DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Summary
This action is a responsive to the amendment filed on 07/27/2021.
Claims 1-20 are pending and have been examined.
Claims 1-20 are rejected.

Response to Arguments
Rejection of Claims under 35 USC 103
Applicant’s Response:
	Applicant submits that the cited references fail to teach the newly added limitations of:
•	“wherein the device comprises a profile connection and is determined to be untrusted upon a determination that the profile connection does not match stored profile connection information associated with the switch port”

Examiner’s Response:
Applicant’s arguments with respect to claims 1, 10 and 16 have been considered but are moot because the arguments are directed to amended subject matter properly addressed with the newly cited reference of Isola et al. (US 20200014692 A1).


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1-3, 7-12 and 14-18 are rejected under 35 U.S.C. 103 as being unpatentable over Isola et al. (US 20200137055 A1) and further in view of Bomhoff et al. (US 20050201292 A1) and Isola et al. (US 20200014692 A1, hereinafter Isola’692).

As to claim 1, Isola et al. teaches a system to facilitate protection of a switch port, comprising: a processor (See ¶ [0034], Teaches that the NAS comprises a processor, a memory, and a network interface); 
determine whether a switch port neighbor device coupled to the switch port is trusted (See ¶ [0079], [0084], Teaches that the NAS determines whether the determined device type category corresponds with a blacklisted device. The NAS determines that the determined device type category corresponds with an approved device and proceeds), 
set a status of the switch port as failed upon a determination that the switch port is untrusted (See ¶¶ [0079]-[0080], Teaches that the NAS proceeds to step 654 in response to determining that the determined device type category corresponds with a blacklisted device type. At step 654, the NAS sets the port status to a blocked state), 
block network traffic through the switch port (See ¶ [0080], Teaches that the NAS configures the port to block the endpoint device from accessing the network via the port connection). 
However, it does not expressly teach a non-transitory machine-readable medium storing instructions that, when executed, cause the processor to: detect a neighbor change event at a switch port of a network switch; wherein the device comprises a profile connection and is determined to be untrusted upon a determination that the profile connection does not match stored profile connection information associated with the switch port; and generate an alert indicating that untrusted switch port neighbor device is coupled to the switch port.
Bomhoff et al., from analogous art, teaches a non-transitory machine-readable medium storing instructions that, when executed, cause the processor to: detect a neighbor change event at a switch port of a network switch (See ¶ [0076], Teaches that when the detection module detects a new connection on the sub-network, the record module a connection request record that identifies the local network switch and the other connected network devices).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Bomhoff et al. into Isola et al. to detect and report new cable connections, as well as determining if the 
One of ordinary skill in the art would have been motivated because it allows one to detect and report new cable connections, as well as determining if the new cable connections are legal or valid connections according to one or more network cable connection rules (See Bomhoff et al. ¶ [0002]).
However, it does not expressly teach wherein the device comprises a profile connection and is determined to be untrusted upon a determination that the profile connection does not match stored profile connection information associated with the switch port; and generate an alert indicating that untrusted switch port neighbor device is coupled to the switch port.
Isola’692, from analogous art, teaches wherein the device comprises a profile connection and is determined to be untrusted upon a determination that the profile connection does not match stored profile connection information associated with the switch port (See ¶¶ [0068]-[0069], [0071] and Fig. 3, Teaches that the threat management server 112 receives device information for the endpoint device 106. At step 312, the threat management server 112 compares the received device information for the endpoint device 106 to the device information for the endpoint device 106 in the device log file 216. At step 314, the threat management server 112 determines whether the received device information for the endpoint device 106 and the device information for the endpoint device 106 in the device log file 216 are the same. In other examples, the threat management server 112 may compare any other information received for the endpoint device 106 with the information in the device log file 216. The threat management server 112 proceeds to step 316 when the received device information for the endpoint device 106 and the device information for the endpoint device 106 in the device log file 216 are the different. The information request may request a device identifier, a device category type, a device vendor, and/or any other suitable type of information about the endpoint device. At step 316, the threat management server 112 blocks the endpoint device 106 from accessing the communications network 102 in response to determining the received device information for the endpoint device 106 and the device information for the endpoint device 106 in the device log file 216 are the different); 
and generate an alert indicating that untrusted switch port neighbor device is coupled to the switch port (See ¶ [0076], Teaches that the threat management server 112 sends an alert identifying the endpoint device 106 in response to blocking the endpoint device 106 from accessing the communications network).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Isola’692 into the combination of Isola et al. and Bomhoff et al. to preemptively identify malicious network device before they perform malicious activities which limits their abilities to provide information security and to control and monitor data access within the network.
One of ordinary skill in the art would have been motivated because it allows one  to preemptively identify malicious network device before they perform malicious activities which limits their abilities to provide information security and to control and monitor data access within the network. (See Isola’692 ¶ [0004]).

