DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 01/21/2022 has been entered.

Response to Amendment
This office action is in response to the amendment filed on 01/21/2022.
Claims 1-10, and 13-16 are pending in the application.
Claims 11-12 are cancelled
Claims 14-16 are new.
The 112(a) rejections against claims 11-12 are withdrawn because the claims have been cancelled.
The 112(b) rejections against claims 1-12 are withdrawn because the independent claim has been amended and claims 11-12 are cancelled which overcome the rejections.
The 101 rejections against claims 1-10 and 13 as being abstract ideas are maintained because the Applicant’s arguments are not persuasive, please see the Response to Applicant’s Arguments section below.
The 101 rejections against claims 11-12 as being abstract ideas are withdrawn because the claims have been cancelled.

Response to Applicant’s Arguments
Regarding 101 abstract idea rejections regarding claims 1-10, the Applicant argues in the Remarks filed on 01/21/2022 starting near the bottom of page 2 that “Applicant has amended claim 1 to include that those elements are specifically performed by a big-data monitoring tool (e.g., Splunk, as indicated in the specification). Thus, those elements cannot be performed by as a mental process. Therefore, Applicant respectfully submits that amended claim 1 does not recite a mental process. Applicant directs the Examiner to Example 37, claim 2 of the subject matter eligibility examples provided by the USPTO that indicates that tracking memory of a computer is not practically performed by the human mind. Similarly, monitoring and searching memory (data logs and specifically machine-generated data logs) of a big-data environment with a big-data monitoring tool cannot practically be performed in the human mind. Therefore, Applicant respectfully submits that amended claim 1 does not recite a judicial exception”.  The Applicant’s argument is fully considered.  However, the In re Rose, 220 F.2d 459, 105 USPQ 237 (CCPA 1955) and In Gardner v. TEC Syst., Inc., 725 F.2d 1338, 220 USPQ 777 (Fed. Cir. 1984), cert. denied, 469 U.S. 830, 225 USPQ 232 (1984). Monitoring data, when recited in high level of generality, is merely a mental process of observation, evaluation and determination which can be performed by a person of ordinary skill in the art with or without pen and paper that is being applied onto a general purpose computer using general purpose hardware.  As a result, the claims remained directed to abstract idea.
Applicant further argues near the top of page 2 of the Remarks, “Applicant further argues that when looking at claim 1 as a whole, something significantly more than a judicial exception is present in claim 1. Again, Applicant directs the Examiner to paragraphs 12 and 13 of the specification. The claim as a whole is a process for allowing a person to mimic a program in a big-data environment without needing to know a scripting language (where previous solutions required scripting languages). Thus, looking at the claim as a whole (i.e., nested alerts to mimic a program), there is something other than what is well- understood or routine. Instead, the solution provided in claim 1 allows a person in a big data environment to mimic a program without needing to know a scripting language at all. In other words, the big-data environment is being used in a way that it was not designed to be used. As such, Applicant respectfully submits that claim 1 recites something significantly more than a judicial exception, regardless of the exception. Therefore, Applicant respectfully submits that claim 1 recites patent-eligible subject matter.”  The Applicant’s argument is fully considered.  However, the Examiner respectfully disagrees because the argument is not persuasive.  Automating a manual activity is not significantly more than judicial exception, see MPEP 2144.04 (III) and In re Venner, 262 F.2d 91, 95, 120 USPQ 193, 194 (CCPA 1958).  Furthermore, using a written software application to encapsulate low level operation (script language) by itself is not significantly more than abstract ideas when recited in high level of generality because that is what most user graphical interface are built to do.  Using triggers, which is a built-in tools of many databases, to perform some searches or actions is not significantly more than abstract ideas.  Furthermore, the argument that a user does not need to know how to write script is not persuasive because the claim recites limitations in very high level of generality, where the searches and the actions are recited in high level of generality.  The Examiner is not convinced that a person who does not know how to write programming code or script would be able to use the system as claimed without the system already has specific written code to handle specific search and specific actions, which are not recited in the claims. As a 
Near the bottom of page 3 of the Remarks, the Applicant argues “Claim 13 has been amended to include some of the amended elements of claim 1, so Applicant reiterates the arguments above here in reference to claim 13. Further, Applicant respectfully submits amended claim 13 includes that logs are in a big-data environment using a big data monitoring tool. Thus, claim 13 is directed toward a specific practical application of verifying a device on a network via a big-data monitoring tool as opposed to existing methods, and network security is a technological field. Therefore, Applicant respectfully submits that claim 13 also recites patent-eligible subject matter.” The Applicant’s argument is fully considered.  However, the Examiner respectfully disagrees because the argument is not persuasive.  For argument “Claim 13 has been amended to include some of the amended elements of claim 1, so Applicant reiterates the arguments above here in reference to claim 13. Further, Applicant respectfully submits amended claim 13 includes that logs are in a big-data environment using a big data monitoring tool”, please see the discussion above regarding claim 1. For the argument “Thus, claim 13 is directed toward a specific practical application of verifying a device on a network via a big-data monitoring tool as opposed to existing methods, and network security is a technological field”.  Verifying a new device by monitoring access log does not improve existing security technology since there are many prior art practicing this idea.  The specific method of verifying the device by looking up in one or more databases are not new or significantly more than abstract ideas.  As a result, the claim 
Near the top of page 4 of the Remarks, the Applicant argues regarding rejections based on 35 U.S.C. §103 that “Claims 1-4 and 7-9 stand rejected under 35 U.S.C. § 103 as being unpatentable over U.S. Patent Publication No. 2015/0304167 to Farrell et al. (hereinafter, "Farrell") in view of non- patent publication entitled "Can a SQL trigger call a web service" to Stackoverflow (hereinafter, "Stackoverflow"). Applicant respectfully reiterates all arguments from previous responses (e.g., monitoring a communication port and monitoring echoes of a log monitors incoming messages not the logs themselves as claimed, etc.)”. The Examiner reiterates and refers back to the same arguments in the previous Final Rejection office action dated 10/21/2021 since the Applicant does not provide new arguments with respect to the cited argument above.
Starting near the bottom of page 5, the Applicant argues “Besides the fact that Farrell is not in a big-data environment and thus cannot teach most of the elements of claim 1 due to requirement that the data repository is of machine-generated logs in a big-data environment. Moreover, Farrell looks at messages at ports for incoming or outgoing messages, some of which may be echoes of data logs. However, Farrell does not disclose that the data logs themselves are monitored, only echoes of the data logs (which Farrell has defined as sending/sent information - not the logs themselves). Still further, Farrell does not disclose that the second designated change is the addition of the object from the first change. 
Further, as the Examiner points out, Farrell uses a classifier and a discovery system to operate. Farrell is not in a big-data environment nor does it use a big-data monitoring tool - discloses using separate classifier and discovery systems. Thus, to modify Farrell for use in a big-data environment with a big-data monitoring tool would be to change the principle of operation of Farrell. However, if a "proposed modification or combination of the prior art would change the principle of operation of the prior art invention being modified, then the teachings of the references are not sufficient to render the claims prima facie obvious."6 Therefore, Applicant respectfully submits that Farrell may not be modified to work with a big- data monitoring tool as recited in claim 1. 
