DETAILED ACTION
1.	This action is responsive to communications regarding the applicant’s amendments and arguments, filed on 07/27/2021.
2.	Claims 14-20 have been canceled  
3. 	Claims 1-13 are pending.
Notice of Pre-AIA  or AIA  Status
4. 	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Response to Arguments and Amendments
5.	Applicant’s arguments, see page 2-3 on remarks, filed 07/27/2021, with respect to the rejection(s) of claim(s) 1-13 under 103 rejections have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Zhang Chao (US 9628937).
6.	Applicant’s arguments filed on 07/27/2021, with respect to the 35 U.S.C 112 second paragraph rejections of claims 1-3, 6-13 have been fully considered and persuasive. Therefore, the rejections of claims 1-3, 6-13 have been withdrawn.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

s 1, 6, 9, 12 rejected under 35 U.S.C 103 as being unpatentable over David Gross (US 20160366586), in view of Zhang Chao (US 9628937),hereinafter Chao. 

Regarding claim 1:
Gross discloses detecting a rogue network device that is in a link between a first network device and a second network device and is passing packets over the link transparently at a physical layer, the method comprising: obtaining physical layer characteristics of the link between the first network device and the second network device consider electrical systems that transmit and receive electrical signals between sending and receiving devices by way of conductive media (Gross, paragraph 37), and detection sensor 1604b can further comprise a spectral analyzer circuit for performing spectral analysis on the reflected waves. The spectral data generated by the spectral analyzer circuit can be compared with spectral profiles via pattern recognition, an expert system, curve fitting, matched filtering or other artificial intelligence, classification or comparison technique to identify a type of disturbance based on, for example, the spectral profile that most closely matches the spectral data (Gross, paragraph 148), wherein the physical layer characteristics are based on physical transmission over the link and are protocol independent; analyzing the physical layer characteristics of the link; and detecting the rogue network device based on a mismatch in the analyzed physical layer characteristics the noise sensor 1604d can also detect how noise affects transmissions by measuring transmission metrics such as bit error rate, packet loss rate, jitter, packet retransmission requests, etc. The noise sensor 1604d can report to the network management system 1601 by way of the base station 1614 the identity of noise sources, their time of occurrence, and transmission metrics, among other things (Gross, paragraph 151), and further all types of intrusion attempts can be detected and blocked according to the fingerprint authentication since the fingerprint(s) of unauthorized devices (e.g., 1806C, D) would not match any known authorized device (Gross, paragraph 184).
	However, Gross fails to disclose measuring expected physical layer characteristics between the first network device and the second device without the rouge network device on the link there between; 
	Chao teaches detection program 200 analyzes suspicious state list 126 for the unauthorized identifier (e.g., identifier 142) that appears in multiple connections with multiple state changes occurring over time. For example, unauthorized device detection program 200 determines identifier 152 is present in connections related to identifier 162 and identifier 172 within suspicious state list 126. Identifier 152 is a common element between the transitional anomalies and incurs changes to the multiple states over time. Therefore, unauthorized device detection program 200 identifies identifier 152 is associated with unauthorized beacon 140; and therefore, includes detections of identifier 142 duplicating identifier 152, which results in erroneous data. In some other embodiment, unauthorized device detection program 200 combines the frequency of occurrence with multiple state changes to determine that identifier 142 is unauthorized (Chao, column 13, [lines 1-15]). Examiner interprets identifier 152 is rouge network and erroneous data is mismatch data.  Unauthorized device detection program 200 compares moving device state trajectory map 124 to baseline state trajectory map 122 and creates suspicious state list 126, from which unauthorized device detection program 200 ultimately determines unauthorized beacon 140. It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Chao with that of Gross in order to identifying unauthorized wireless personal area network low energy devices.

Regarding claim 6:
Gross discloses wherein the method is performed by the first network device as a master network device and the obtaining comprises the second network device as a slave network device providing associated physical layer characteristics to the first network device  FIG. 18A, fingerprint authentication of a wireless device 1806A by a network device 1806B is illustrated. In an initial secured connection, network device 1806B can store a fingerprint F.sub.A of the transceiver noise at A (n.sub.A(t)). This transceiver noise in the aforementioned signal disturbance can be due to the small imperfections of otherwise identical transceivers. The fingerprint F.sub.A can be obtained using various techniques including analyzing the received signal (e.g., from the wireless device 1806A) in a controlled environment (Gross, paragraph 182), and further  the comparing of the measured fingerprint to the expected fingerprint can detect that two of three network devices match the expected fingerprint , the authentication request can be transmitted to the third network device without requesting authentication of the first and second network devices, determined which network devices are causing the mismatch between the measured and expected fingerprint (Gross, paragraph 205). Examiner interprets that the third network device is master device and first and second device are slave devices.


Regarding claim 9:
Claim 9 is rejected under the same reason set forth in rejection of claim 1.

Regarding claim 12:
Claim 12 is rejected under the same reason set forth in rejection of claim 6.

8.	Claims 7 and 13 rejected under 35 U.S.C 103 as being unpatentable over David Gross (US 20160366586), in view of Zhang Chao (US 9628937), and further in view of Ryon Coleman (US 7295831), hereinafter Coleman.  

