloud server for verification in a case where the defined signature associated with the data packet is detected at the datalink layer {KIRSCH: col. 27 lines 5-13, “Since Bluetooth MAC address can be easily determined and easily forged, … the Bluetooth and the keyboard only issues a signature if the Bluetooth device can mutually authenticate with it that they both have a signed OneID certificate with your OneID so they both store secret keys associated”. Examiner’s note: applying rules, detects signature of malware and allow/deny the frame as per security rule. All data conversions are happening between ISO 7-layer network architecture. OneID is cloud-based identity verification server. Cited Bluetooth MAC operates in data-link layer and triggers to check signature to verify data intrusion}.
Regarding Claim 8, KIRSCH as modified by HANSELL discloses all the features of claim 1. The combination further discloses
wherein the processor is further configured to execute, in a case where the defined signature associated with the data packet is detected at the datalink layer, a local validity check of the defined signature at the first communication device for verification {KIRSCH: col. 48-49, “In an embodiment, the identity manager is a web browser plug-in that is capable public key authentication. The ID manager can prompt for confirm/deny and the ID manager can prompt … [next step of analysis or remediation]”. Examiner’s note: cited web browser plug-in is form of local verification}.
Regarding Claim 17, KIRSCH as modified by HANSELL discloses all the features of claim 1. The combination further discloses
wherein the data signal is at least one of a wireless radio signal, an electrical signal received via a physical electrically conductive medium, or an optical signal {HANSELL: col. 15 line 67 – col. 16 line 3, “The term "machine-readable medium" shall accordingly be taken to included, but not be limited to, solid-state memories, optical and magnetic disks, and carrier wave signals”}.
Regarding claim 18, claim 18 is claim to a method using the device of claim 1. Therefore, claim 18 is rejected for the reasons set forth for claim 1.
Regarding claim 19, claim 19 is a dependent claim of claim 18, claim 19 is claim to method using the device of claim 2. Therefore, claim 19 is rejected for the reasons set forth for claim 2.
Regarding claim 20, claim 20 is a dependent claim of claim 19, claim 20 is claim to method using the device of claim 3. Therefore, claim 20 is rejected for the reasons set forth for claim 3.
Claims 9, 13 & 14 are rejected under AIA 35 U.S.C. 103 as being unpatentable over KIRSCH; A et al. (US 11,972013 B2) in view of HANSELL; Jeffrey Stuart et al. (US 7,386,628 B1) and further in view of TARQUINI; Richard Paul (US 2003/0084326 A1).
Regarding Claim 9, KIRSCH as modified by HANSELL discloses all the features of claim 8. However, the combination does not explicitly disclose
wherein the processor is further configured to execute pattern recognition of the defined signature based on at least one of a defined hardware logic, a defined driver code, a defined firmware code, a hashed value index, a bootable image, an operating system kernel image, or a binary image present in the first communication device.
In an analogous reference TARQUINI discloses
wherein the processor is further configured to execute pattern recognition of the defined signature based on at least one of a defined hardware logic, a defined driver code, a defined firmware code, a hashed value index, a bootable image, an operating system kernel image, or a binary image present in the first communication device {ABS., “the intrusion prevention system bound to a media access control driver and a protocol driver, invoking a signature analysis algorithm by the intrusion prevention system, and comparing the packet by the intrusion prevention system with a first rule set comprising a rule logically defining a packet signature is provided” … [0039], “Each of the machine-readable signature files 281A-281N comprises binary logic representative of the attack signature”}.
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify KIRSCH’s technique as modified by HANSELL of ‘receiving bits in physical layer and detecting malware by upper layers for implementing the ISO 7-layer network architecture where layer-7 application layer has nothing to do bottom physical or data-link layers’ for ‘malware pattern recognition tool in driver level in signature’ by TARQUINI, in order to secure data. The motivation is - Receiving bits at the physical layer while detecting malware at upper layers within an ISO 7-layer model ensures specialized, efficient, and secure communication. It allows for raw transmission independence at lower layers while enabling sophisticated, context-aware, and content-aware malware analysis at the application layer, enhancing overall security. The physical layer (L1) focuses solely on raw bitstream transmission (electrical, optical, radio), while upper layers (like 7) focus on semantic analysis and security, allowing for independent optimization of hardware and software.
All references are inventions in analogous area but each invention teaches specific claimed limitation specifically and other references mutually cure each other’s deficiencies. When all claimed techniques are combined, they teach claimed invention. The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims unless addressed separately.
Regarding Claim 13, KIRSCH as modified by HANSELL discloses all the features of claim 1. However, the combination does not explicitly disclose
the processor is further configured to trigger, based on the detection of the defined signature being at the datalink layer, at least one defined action defined in a main action database, and the main action database is external to the first communication device.
