Remarks
Claims 1-20 are pending.  

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submissions filed on 6/8/2022 and 7/7/2022 have been entered.  
 
Response to Arguments
Applicant's arguments filed 6/8/2022 and 7/7/2022 have been fully considered but they are not persuasive.
No substantive arguments are made in the 7/7/2022 response.  Therefore, a response will be made regarding the 6/8/2022 arguments.  
Applicant’s 112 arguments are moot for a portion thereof and are erroneous with respect to “receiving, periodically and at a centralized controller from a plurality of switches in a network, network synchronization information, the network synchronization information comprising an existing session ID and device tracking information that is added to the network synchronization information each time that the device connects to the network through one of the plurality of switches”.  This does not have basis in the application as originally filed.  As discussed in the interview, there is no basis for receiving the network synchronization information from the plurality of switches each time a device connects to the network through one of the switches.  
Applicant alleges, “the summary of these paragraphs in the Office Action states nothing about a centralized controller.  The only thing mentioned is a system being a switch/router connected to other switches/routers.”  Applicant is directed to the previous rejection, which clearly stated the following: “receiving data from other devices at the system, where the system is a switch/router (e.g., paragraph 106) connected to other routers/switches, as well as other similar systems that are themselves switches/routers, where the data includes packets, which include addresses and other information, for example”.  This clearly states that the receiving of data at a centralized controller is met by receiving data at the system.  The “system” may correspond to the centralized controller of the claims, as explicitly identified in the rejection.  Since Applicant does not even acknowledge this, let alone provide any argument directed thereto, it is clear that Applicant’s arguments are incorrect.  
Applicant then alleges “The data includes packets with other information but nothing about ‘device tracking information’.”  To the contrary, as explained in the rejection, the device tracking information “includes packets, which include addresses and other information, for example”.  Applicant is directed to the previous rejections that clearly define this exemplary correspondence.  In fact, Applicant’s own claim 2 states that the device tracking information may comprise addresses, just as claim 1’s rejection states with respect to the Loach reference.  
Applicant goes on to allege “In sum, Loach appears to disclose switches/routers sharing packets of information with each other.  The packets can include addresses.”  The Examiner thanks Applicant for admitting that the system receives packets, including device tracking information (addresses, as in Applicant’s) from switches.  
Applicant continues by alleging “Thus, Applicant submits that there is no mention in Loach of receiving the network synchronization information at a centralized controller from the plurality of switches.  For example, even in FIG. 6 of Loach, there is no component that would be identified or the equivalent of a centralized controller that receives network synchronization information from the plurality of switches.  Thus, this feature is not disclosed.”  As explained in the rejection, “system” (such as system 700 in figure 6) can be seen to correspond to the centralized controller and receives network sync information from the plurality of switches, as Applicant made clear above.  
Applicant alleges “Next the concept of network synchronization information comprises an existing session ID and device tracking information (that is added to the network synchronization information each time the at the device connects to the network through one of the plurality of switches) is asserted to be disclosed in various paragraphs of Loach.”  Loach was only cited as disclosing a portion of this subject matter: “Receiving, at a centralized controller from a plurality of switches in a network, network synchronization information, the network synchronization information comprising device tracking information” which is met by Loach’s disclosure of receiving data from other devices at the system, where the system is a switch/router (e.g., paragraph 106) connected to other routers/switches, as well as other similar systems that are themselves switches/routers, where the data includes packets, which include addresses and other information, for example.  As Applicant has provided no argument there against, such stands as fact.  
Bradley was cited as disclosing:
that the received network synchronization information comprises the existing session ID (Exemplary Citations: for example, Paragraphs 15-17, 20, 21, 25, 30-34, 36, 41, 45-48, 52-54, 58, 60-64, 67, 71, 73, 81-88, 91, 94-96, 107, 109-112, 117, and associated figures; receiving data from SP or distributed database, including session IDs, session objects, network addresses, user IDs, client IDs, histories, locations, etc., as examples);
That the device tracking information is added to the network synchronization information each time that the device connects to the network through one of the plurality of switches (Exemplary Citations: for example, Paragraphs 15-17, 20, 21, 25, 30-34, 36, 41, 45-48, 52-54, 58, 60-64, 67, 71, 73, 81-88, 91, 94-96, 107, 109-112, 117, and associated figures; transaction can be added to distributed database for every access, for example); and
In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
Applicant then goes on to argue more subject matter for which Bradley was cited.  In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
Applicant even notes that Applicant’s argument is erroneous by stating “the commentary in the Office Action on page 5 makes no attempt to describe how any of these paragraphs include an existing session ID.”  Indeed, this is because Loach was not cited as disclosing this portion of the receiving limitation.  
Loach is cited as disclosing “An existing session ID and device tracking information” in Loach’s disclosure of “any of the subject matter related to associating a device or packet with an existing or new device ID, such as via the many means described in the cited portions, for example” and this has not been argued by Applicant.  Thus, such stands as fact.  
Applicant’s allegations in the paragraph spanning pages 10-11 of the response dated 6/8/2022 were made with respect to an amendment that has been amended.  Since this limitation has been amended, arguments and responses regarding the previous limitation are moot.  
This amended subject matter is met as follows:
Regarding Claim 1,
Loach discloses ...
...
Determining, when the device connects to the network, whether there is a match between the device to the existing session ID and the device tracking information to identify that the device associated with a security policy has previously connected to the network (Exemplary Citations: for example, Abstract, Paragraphs 40, 42-45, 49-69, 71-79, 81-104, 115, and associated figures; this is any of the subject matter related to associating a device or packet with an existing or new device ID, such as via the many means described in the cited portions, for example); and
...
Bradley, however, discloses ...
...
Determining, when the device connects to the network, whether there is a match between the device to the existing session ID and the device tracking information to identify that the device associated with a security policy has previously connected to the network (Exemplary Citations: for example, Paragraphs 15-17, 20, 21, 25, 30-34, 36, 41, 45-48, 52-54, 58, 60-64, 67, 71, 73, 81-88, 91, 94-96, 107, 109-112, 117, and associated figures; determining if device has existing ID, for example); ...
Therefore, the combination of Loach in view of Bradley discloses the amended limitation.  The Examiner also notes that everything being argued by Applicant is now intended use that has no patentable weight, as disclosed below.  
Applicant then chains this argument to the final limitation: “Since the feature above related to the ‘security policy’ is not disclosed, Applicant submits that the step of applying the security policy to the device is not disclosed.  Again, this is in part because the reference to the security policy relates specifically to a device previously connected to the network, which Loach does not consider nor disclose.  Therefore, this applying feature of claim 1 is not disclosed or suggested in Loach.”  Applicant believes that a device will only ever connect to Loach a single time in the lifetime of the Universe, which is simply incorrect.  Indeed, Loach discloses many packets received from the same devices.  As one example of myriad disclosures in Loach, paragraph 87 states “The stored last IP ID of the matched Device ID is updated with the IP ID of the current packet.”  This clearly shows that a device ID matched a previous device ID and the IP ID is updated.  With respect to the policy, Loach explicitly references a “policy” that may be stored in a “Policy Repository” and includes “policy rules” that determine what actions to take.  Applicant is directed to the entirety of Loach, such as paragraph 120, which describes evaluating a policy for the device and determining if the packet should be forwarded or not.  
Applicant alleges “Bradley does not disclose the concept of adding the device tracking information to the network synchronization information each time the device connects to the network through one of the plurality of switches.  The cited portions as mentioned in the Office Action focus on transactions that can be added to the distributed database.  However, there does not appear to be any mention of the overall structure of claim 1 in which the device tracking information is added to the network synchronization information that is provided each time the device connects to the network through one of the plurality of switches.  Thus, this feature is not disclosed or suggested.”  Applicant provides no actual reasons here though.  Applicant's arguments fail to comply with 37 CFR 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references.  Furthermore, claim 1 now requires that the network sync information is received periodically.  Therefore, Applicant’s arguments are moot.  With respect to the receiving limitation, as amended in the supplemental amendment, Bradley discloses the following:
Bradley, however, discloses receiving, periodically and at a centralized controller from a plurality of switches in a network, network synchronization information, the network synchronization information comprising an existing session ID and device tracking information that is added to the network synchronization information each time that the device connects to the network through one of the plurality of switches (Exemplary Citations: for example, Paragraphs 15-17, 20, 21, 25, 30-34, 36, 41, 45-48, 52-54, 58, 60-64, 67, 71, 73, 81-88, 91, 94-96, 107, 109-112, 117, and associated figures; periodically receiving data from SP or distributed database, including session IDs, session objects, network addresses, user IDs, client IDs, histories, locations, etc., as examples, where transaction can be added to distributed database for every access, for example);
Therefore, Bradley discloses the current limitation, as amended after Applicant’s 6/8/2022 argument.  

