Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 5-10, 12, 17, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Shim US 9,749,337 in view of Myers US 2004/0213172 .
As per claim 1. Shim teaches A method comprising: accessing a first media access control (MAC) address associated with a first communication on a first port of a first network device; accessing a second media access control (MAC) address associated with a second communication on a second port of a second network device; determining a match of the first MAC address and the second MAC address; (Column 4 lines 20-30) (Column 5 lines 20-55) (Column 8 lines 62-67) ( Shim teaches detecting a rouge device that is spoofing a MAC address by matching a first and second MAC address to a first and second device and taking an action regarding said Rogue device)  


Myers teaches accessing information associated with a third communication associated with the first MAC address on the first port of the first network device; accessing information associated with a fourth communication associated with the second MAC address on the second port of the second network device; and performing an action associated with the second port of the second network device based on the second MAC address matching the first MAC address and based on the information associated with the third communication and the information associated with the fourth communication. [0088]-[0090] (can request the two devices to log in again, meaning a third and fourth communication, upon detection of MAC spoofing and take action upon detection of MAC spoofing)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the communications of Myers with the system of Shim in order to prevent false positive detection of MAC spoofing.As per claim 5. Myers teaches the method of claim 1, wherein the first network device and second network device are configured for authentication using the 802.1X protocol.  [0085]  (Myers teaches the devices are first authenticated with 802.1X)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the authentication of Myers with the previous combination because it increases security.
As per claim 6.  Shim teaches The method of claim 1, wherein the action blocks communication on the second port. (Column 8 lines 62-67) (block port)As per claim 7. Shim teaches The method of claim 1, wherein the action is performed by at least one of a network access control (NAC) device, a switch, a router, a firewall, a hypervisor, software-defined networking (SDN) controller, a virtual firewall, a wireless access point or wireless LAN, or a virtual private network (VPN). (Column 4 lines 20-30)As per claim 8. Shim teaches The method of claim 1, wherein the first port of the first network device is communicatively coupled with a first device, and wherein the second port of the second network device is communicatively coupled with a second device, and wherein the first MAC address is associated with the first device.  (Column 5 lines 20-55) As per claim 9. Myers teaches The method of claim 8, further comprising: sending a first request to the first device prior to the third communication; and sending a second request to the second device prior to the fourth communication. [0090] (can request the two devices to log in again, upon detection of a first and second MAC address match)As per claim 10. Shim teaches The method of claim 1, wherein the action is performed without user interaction. (Column 8 lines 62-67) (block port)As per claim 12. Shim teaches A system comprising: a memory; and a processing device, operatively coupled to the memory, to: monitor each media access control (MAC) address of each device communicatively coupled to a network; access information comprising a respective timestamp associated with when each device was communicatively coupled to the network and each port associated with each device, wherein each device is communicatively coupled to an associated port; and determine whether a MAC address spoofing event has occurred based on the information and a first MAC address matching a second MAC address, wherein the first MAC address is associated with a first communication on a first port of a first network device and the second MAC address is associated with a second communication on a second port of a second network device. perform an action in response to the MAC address spoofing event. (Column 4 lines 20-30, 55-65) (Column 5 lines 20-55) (Column 8 lines 62-67) ( Shim teaches detecting a rouge device that is spoofing a MAC address by matching a first and second MAC address to a first and second device, with records of access including timestamps associated with when each device was connected,  and taking an action regarding said Rogue device)As per claim 17. Shim teaches A non-transitory computer readable medium having instructions encoded thereon that, when executed by a processing device, cause the processing device to: access a first media access control (MAC) address associated with a first communication on a first port of a first network device; access a second media access control (MAC) address associated with a second communication on a second port of a second network device; determine, using the processing device, a match of the first MAC address and the second MAC 
Myers teaches access information associated with a third communication associated with the first MAC address on the first port of the first network device; access information associated with a fourth communication associated with the second MAC address on the second port of the second network device; and perform an action associated with the second port of the second network device based on the second MAC address matching the first MAC address. [0088]-[0090] (can request the two devices to log in again, meaning a third and fourth communication, upon detection of MAC spoofing and take action upon detection of MAC spoofing)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the communications of Myers with the system of Shim in order to prevent false positive detection of MAC spoofing.As per claim 19. Myers teaches The non-transitory computer readable medium of claim 17, wherein the first record associated with the first MAC address is accessible from the first network device and the second record associated with the second MAC address is accessible from the second network device. [0046]-[0048] (Myers teaches strong communications including records associated with the devices, such communication/registration/authentication would allow  

