DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 8/20/2020 has been entered.

Response to Amendments / Arguments
Regarding claims rejected under 35 USC 103:
Applicant’s arguments have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

1-2, 4-15, and 17-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chickering (US 8,966,075 B1) in view of Grosser (US 2016/0285647 A1).

Regarding claim 1, Chickering discloses: A method comprising: 
receiving, by a network access control (NAC) device (policy server of Chickering) that enforces one or more policies for accessing one or more remote network devices (e.g., nodes of Chickering), authentication credentials from a user device (endpoint device of Chickering) in an OSI layer 2 (L2) message via an L2 connection, the authentication credentials in the L2 message including first identification information of the user device, the L2 connection being between the NAC device and the user device; 
Refer to at least Col. 4, Ll. 49-57 of Chickering with respect to the endpoint device requesting access for communicating with the nodes. 
Refer to at least Col. 4, Ll. 58-63 and Col. 9, Ll. 52-62 of Chickering with respect to the endpoint device request comprising authentication credentials over an L2 connection. 
authenticating, by the NAC device, the user device using the authentication credentials; 
Refer to at least Col. 6, Ll. 19-36 of Chickering with respect to the policy server performing authentication of the L2 request. 
after authenticating the user device, establishing, by the NAC device, an OSI layer 3 (L3) connection between the NAC device and the user device; 
Refer to at least Col. 2, Ll. 12-21, Col. 6, Ll. 36-51&61-67, and Col. 10, Ll. 3-18 of Chickering with respect to the policy server providing the endpoint device with an L3 address for establishing a communication session. 
receiving, by the NAC device, compliance information from the user device in an L3 message via the L3 connection, the compliance information in the L3 message including second identification information of the user device, and the L3 message being separate from the L2 message; 
Refer to at least Col. 2, Ll. 17-25, Col. 5, Ll. 7-15, Col. 6, Ll. 52-58, Col. 7, Ll. 7-28, and Col. 10, Ll. 18-21 of Chickering with respect to using the L3 session for monitoring, e.g., a variety of endpoint device information for policy compliance. 
associating, by the NAC device, the L2 connection with the L3 connection using the first identification information and the second identification information […]; and 
Refer to at least Col. 8, Ll. 27-60 and Col. 9, Ll. 32-51 of Chickering with respect to associating the L2 connection and L3 policy information for allowing network access. 
in response to determining that the compliance information satisfies the one or more policies, authorizing, by the NAC device, the user device to access the one or more remote network devices.
Refer to at least FIG. 4 of Chickering with respect to allowing access while policies are complied with. 
Although Chickering discloses (as per the citations above) verifying credentials, MAC address information, and compliance information such as endpoint device configuration, Chickering does not appear to fully disclose: wherein associating comprises determining that a portion of the first identification information matches a portion of the second identification information. However, Chickering in view of Grosser discloses: wherein associating comprises determining that a portion of the first identification information matches a portion of the second identification information.
Refer to at least steps 215-222 in FIG. 2A of Grosser with respect to checking packet data for respectively associated identifiers.  
The teachings of Chickering concern verifying MAC addresses (Col. 8, Ll. 22-60) and further concern VLAN tags (Col. 9, Ll. 11-42). Accordingly, they are considered to be combinable with the cited portions of Grosser concerning similar subject matter.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Chickering to further include verifying the 

Regarding claim 2, it is rejected for substantially the same reasons as claim 1 above (i.e., the citations concerning EAP).

Regarding claim 4, Chickering-Grosser discloses: The method of claim 1, wherein receiving the compliance information comprises: assigning the user device to a temporary virtual local area network (VLAN) with limited access rights; and initiating the L3 connection with the user device, and wherein authorizing the user device to access the one or more remote network devices comprises assigning the user device to a second VLAN with full access rights to the one or more remote network devices.
Refer to at least Col. 8, Ll. 27-60 of Chickering with respect to an initial connection to a quarantine VLAN followed by a regular network connection after appropriate verification. 

Regarding claim 5, Chickering-Grosser discloses: The method of claim 4, wherein assigning the user device to the second VLAN further comprises sending a remote authentication dial-in user service (RADIUS) change of authentication (CoA) message to assign the user device to the second VLAN.
Refer to at least Col. 3., Ll. 26-36 and Col. 6, Ll. 30-43 of Chickering with respect to providing L3 information via RADIUS and EAP. 

Regarding claim 6, it is rejected for substantially the same reasons as claims 4-5 above (i.e., RADIUS and EAP messaging as per Chickering).



Regarding claim 8, it is rejected for substantially the same reasons as claim 1 above (i.e., citations discussing EAP/RADIUS—e.g., Col. 6, Ll. 19-21 of Chickering).

Regarding claim 9, it is rejected for substantially the same reasons as claim 1 above (e.g., Col. 7, Ll. 11-28 and Col. 5, Ll. 7-11 of Chickering).

Regarding claim 10, it is rejected for substantially the same reasons as claim 1 above.

Regarding claim 11, Chickering-Grosser discloses: The method of claim 1, wherein the first identification information comprises at least one of a user name and password or a digital certificate of the user device, and wherein the second identification information comprises the user name and password or the digital certificate of the user device.
Refer to at least Col. 9, Ll. 57-61 with respect to exemplary login and compliance information, such as a user identification and password. 
This claim would have been obvious for substantially the same reasons as claim 1 above.

Regarding claim 12, Chickering-Grosser discloses: The method of claim 1, further comprising sending instructions to the user device to cause the user device to install a compliance agent, wherein receiving the compliance information comprises receiving the compliance information from the compliance agent of the user device.
Refer to at least Col. 8, Ll. 41-53 of Chickering with respect to agent software and its installation for monitoring compliance. 

The method of claim 1, further comprising, in response to determining that the compliance information does not satisfy one or more of the policies, sending data indicating a remediation server from which to retrieve one or more programs or updates to bring the user device into compliance with the one or more policies.
Refer to at least Col. 13, Ll. 32-58 of Chickering with respect to determining non-compliance and thereafter effecting policy change and/or reassignment. 

Regarding independent claim 14, it is substantially similar to independent claim 1, and is therefore likewise rejected (i.e., the citations and obviousness rationale).

Regarding claims 15 and 17-20, they are substantially similar to claims 2, 4-6, and 10 above, and are therefore likewise rejected.

Claims 3 and 16  is/are rejected under 35 U.S.C. 103 as being unpatentable over Chickering-Grosser as applied to claims 1-2, 4-15, and 17-20 above, and further in view of Choyi (US 2018/0183802 A1).

 Regarding claim 3, Chickering-Grosser does not disclose: wherein receiving the authentication credentials comprises receiving security assertion markup language (SAML) formatted data representing the authentication credentials. However, Chickering-Grosser in view of Choyi discloses: wherein receiving the authentication credentials comprises receiving security assertion markup language (SAML) formatted data representing the authentication credentials.
Refer to at least [0276] of Choyi with respect to interchangeably using EPA, SAML, an d other authentication protocols.

Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Chickering-Grosser to further include support for SAML because the substitution of one known element for another would have yielded predictable results to one of ordinary skill in the art at the time (i.e., the form of login information / credentials which are used during authentication—which is already broadly disclosed by the cited portions of Chickering).

Regarding claim 16, it is substantially similar to claim 3 above, and is therefore likewise rejected. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to VADIM SAVENKOV whose telephone number is (571)270-5751.  The examiner can normally be reached on 12PM-8PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469) 295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


/Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432                                                                                                                                                                                                        




/V.S/Examiner, Art Unit 2432