Also, Applicant reiterates that in Stackoverflow, the same trigger is used to perform the actions, as opposed to two separate triggers. As such, Stackoverflow does not teach writing an object in response to a first trigger (of an addition of a log as a first change) and monitoring for an addition of that object as claimed. 
Therefore, as Farrell may not be modified to teach amendment claim 1 because to do so would change the principle of operation of Farrell, and because combining Farrell and Stackoverflow does not teach each and every element of amended claim 1, Applicant respectfully submits that the combination of Farrell and Stackoverflow does not render amended claim 1 obvious”.  The Applicant’s argument is fully considered.  However, the Examiner respectfully disagrees because the argument is not persuasive. Specifically,
The Applicant argument “Besides the fact that Farrell is not in a big-data environment and thus cannot teach most of the elements of claim 1 due to requirement that the data repository is of machine-generated logs in a big-data environment”.  The Examiner respectfully disagrees because merely reciting the “data repository is of machine-generated logs in a big-data environment” does not add patentable weight to the claim.  The Examiner interprets the limitation as a field of use, because other steps recited in the claim work as well in a general purpose computer environment as “data repository is of machine-generated logs in a big-data environment”.  However, necessitated by the amendment, the Examiner uses a new reference, Judith S. Hurwitz and Alan Nugent and Fern Halper and Marcia Kaufman (NPL U page 2: “Unstructured Data in a Big Data Environment”, dated 03/26/2016, downloaded from the Internet URL: https://www.dummies.com/article/technology/information-technology/data-science/big-data/unstructured-data-in-a-big-data-environment-167370 on 02/09/2022, hereinafter Hurwitz), to teach the big-data environment related limitations.
The Applicant’s argument that “Farrell does not disclose that the data logs themselves are monitored, only echoes of the data logs (which Farrell has defined as sending/sent information - not the logs themselves) “.  The Examiner respectfully disagrees.  Farrell clearly disclose the monitoring of log files in ¶16 and ¶19 of Farrell.  The messages can be log files are stored in a data store, see Farrell ¶39, (“One or more datastores (e.g., a datastore 650 shown in FIGS. 5-7) store the one or more messages”). The Applicant appears to argue on the specific of how the log data can be monitored.  The Applicant argues limitations that are not recited in the claim.  The Examiner asserts that by monitoring log 
The Applicant’s argument that “Still further, Farrell does not disclose that the second designated change is the addition of the object from the first change”. The examiner respectfully disagrees.  Farrell teaches the classifier places the intercepted message with the inserted time stamp in a pending table”. The adding of a new record into the pending table is a change.  The change includes the intercepted message, which is an object from the first change.
The Applicant further argues “Farrell is not in a big-data environment nor does it use a big-data monitoring tool - discloses using separate classifier and discovery systems. Thus, to modify Farrell for use in a big-data environment with a big-data monitoring tool would be to change the principle of operation of Farrell. However, if a "proposed modification or combination of the prior art would change the principle of operation of the prior art invention being modified, then the teachings of the references are not sufficient to render the claims prima facie obvious."6 Therefore, Applicant respectfully submits that Farrell may not be modified to work with a big- data monitoring tool as recited in claim 1 … Therefore, as Farrell may not be modified to teach amendment claim 1 because to do so would change the principle of operation of Farrell, and because combining Farrell”.  The Examiner respectfully disagrees.  Necessitated by the amendment, Big-data environment is taught by new reference Judith S. Hurwitz and Alan Nugent and Fern Halper and Marcia Kaufman (NPL U page 2: “Unstructured Data in a Big Data Environment”, dated 03/26/2016, downloaded change the principle of operation of Farrell”.  It is simply a field of use. As a result, the argument is not persuasive.
Regarding Applicant’s argument “Also, Applicant reiterates that in Stackoverflow, the same trigger is used to perform the actions, as opposed to two separate triggers. As such, Stackoverflow does not teach writing an object in response to a first trigger (of an addition of a log as a first change) and monitoring for an addition of that object as claimed”.  As discussed in the previous Final rejection office action dated 10/21/2021, the Examiner indicated that by writing a record inside the trigger, and the trigger is monitored on the insertion of a record, the trigger can be used to trigger the event again if desired.  Changing in shape or size does not have patentable weight, see MPEP 2144.04 (IV) (A) and (VI) (B).  Here, the claim merely recites the repeating of the number of triggers to perform a set of steps.  Farrell teaches the writing of the object in response to the first trigger (see ¶33 of Farrell).  Stackoverflow also teaches writing a record (in page 3 of Stackoverflow) into a queue table inside the trigger, 
	In conclusion, the combination of Farrell and Stackoverflow and Hurwitz teaches the disputed limitations.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-10, and 13-15 are rejected under 35 U.S.C.101 because the claimed invention is directed to abstract ideas without significantly more.
	Step 1 Statutory Category:
		Claims 1-10, and 13-15 are directed to a process for performing an action within a machine-generated big data environment. The claims are directed to statutory categories.
		Claim 13 is directed to a process for verifying a device on a network. The claim is directed to statutory categories.	Step 2A Prong 1 Judicial exception:
		The independent claims recite the following limitations which have been identified as reciting a Mental Process:
		Claim 1 recites “monitoring … a data repository … for a first designated change; … performing a first search; … monitoring … the data repository … for a second designated change; … performing a second search ….”.  Claim 13 recites “monitoring the data repository … searching … monitoring data repository …; determine if the identity of the new device is known … monitoring the data repository … determine if the identity of the new device is known”.  These steps are mental processes that an ordinary person of skill in the art at the effective filing date can perform with or without pen and paper.  Monitoring data and performing a search are merely basic human actions using observation, evaluation and determination applied on a general computer with generic hardware. As a result, the claim is an abstract idea.
		Step 2A Prong 2, additional elements that integrate into a practical application of the exception:
		 Claim 1 further recites “by a big-data monitoring tool … in a big-data environment … wherein the first search is based on the first designated change in the machine-generated logs … creating and writing a first object to the data repository based on a result of the first search; … and performing a predetermined action”. The additional steps of creating and writing an object and performing an action are basic human actions performed on a general purpose computer.   Claim 13 further recites “by a big-data monitoring tool … in a big-data environment … consolidating multiple system …; writing, if the identity of the new device is not present in the known-devices system 	Step 2B significantly more:
		Claim 1 recites “creating and writing a first object to the data repository based on a result of the first search; … and performing a predetermined action”.  The additional steps of creating and writing an object and performing an action are basic human actions performed on a general purpose computer.   Claim 13 recites 
	As a result, the independent claims 1 and 13 remain abstract ideas.