As to claim 2, the combination of Isola et al. and Bomhoff et al. and Isola’692 teaches the system according to claim 1 above. Isola et al. further teaches wherein the determination that the switch port is untrusted comprises the processor to execute instructions to determine that a profile connection associated with the switch port neighbor device does not match profile connection information associated with the switch port (See ¶¶ [0070]-[0071], Teaches that the NAS proceeds to step 639 in response to determining that the received device type does not match an existing device type category in identity group information table. At step 639, the NAS sets the port status to a pending state. Here, the NAS configures the port to block the endpoint device from accessing the network until the endpoint device has been approved by a system administrator). 

As to claim 3, the combination of Isola et al. and Bomhoff et al. and Isola’692 teaches the system according to claim 1 above. Isola et al. further teaches wherein the switch port remains blocked until a trusted switch port neighbor device is coupled to the switch port (See ¶¶ [00071], [0062]-[0063], Teaches that the NAS configures the port to block the endpoint device from accessing the network until the endpoint device has been approved by a system administrator. The NAS proceeds to step 626 in response to determining that the MAC address is whitelisted. At step 626, the NAS sets the port status to an open state. Here, the NAS configures the port to allow the endpoint device to access the network via the port connection. The port remains blocked until the device is labeled trusted or a trusted device is coupled). 

As to claim 7, the combination of Isola et al. and Bomhoff et al. and Isola’692 teaches the system according to claim 1 above. Isola et al. further teaches wherein the processor sets the status of the switch port as deployed upon a determination that the switch port is trusted and permits network traffic through the switch port via the switch port neighbor device (See ¶¶ [0062]-[0063], Teaches that the NAS proceeds to step 626 in response to determining that the MAC address is whitelisted. At step 626, the NAS sets the port status to an open state. Here, the NAS configures the port to allow the endpoint device to access the network via the port connection). 

As to claim 8, the combination of Isola et al. and Bomhoff et al. and Isola’692 teaches the system according to claim 7 above. Isola et al. further teaches wherein determining that the switch port is trusted comprises the processor to execute instructions to determine that a profile connection associated with the switch port neighbor device matches profile connection information associated with the switch port (See ¶¶ [0062]-[0063], Teaches that the NAS proceeds to step 626 in response to determining that the MAC address is whitelisted. At step 626, the NAS sets the port status to an open state. Here, the NAS configures the port to allow the endpoint device to access the network via the port connection). 

As to claim 9, the combination of Isola et al. and Bomhoff et al. and Isola’692 teaches the system according to claim 1 above. However, it does not expressly teach wherein detecting the neighbor change event comprises detecting a cable attached to the switch port.
Bomhoff et al., from analogous art, teaches wherein detecting the neighbor change event comprises detecting a cable attached to the switch port (See ¶¶ [0063], [0007], Teaches that the detection module, in one embodiment, is configured to detect a new connection at the network switch. In a further embodiment, the detection module may be configured to determine if the detected new connection is a switch connection (the remote termination of the newly connected cable is connected to another network switch) or a non-switch connection (the remote termination is connected to a HBA, a master node, or a passive node)).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Bomhoff et al. into the combination of Isola et al. and Bomhoff et al. and Isola’692 to detect and report new cable connections, as well as determining if the new cable connections are legal or valid connections according to one or more network cable connection rules.
One of ordinary skill in the art would have been motivated because it allows one to detect and report new cable connections, as well as determining if the new cable connections are legal or valid connections according to one or more network cable connection rules (See Bomhoff et al. ¶ [0002]).

