DETAILED ACTION

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA  35 U.S.C 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 7/17/2021 has been entered.

Response to Arguments 
Applicant’s arguments, see Applicant’s response, filed 09/17/2021, with respect to the rejection(s) of claim(s) 1-20 under 35 U.S.C. 103 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1-5, 10, 11, 12 are rejected under 35 U.S.C. 103 as being unpatentable over Savelle (US 20200136937 A1) in view of Kunisetty (US 20180189046 A1), further in view of Diaz-Cuellar (US 20200162346 A1), and further in view of Chen (US 20210120010 A1). 
Regarding Claim 1

Savalle teaches:

A computing apparatus, comprising: a hardware platform comprising a processor and a memory; 

a network interface to communicatively couple to a network (¶51 FIG. 4 is a device classification service 408 that may be hosted on one or more of networking devices 406 (networking interface coupled to the network); and 

a network gateway engine to identify devices on the network (¶51 identify the device type 412 of endpoint device 402), the network gateway engine comprising instructions encoded within the memory to instruct the processor to provide two-phase identification for a device, comprising: a static identification phase comprising applying, upon newly identifying the device, discovery probes to the device ( ¶54 ¶66 ¶63 service may even trigger active scanning of the network and SNMP scanning (static identification phase), to retrieve the MAC address of the device or other types of information.  probes allows for the gathering of a rich set of information that can be used for device profiling (probing for information after the scanning) A degree of confidence can also be assigned to any such device type classifications, ¶64 dynamic device profiling (phase two identification), ¶66 Whenever a device is seen for the first time (e.g., as identified by a primary key such as a MAC or IP (using the static identification phase)), report telemetry data for that device for a fixed duration of time (dynamic identification phase).; and 

a dynamic identification phase comprising collecting network telemetry for the device over time (¶65-66 Whenever a device is seen for the first time (e.g., as identified by a primary key such as a MAC or IP (using the static identification phase)), report telemetry data for that device for a fixed duration of time (dynamic identification phase) and
 








analyzing the collected network telemetry to determine if the network telemetry is consistent with an expected network usage for the device; 

the instructions further to, based at least in part on determining that the network telemetry is inconsistent with the expected network usage for the device, determine that the device is a candidate deceptive device, and take a security action against the candidate deceptive device. 


Kunisetty teaches:

analyzing the collected network telemetry to determine if the network telemetry is consistent with an expected network usage for the device (¶90 historical telemetry from client devices, as stored in the historical data database (113), to monitor expected performance of client devices).

Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Savalle in light of Kunisetty in order to monitor expected performance of client devices to be updated against actual results occurring when a particular batch is updated (Kunisetty ¶90).
Savalle-Kunisetty does not teach:

Savalle-Kunisetty does not teach:

the instructions further to, based at least in part on determining that the network telemetry is inconsistent with the expected network usage for the device, determine that the device is a candidate deceptive device, and take a security action against the candidate deceptive device. 

Diaz-Cuellar teaches:

the instructions further to, based at least in part on determining that the network telemetry is inconsistent with the expected network usage for the device, determine that the device is a candidate deceptive device (¶53 an IoT device may be battery powered and connected to the service provider using a radio link to supply telemetry data, service provider to deploy resources based on known and predictable traffic patterns.  Data traffic that is outside the predicted pattern can indicate to the service provider that the computing device may be malfunctioning or have been compromised by a 
malicious actor), and
Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Savalle-Kunisetty in light of Diaz-Cuellar in order to enable customers and the cloud-based service provider to effectively manage resources (Diaz-Cuellar ¶53).

Savalle-Kunisetty-Diaz-Cuellar does not teach:

take a security action against the candidate deceptive device. 


Chen teaches:

take a security action against the candidate deceptive device (¶38 security server system 140 may consider whether a client computing device 102 is a compromised device when determining whether to extend a session between an authenticated user on the client computing device 102 and the web server). 
Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Savalle-Kunisetty-Diaz-Cuellar in light of Chen in order to provide techniques for security measures for extended sessions based on collected telemetry data that is used to ensure one or more security factors are met (Chen ¶23).