	Regarding dependent claim 2, the claim recites “… writing the first object including a parameter ....”.  Write a record of data with all relevant data for future use is not significantly more than judicial exception.  It does not improve existing technology so it does not integrate the judicial exception into a practical application.  The claim is an abstract idea.


	
	Regarding dependent claim 4, the claim recites “… performing the predetermined action using the parameter of the object written to the data repository”.  Passing data to a function or action for execution is not new and is a common idea in the art where it can be found in early computers with command line interface (command line arguments).  It is not significantly more than judicial exception.  It does not improve existing technology so it does not integrate the judicial exception into a practical application.  The claim is an abstract idea.

	Regarding dependent claim 5, the claim recites “… creating and writing a JavaScript Object Notation (JSON) object to the data repository”.  Using one format versus another format to store data is not new.  It is merely an implementation choice.  Furthermore, JSON is a well-known standard, created by a standard body to help people to use it.  As a result, it’s well used and well publicized in the art.  As a result, it is not significantly more than judicial exception.  It does not improve existing technology so it does not integrate the judicial exception into a practical application.  The claim is an abstract idea.

	Regarding dependent claim 6, the claim recites “… monitoring an unstructured data repository of machine-generated logs”.  Log data that are unstructured are common data.  Without specific details of how the data is parsed, or the novelty feature of parsing the data, it can be simply pattern matching or string matching, which is a basic action of search applied on a general purpose computer with generic hardware.  As a result, it is not significantly more than judicial exception.  It does not improve existing technology so it does not integrate the judicial exception into a practical application.  The claim is an abstract idea.

	Regarding dependent claim 7, the claim recites “… creating and writing the object to a selected subset of the machine- generated logs”.  Selecting a place to write data is arbitrary without specific structure.  Furthermore, organized data is a basic human activity that can be performed by an ordinary person skilled in the art that is applied on a general computer using generic hardware.  As a result, it is not significantly more than judicial exception.  It does not improve existing technology so it does not integrate the judicial exception into a practical application.  The claim is an abstract idea.
	
	Regarding dependent claim 8, the claim recites “invoking an external script”.  The mechanism for invoking an external script is provided by an operating system and/or the database system being used.  As a result, it’s a well-known, already implemented and publicly documented idea in the art.  Making use of it or within the context of a database 

	Regarding dependent claim 9, the claim recites “… invoking the external script to make a call on an application programming interface to retrieve data from an external program”.  Retrieving data is a basic human action applying on a general purpose computer using generic hardware.  Using a script to perform the action is common action performed by an ordinary skilled person in the art.  As a result, it is not significantly more than judicial exception.  It does not improve existing technology so it does not integrate the judicial exception into a practical application.  The claim is an abstract idea.