	Regarding claim 7:
Gross discloses wherein the method is performed by the first network device as a master network device and the obtaining comprises the second network device modifying associated physical layer characteristics on a transmitter interface to the first network device the comparing of the measured fingerprint to the expected fingerprint can detect that two of three network devices match the expected fingerprint , the authentication request can be transmitted to the third network device without requesting authentication of the first and second network devices, determined which network devices are causing the mismatch between the measured and expected fingerprint  computing and communications., mechanisms that provide such integrity check based on a secret key are called “message authentication codes” (MAC). Typically, message authentication codes are used between two parties that share a secret key in order to validate information transmitted between these parties (Coleman, column 7, [lines 10-16]). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Gross with that off Coleman in order to preventative measures to effectively protect wireless networks.

Regarding claim 13:
Claim 13 is rejected under the same reason set forth in rejection of claim 7.

9.	Claims 7 and 13 rejected under 35 U.S.C 103 as being unpatentable over David Gross (US 20160366586), in view of Zhang Chao (US 9628937), and further in view of Robert Whelan (US 7965842), hereinafter Whelan.

Regarding claim 8:
Gross discloses subsequent to detecting the rogue network device types of intrusion attempts can be detected and blocked according to the fingerprint authentication since the fingerprint(s) of unauthorized devices (e.g., 1806C, D) would not match any known authorized device (Gross, paragraph 184), but fail to disclose switching traffic between the first network device and the second network device to another link. However, Whelan teaches the network monitor may also attempt to disable communications between the network and the rogue access point from the network in step 250. In one embodiment, the monitor changes the MAC address filter settings on the rogue access point to exclude all MAC addresses, effectively preventing the use on the rogue access point on the network. In another embodiment, the monitor changes the routing table settings of network devices Such as routers or Switches to prevent network traffic to and from the rogue access point and thereby minimize the risk to the network (Whelan, column 7, [lines 6-16]). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Gross with that of Whelan in order to minimize the risk to the network.

10.	Claims 2-3, 10-11 rejected under 35 U.S.C 103 as being unpatentable over David Gross (US 20160366586), in view of Zhang Chao (US 9628937), and further in view of Suman Jana (US 9049225), hereinafter Jana.

Regarding claim 2:
	Gross discloses detecting mismatch in the physical layer characteristics the noise sensor 1604d can also detect how noise affects transmissions by measuring transmission metrics such as bit error rate, packet loss rate, jitter, packet retransmission requests, etc. The noise sensor 1604d can report to the network management system 1601 by way of the base station 1614 the identity of noise sources, their time of occurrence, and transmission metrics, among other things (Gross, paragraph 151), but fails to disclose introduced in clock frequency and jitter. Jana teaches detection of fake and unauthorized APs in all the above cases. Since the corresponding fingerprint is based on a physical characteristics of the AP (i.e., the clock skew), embodiments of the present invention can detect MAC, BSSID and SSID spoofing, whether the authorized AP is active or not (Jana, column 5, [lines 16-24]), and further the beacon packets are sent all the time and at a fast rate (e.g., 10 to 100 times in a second) compared to the TCP segments that are sent at rates that are controlled by the application generating them. Furthermore, the resolution of TSF clocks is in microseconds, which is much higher than the millisecond resolution of the TCP/ICMP timestamps. Another advantage of the present invention is that it remains unaffected by unpredictable network delays (Jana, column 6, [lines 15-24]). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Gross with that of Jana in order to detect unauthorized wireless access points and avoid malicious attackers (Jana, column 1, [lines 40-45]).


	 Gross discloses wherein the mismatch in the physical layer characteristics comprise one of noise the noise sensor 1604d can also detect how noise affects transmissions by measuring transmission metrics such as bit error rate, packet loss rate, jitter, packet retransmission requests, etc. The noise sensor 1604d can report to the network management system 1601 by way of the base station 1614 the identity of noise sources, their time of occurrence, and transmission metrics, among other things (Gross, paragraph 151), but fails to disclose wherein the physical layer characteristics comprise noise introduced in clock frequency of Ethernet Equipment Clocks (EECs) and the first network device and the second network device Utilize Synchronous Ethernet (SynceE). Jana teaches the clock skew of an AP is calculated from the IEEE 802.11 Time Synchronization Function (TSF) timestamps sent out in the beacon/probe response frames. Two different methods for calculating clock skews are described—one based on linear programming and the other based on least square fit. In embodiments of the present invention, a clock skew of a wireless local area network access point (AP) is used as its fingerprint to detect unauthorized APs quickly and accurately. The main goal behind using clock skews is to overcome one of the major limitations of existing Solutions—the inability to effectively detect Medium Access Control (MAC) address spoofing. The clock skew of an AP is calculated from the IEEE 802.11 Time Synchronization Function (TSF) timestamps sent out in the beacon/probe response frames (Jana, column 2, [lines 29-44]). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Gross with that of Jana  in order to detecting unauthorized wireless access points and avoid malicious attackers (Jana, column 1, [lines 40-45]).

Regarding claim 10:
Claim 10 is rejected under the same reason set forth in rejection of claim 2.

Regarding claim 11:
Claim 11 is rejected under the same reason set forth in rejection of claim 3.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. Any inquiry concerning this communication from the examiner should be directed to Thanh Le whose telephone number is 571-272-8556. The examiner can normally be reached on Monday-Friday 8:00a.m to 5p.m. EST If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor Nickerson Jeffrey L can be reached on (469) 295-9235.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either obtained from either Private PAIR or Public PAIR. Status information for unpublished application is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov . Should you have question on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automatic information system, call 800-786-9199 (In USA or CANADA) or 571-272-1000.
/THANH H LE/Examiner, Art Unit 2432                                                                                                                                                                                                        
/Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432