As to claim 10, Isola et al. teaches a method to facilitate protection of a switch port, comprising: determining whether a switch port neighbor device coupled to the switch port is trusted (See ¶ [0079], [0084], Teaches that the NAS determines whether the determined device type category corresponds with a blacklisted device. The NAS determines that the determined device type category corresponds with an approved device and proceeds), 
setting a status of the switch port as failed upon a determination that the switch port is untrusted (See ¶¶ [0079]-[0080], Teaches that the NAS proceeds to step 654 in response to determining that the determined device type category corresponds with a blacklisted device type. At step 654, the NAS sets the port status to a blocked state), 
blocking network traffic through the switch port in response to the status that was set (See ¶ [0080], Teaches that the NAS configures the port to block the endpoint device from accessing the network via the port connection). 
However, it does not expressly teach detecting a neighbor change event at a switch port of a network switch; wherein the device comprises a profile connection and is determined to be untrusted upon a determination that the profile connection does not match stored profile connection information associated with the switch port; and generating an alert indicating that untrusted switch port neighbor device is coupled to the switch port.
Bomhoff et al., from analogous art, teaches detecting a neighbor change event at a switch port of a network switch (See ¶ [0076], Teaches that when the detection module detects a new connection on the sub-network, the record module a connection request record that identifies the local network switch and the other connected network devices).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Bomhoff et al. into Isola et al. to detect and report new cable connections, as well as determining if the new cable connections are legal or valid connections according to one or more network cable connection rules.
One of ordinary skill in the art would have been motivated because it allows one to detect and report new cable connections, as well as determining if the new cable connections are legal or valid connections according to one or more network cable connection rules (See Bomhoff et al. ¶ [0002]).
However, it does not expressly teach wherein the device comprises a profile connection and is determined to be untrusted upon a determination that the profile connection does not match stored profile connection information associated with the switch port; and generating an alert indicating that untrusted switch port neighbor device is coupled to the switch port.
Isola’692, from analogous art, teaches wherein the device comprises a profile connection and is determined to be untrusted upon a determination that the profile connection does not match stored profile connection information associated with the switch port (See ¶¶ [0068]-[0069], [0071] and Fig. 3, Teaches that the threat management server 112 receives device information for the endpoint device 106. At step 312, the threat management server 112 compares the received device information for the endpoint device 106 to the device information for the endpoint device 106 in the device log file 216. At step 314, the threat management server 112 determines whether the received device information for the endpoint device 106 and the device information for the endpoint device 106 in the device log file 216 are the same. In other examples, the threat management server 112 may compare any other information received for the endpoint device 106 with the information in the device log file 216. The threat management server 112 proceeds to step 316 when the received device information for the endpoint device 106 and the device information for the endpoint device 106 in the device log file 216 are the different. The information request may request a device identifier, a device category type, a device vendor, and/or any other suitable type of information about the endpoint device. At step 316, the threat management server 112 blocks the endpoint device 106 from accessing the communications network 102 in response to determining the received device information for the endpoint device 106 and the device information for the endpoint device 106 in the device log file 216 are the different); 
and generating an alert indicating that untrusted switch port neighbor device is coupled to the switch port (See ¶ [0076], Teaches that the threat management server 112 sends an alert identifying the endpoint device 106 in response to blocking the endpoint device 106 from accessing the communications network).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Isola’692 into the combination of Isola et al. and Bomhoff et al. to preemptively identify malicious network 
One of ordinary skill in the art would have been motivated because it allows one  to preemptively identify malicious network device before they perform malicious activities which limits their abilities to provide information security and to control and monitor data access within the network. (See Isola’692 ¶ [0004]).

As to claim 11, the combination of Isola et al. and Bomhoff et al. and Isola’692 teaches the method according to claim 10 above. Isola et al. further teaches wherein the determination that the switch port is untrusted comprises determining that a profile connection associated with the switch port neighbor device does not match profile connection information associated with the switch port (See ¶¶ [0070]-[0071], Teaches that the NAS proceeds to step 639 in response to determining that the received device type does not match an existing device type category in identity group information table. At step 639, the NAS sets the port status to a pending state. Here, the NAS configures the port to block the endpoint device from accessing the network until the endpoint device has been approved by a system administrator). 