Regarding Claim 2

Savalle-Kunisetty-Diaz-Cuellar-Chen teaches:

 The computing apparatus of claim 1.

Savalle teaches:

The computing apparatus of claim 1, wherein the network gateway engine is a home gateway engine, and wherein the network is a home network (¶15 local area networks (LANs), ¶51 FIG. 4 is a device classification service 408 (gateway engine) that may be hosted on one or more of networking devices 406 to identify the device type 412 of endpoint device 402).
Regarding Claim 3

Savalle-Kunisetty-Diaz-Cuellar-Chen teaches:

 The computing apparatus of claim 1.

Savalle teaches:

The computing apparatus of claim 1, wherein the instructions are further to determine that the device has provided a certified identification, and to forego the two-phase identification (¶52 classification of endpoint device 402 by service 408 can also, in some embodiments, be of varying specificity, depending on the telemetry data 410 available to service 408 and/or its degree of confidence in a particular classification, device classification service 408 may determine, with a high degree of confidence, that endpoint device 402 is an Apple iPhone, ¶86 telemetry data collection which can be governed by various factors such as a confidence measurement for the device type classifier of device classification 
service 408).

Regarding Claim 4

Savalle-Kunisetty-Diaz-Cuellar-Chen teaches:

 The computing apparatus of claim 1.

Savalle teaches:

The computing apparatus of claim 1, wherein the instructions are further to reconcile results from the static identification phase and the dynamic identification phase (¶52 device classification service 408 may determine, with a high degree of confidence, that endpoint device 402 is an Apple iPhone, but may or may not be able to determine whether device 402 is an 
iPhone 5s or an iPhone 6, ¶63 service may even trigger active scanning of the network and SNMP scanning (static identification phase), to retrieve the MAC address of the device or other types of information.  probes allows for the gathering of a rich set of information that can be used for device profiling, A degree of confidence can also be assigned to any such device type classifications, ¶64 dynamic device profiling (phase two identification), ¶66 Whenever a device is seen for the first time (e.g., as identified by a primary key such as a MAC or IP (using the static identification phase)), report telemetry data for that device for a fixed duration of time (dynamic identification phase) .

Regarding Claim 5

Savalle-Kunisetty-Diaz-Cuellar-Chen teaches:

 The computing apparatus of claim 4.

Savalle teaches:

 The computing apparatus of claim 4, wherein reconciling comprises determining that the static identification phase yielded no result or a low- confidence result, and applying results from the dynamic identification phase (¶52 classification of endpoint device 402 by service 408 can also, in some embodiments, be of varying specificity, depending on the telemetry data 410 available to service 408 and/or its degree of confidence in a particular classification, device classification service 408 may determine, with a high degree of confidence, that endpoint device 402 is an Apple iPhone, ¶63 degree of confidence can also be assigned to any such device type classifications, ¶46 the telemetry reporting mechanism may further control the reporting, based on the nature of telemetry, volume of data, duration of data collection according to the confidence of classification).

Regarding Claim 10

Savalle-Kunisetty-Diaz-Cuellar-Chen teaches:

 The computing apparatus of claim 1.

Savalle teaches:

 The computing apparatus of claim 1, wherein the instructions are further to periodically renew the dynamic identification phase (¶65 Once the initial observation period has elapsed, telemetry data for that device can be dropped for a much longer duration (e.g., 6 hours, one or more days, etc.), ¶46 the telemetry reporting mechanism may further control the reporting, based on the nature of telemetry, volume of data, duration of data collection according to the confidence of classification).
Regarding Claim 11

Savalle-Kunisetty-Diaz-Cuellar-Chen teaches:

 The computing apparatus of claim 1.

Savalle teaches:

 The computing apparatus of claim 1, wherein the static identification phase comprises a probe selected from the group consisting of multicast domain name server (mDNS), universal plug and play (UPnP), hypertext transfer protocol (HTTP) user agent, and dynamic host configuration protocol (DHCP) parameter request list option 55 (¶54 device type classification can be achieved by using active and/or passive probing of devices, to assign a device type and corresponding host profile to a device ¶55 DHCP probes).

