DETAILED ACTION
This office action is in response to the application filed on 8/26/2019.  Claim(s) 1-45 is/are pending and are examined.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Information Disclosure Statement PTO-1449
The Information Disclosure Statement(s) submitted by applicant on 8/26/2019 has/have been considered. The submission is in compliance with the provisions of 37 CFR § 1.97. Form PTO-1449 signed and attached hereto. 
Examiner’s Note – Allowable Subject Matter
Claims 11-15, 26-30, and 41-45 are objected to as being allowable yet remain dependent upon a rejected claim and would otherwise be allowable if incorporated into the base claim along with any intervening claims.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.



Claim(s) 1, 5-8, 16, 20-23, 31 and 35-38, is/are rejected under AIA  35 U.S.C. 102(a)(1) as being anticipated by Rothstein et al. (US 2014/0280907 A1). 
Regarding claims 1, 16 and 31, Rothstein teaches:
“A server computing device (Rothstein, ¶ 53-54, 63, and 89-90 teaches a network device or blade server serving the function of the Network Monitor Device (NMD)), comprising: 	a processor configured with processor-executable software instructions (Rothstein, ¶ 63, and 89-90 teaches a blade server or network device having a processor, memory and non-transitory computer readable memory to perform method steps) to: 	perform a layer-2 scan of one or more communication networks to collect detailed information regarding devices attached to the one or more communication networks at a particular location (Rothstein, Figs. 1 and 6, ¶ 110, 113, and 115-117 teaches that the NMD passively scans the network for layer 2 frames and is able to collect information about the vendor of discovered devices using the MAC addresses. Rothstein, Fig. 1, ¶ 54 teaches an enclosure of server computers at a particular location being monitored); and 	use the collected detailed information to generate a device profile for each of the devices attached to the one or more communication networks at the particular location (Rothstein, ¶ 126 the information captured at the layer 2 level is used to create a device profile which has the MAC address of the device and the vendor information.  Rothstein, )”.
Regarding claims 5, 20, and 35, Rothstein teaches:
“The server computing device of claim 1, wherein the processor is configured with processor-executable software instructions to perform the layer-2 scan of the one or more communication networks to collect the detailed information regarding the devices attached to the one or more communication networks at the particular location by performing operations (Rothstein teaches the limitations of the parent claims as discussed above) that include at least one or more of: 	providing basic identity management to the devices attached to the one or more communication networks at the particular location (Rothstein, Figs. 1 and 6, ¶ 110, 113, and 115-117 teaches that the NMD passively scans the network for layer 2 frames and is able to collect information about the vendor of discovered devices using the MAC addresses. Rothstein, Fig. 1, ¶ 54 teaches an enclosure of server computers at a particular location being monitored)”.

Regarding claim 6, 21, and 36, Rothstein teaches:
“The server computing device of claim 1, wherein the processor is configured with processor-executable software instructions to perform the layer-2 scan of the one or more communication networks to collect the detailed information regarding the devices attached to the one or more communication networks at the particular location  (Rothstein teaches the limitations of the parent claims as discussed above) by: 	using at least one or more of a networking protocol (Rothstein, Figs. 1 and 6, ¶ )”.

Regarding claims 7, 22, and 37, Rothstein teaches:
“The server computing device of claim 1, wherein the processor is configured with processor-executable software instructions to perform the layer-2 scan of the one or more communication networks to collect the detailed information regarding the devices attached to the one or more communication networks at the particular location (Rothstein teaches the limitations of the parent claims as discussed above) by acquiring or consuming data from at least one or more of: a common network protocol (Rothstein, Figs. 1 and 6, ¶ 110, 113, and 115-117 teaches that the NMD passively scans the network for layer 2 frames and is able to collect information about the vendor of discovered devices using the MAC addresses. Rothstein, ¶ 32 and 45 teaches that the NMD is able to determine the protocols in use while performing the layer 2 packet analysis)”.

Regarding claims 8, 23, and 38, Rothstein teaches:
“The server computing device of claim 1, wherein the processor is configured with processor-executable software instructions to perform the layer-2 scan of the one or more communication networks to collect the detailed information regarding the devices attached to the one or more communication networks at the particular location (Rothstein teaches the limitations of the parent claims as discussed above) by acquiring or consuming data from at least one or more of: a common network protocol (Rothstein, Figs. 1 and 6, ¶ 110, 113, and 115-117 teaches that the NMD passively scans the network for layer 2 frames and is able to collect information about the vendor of discovered devices using the MAC addresses. Rothstein, ¶ 32, and 120 teaches that the NMD is able to use common protocols in the networking technology to determine information about the discovered device)”.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstandi00ng that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 2-4, 10, 17-19, 25, 32-34, and 40 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rothstein, in view of Bratspiess et al. (US 2020/0280568). 
Regarding claims 2, 17, and 32, Rothstein teaches:
“The server computing device of claim 1 (Rothstein teaches the limitations of the parent claims as discussed above)”.
Rothstein does not, but in related art, Bratspiess teaches:
“wherein the processor is configured with processor-executable software instructions to: use the generated device profile to perform at least one or more of: a security operation (Bratspiess, ¶ 142-144, and 147 teach using the MAC address to detect vendor information in a profile, and then using that information to verify the )”.
	Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Rothstein and Bratspiess, to modify the Layer 2 device detection and inventory system of Rothstein to include the mechanism to detect an anomalous transparent device detected using Layer 2 frames as taught in Bratspiess.  The motivation to do so constitutes applying a known technique (i.e., detect an anomalous transparent device detected using Layer 2 frames) to known devices and/or methods (i.e., Layer 2 device detection and inventory system) ready for improvement to yield predictable results. 
 