As to claim 12, the combination of Isola et al. and Bomhoff et al. and Isola’692 teaches the method according to claim 10 above. Isola et al. further teaches further comprising blocking the switch port until a trusted switch port neighbor device is coupled to the switch port (See ¶¶ [00071], [0062]-[0063], Teaches that the NAS configures the port to block the endpoint device from accessing the network until the endpoint device has been approved by a system administrator. The NAS proceeds to step 626 in response to determining that the MAC address is whitelisted. At step 626, the NAS sets the port status to an open state. Here, the NAS configures the port to allow the endpoint device to access the network via the port connection. The port remains blocked until the device is labeled trusted or a trusted device is coupled). 

As to claim 14, the combination of Isola et al. and Bomhoff et al. and Isola’692 teaches the method according to claim 10 above. Isola et al. further teaches determining whether a second switch port neighbor device coupled to the second switch port is trusted (See ¶ [0079], [0084], Teaches that the NAS determines whether the determined device type category corresponds with a blacklisted device. The NAS determines that the determined device type category corresponds with an approved device and proceeds); 
setting a status of the second switch port as deployed upon a determination that the second switch port is trusted; and permitting network traffic through the second switch port via the second switch port neighbor device (See ¶¶ [0062]-[0063], Teaches that the NAS proceeds to step 626 in response to determining that the MAC address is whitelisted. At step 626, the NAS sets the port status to an open state. Here, the NAS configures the port to allow the endpoint device to access the network via the port connection).

Bomhoff et al., from analogous art, teaches further comprising: detecting a second neighbor change event at a second switch port (See ¶ [0076], Teaches that when the detection module detects a new connection on the sub-network, the record module a connection request record that identifies the local network switch and the other connected network devices).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Bomhoff et al. into the combination of Isola et al. and Bomhoff et al. and Isola’692 to detect and report new cable connections, as well as determining if the new cable connections are legal or valid connections according to one or more network cable connection rules.
One of ordinary skill in the art would have been motivated because it allows one to detect and report new cable connections, as well as determining if the new cable connections are legal or valid connections according to one or more network cable connection rules (See Bomhoff et al. ¶ [0002]).

As to claim 15, the combination of Isola et al. and Bomhoff et al. and Isola’692 teaches the method according to claim 14 above. Isola et al. further teaches wherein determining that the second switch port is trusted comprises determining that a profile connection associated with the second switch port neighbor device matches profile connection information associated with the second switch port (See ¶¶ [0062]-[0063], Teaches that the NAS proceeds to step 626 in response to determining that the MAC address is whitelisted. At step 626, the NAS sets the port status to an open state. Here, the NAS configures the port to allow the endpoint device to access the network via the port connection). 