	Regarding dependent claim 10, the claim recites “… displaying the object written to the data repository based on results of the first search”.  This is an insignificant extra solution activity, see MPEP 2106.05(b)(I) .  As a result, it is not significantly more than judicial exception.  It does not improve existing technology so it does not integrate the judicial exception into a practical application.  The claim is an abstract idea.
	Regarding dependent claims 14 and 15, the claims recite “performing a predetermined action based on the externally-not-known object comprises sending an alert to a security team” and “performing a predetermined action based on the 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4 and 7-9 are rejected under 35 U.S.C. 103 as being unpatentable over Farrell et al. (US 20150304167 A1, hereinafter Farrell) in view of Stackoverflow (NPL U: “Can a SQL trigger call a web service”, dated December 02, 2016, hereinafter Stackoverflow) and further in view of Judith S. Hurwitz and Alan Nugent and Fern Halper and Marcia Kaufman (NPL U page 2: “Unstructured Data in a Big Data Environment”, dated 03/26/2016, downloaded from the Internet URL: https://www.dummies.com/article/technology/information-technology/data-science/big-data/unstructured-data-in-a-big-data-environment-167370 on 02/09/2022, hereinafter Hurwitz).
Regarding claim 1, Farrell teaches a process for performing an action within a machine-generated big data environment, the process comprising:	monitoring, with a first alert  wherein the first designated change in the machine-generated logs includes an addition of a new item in the machine-generated logs ([Examiner note: the crossed over text is discussed below]; Farrell Fig. 1: 
    PNG
    media_image1.png
    376
    642
    media_image1.png
    Greyscale
;Farrell [0003], … A discovery system receives the each classified message and detects, based on the each received classified message, a new network device added to the one or more networks and detects one or more configuration changes made on the one or more network devices; Farrell [0039] One or more datastores (e.g., a datastore 650 shown in FIGS. 5-7) store the one or more messages, which are intercepted by the classifier, according to corresponding message groups; Farrell [0019], At 100 in FIG. 1, the one or more network devices communicate each other … The one or more messages include, but are not limited to: … (6) log files (e.g., log files 615 shown in FIGS. 5-6) echoed from the one or more network devices; Farrell [0021] Returning to FIG. 1, at 110, a classifier (e.g., a classifier 630 shown in FIG. 5) intercepts the one or more messages associated with the one or more network devices ; Farrell [0016], … the discovery system monitors the communication port and/or echoes the log entries in order to detect the addition of the new network device and/or the configuration changes. For example, a communication port of the discovery system may receive a message whose header indicates a new mail server whose web address is not listed on a list of current existing network device stored in the discovery system);	performing, ([Examiner note: the crossed over text is discussed below]), a first search within the data repository, wherein the first search is based on the first designated change in the machine-generated logs (Farrell [0030], At 230, if the classifier determines that the sender and the receiver of the intercepted message match a layer whose senders' IP address list includes the identification of the sender; Farrell ¶39, (“One or more datastores (e.g., a datastore 650 shown in FIGS. 5-7) store the one or more messages”); [Examiner note: the sender is associated with the intercepted message, the first search is based on the sender and as a result, the first search is based on the intercepted message, which corresponds to the first designated change]);	creating and writing a first object to the data repository based on a result of the first search (Farrell [0033], At 270, if the classifier determines that the sender, the receiver or the content of the intercepted message does not match any layer, i.e., there is no match between the IP address of the sender of the message and an IP address listed on the senders' IP address list of each layer … then the classifier inserts a time stamp, which indicate a time period taken to process the intercepted message by the classifier, into the intercepted message. ... after inserting the time stamp into the intercepted message, the classifier places the intercepted message with the inserted time stamp in a pending table; [Examiner note: the database housing the pending table corresponds to the data repository]);	the second designated change in the machine-generated logs corresponds to the first object and includes an addition of the first object to the data repository (Farrell [0033], At 270, if the classifier determines that the sender, the receiver or the content of the intercepted message does not match any layer, i.e., there is no match between the IP address of the sender of the message and an IP address listed on the senders' IP address list of each layer … then the classifier inserts a time stamp, which indicate a time period taken to process the intercepted message by the classifier, into the intercepted message. ... after inserting the time stamp into the intercepted message, the classifier places the intercepted message with the inserted time stamp in a pending table);	performing a second search within the data repository based on the second designated change in the machine-generated logs (Farrell [0016], … the discovery system may receive a message whose header indicates a new mail server whose web address is not listed on a list of current existing network device stored in the discovery system; Farrell [0033], after inserting the time stamp into the intercepted message, the classifier places the intercepted message with the inserted time stamp in a pending table; Farrell [0034], … the classifier searches the pending table in order to find a match between the inserted time stamp and a pre-determined elapsed time set in a pending table entry … [Examiner note: places the intercepted message with the inserted time stamp corresponds to the second designated change]); and	performing a predetermined action based on the second search (Farrell [0034], … upon finding the match, the classifier sends the intercepted message to a router that forwards the intercepted message to a network domain that corresponds to the found match.).
	Although Farrell teaches the limitations of the claim 1 (see discussion above), Farrell does not teach: 	monitoring, with a second alert by the big-data monitoring tool, the data repository of machine-generated logs for a second designated change in the machine-generated logs, wherein the second designated change in the machine-generated logs corresponds to the first object, and includes an addition of the first object to the data repository.
		Stackoverflow teaches using a trigger based on data insertion of a new row into a table to perform an action (call a web service using data from that insert) and also insert another record into a queue table (Stackoverflow, top of page 1: When a user "checks-in" [Inserts new row into a table] I want to then take data from that insert and call a web service; page 3, used a trigger to insert a record in a Queue table, then a Stored procedure using a cursor to pull Queued entries off; [Examiner note: Stackoverflow teaches using a trigger to monitor the record insertion, then use the trigger to insert another record in a queue table.  Farrell also teaches inserting data to a pending table.  Since the Stackoverflow teaches that a trigger is used to monitor an insertion of a row into a table, and Stackoverflow further teaches the use of the trigger merely one of the two options that Stackoverflow discloses that using either would work]).
		It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Stackoverflow, which teaches performing a business logic step by inserting a record into a database pending table and then use a trigger to monitor for the change to process the data into the teaching of Farrell to result in the claimed limitations:		monitoring, with a second alert([Examiner note: the crossed over text is discussed below]), the data repository of machine-generated logs for a second designated change in the machine-generated logs, wherein the second designated change in the machine-generated logs corresponds to the first object and includes an addition of the first object to the data repository (Stackoverflow, top of page 3, … used a trigger to insert a record in a Queue table [Examiner note: by using the trigger taught by Stackoverflow to monitor the pending table taught by Farrell, a new record inserted, which is taught by Farrell, would execute the trigger.  All tables are inside the discovery system’s database taught by Farrell discussed above, which corresponds to the data repository. An insertion of a record into the pending table corresponds to the second designated change.]; Farrell [0033], after inserting the time stamp into the intercepted message, the classifier places the intercepted message with the inserted time stamp in a pending table; [Examiner note: the intercepted message and the time stamp corresponds to the first object]).
	One of ordinary skilled would be motivated to do so as the method is readily available in most database systems; it is quick to implement and run; and it works reliably (Stackoverflow page 3).  Using the trigger as one of the two options (stored procedure or trigger) to process an inserted record would be obvious to try choosing from a finite number of identified, predictable solutions (stored procedure or trigger) with reasonable prediction of success.
	The combination of Farrell in view of Stackoverflow teaches the aforementioned limitations of the claim including machine generated logs stored in datastores and using triggers to monitor and process data.  However, the combination does not disclose the performing and monitoring steps are done by a big-data monitoring tool, and a data repository of machine-generated logs in a big-data environment.
	On the other hand, Hurwitz teaches a data repository in a big-data environment (Unstructured data is data that does not follow a specified format for big data. If 20 percent of the data available to enterprises is structured data, the other 80 percent is unstructured, vendors are scaling out their solutions to handle large volumes of unstructured data, new technologies are also evolving to help support unstructured data and the analysis of unstructured data, some of these support both structured and unstructured data. Some support real-time streams) and a big-data monitoring tool (monitor Twitter feeds that can then programmatically trigger a CMS search).	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Hurwitz, 
	Regarding claim 2, Farrell in view of Stackoverflow teaches the process of claim 1, wherein creating and writing a first object to the data repository comprises writing the first object including a parameter for the second search to the data repository (Farrell [0033], … then the classifier inserts a time stamp, which indicate a time period taken to process the intercepted message by the classifier, into the intercepted message. ... after inserting the time stamp into the intercepted message, the classifier places the intercepted message with the inserted time stamp in a pending table; Farrell [0034], … the classifier searches the pending table in order to find a match between the inserted time stamp and a pre-determined elapsed time set in a pending table entry; [Examiner note: the intercepted message and the time stamp corresponds to the parameter for the second search]).