Regarding claims 3, 18, and 33, Rothstein in view of Bratspiess teaches:
“The server computing device of claim 2 (Rothstein in view of Bratspiess teaches the limitations of the parent claims as discussed above), wherein the processor is configured with processor-executable software instructions to perform the security operations by: 	determining whether any of the devices attached to any of the one or more communication networks is non-benign (Bratspiess, ¶ 142-144, and 147 teach using the MAC address to detect vendor information in a profile, and then using that information to verify the physical behavior of the device.  Bratspiess, ¶ 78 and 157 teach generating a security alert if the transparent device is behaving in an anomalous fashion compared with its expected behavior); and 	initiating a mitigating action in response to determining that a device is non- benign (Bratspiess, ¶ 78 and 157 teach physically disconnecting the offending transparent device based on the alert)”.

Regarding claims 4, 19, and 34, Rothstein in view of Bratspiess teaches:
“The server computing device of claim 3 (Rothstein in view of Bratspiess teaches the limitations of the parent claims as discussed above), wherein the processor is configured with processor-executable software instructions to initiate the mitigating action by performing at least one or more of: 	generating a notification message identifying the devices that are non-benign (Bratspiess, ¶ 78, 158, and 198 teach generating a security alert if the transparent device is behaving in an anomalous fashion compared with its expected behavior)”.

Regarding claims 10, 25, and 40, Rothstein teaches:
“The server computing device of claim 1 (Rothstein teaches the limitations of the parent claims as discussed above), wherein the processor is configured with processor-executable software instructions to perform the layer-2 scan of the one or more communication networks to collect the detailed information regarding the devices attached to the one or more communication networks at the particular location to obtain medium access control (MAC) address information and learn about a directly connected host (Rothstein ¶ 107-108 teaches directly accessing devices to actively probe them for information)”.
Rothstein does not, but in related art, Bratspiess teaches:
“by connecting to a switching element (Bratspies, ¶ 162-190 teaches connecting to a switch to collect information to verify a networked device.  Bratspies, ¶ 280 teaches connecting to the switch with SSH)”.
	Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Rothstein and Bratspiess, to modify the Layer 2 device detection and inventory system of Rothstein to include the mechanism to connect to switch to verify information about a connected device as taught in Bratspiess.  The motivation to do so constitutes applying a known technique (i.e., connect to switch to verify information about a connected device) to known devices and/or methods (i.e., Layer 2 device detection and inventory system) ready for improvement to yield predictable results. 
Claim(s) 9, 24, and 39 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rothstein, in view of Higgins et al. (US 2020/0382529 a1). 
Regarding claims 9, 24, and 39, Rothstein teaches:
“The server computing device of claim 1 (Rothstein teaches the limitations of the parent claims as discussed above), wherein the processor is configured with processor-executable software instructions to perform the layer-2 scan of the one or more communication networks to collect the detailed information regarding the devices attached to the one or more communication networks at the particular location (Rothstein ¶ 107-108 teaches directly accessing devices to actively probe them for information) by: accessing host endpoints and resource devices to collect information from various sources and ports (Rothstein ¶ 107-108 teaches directly accessing devices to actively probe them for information)”.
Rothstein does not, but in related art, Higgins teaches:
“including at least one of  hypertext transfer protocol (HTTP) host access (TCP ports 80) (Higgins, ¶ 155 teaches probing devices using an NMC on TCP port 80 for an HTTP application protocol to learn information about the device)”.
	Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Rothstein and Higgins, to modify the Layer 2 device detection and inventory system of Rothstein to include the mechanism to check the typically HTTP application layer port 80 for information.  The motivation to do so constitutes applying a known technique (i.e., check the typically HTTP application layer port 80 for information) to known devices and/or methods (i.e., Layer 2 device detection and inventory system) ready for improvement to yield predictable results. 

Conclusion
	In the case of amending the claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention.
	The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure: See PTO-892.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to STEPHEN GUNDRY whose telephone number is (571)270-0507 and can normally be reached on Monday - Friday 8:30 AM - 5PM EST.

	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000.
/STEPHEN T GUNDRY/Examiner, Art Unit 2435