As to claim 16, Isola et al. teaches a non-transitory machine-readable medium storing instructions which, when executed by a processor (See ¶ [0034], Teaches that the NAS comprises a processor, a memory, and a network interface); 
determine whether a switch port neighbor device coupled to the switch port is trusted (See ¶ [0079], [0084], Teaches that the NAS determines whether the determined device type category corresponds with a blacklisted device. The NAS determines that the determined device type category corresponds with an approved device and proceeds), 
set a status of the switch port as failed upon a determination that the switch port is untrusted (See ¶¶ [0079]-[0080], Teaches that the NAS proceeds to step 654 in response to determining that the determined device type category corresponds with a blacklisted device type. At step 654, the NAS sets the port status to a blocked state), 
block network traffic through the switch port (See ¶ [0080], Teaches that the NAS configures the port to block the endpoint device from accessing the network via the port connection). 
However, it does not expressly teach cause the processor to: detect a neighbor change event at a switch port of a network switch; and generate an alert indicating that untrusted switch port neighbor device is coupled to the switch port.
(See ¶ [0076], Teaches that when the detection module detects a new connection on the sub-network, the record module a connection request record that identifies the local network switch and the other connected network devices).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Bomhoff et al. into Isola et al. to detect and report new cable connections, as well as determining if the new cable connections are legal or valid connections according to one or more network cable connection rules.
One of ordinary skill in the art would have been motivated because it allows one to detect and report new cable connections, as well as determining if the new cable connections are legal or valid connections according to one or more network cable connection rules (See Bomhoff et al. ¶ [0002]).
However, it does not expressly teach wherein the device comprises a profile connection and is determined to be untrusted upon a determination that the profile connection does not match stored profile connection information associated with the switch port; and generate an alert indicating that untrusted switch port neighbor device is coupled to the switch port.
Isola’692, from analogous art, teaches wherein the device comprises a profile connection and is determined to be untrusted upon a determination that the profile connection does not match stored profile connection information associated with the switch port (See ¶¶ [0068]-[0069], [0071] and Fig. 3, Teaches that the threat management server 112 receives device information for the endpoint device 106. At step 312, the threat management server 112 compares the received device information for the endpoint device 106 to the device information for the endpoint device 106 in the device log file 216. At step 314, the threat management server 112 determines whether the received device information for the endpoint device 106 and the device information for the endpoint device 106 in the device log file 216 are the same. In other examples, the threat management server 112 may compare any other information received for the endpoint device 106 with the information in the device log file 216. The threat management server 112 proceeds to step 316 when the received device information for the endpoint device 106 and the device information for the endpoint device 106 in the device log file 216 are the different. The information request may request a device identifier, a device category type, a device vendor, and/or any other suitable type of information about the endpoint device. At step 316, the threat management server 112 blocks the endpoint device 106 from accessing the communications network 102 in response to determining the received device information for the endpoint device 106 and the device information for the endpoint device 106 in the device log file 216 are the different); 
and generate an alert indicating that untrusted switch port neighbor device is coupled to the switch port (See ¶ [0076], Teaches that the threat management server 112 sends an alert identifying the endpoint device 106 in response to blocking the endpoint device 106 from accessing the communications network).

One of ordinary skill in the art would have been motivated because it allows one  to preemptively identify malicious network device before they perform malicious activities which limits their abilities to provide information security and to control and monitor data access within the network. (See Isola’692 ¶ [0004]).

As to claim 17, the combination of Isola et al. and Bomhoff et al. and Isola’692 teaches the non-transitory machine-readable medium according to claim 16 above. Isola et al. further teaches wherein the determination that the switch port is untrusted comprises determining that a profile connection associated with the switch port neighbor device does not match profile connection information associated with the switch port (See ¶¶ [0070]-[0071], Teaches that the NAS proceeds to step 639 in response to determining that the received device type does not match an existing device type category in identity group information table. At step 639, the NAS sets the port status to a pending state. Here, the NAS configures the port to block the endpoint device from accessing the network until the endpoint device has been approved by a system administrator). 

As to claim 18, the combination of Isola et al. and Bomhoff et al. Isola’692 teaches the non-transitory machine-readable medium according to claim 17 above. Isola et al. further teaches a profile connection associated with the switch port neighbor device matches profile connection information associated with the switch port (See ¶¶ [0062]-[0063], Teaches that the NAS proceeds to step 626 in response to determining that the MAC address is whitelisted. At step 626, the NAS sets the port status to an open state. Here, the NAS configures the port to allow the endpoint device to access the network via the port connection).
However, it does not expressly teach wherein determining that the switch port is trusted comprises determining that the switch port neighbor hardware has been added to a switching fabric.
Bomhoff et al., from analogous art, teaches wherein determining that the switch port is trusted comprises determining that the switch port neighbor hardware has been added to a switching fabric (See ¶ [0076], Teaches that when the detection module detects a new connection on the sub-network, the record module a connection request record that identifies the local network switch and the other connected network devices).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Bomhoff et al. into the combination of Isola et al. and Bomhoff et al. and Isola’692 to detect and report new cable connections, as well as determining if the new cable connections are legal or valid connections according to one or more network cable connection rules.
 (See Bomhoff et al. ¶ [0002]).