TARQUINI further discloses
the processor is further configured to trigger, based on the detection of the defined signature being at the datalink layer, at least one defined action defined in a main action database, and the main action database is external to the first communication device {[0005], “A … signature analysis algorithm may search for a particular string that has been identified” … the IPS may then perform any one or more of a number of actions, such as logging the identification of the frame, performing a countermeasure, or performing another data archiving or protection measure”}.
Regarding Claim 14, KIRSCH as modified by HANSELL & TARQUINI discloses all the features of claim 13. However, the combination further discloses
wherein the defined signature is registered and assigned to the at least one defined action in the main action database {TARQUINI: [0005], “A … signature analysis algorithm may search for a particular string that has been identified” … the IPS may then perform any one or more of a number of actions, such as logging the identification of the frame, performing a countermeasure, or performing another data archiving or protection measure”. Examiner’s note: sample signature is registered or included in the database for signature matching to allow/deny}.
Claims 15 & 16 are rejected under AIA 35 U.S.C. 103 as being unpatentable over KIRSCH; A et al. (US 11,972013 B2) in view of HANSELL; Jeffrey Stuart et al. (US 7,386,628 B1) and further in view of SMITH; Ned M. et al. (US 2019/0349426 A1).
Regarding Claim 15, KIRSCH as modified by HANSELL discloses all the features of claim 1. However, the combination does not explicitly disclose
wherein the processor is further configured to trigger a new event in a distributed ledger of a blockchain at the datalink layer without the involvement of the application layer of the network architecture.
In an analogous reference SMITH discloses
wherein the processor is further configured to trigger a new event in a distributed ledger of a blockchain at the datalink layer without the involvement of the application layer of the network architecture {[0030], “FIG. 25 is a block diagram of a blockchain block holding boot integrity transactions in accordance with some embodiments” … [0905], “The first phase of the algorithm initializes a relationship pattern matrix between a candidate policy and a deployed policy, the second phase matches this pattern against a conflict signature” … [1123], “A more feature rich mechanism using the concept of a blockchain smart contract may be implemented”}.
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify KIRSCH’s technique as modified by HANSELL of ‘receiving bits in physical layer and detecting malware by upper layers for implementing the ISO 7-layer network architecture where layer-7 application layer has nothing to do bottom physical or data-link layers’ for ‘malware signature verification in accessing a block-chain smart-contract’ by SMITH, in order to secure data. The motivation is - malware signature verification in blockchain smart contracts enhances security by creating an immutable, decentralized database of known threats (signatures) to prevent malicious code execution. It ensures that only verified, trusted code interacts with the contract, reducing risks from compromised external dependencies and improving overall system integrity.
All references are inventions in analogous area but each invention teaches specific claimed limitation specifically and other references mutually cure each other’s deficiencies. When all claimed techniques are combined, they teach claimed invention. The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims unless addressed separately.
Regarding Claim 16, KIRSCH as modified by HANSELL & SMITH discloses all the features of claim 15. The combination further discloses
wherein the processor is further configured to trigger a smart contract associated with the blockchain at the datalink layer without the involvement of the application layer of the network architecture {SMITH: [1126], “At block 15706, the device may interact with a smart contract 15708 on the blockchain, for example, by creating a commissioning transaction. A join contract function 15710 may be performed when a new device first interacts with the smart contract 15708. The smart contract 15708 may support device attestation features and decide whether or not to accept a particular device in the smart contract 15708”}.
Allowable subject matter
Claims 5 & 10 will be allowable if written in independent form with base method claim 1 For allowability, the independent method Claim 18 is required to be in same scope with equivalent limitations of claims 5 & 10 as proposed for amended claim 1.
Reasons of allowance: what is missing from the prior arts is: After receiving cloud-server verification of the signature, the device executes a standard data packet flow from the physical to the application layer to play associated content on either an internal or connected external output component, provided the verification is successful, and after verifying the signature locally, the device executes a standard data packet flow to play associated content on an output component, provided the verification is successful.
Therefore, claims 5-7 & 10-12 are objected.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to QUAZI FAROOQUI whose telephone number is (571) 270-1034 or Quazi.farooqui@USPTO.GOV. The examiner can normally be reached on Monday-Friday 9:00 am to 5:30 pm, EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Bill Korzuch can be reached on (571) 272-7589 or William.Korzuch@USPTO.GOV. The fax phone number for Examiner Farooqui assigned is 571-270-2034.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-flee). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/QUAZI FAROOQUI/
Primary Examiner, Art Unit 2491