Regarding Claim 12

Savalle-Kunisetty-Diaz-Cuellar-Chen teaches:

 The computing apparatus of claim 1.

Savalle teaches:

The computing apparatus of claim 1, wherein the dynamic identification phase comprises monitoring domains visited or traffic patterns (¶65 telemetry data 410 to device classification service 408 for ingestion: [0066] Whenever a device is seen for the first time (e.g., as identified by a primary key such as a MAC or IP), report telemetry data for that device for a fixed duration of time (e.g., one hour, etc.).  This includes all traffic, flows, or packet data).






s 13-20 are rejected under 35 U.S.C. 103 as being unpatentable over Savelle (US 20200136937 A1) in view of Mermoud (US 20200344203 A1), further in view of Diaz-Cuellar (US 20200162346 A1), and further in view of Chen (US 20210120010 A1).  
Regarding Claim 13
Savalle teaches:

 One or more tangible, non-transitory computer-readable storage media having stored thereon executable instructions to: connect to a home network (¶51 FIG. 4 is a device classification service 408 that may be hosted on one or more of networking devices 406 (networking interface coupled to the network); 

perform a first-stage identification of  a device, the first-stage identification comprising, upon newly identifying the device, active probing of the device ¶66 Whenever a device is seen for the first time (e.g., as identified by a primary key such as a MAC or IP (using the static identification phase)), report telemetry data for that device for a fixed duration of time (dynamic identification phase); perform a second-stage identification of the device, the second- stage identification comprising passive monitoring of the device's network traffic ¶66 Whenever a device is seen for the first time (e.g., as identified by a primary key such as a MAC or IP (using the static identification phase)), report telemetry data for that device for a fixed duration of time (dynamic identification phase); 

Savalle does not teach:

reconciling the first-stage identification with the second-stage identification; and assigning a device identification to the device according to the reconciling.

Mermoud teaches:

reconciling the first-stage identification with the second-stage identification (¶75 MAC update detector 506 may select the one with the highest probability score or the lowest uncertainty, as determined by the classifier, device labeler 504 previously labeled the device as being an iPhone (first stage identification), under its previous MAC address, MAC update detector 506 may also associate this device type label with its new MAC address (second stage identification));

assigning a device identification to the device according to the reconciling (¶75 MAC update detector 506 may select the one with the highest probability score or the lowest uncertainty, as determined by the classifier, device labeler 504 previously labeled the device as being an iPhone (first stage identification), under its previous MAC address, MAC update detector 506 may also associate this device type label with its new MAC address (second stage identification)).
Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Savalle- in light of Mermoud in order to provide reliable tracking of devices in a network that is critical for purposes of device type classification, policing, and network security (Mermoud ¶5).

Savalle-Mermoud does not teach:

the instructions further to, based at least in part on determining that the device's network traffic is inconsistent with an expected network usage for the device, determine that the device is a candidate deceptive device, and take a security action against the candidate deceptive device.

Diaz-Cuellar teaches:

the instructions further to, based at least in part on determining that the device's network traffic is inconsistent with an expected network usage for the device, determine that the device is a candidate deceptive device (¶53 an IoT device may be battery powered and connected to the service provider using a radio link to supply telemetry data, service provider to deploy resources based on known and predictable traffic patterns.  Data traffic that is outside the predicted pattern can indicate to the service provider that the computing device may be malfunctioning or have been compromised by a 
malicious actor), and
Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Savalle-Kunisetty in light of Diaz-Cuellar in order to enable customers and the cloud-based service provider to effectively manage resources (Diaz-Cuellar ¶53), and

Savalle-Mermoud-Diaz-Cuellar does not teach:

take a security action against the candidate deceptive device.

