COORDINATED CELLULAR NETWORK ATTACK DETECTION AND MITIGATION

§103 §112

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Status of Claims 2. This Office Action is issued in response to the claims filed on 10/07/2024. Claims 1-20 are pending in this Office Action. Priority 3. Acknowledgement is made of applicant’s claim of continuation of U.S. Patent Application Serial No. 17/654,104, filed on March 9, 2022, now U.S. Patent No. 12,113,827. Information Disclosure Statement 4. The information disclosure statement (IDS) filed on 10/07/2024 has been considered by the Examiner. Claim Rejections - 35 USC § 112 5. The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. 6. Claim 10 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claim 10 recites: “The network equipment of claim 8, wherein the silent short message…” The emphasized part lacks proper antecedent basis and makes the claim ambiguous. Therefore, claim 10 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph. For purpose of examination, the Examiner assumes claim 10 depend on claim 9 which provides proper antecedent basis for “the short message”. Claim Rejections - 35 USC § 103 7. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 8. Claims 1-2, 4, 6-9, 11, 13-16, 18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Pandit et al. (US 20230247435 A1), hereinafter “Pandit”, in view of Pazandak (US 20220400132 A1), hereinafter “Pazandak”. Regarding claim 1, Pandit discloses a method comprising: sending, by network equipment comprising a processor, instructions to multiple user equipment within a defined geographic area, wherein the instructions enable the multiple user equipment to scan for potential attacks (paragraphs [0027], [0036]-[0040], [0045]-[0047] and [0060]: gNB/eNB 206c-network equipment comprising a processor- sends messages to monitored UEs of a communication network-defined geographic area- to scan for malicious software-potential attacks); receiving, by the network equipment, scan reports from the multiple user equipment, wherein the scan reports comprise results of scans responsive to the instructions (paragraph [0033], scan results could confirm suspicions); analyzing, by the network equipment, aggregated scan report information from the scan reports to identify a malicious code (paragraphs [0033], [0039], and [0049]: identifying presence of malware or spyware-malicious code). Pandit discloses taking security action towards infected user equipment (UE) including denying continued access to services until “the UE (or its associated owner or user) takes an action to cleanse the UE (e.g., takes an action to remove malware, or the like, from the UE)” (paragraph [0033]). Pandit does not explicitly disclose sending, by the network equipment, short message service messages to the multiple user equipment, wherein the short message service messages enable at least one security operation to disable the malicious code at the multiple user equipment. However, sending text messages of security updates to devices to fix detected software issues is known in the art and Pazandak’s teaching is an example (paragraphs [0032]-[0033]). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Pandit’s teaching of identifying attack and taking security action with Pazandak’s teaching of sending text messages of security updates to devices to fix detected software issues to have predictable result of sending, by the network equipment, short message service messages to the multiple user equipment, wherein the short message service messages enable at least one security operation to disable the malicious code at the multiple user equipment. Regarding claim 2, Pandit and Pazandak disclose the method of claim 1, wherein the operations further comprise: sending, by the network equipment, silent short message service messages to the multiple user equipment, and wherein the silent short message service messages and the instructions enable the multiple user equipment to scan for the potential attacks (Pandit, paragraphs [0033] and [0039]: sending message to the UEs to scan for malicious software. Pazandak, paragraph [0032]: sending text message. The combination of Pandit and Pazandak’s teaching would have a an obvious and predictable result of sending, by the network equipment, silent short message service messages to the multiple user equipment, and wherein the silent short message service messages and the instructions enable the multiple user equipment to scan for the potential attacks. Note: text message is a form of silent short message service message). Regarding claim 4, Pandit and Pazandak disclose the method of claim 1, wherein the sending the instructions to the multiple user equipment comprises sending the instructions to subscriber identity modules at the multiple user equipment (Pandit, paragraphs [0017]- [0018], [0031, and [0035]: mobile devices-user equipment- belong to subscribers and have identity modules). Regarding claim 6, Pandit and Pazandak disclose the method of claim 1, wherein the analyzing is performed via a security function of the network equipment serving as a network node that supports a cell of a cellular communications network (Pandit, Fig. 2C with associated text and paragraph [0027]: gNB/eNB 206c). Regarding claim 7, Pandit and Pazandak disclose the method of claim 6, wherein the security function employs machine learning (Pandit, paragraph [0045]: using machine learning in analysis suspicious activity). Regarding claims 8-9, 11, 13-14, they claim similar subject matters to claims 1-2, 4, and 6-7 respectively; therefore, claims 8-9, 11, 13-14 are rejected at least for the same reasons as claims 1-2, 4, and 6-7 respectively. Pandit further teaches network equipment comprising a processor and a memory storing executable instruction to perform operations (Pandit, Fig.4 with associated text and paragraph [0027]: processing unit 404-processor and memory 406). Regarding claims 15-16, 18, and 20, they claim similar subject matters to claims 1-2, 4, and 6 respectively; therefore, claims 15-16, 18, and 20 are rejected at least for the same reasons as claims 1-2, 4, and 6 respectively. Pandit further teaches computer-readable storage media (paragraph [0065]). 