Claims 4-5 are rejected under 35 U.S.C. 103 as being unpatentable over Isola et al. (US 20200137055 A1) and Bomhoff et al. (US 20050201292 A1) and Isola et al. (US 20200014692 A1, hereinafter Isola’692) and further in view of McCaig et al. (US 20180262533 A1).

As to claim 4, the combination of Isola et al. and Bomhoff et al. and Isola’692 teaches the system according to claim 1 above. However, it does not expressly teach wherein the processor is further to clear the alert.
McCaig et al., from analogous art, teaches wherein the processor is further to clear the alert (See ¶ [0622], Teaches that the user interface may display a help me resolve option. Selecting this option may bring the user to one or more tip cards. The user interface may comprise an action taken already option. Selecting this option may clear the notification, and may move the threat into the non-action threat list, unless a threat is detected again).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of McCaig et al. into the combination of Isola et al. and Bomhoff et al. and Isola’692 to monitor device 
One of ordinary skill in the art would have been motivated because it allows one to monitor device data and/or gateway data to determine signal strengths, device statuses, network security, and/or other metrics (See McCaig et al. ¶ [0004]).

As to claim 5, the combination of Isola et al. and Bomhoff et al. and Isola’692 and McCaig et al. teaches the system according to claim 4 above. However, it does not expressly teach wherein the alert is manually cleared via a user interface.
McCaig et al., from analogous art, teaches wherein the alert is manually cleared via a user interface (See ¶ [0622], Teaches that the user interface may display a help me resolve option. Selecting this option may bring the user to one or more tip cards. The user interface may comprise an action taken already option. Selecting this option may clear the notification, and may move the threat into the non-action threat list, unless a threat is detected again).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of McCaig et al. into the combination of Isola et al. and Bomhoff et al. and Isola’692 and McCaig et al. to monitor device data and/or gateway data to determine signal strengths, device statuses, network security, and/or other metrics.
One of ordinary skill in the art would have been motivated because it allows one to monitor device data and/or gateway data to determine signal strengths, device statuses, network security, and/or other metrics (See McCaig et al. ¶ [0004]).

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Isola et al. (US 20200137055 A1) and Bomhoff et al. (US 20050201292 A1) and Isola et al. (US 20200014692 A1, hereinafter Isola’692) and McCaig et al. (US 20180262533 A1) and further in view of Lopilato et al. (US 8019849 B1).

As to claim 6, the combination of Isola et al. and Bomhoff et al. and Isola’692 and McCaig et al. teaches the system according to claim 4 above. However, it does not expressly teach wherein the alert is automatically cleared upon a detection of a trusted switch port neighbor coupled to the switch port.
Lopilato et al., from analogous art, teaches wherein the alert is automatically cleared upon a detection of a trusted switch port neighbor coupled to the switch port (See Col. 20 Ln. 35, Teaches that when an alarm is triggered, the alarm may be referred to as active. In one embodiment, alarms in the SAN management system may be dynamic—the alarm resets itself automatically when the condition monitored by the policy returns to a specified “clear state.” The clear state for a condition may specified either manually or automatically, depending on whether the condition is a threshold or a textual comparison condition. Isola et al. (¶ [0063]) teaches the NAS sets the port status to an open state. Here, the NAS configures the port to allow the endpoint device to access the network via the port connection. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to reset the alarm when the port’s status is set to open (Lopilato et al.’s clear state)).

One of ordinary skill in the art would have been motivated because it allows one to provide customizable, intuitive views into a SAN based on host, device, fabric, or storage groups, as well as real-time alerts to diagnose and avoid outages (See Lopilato et al. Col. 6 Ln. 34).

Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Isola et al. (US 20200137055 A1) and Bomhoff et al. (US 20050201292 A1) and Isola et al. (US 20200014692 A1, hereinafter Isola’692) and further in view of Lopilato et al. (US 8019849 B1).