	Regarding claim 3, Farrell in view of Stackoverflow teaches the process of claim 2, wherein performing a second search within the data repository comprises performing the second search using the parameter of the object written to the data repository (Farrell [0034], … the classifier searches the pending table in order to find a match between the inserted time stamp and a pre-determined elapsed time set in a pending table entry;).

	Regarding claim 4, Farrell in view of Stackoverflow teaches the process of claim 3, wherein performing a predetermined action based on the second search comprises performing the predetermined action using the parameter of the object written to the data repository (Farrell [0034], … upon finding no match, the classifier creates a table entry, in the pending table, which represents the intercepted message …. The created table entry may include the inserted time stamp of the intercepted message; Farrell [0035] The router sends the intercepted message to a network domain which corresponds to the found match at 410).

	Regarding claim 7, Farrell in view of Stackoverflow teaches the process of claim 1, wherein creating and writing a first object to the data repository comprises creating and writing the object to a selected subset of the machine-generated logs (Farrell [0033], … then the classifier inserts a time stamp, which indicate a time period taken to process the intercepted message by the classifier, into the intercepted message. ... after inserting the time stamp into the intercepted message, classifier places the intercepted message with the inserted time stamp in a pending table; [Examiner note: the pending table is inside the database in the discovery system taught by Farrell.  The pending table corresponds to the selected subset of the machine-generated logs.  Please also note that writing the object to the selected subset of the machine-generated is an arbitrary limitation that depends on a choice of implementation, since although it’s convenient to write to a local database of the local system, the data can be written anywhere that it can be later retrieved.  The instant application specification does not indicate how writing in one location is better than writing at a different location.  As a result, this limitation is an insignificant extra solution activity that implemented one way or another would still produce the same expected result]).

	Regarding claim 8, Farrell in view of Stackoverflow teaches the process of claim 1, wherein performing a predetermined action comprises invoking an external script (Stackoverflow, top of page 3: used a trigger to insert a record in a Queue table, then a Stored procedure using a cursor to pull Queued entries off … the Stored Procedure calls XP_CMDShell calling a .bat file with parameters [Examiner note: the .bat file corresponds to an external script]).
	
	Regarding claim 9, Farrell in view of Stackoverflow teaches the process of claim 8, wherein invoking an external script comprises invoking the external script to make a call on an application programming interface to retrieve data from an external program (Stackoverflow bottom of page 3: The bat file calls cURL which manages the REST/JSON call and response).

Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Farrell in view of Stackoverflow and further in view of Hinrichs et al. (US 10592302 B1, hereinafter Hinrichs).
	Regarding claim 5, Farrell in view of Stackoverflow teaches the process of claim 1.
		However Farrell in view of Stackoverflow does not explicitly teach creating and writing a first object to the data repository comprises creating and writing a JavaScript Object Notation (JSON) object to the data repository.
 		Hinrichs teaches creating and writing a first object to the data repository comprises creating and writing a JavaScript Object Notation (JSON) object to the data repository ([Examiner note: the format of the data being JSON written to a data repository is an insignificant extra solution activity.  Whether the data is written in one format or another does not change the result of the claimed invention.  The instant specification also indicated any desired format can be used (instant specification paragraph [0024] “At 206, a first object is created and written to the data repository … the object may be in any desired format (e.g., JavaScript Object Notation (JSON), Python, etc.)).  For the purpose of compact prosecution, the examiner further uses prior art to reject the claimed limitation].  Hinrichs: col. 26, lines 26-31: … This database can persist both policies and any data the policies need in their evaluation. … the database saves policies as plain source code, while storing the parameter data as JSON documents. Hinrichs col. 26, lines 60-67, col. 27, lines 1-2: … to retrieve and properly format the parameters for consumption … transforming the collected parameter data from its native format into a structured document (e.g., a JSON document) for storing in the database 1035 ...).
		It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Hinrichs, which stores parameter in JSON format for later use in a database table, into the combined teachings of Farrell and Stackoverflow to result in the limitations of the claimed invention.
		One of ordinary skilled would be motivated to do so as using Hinrichs’ teaching allows data to be stored without depending on the programming language being used, having a structured format and help the data to be readable to humans (Hinrichs col. 2, lines 26-37).

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Farrell in view of Stackoverflow and further in view of JOSHI et al. (US 20140337974 A1, hereinafter Joshi).
	Regarding claim 6, Farrell in view of Stackoverflow teaches the process of claim 1.		However does not teach wherein monitoring a data repository of machine-generated logs comprises monitoring an unstructured data repository of machine-generated logs.
		Joshi teaches monitoring a data repository of machine-generated logs comprises monitoring an unstructured data repository of machine-generated logs (Joshi [0022], … a method of detecting a potential cyber threat or attack, comprising receiving data from at least two data sources, extracting information from the received data, asserting the information extracted using an ontology, accumulating the asserted information and determining if a cyber threat or attack is present based on the received data ...; Joshi [0043], However, these resources also contain unstructured text data in which important information could be embedded …; Joshi [0045], After analyzing the data from these sensors, the information extracted is added to a knowledge base; Joshi [0075], The reasoning logic module 110B found the annots.api dll being executed at the host via the logs received from the IBM … The log also pointed out the product using this service, i.e., Adobe Acrobat Reader.RTM.. The unstructured text data from the Juniper Networks.RTM. link [21] also comprised of `annots.api` in the text.)
		It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Joshi, which teaches an intrusion detection system that monitors unstructured text in data sources, into the combined teachings of Farrell and Stackoverflow to result in the limitations of the claimed invention.
		One of ordinary skilled would be motivated to do so as using Joshi’s teaching can help providing important information for detecting new network device (Joshi [0043]).