9. Claims 5, 12, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Pandit et al. (US 20230247435 A1), hereinafter “Pandit”, in view of Pazandak (US 20220400132 A1), hereinafter “Pazandak”, and in view of Tikhonov (US 9332029 B1), hereinafter “Tikhonov”. Regarding claim 5, Pandit and Pazandak disclose the method of claim 1. Pandit and Pazandak do not explicitly disclose the wherein the malicious code is identified at least in part by a file storage location of the malicious code. However, identifying malicious subject based on location is known in the art and Tikhonov’s teaching is an example (Col.5, lines 52-59 and Col.7, lines 19-28). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Pandit and Pazandak’s teachings of identifying attack and taking security action with Tikhonov’s teaching of identifying malicious subject based on location to have an obvious and predictable result of the malicious code is identified at least in part by a file storage location of the malicious code. Claims 12 and 19 claim similar subject matters to claim 5; therefore, they are rejected at least for the same reasons as claim 5. Allowable Subject Matter 10. Claims 3, 10, and 17 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims and overcome 35 USC § 112(b) set forth in this Office action. The following is an examiner’s statement of reasons for allowance: Regarding claims 3, 10, and 17: a. Pandit et al. (US 20230247435 A1) discloses apparatuses and methods for identifying suspicious activities in one or more portions of a network or system and techniques for alerting and initiating actions from subscribers and operations. When a user equipment (UE) is suspected of generating malicious data or traffic, the UE is requested to download an application (app) to scan for the presence of malware, spyware, or the like. When results of the scanning confirm the suspicions, the UE may be denied continued access to services provided by the system or network until the UE (or its associated owner or user) takes an action to cleanse the UE (e.g., takes an action to remove malware, or the like, from the UE) (Fig. 2B with associated text and paragraphs [0029], [0032]-[0033]). b. Pazandak (US 20220400132 A1) discloses a method for detecting and remediating common vulnerabilities and exposures. The method includes receiving, at a mobile device management server from a threat feed server, at least one security statement; parsing the at least one security statement into parsed information; creating a custom threat feed of common vulnerabilities and exposures with at least the parsed information; and selectively creating an alert associated with one common vulnerability and exposure of the common vulnerabilities and exposures, wherein the alert comprises a remediation action associated with the one common vulnerability and exposure. The remediation action can be transmitting a notification (e.g., text message, email), transmitting commands to execute the remediation policy (e.g., patching, removing software titles, over-riding user-interaction options) (Fig.3 with associated text and paragraph [0032]). c. Ali-Ahmad et al. (US 20100175134 A1) discloses methods and systems for scanning an endpoint terminal across an open computer network. An exemplary method includes providing a scanner engine in a computer server in communication with an open computer network, and establishing a secure connection across the open computer network between the scanner engine and a scanner agent installed on the endpoint terminal in communication with the open computer network. Commands for collecting data regarding the endpoint terminal are sent from the scanner engine across the secure connection to the scanner agent. The scanner engine then receives the collected data from the scanner agent across the secure connection, analyzes the data to assess a current posture of the endpoint terminal, and determines any updates for the endpoint terminal from the analysis. Updates are sent across the secure connection to the scanner agent for installation on the endpoint terminal (Fig.2 with associated text). Although the above references teach similar aspects of the independent claims, none of the prior arts of record, either alone or in combination, discloses all the limitations of the independent claims 3, 10, and 17, including at least, “the silent short message service messages and the instructions enable the multiple user equipment to scan for at least one potential attack comprising a string that represents time.” Prior Art of Record 11. The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure: see attached PTO-892 Notice of References Cited. Conclusion 12. Any inquiry concerning this communication or earlier communications from the examiner should be directed to THANH T. LE whose telephone number is (571)270-0279. The examiner can normally be reached on Monday-Friday 8:00 am - 4:30 pm EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /THANH T LE/Primary Examiner, Art Unit 2495