Chen teaches:

the instructions further to, upon determining that the device's network traffic is inconsistent with an expected network usage for the device, determine that the device is a candidate compromised device, and take a security action against the candidate compromised device (¶23 techniques for security measures for extended sessions ¶38 security server system 140 may consider whether a client computing device 102 is a compromised device when determining whether to extend a session between an authenticated user  (determining to take security action), he security server system 140 may 
find indicia of compromise when evaluating telemetry data collected at the 
client computing device 102.  An indicia of compromise indicates a security 
risk associated with the client computing device 102, ¶40, 41-42, 58, 105). 
Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Savalle-Mermoud-Diaz-Cuellar in light of Chen in order to provide techniques for security measures for extended sessions based on collected telemetry data that is used to ensure one or more security factors are met (Chen ¶23)

Regarding Claim 14

Savalle-Mermoud-Diaz-Cuellar-Chen teaches:

 The computing apparatus of claim 13.

Savalle teaches:
 The one or more tangible, non-transitory computer-readable media of claim 13, wherein the instructions are further to assign a confidence score to the device identification (¶46 the telemetry reporting mechanism may further 
control the reporting, based on the nature of telemetry, volume of data, 
duration of data collection according to the confidence of classification ¶52degree of confidence in a particular classification).

Regarding Claim 15

Savalle-Mermoud-Diaz-Cuellar-Chen teaches:

 The one or more tangible, non-transitory computer-readable media of claim 13.


The one or more tangible, non-transitory computer-readable media of claim 13, wherein the device identification comprises a {type, manufacturer, model} tuple (¶34 device classification process 248 may assess captured telemetry data regarding one or more traffic flows involving the device, to determine the device type associated with the device).

Regarding Claim 16

Savalle-Mermoud-Diaz-Cuellar-Chen teaches:

 The one or more tangible, non-transitory computer-readable media of claim 13.

Savalle teaches:

The one or more tangible, non-transitory computer-readable media of claim 13, wherein the first-stage identification comprises pattern matching (¶35 Device classification process 248 may employ any number of machine learning techniques, to classify the gathered telemetry data and apply a device 
type label to a device associated with the traffic.  In general, machine 
learning is concerned with the design and the development of techniques that receive empirical data as input (e.g., telemetry data regarding traffic in the network) and recognize complex patterns in the input data (pattern matching)).

Regarding Claim 17

Savalle-Mermoud-Diaz-Cuellar-Chen teaches:

 The one or more tangible, non-transitory computer-readable media of claim 13.

Savalle teaches:
 The one or more tangible, non-transitory computer-readable media of claim 13, wherein the first-stage identification comprises machine learning (¶35 Device classification process 248 may employ any number of machine learning techniques, to classify the gathered telemetry data and apply a device 
type label to a device associated with the traffic ¶64 device classification service 408 may use machine learning to train and update a machine learning-based classifier able to learn and classify new devices types that a network may encounter).
Regarding Claim 18
Savalle teaches:

A computer-implemented method, comprising: detecting a device on a home network (¶66 Whenever a device is seen for the first time (e.g., as identified by a primary key such as a MAC or IP (using the static identification phase)), report telemetry data for that device for a fixed duration of time (dynamic identification phase); 

deriving a static identification for the device, comprising, upon newly identifying the device, active probing of the unidentified device (¶66 ¶63 service may even trigger active scanning of the network and SNMP scanning (static identification phase), to retrieve the MAC address of the device or other types of information.  probes allows for the gathering of a rich set of information that can be used for device profiling, A degree of confidence can also be assigned to any such device type classifications); 


assigning the device a provisional identity based on the static identification (¶52 degree of confidence in a particular classification, device classification service 408 may determine, with a high degree of confidence, that endpoint device 402 is an Apple iPhone (provisional identity)).; 

deriving a dynamic identification for the device, comprising passive longer-term monitoring of network traffic patterns for the device (¶64 dynamic device profiling (phase two identification), ¶66 Whenever a device is seen for the first time (e.g., as identified by a primary key such as a MAC or IP (using the static identification phase)), report telemetry data for that device for a fixed duration of time (dynamic identification phase); reconciling the provisional identity with the dynamic identification (¶64 dynamic device profiling (phase two identification), ¶66 Whenever a device is seen for the first time (e.g., as identified by a primary key such as a MAC or IP (using the static identification phase)), report telemetry data for that device for a fixed duration of time (dynamic identification phase); 