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Farrell in view of Stackoverflow and further in view of Mizuno et al. (US 7778193 B2, hereinafter Mizuno).
	Regarding claim 10, Farrell in view of Stackoverflow teaches the process of claim 1.
		However, Farrell in view of Stackoverflow does not teach displaying the object written to the data repository based on results of the first search.
		Mizuno teaches displaying the object written to the data repository based on results of the first search (Mizuno col. 11 lines 16-19: As shown in FIG. 11, the device detection part 103 is connected to the internal network interface 108. The device detection part 103 monitors packets in the residential network NW1 and, when it detects a device not yet registered, makes an enquiry to the user about whether to register the device; Mizuno col. 11 lines 24-34: The device detection part 103 monitors packets in the residential network NW1 … found a packet having an address other than a device IP address allocated to a device to which the home gateway apparatus 100 is already connected (Step S302), searches the settings information files in the database 101 for a corresponding device, on the basis of a device IP address and a device external IP address estimated to correspond, and, if nothing is found, returns to Step S301 to resume the monitoring of packets (Step S303). In case devices were found, it saves the list of all devices found for future convenience (Step S305); Mizuno col. 13 lines 34-42: … a request based on UPnP from the device to be registered, the device information is collected from the device to be connected by UPnP negotiation in Step S121 of FIG. 17. Next, it is determined whether there is a device name and there is in the collected device information (Step S122), and if there is not, the process comes to an end by making an error response in Step S129; Mizuno Claim 13: … detecting a new packet emitted from a new device and possessing a device IP address other than registered device IP addresses allocated to devices already registered in said residential network, and a display means displaying that the new device is present as being not yet successful in connection settings.).
		It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Mizuno, which teaches displaying a new device when the device is not found in an existing device list, into the combined teachings of Farrell and Stackoverflow to result in the limitations of the claimed invention.
		One of ordinary skilled would be motivated to do so as both Mizuno and Farrell teaches new device detection against an existing device list, incorporating Mizuno’s teaching would optimize system performance (Mizuno col. 11 lines 33-34).

Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Farrell in view of Todd C et al. (NPL X: “Calling an api from sql server stored-procedure”, dated June 2017, hereinafter Todd) and further in view of JbcEdge (NPL W: MS SQL SERVER – Triggers, dated February 2018, p. 1-3, retrieved from the Internet URL: http://web.archive.org/web/20210401150706/https://jbcedge.com/2018/02/08/ms-sql-server-triggers/).	Regarding claim 13, Farrell teaches a process for verifying a device on a network, the process comprising:		consolidating multiple system logs into a known-devices system log in a data repository discovery system receives the each classified message and detects, based on the each received classified message, a new network device added to the one or more networks and detects one or more configuration changes made on the one or more network devices; Farrell [0019] At 100 in FIG. 1, the one or more network devices communicate each other … The one or more messages include, but are not limited to: … (6) log files (e.g., log files 615 shown in FIGS. 5-6) echoed from the one or more network devices; Farrell [0039], One or more datastores (e.g., a datastore 650 shown in FIGS. 5-7) store the one or more messages, which are intercepted by the classifier, according to corresponding message groups. The verifiers and the discovery systems in different network domains may share the one or more datastores);		monitoring the data repository for an event that signifies a new device has accessed a network ([Examiner note: the crossed over text is discussed below]; Farrell Fig. 1: 
    PNG
    media_image1.png
    376
    642
    media_image1.png
    Greyscale
;Farrell [0019], At 100 in FIG. 1, more messages include, but are not limited to: … (6) log files (e.g., log files 615 shown in FIGS. 5-6) echoed from the one or more network devices; Farrell [0016], … the discovery system monitors the communication port and/or echoes the log entries in order to detect the addition of the new network device and/or the configuration changes. For example, a communication port of the discovery system may receive a message whose header indicates a new mail server whose web address is not listed on a list of current existing network device stored in the discovery system; Farrell [0040] … a discovery of a new network device and/or configuration changes made on existing network device(s) is run, e.g., by a discovery system (i.e., a system running method steps shown in FIG. 8) as a job during off hours (e.g., computing resources in a corresponding company are not used). Alternatively, the discovery of the new network device and the configuration changes are performed, e.g., by the discovery system, in real-time as the new network device is added to a corresponding network(s) and/or as the configuration changes are made on one or more existing network device(s). The discovery system may run the discovery daily, weekly, and sometimes monthly.);		searching, if the event that signifies a new device has accessed a network occurs, the known-devices system log to determine if an identity of the new device is present in the known-devices system log (Farrell [0033] At 270, if the classifier determines that the sender, the receiver or the content of the intercepted message does not match any layer, i.e., there is no match between the IP address of the sender of the message and an IP address listed on the senders' IP address list; Farrell [0038] … In order to identify the new IP address, the verifier may retrieve a previous configuration file(s), which is(are) stored in a database associated with the one or more network devices);		writing, if the identity of the new device is not present in the known-devices system log, a