Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
	This action is in response to the cancellation of claims 7-14.  Claims 1-6 and 15-20 are pending.  Claims 1 (a non-transitory CRM) and 15 (a method) are independent. 

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1, 3-6, 15, and 17-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) a mental process.  Independent claims 1 and 15 recite collecting information about a network (topology) and then forming a “plan” for network configuration; this is an abstract idea mental process, see MPEP 2106.04(a)(2)(III)(B) noting that the performance of a mental process on a generic computer or computing environment may be an abstract idea.  This judicial exception is not integrated into a practical application because the claims only exception to the mental process steps is the sending/receiving of data and the claims themselves do not improve a computer, MPEP 2106.05(a)(I). The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because receiving and transmitting data is 
Dependent claims 2 and 16 are not viewed as an abstract idea as the utilization of OpenFlow Topology Discovery would not be practically performed in a human mind. 


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-5, 15 and 17-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Moghe et al., US 2014/0258478 (filed 2013-03), in view of Denton, US 2007/0157313 (filed 2006-01).
	As to claims 1 and 15 Moghe discloses a CRM/method comprising: 
executable computer program instructions that, when executed by one or more processors, cause the one or more processors to perform operations comprising: (“a “controller,” is a combination of hardware, software, and/or firmware that is configured to process and/or forward information between digital devices within a network.” Moghe ¶ 20. Non-transitory memory storing software discussed in Moghe ¶ 22)

…
generating a firewall coordination plan for the network branch based on the discovered network topology (“At 630, the network devices outside of the subset are configured to forward packets to the network devices that are within the subset. This is to provide firewall functionality to the devices that do not already have it. At 632, for …, the firewall coordination plan including applying a firewall process for an access point to which a first host device is attached and bypassing one or more other firewall processes for access points in a connection between the first host and the network. (“At 520 a presence or an absence of firewall processing functionality is detected in the network devices...... The rest of the devices either will not or will have a much slower firewall capability, such as a software firewall.” Moghe ¶ 57. “A distributed control plane mechanism may be used to route the packets to an available firewall ASIC module within the stack.” Moghe ¶ 31. Firewall functionality being the existence of an ASIC module Moghe ¶ 45. See also ¶ 29).

Moghe does not disclose:
discovering one or more host devices that are connected by wireless or wired connections to one or more access points in the network branch; and 
	and the discovered one or more hosts

Denton discloses:
discovering (“Passive network discovery includes methods such as, for example, "sniffing," a daemon, or residing on a switch and listening to network traffic to identify assets.” Denton ¶ 26) one or more host devices (“computer network device 110 (e.g., a client, workstation, server, or wireless device)” Denton ¶ 23. “Newly installed or modified devices are listed in the assets database as discovered. Unknown assets, or those not 
	and the discovered one or more hosts (“access to a network is based on known topologies by using self-discovery methods to mine for new or modified network assets and building a database that includes all such network assets.” Denton ¶ 17)

	A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Moghe with Denton by including terminal topology discovery of Denton in the access switch discovery of Moghe.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Moghe with Denton in order to gain knowledge on end devices connected to the network and prevent unknown or non-compliant devices from accessing resources, Denton ¶ 47, Moghe ¶ 13; thereby securing the network from fraudulent users or undesired uses. 

As to claims 3 and 17, Moghe in view of Denton discloses the CRM/method of claims 1 and 15 and further discloses: 
wherein discovering one or more host devices that are connected by wireless or wired connections to one or more access points includes: processing messages from wireless network (WLAN), or the Internet) to one or more servers 120.” Denton ¶ 23); and … from one or more access points (“Passive network discovery includes methods such as, for example, "sniffing," a daemon, or residing on a switch and listening to network traffic to identify assets.” Denton ¶ 26) regarding one or more host devices connected by wired connections. (“The device 110 may be connected via a network 115 (e.g., a local area network (LAN), a wide area network (WAN), wireless network (WLAN), or the Internet) to one or more servers 120.” Denton ¶ 23)

Moghe in view of Denton does not dislclose:
processing authentication requests

Denton further discloses:
	processing authentication requests (“The assets database 130 may include identifying information regarding a device on the network. ... [0038] whether the wireless device is authorized to access the network;” Denton ¶ 28. “Thus, a device is only granted an IP address and authorized access to the network if it can prove it is both known and in compliance.” Denton ¶ 47. The assets database is the topology database, updated with authentication status.)