Claims 2-4, 11, 13-16, 18, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Shim US 9,749,337 in view of Myers US 2004/0213172 in view of Butti US 2008/0250498.

As per claim 2. Butti teaches The method of claim 1 further comprising: clearing a first record associated with the first MAC address and a second record associated with the second MAC address after the second communication. [0044] (teaches removing the records of the devices)

It would have been obvious to one of ordinary skill in the art at the time the invention was filed to teach the clearing of Butti with the previous combination because it saves unneeded memory space and allows for subsequent re-authentication.

As per claim 3. Myers teaches The method of claim 2, wherein the first record associated with the first MAC address is accessible from the first network device and the second record associated with the second MAC address is accessible from the second network device. [0046]-[0048] (Myers teaches strong communications including records associated with the devices, such communication/registration/authentication would allow for access) 
As per claim 4.  Butti teaches The method of claim 1, further comprising: accessing a first timestamp associated with the first communication; and accessing a second timestamp associated with the second communication, wherein the action is performed based on the second timestamp being after the first timestamp.  [0043][0044][0037] (teaches a first and second timestamp based on communications and performing action based on said timestamps)


As per claim 11. Butti teaches The method of claim 1 further comprising: receiving a fifth communication from the first network device, wherein the fifth communication indicates that the first MAC address and the second MAC address are the same, wherein the first network device and second network device are the same device; determining a first timestamp associated with the first communication; determining a second timestamp associated with the second communication, wherein the action is performed based on the second timestamp being after the first timestamp. [0043][0045]  (Mac address is the same device if the timestamps are in the correct range)

As per claim 13.  Butti teaches The system of claim 12, wherein the processing device further to: clear a first record associated with the first MAC address and a second record associated with the second MAC address after the second communication. [0044] (teaches removing the records of the devices)
As per claim 14. Myers teaches The system of claim 13, wherein the first record associated with the first MAC address is accessible from the first network device and the second record associated with the second MAC address is accessible from the second network device. [0046]-[0048] (Myers teaches strong communications including records associated with the devices, such communication/registration/authentication would allow for access) 
As per claim 16. Myers teaches The system of claim 13, wherein the first port of the first network device is communicatively coupled with a first device, and wherein the second port of the second network device is communicatively coupled with a second device, and wherein the first MAC address is associated with the first device, and wherein the processing device further to: send a first request to the first device after a clearing of the first record; and send a second request to the second device after a clearing of the second record.  [0090] (can request the two devices to log in again, upon detection of a first and second MAC address match)
As per claim 18.  Butti teaches the non-transitory computer readable medium of claim 17, wherein the instructions further cause the processing device to: clear a first record associated with the first MAC address and a second record associated with the second MAC address after the second communication. [0044] (teaches removing the records of the devices)

As per claim 20. Butti teaches The non-transitory computer readable medium of claim 17, wherein the instructions further cause the processing device to: access a first timestamp associated with the first communication; and access a second timestamp associated with the second communication, wherein the action is performed based on the second timestamp being after the first timestamp.  [0043][0044][0037] (teaches a first and second timestamp based on communications and performing action based on said timestamps)


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER BROWN whose telephone number is (571)272-3833.  The examiner can normally be reached on M-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439