locally-not-found object to the data repository, wherein the object includes the identity of the new device (Farrell [0033] At 270, if the classifier determines that the sender …  there is no match between the IP address of the sender of the message and an IP address listed on the senders' IP address list of each layer … then the classifier inserts a time stamp, which indicate a time period taken to process the intercepted message by the classifier, into the intercepted message. ... after inserting the time stamp into the intercepted message, the classifier places the intercepted message with the inserted time stamp in a pending table; [Examiner note: the database housing the pending table corresponds to the data repository]);		searching the data repository for the locally-not-found object ([Examiner note: the crossed over text is addressed below]; Farrell [0034] … the classifier searches the pending table in order to find a match between the inserted time stamp and a pre-determined elapsed time set in a pending table entry [Examiner note: Farrell teaches searching the pending table, but Farrell does not explicitly disclose monitoring the table, which is discussed below]);		retrieving, if the locally-not-found object is added to the data repository, the identity of the new device from the locally-not-found object (Farrell [0027] Upon intercepting the one or more messages, …  based on header information of the one or more messages. … the classifier evaluates whether the sender … each an identification (e.g., an IP (Internet Protocol) address) of the sender; Farrell [0033] … places the intercepted message with the inserted time stamp in a pending table … ; Farrell [0034], … the classifier searches the pending table in order to find a match between the inserted time stamp and a pre-determined elapsed time set in a pending table entry. At 410, upon finding the match, the classifier sends the intercepted message to a router [Examiner note: Farrell discloses the message header contains an identification/IP address of the sender.  Farrell further discloses when finding a match in the pending table, the intercepted message is sent to a router.  As a result, the intercepted message is obtained, which has the identification of the sender, which corresponds to the new device]);
		 (Farrell [0035], At 420 in FIG. 4, if the classifier finds no match at 410 in FIG. 4, at 200 in FIG. 2, at 220 in FIG. 2, at 240 in FIG. 2 and at 260 in FIG. 2, the classifier sends the intercepted message to all network domains known to the classifier. Farrell [0036] Each network domain may include one or more discovery systems (e.g., a discovery system 640 shown in FIGS. 5-7). A discovery system receives a classified message(s) (i.e., the one or more messages classified by the classifier) and detects, based on the classified message, a new network device added to the one or more networks and detects one or more configuration changes made on the one or more network devices. Farrell [0037] ... the verifier may query the one or more network devices (e.g., send a verification query to the one or more network device as shown in 625 in FIGS. 5-7; Farrell Fig. 6: 
    PNG
    media_image2.png
    592
    966
    media_image2.png
    Greyscale
Farrell [0038], … In order to identify the new IP address, the verifier may retrieve a previous configuration file(s), which is(are) stored in a database associated with the one or more network devices … The difference may include the new IP address corresponding to the addition of the new network device.).);
		writing, if the identity of the new device is not known to the external application, an  (Farrell [0033], after inserting the time stamp into the intercepted message, the classifier places the intercepted message with the inserted time stamp in a pending table; [Examiner note: Farrell teaches the process of writing a record to a table when the device is not found locally.  Farrell does not explicitly teaches the same process of writing a record to a table after searching externally for the device. Farrell teaches the verifier searches both locally and query the network devices for the new device and also record the result to a performing a predetermined action based on the externally-not-known object (Farrell [0037], … Based on answers to the queries received from the one or more network devices and/or the datastore, the verifier may determine that a new configuration or a new service is enabled on the one or more network devices [Examiner note: determine that a new configuration is enabled corresponds to the performing a predetermined action]).
		Although Farrell teaches the limitations of the claimed invention (see above discussion), Farrell does not explicitly teach monitoring data repository for the locally-not-found object;
			invoking an external script that uses an application programming interface (API) of an external application to determine if the identity of the new device is known to the external application;
			writing, if the identity of the new device is not known to the external application, an externally
		Todd teaches monitoring data repository for the locally-not-found object (Todd top of page 2: built a trigger that queued the DB events [Examiner note: the trigger would monitor the pending table taught by Farrell]);
			invoking an external script that uses an application programming interface (API) of an external application to determine if the identity of the new device is known to the external application (Todd middle of page 2: cURL allowed me to send the API calls to a local manager from anywhere [Examiner note: the ;
			writing, if the identity of the new device is not known to the external application, an externally(Todd middle of page 2: API call Stored procedure run every 5 seconds runs Cursor to pull each Queue table entry,send the XP_CMDShell call to the bat file with parameters Bat file contains Curl call with parameters inserted sending output to logs [Examiner note: writing the output to a log from the external call to determine if the device is new from an external system meaning the result for both found and not found would be written.  As a result, when the device is not found, the result would be written]);
		It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Todd, which use a queue table and trigger to call an external script to call an API, into the teaching of Farrell to result in the limitations:

			monitoring data repository for the locally-not-found object;			invoking, if the locally-not-found object is added to the data repository, an external script that uses an application programming interface (API) of an external application to determine if the identity of the new device is known to the external application;			writing, if the identity of the new device is not known to the external application, an externally-not-known object to the data repository;
		One of ordinary skilled would be motivated to do so as both Todd and Stackoverflow teaches monitoring a database table to perform work in response to an event using a database trigger and using an external script to perform an action, incorporate Todd’s teaching helps getting a solution to work quickly within time constraint (Todd, bottom of page 2).
		Although Farrell in view of Todd teaches the limitations of the claimed invention (see discussion above), Farrell in view of Todd does not explicitly teach monitoring the data repository for the externally-not-known object.
		JbcEdge teaches monitoring the data repository for the externally-not-known object (JbcEdge, middle of page 1: CREATE TRIGGER …; JbcEdge middle of page 2: Triggers can be nested that is trigger on TableA updates Table B then TableB trigger updates TableC and so on; Farrell [0034], … classifier creates a table entry, in the pending table … [Examiner note: the creating of a trigger taught by JbcEdge to monitor the output log table taught by Todd would cause the trigger to monitor the data repository for the externally-not-know object, the output log table taught by Todd corresponds to the data repository for the externally-not-know object.  
		It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of JbcEdge, which teaches to search a new device using a local or an external database into the combined teachings of Farrell and Todd to result in the limitations of the claimed invention.
	One of ordinary skilled would be motivated to do so as both Todd and JbcEdge teach using triggers to monitor and perform actions based on database table, furthermore, incorporating JbcEdge’s teaching would help keeping a modular implementation of separate business requirements while the tool is readily available (JbcEdge bottom of page 1; JbcEdge middle of page 2).
	The combination of Farrell in view of JbcEdge teaches the aforementioned limitations of the claim including a data repository and using triggers to monitor and process data.  However, the combination does not explicitly disclose the monitoring steps are done by a big-data monitoring tool, and the data repository in a big-data environment.
	On the other hand, Hurwitz teaches a data repository in a big-data environment (Unstructured data is data that does not follow a specified format for big data. If 20 percent of the data available to enterprises is structured data, the other 80 percent is unstructured, vendors are scaling out their solutions to handle large volumes of unstructured data, new technologies are also evolving to help support unstructured and a big-data monitoring tool (monitor Twitter feeds that can then programmatically trigger a CMS search).	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Hurwitz, which teaches the storing of unstructured and structure data in a big-data environment using monitoring tool and programmatically trigger based on a Twitter feed that further performing a search into the teaching of Farrell in view of JbcEdge to result in the claimed limitations.	One of ordinary skilled would be motivated to do so as incorporating Hurwitz’s teaching would help supporting organization to deal with growth and large scale of data and provide real time response to events. In addition, both of the references (Hurwitz and Farrell in view of JbcEdge) teach features that are directed to analogous art, such as, storing data in data store, monitoring data and triggering a search. This close relation between both of the references highly suggests an expectation of success when combined.
Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Farrell in view of Todd and JbcEdge and further in view of Howard (US 20050021996 A1, hereinafter Howard).
	Regarding claim 14, Farrell in view of JbcEdge and Huwitz teaches the process of claim 13, wherein performing a predetermined action based on the externally-not-known object comprises sending an alert Based on answers to the queries received from the one or more network devices and/or the datastore, the verifier may determine that a new configuration or a new service is enabled on the one or more network devices, in a communication network, the EMS may issue the one or more messages).	The combination of Farrell in view of JbcEdge and Huwitz discloses the sending of messages but the combination does not explicitly disclose to send the message to a security team.	On the other hand, Howard teaches performing a predetermined action based on the not-known object comprises sending an alert to a security team (Howard, ¶7 retrieves this stored identifier and compares it to a list of authorized identifiers. If a match is not found, software also resides in the host computer/processor to log mismatches and to notify security personnel or a system administrator of the attempt to attach the unauthorized peripheral).
	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Howard, which teaches notifying security personnel when a match of a peripheral identifier is not found into the teaching of Farrell in view of JbcEdge and Huwitz to result in the claimed limitations.	One of ordinary skilled would be motivated to do so as incorporating Howard’s teaching would help improve security of the system disclosed by Farrell. In addition, both of the references (Howard and Farrell) teach features that are directed to analogous art, such as, detecting a new device, searching for a match of the device in a .
Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Farrell in view of Todd and JbcEdge and further in view of Arsenault et al. (US 20170257341 A1, hereinafter Arsenault).
	Regarding claim 15, Farrell in view of JbcEdge and Huwitz teaches the process of claim 13 (see discussion above),  wherein performing a predetermined action based on the externally-not-known object  ([Examiner remark: the crossed over text is discussed below], Farrell ¶37, … Based on answers to the queries received from the one or more network devices and/or the datastore, the verifier may determine that a new configuration or a new service is enabled on the one or more network devices, in a communication network, the EMS may issue the one or more messages).	The combination of Farrell in view of JbcEdge and Huwitz discloses the performing of an action but the combination does not explicitly disclose the predetermined action based on the externally-not-known object comprises creating a work order to vet the new device.	On the other hand, Arsenault teaches performing a predetermined action based on the not-known object comprises creating a work order to vet the new device (Arsenault [0056], the device gateway 110 sends a request message to a control server 121 of the common communication network 120, requesting an identity of a service provider network associated with an IoT device 100, the request message after determining that a manufacturer IoT device identity in the local storage does not have a corresponding unique IoT device identifier, the device gateway 110 may determine that a unique IoT device identifier is not found in the device gateway storage and triggers a request message for an identity of a service provider network; [0057] When a subscription identity of the device gateway 110 is included in the request message, the control server 121 and optionally the first service provider network 130 may use the device gateway subscription profile in the validation of the IoT device to service provider network association; [Examiner note: the making of the request message corresponds to creating a work order, and the validation of the IoT device to service provider network association corresponds to the work in response to the work order]).
	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Arsenault, which teaches making a request message when the device identifier is not found which results in the validation of the device into the teaching of Farrell in view of JbcEdge and Huwitz to result in the claimed limitations.	One of ordinary skilled would be motivated to do so as incorporating Arsenault’s teaching would help improve security of the system disclosed by Farrell. In addition, both of the references (Arsenault and Farrell) teach features that are directed to analogous art, such as, detecting a new device, searching for the device identifier in a storage and perform an action when the device identifier is not found. This close relation between both of the references highly suggests an expectation of success when .
Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over Farrell in view of Todd and JbcEdge and further in view of Grimm et al. (US 20190312887 A1, Grimm).
	Regarding claim 16, Farrell in view of JbcEdge and Huwitz teaches the process of claim 13, wherein performing a predetermined action based on the externally-not-known object  ([Examiner remark: the crossed over text is discussed below], Farrell ¶37, … Based on answers to the queries received from the one or more network devices and/or the datastore, the verifier may determine that a new configuration or a new service is enabled on the one or more network devices, in a communication network, the EMS may issue the one or more messages).	The combination of Farrell in view of JbcEdge and Huwitz discloses the performing of an action but the combination does not explicitly disclose On the other hand, Grimm teaches pushing an app to the new device to detect malware associated with the new device ([0089], store a database 512 of devices that are known to the network. When a new device such as the device 510 appears on the network 502, compare the device 510 to the list of devices. Where the device 510 is not recognized, the portal 508 may initiate a number of steps to conditionally admit the device 510 to the network 502; ¶92 initiate steps such as download and execution of an antivirus scanner by the device, include download and .
	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Grimm, which teaches to download and install anti-virus software and scanning a new device into the teaching of Farrell in view of JbcEdge and Huwitz to result in the claimed limitations.	One of ordinary skilled would be motivated to do so as incorporating Grimm’s teaching would help improve security of the system disclosed by Farrell. In addition, both of the references (Grimm and Farrell) teach features that are directed to analogous art, such as, detecting a new device, searching for the device in a known list of devices and perform an action when the device identifier is not found. This close relation between both of the references highly suggests an expectation of success when combined.
		Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 20150370522 A1- Display Device And Control Method
		Search a local or external database for the identification information of the external device, and determine whether the external device has been registered; and if the external device has been registered, then the flow proceeds to one operation; otherwise, the flow proceeds to another operation.
US 8769610 B1 - Distance-modified security and content sharing
		Search through the access control list database to determine if the requesting device matches any one of the known devices listed in the access control list database. If the requesting device matches one of the known devices listed in the database, the security manager will apply the access policy indicated in the database for that requesting device.
US 20080168531 A1 - METHOD, SYSTEM AND PROGRAM PRODUCT FOR ALERTING AN INFORMATION TECHNOLOGY SUPPORT ORGANIZATION OF A SECURITY EVENT
		An intrusion detection system logs a plurality of security events, a trouble ticket alerting system configured to store therein a plurality of trouble tickets and a security event aggregator and reporter tool configured to determine, at a pre-determined time interval, whether or not a recent security event corresponds to an existing trouble ticket among the plurality of trouble tickets.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Vy Huy Ho whose telephone number is (571) 272-3261.  The examiner can normally be reached on Monday - Friday 7:30 am-5:30 pm.
	Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule 
	If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Pierre Vital can be reached on (571) 272-4215.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

02/01/2022
/V.H.H/
Examiner, Art Unit 2162

/PIERRE M VITAL/Supervisory Patent Examiner, Art Unit 2162