	A person of ordinary skill in the art before the effective filing date of the claimed invention would have further combined Moghe in view of Denton with Denton by including terminal topology discovery in the access switch discovery of Moghe.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to further combine Moghe in view of Denton with Denton in order to gain knowledge on end devices connected to the network and prevent unknown or non-compliant devices from accessing resources, Denton ¶ 47, Moghe ¶ 13; thereby securing the network from fraudulent users or undesired uses. 

As to claims 4 and 18, Moghe in view of Denton discloses the CRM/method of claims 1 and 15 and further discloses: 
further comprising executable computer program instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising: 
generating and transmitting a firewall optimization message based on the firewall coordination plan for a particular access point of the plurality of access points, the firewall optimization message to identify one or more host devices for which a firewall is not required at the access point. (“At 630, the network devices outside of the subset are configured to forward packets to the network devices that are within the subset. This is to provide firewall functionality to the devices that do not already have it.” Moghe ¶ 65. Devices outside the subset do not have an integrated hardware firewall and are configured to forward packets to another device.)

As to claims 5 and 19, Moghe in view of Denton discloses the CRM/method of claims 4 and 18 and further discloses: 
wherein a firewall is to be applied at an access point to which the identified one or more host devices are attached (“In order to better use the firewall capabilities of some of the firewall capable modules, the firewall capabilities may be made available to the other modules that do not have this capability. So, for example, module 0 or 7 may, when necessary, send packets to module 1 or 2 for inspection.” Moghe ¶ 30. See Figure 1), the access point to which the identified one or more host devices are attached being a downlink access point from the particular access point receiving the firewall optimization message. (“The access switches serve one or more external clients or client ports. In one example, each access switch includes 12 to 48 Gigabit Ethernet ports or a Wi-Fi interface. The switching stack 130 is coupled to any of a variety of different client end connections and types, such as trusted or untrusted user data, workstation, and computing terminals 150,” Moghe ¶ 28. Each access switch serves clients and is a “downlink” with respect to the other switches for firewall forwarding.) 

Claims 2 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Moghe et al., US 2014/0258478 (filed 2013-03), in view of Denton, US 2007/0157313 (filed 2006-01), and Gao et al., US 2015/0003259 (filed 2012-01).
As to claims 2 and 16, Moghe in view of Denton discloses the CRM/method of claims 1 and 15 but does not disclose: 


Gao discloses: 
Wherein discovering the network topology includes application of a OpenFlow Topology Discovery Protocol (OFPDP).
(“In the open flow network, the controller (OFC) uses topology discovery protocol such as LLDP (Link Layer Discovery Protocol) and OFDP (OpenFlow Discovery Protocol) to collect connection data between neighbor switches (OFSs). Note that OFDP is the topology detection protocol in the open flow network for the extended LLDP.” Gao ¶ 13.  Note that Applicant’s specification ¶ 34 notes the use of OFDP)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Moghe in view of Denton with Gao by utilizing OpenFlow and OpenFlow Discovery Protocol to manage the network of Moghe in view of Denton.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Moghe in view of Denton with Gao in order to use a known network control and topology discovery protocol to implement the network control and topology discovery of Moghe in view of Denton, thereby reducing the amount of programming required to implement the system and easing adoption of the system. 

Claims 6 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Moghe et al., US 2014/0258478 (filed 2013-03), in view of Denton, US 2007/0157313 (filed 2006-01), and Dykeman et al., US 7,177,951 (filed 2000-07).
As to claims 6 and 20, Moghe in view of Denton discloses the CRM/method of claims 1 and 15 but does not disclose: 
removing one or more host devices from a database of discovered host devices upon expiration of a period of time since a message regarding the host device has been received from an access point.

Dykeman discloses:
removing one or more host devices from a database of discovered host devices upon expiration of a period of time since a message regarding the host device has been received from an access point. (“if a PTSE's lifetime expires without the PTSE being refreshed, the PTSE is no longer considered valid topology information and is removed, or "flushed" from the topology database.” Dykeman col. 2, ln. 15)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Moghe in view of Denton with Dykeman by using expiration lifetimes for topology information and removing said information from the topology database upon expiration.  It would have been obvious to a person of ordinary skill in the art to combine Moghe in view of Denton with Dykeman in order to update the topology database to reflect the current state of the network (Denton ¶ 27) by removing . 


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892, particularly:
Shah et al., US 8,547,829, discloses an access point topology discovery system. 
Roesch et al., US 7,317,693, discloses passive toplogy discovery by sniffing packets including DHCP packets.
Koponen et al., US 2013/0125230, discloses determining a network topology for the configuration of firewalls. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL W CHAO whose telephone number is (571)272-5165.  The examiner can normally be reached on M, W-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/MICHAEL W CHAO/Examiner, Art Unit 2492