Savalle does not teach:

assigning the device a reconciled identity; and 

assigning the device a security status based on the reconciled identity.


assigning the device a reconciled identity (¶75 MAC update detector 506 may select the one with the highest probability score or the lowest uncertainty, as determined by the classifier, device labeler 504 previously labeled the device as being an iPhone (first stage identification), under its previous MAC address, MAC update detector 506 may also associate this device type label with its new MAC address (second stage identification)); and 

assigning the device a security status based on the reconciled identity (¶75 MAC update detector 506 may select the one with the highest probability score or the lowest uncertainty, as determined by the classifier, device labeler 504 previously labeled the device as being an iPhone (first stage identification), under its previous MAC address, MAC update detector 506 may also associate this device type label with its new MAC address (second stage identification)).
Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Savalle- in light of Mermoud in order to provide reliable tracking of devices in a network that is critical for purposes of device type classification, policing, and network security (Mermoud ¶5).

Savalle-Mermoud does not teach:

the instructions further to, based at least in part on determining that the device's network traffic is inconsistent with an expected network usage for the device, determine that the device is a candidate deceptive device, and take a security action against the candidate deceptive device.

Diaz-Cuellar teaches:

the instructions further to, based at least in part on determining that the device's network traffic is inconsistent with an expected network usage for the device, determine that the device is a candidate deceptive device (¶53 an IoT device may be battery powered and connected to the service provider using a radio link to supply telemetry data, service provider to deploy resources based on known and predictable traffic patterns.  Data traffic that is outside the predicted pattern can indicate to the service provider that the computing device may be malfunctioning or have been compromised by a 
malicious actor), and
(Diaz-Cuellar ¶53), and

Savalle-Mermoud-Diaz-Cuellar does not teach:

take a security action against the candidate deceptive device.

Chen teaches:

the instructions further to, upon determining that the device's network traffic is inconsistent with an expected network usage for the device, determine that the device is a candidate compromised device, and take a security action against the candidate compromised device (¶23 techniques for security measures for extended sessions ¶38 security server system 140 may consider whether a client computing device 102 is a compromised device when determining whether to extend a session between an authenticated user  (determining to take security action), he security server system 140 may 
find indicia of compromise when evaluating telemetry data collected at the 
client computing device 102.  An indicia of compromise indicates a security 
risk associated with the client computing device 102, ¶40, 41-42, 58, 105). 
Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Savalle-Mermoud-Diaz-Cuellar in light of Chen in order to provide techniques for security measures for extended sessions based on collected telemetry data that is used to ensure one or more security factors are met (Chen ¶23)

Regarding Claim 19

Savalle-Mermoud-Diaz-Cuellar-Chen teaches:

 The method of claim 18.

Savalle teaches:
The method of claim 18, further comprising assigning a confidence score to the reconciled identity (¶52 degree of confidence in a particular classification, device classification service 408 may determine, with a high degree of confidence, that endpoint device 402 is an Apple iPhone).

Regarding Claim 20

Savalle-Mermoud-Diaz-Cuellar-Chen teaches:

 The method of claim 18.

Savalle teaches:
 The method of claim 18, further comprising periodically renewing the dynamic identification (¶65 Once the initial observation period has elapsed, telemetry data for that device can be dropped for a much longer duration (e.g., 6 hours, one or more days, etc.), ¶46 the telemetry reporting mechanism may further control the reporting, based on the nature of telemetry, volume of data, duration of data collection according to the confidence of classification).

Claims 6-9 are rejected under 35 U.S.C. 103 as being unpatentable over Savalle-Kunisetty-Diaz-Cuellar-Chen as applied to claim 1 above, and further in view of Mermoud (US 20200344203 A1). 
Regarding Claim 6

Savalle-Kunisetty-Diaz-Cuellar-Chen teaches:

 The computing apparatus of claim 4.

Savalle-Kunisetty-Diaz-Cuellar-Chen does not teach:

The computing apparatus of claim 4, wherein reconciling comprises determining that the static identification phase yielded inconsistent results, determining that at least one result from the dynamic identification phase matches at least one of the inconsistent results, and selecting the at least one matching result.