As to claim 13, the combination of Isola et al. and Bomhoff et al. and Isola’692 teaches the method according to claim 12 above. However, it does not expressly teach further comprising clearing the alert, wherein the alert is automatically cleared upon a detection of a trusted switch port neighbor coupled to the switch port.
Lopilato et al., from analogous art, teaches further comprising clearing the alert, wherein the alert is automatically cleared upon a detection of a trusted switch port neighbor coupled to the switch port (See Col. 20 Ln. 35, Teaches that when an alarm is triggered, the alarm may be referred to as active. In one embodiment, alarms in the SAN management system may be dynamic—the alarm resets itself automatically when the condition monitored by the policy returns to a specified “clear state.” The clear state for a condition may specified either manually or automatically, depending on whether the condition is a threshold or a textual comparison condition. Isola et al. (¶ [0063]) teaches the NAS sets the port status to an open state. Here, the NAS configures the port to allow the endpoint device to access the network via the port connection. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to reset the alarm when the port’s status is set to open (Lopilato et al.’s clear state)).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Lopilato et al. into the combination of Isola et al. and Bomhoff et al. and Isola’692 to provide customizable, intuitive views into a SAN based on host, device, fabric, or storage groups, as well as real-time alerts to diagnose and avoid outages.
One of ordinary skill in the art would have been motivated because it allows one to provide customizable, intuitive views into a SAN based on host, device, fabric, or storage groups, as well as real-time alerts to diagnose and avoid outages (See Lopilato et al. Col. 6 Ln. 34).

Claims 19-20 is rejected under 35 U.S.C. 103 as being unpatentable over Isola et al. (US 20200137055 A1) and Bomhoff et al. (US 20050201292 A1) and Isola et al. (US 20200014692 A1, hereinafter Isola’692) and further in view of Da Silva Peixoto et al. (US 20190104127 A1).

As to claim 19, the combination of Isola et al. and Bomhoff et al. and Isola’692 teaches the non-transitory machine-readable medium according to claim 18 above. However, it does not expressly teach wherein a discovery protocol exchange is performed to determine connectivity between the switch port and the switch port neighbor hardware.
Da Silva Peixoto et al., from analogous art, teaches wherein a discovery protocol exchange is performed to determine connectivity between the switch port and the switch port neighbor hardware (See ¶ [0085], Teaches that the application may initiate switch discovery, which may be automatic (e.g., upon launch) or in response to input from a user. The user interface may display a status indication of “Discovering Switches” or another indication that one or more switches of the process control network are being identified).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Da Silva Peixoto et al. into the combination of Isola et al. and Bomhoff et al. and Isola’692 to lockdown all of a switch’s ports and/or to identify "known pairs" of physical and network address for each device communicating via each port of the process control switch.
One of ordinary skill in the art would have been motivated because it allows one to lockdown all of a switch’s ports and/or to identify "known pairs" of physical and  (See Da Silva Peixoto et al. ¶ [0012]).

As to claim 20, the combination of Isola et al. and Bomhoff et al. and Isola’692 and Da Silva Peixoto et al. teaches the non-transitory machine-readable medium according to claim 19 above. However, it does not expressly teach wherein the discovery protocol exchange comprises data including information identifying the port and a device identifier to identify the switch port neighbor hardware.
Bomhoff et al., from analogous art, teaches wherein the discovery protocol exchange comprises data including information identifying the port and a device identifier to identify the switch port neighbor hardware (See ¶¶ [0070]-[0073] and Fig. 6, Teaches that FIG. 6 depicts one embodiment of a connection request record that may be used by a comparison module to determine if a new connection is a legal or valid connection. The primary switch identifier field and the primary port identifier field are substantially similar to the local switch identifier field and the local port identifier field of the connection identification record).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Bomhoff et al. into the combination of Isola et al. and Bomhoff et al. and Isola’692 and Da Silva Peixoto et al. to detect and report new cable connections, as well as determining if the new cable connections are legal or valid connections according to one or more network cable connection rules.
 (See Bomhoff et al. ¶ [0002]).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to James R Hollister whose telephone number is (571)270-3152. The examiner can normally be reached Mon - Fri 7:30 am - 4:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Umar Cheema can be reached on (571) 270-3037. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





James Hollister
/J.R.H./Examiner, Art Unit 2454                                                                                                                                                                                                        10/18/2021


/UMAR CHEEMA/Supervisory Patent Examiner, Art Unit 2454