Mermoud teaches:
The computing apparatus of claim 4, wherein reconciling comprises determining that the static identification phase yielded inconsistent results, determining that at least one result from the dynamic identification phase matches at least one of the inconsistent results, and selecting the at least one matching result (¶75 MAC 
update detector 506 may select the one with the highest probability score or the lowest uncertainty, as determined by the classifier, device labeler 504 previously labeled the device as being an iPhone, under its previous MAC address, MAC update detector 506 may also associate this device type label with its new MAC address).
Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Savalle-Kunisetty-Diaz-Cuellar-Chen in light of Mermoud in order to provide reliable tracking of devices in a network that is critical for purposes of device type classification, policing, and network security (Mermoud ¶5).

Regarding Claim 7

Savalle-Kunisetty-Diaz-Cuellar-Chen -Mermoud teaches:

 The computing apparatus of claim 4.

Mermoud teaches:

The computing apparatus of claim 4, wherein reconciling comprises determining that the static identification phase yielded inconsistent results, determining that no results from the dynamic identification phase match any of the inconsistent results, and marking the device as suspicious (¶75 if device labeler 504 previously labeled the device as being an iPhone, under its previous MAC address, MAC update detector 506 may also associate this device type label with its new MAC address.  Similarly, any access or other security policies that may have been associated with the device prior to its MAC address update may be propagated to its new MAC address, as well.  This is particularly important for security and policy services which rely on accurate tracking of devices for their proper functioning).
Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Savalle-Kunisetty-Diaz-Cuellar-Chen in light of Mermoud in order to provide reliable tracking of devices in a network that is critical for purposes of device type classification, policing, and network security (Mermoud ¶5).

Regarding Claim 8

Savalle-Kunisetty-Diaz-Cuellar-Chen -Mermoud teaches:

 The computing apparatus of claim 4.


 The computing apparatus of claim 4, wherein reconciling comprises determining that the static identification phase yielded consistent and high- confidence results, determining that the dynamic identification phase yielded high-confidence results that substantially match the consistent and high-confidence results of the static identification phase, and marking the device as trusted suspicious (¶75 if device labeler 504 previously labeled the device as being an iPhone, under its previous MAC address, MAC update detector 506 may also associate this device type label with its new MAC address.  Similarly, any access or other security policies that may have been associated with the device prior to its MAC address update may be propagated to its new MAC address, as well.  This is particularly important for security and policy services which rely on accurate tracking of devices for their proper functioning).
Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Savalle-Kunisetty-Diaz-Cuellar-Chen in light of Mermoud in order to provide reliable tracking of devices in a network that is critical for purposes of device type classification, policing, and network security (Mermoud ¶5).


Regarding Claim 9

Savalle-Kunisetty-Diaz-Cuellar-Chen -Mermoud teaches:

 The computing apparatus of claim 4.

Mermoud teaches:
The computing apparatus of claim 4, wherein reconciling comprises determining that the static identification phase yielded consistent and high- confidence results, determining that the dynamic identification phase yielded high-confidence results that do not match the consistent and high- confidence results of the static identification phase, and marking the device as suspicious (¶75 if device labeler 504 previously labeled the device as being an iPhone, under its previous MAC address, MAC update detector 506 may also associate this device type label with its new MAC address.  Similarly, any access or other security policies that may have been associated with the device prior to its MAC address update may be propagated to its new MAC address, as well.  This is particularly important for security and policy services which rely on accurate tracking of devices for their proper functioning).
(Mermoud ¶5).


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to OLUWATOSIN M GIDADO whose telephone number is (571)272-4227.  The examiner can normally be reached on Monday -Friday 8:00 - 4:30 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar Louie can be reached on (571) 270-1684.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

/OLUWATOSIN M GIDADO/Examiner, Art Unit 2445                                                                                                                                                                                                        
/OSCAR A LOUIE/Supervisory Patent Examiner, Art Unit 2445                                                                                                                                                                                                        09/29/2021