Claim Interpretation
The claims include subject matter that has no patentable weight.  For example, subject matter that is intended use and not actually performed has no patentable weight.  Examples of this are “to maintain the existing session ID and the device tracking information consistently across the network independent of where in the network the device has connected”, “to identify that the device associated with a security policy has previously connected to the network”, and similar language.  

Claim Objections
Claims 1 and 2 are objected to because of the following informalities:  
Claim 1 uses the acronym ID.  The first time an acronym is used in the claims, it must be defined.  
Claim 2 uses the acronyms IP and MAC.  The first time an acronym is used in the claims, it must be defined.  
Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

The following is a quotation of pre-AIA  35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA  35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

Claims 1-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. 
Claim 1 states “receiving, periodically and at a centralized controller from a plurality of switches in a network, network synchronization information, the network synchronization information comprising an existing session ID and device tracking information that is added to the network synchronization information each time that the device connects to the network through one of the plurality of switches”.  This does not have basis in the application as originally filed.  As discussed in the interview, there is no basis for receiving the network synchronization information from the plurality of switches each time a device connects to the network through one of the switches.  
All independent claims have the same issue and are rejected for the same reasons.  All dependent claims are rejected at least based on their dependencies.  
Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. 
Claim 1 states “receiving, periodically and at a centralized controller from a plurality of switches in a network, network synchronization information, the network synchronization information comprising an existing session ID and device tracking information that is added to the network synchronization information each time that the device connects to the network through one of the plurality of switches”.  It is unclear how the controller could receive this network synchronization information “periodically” and “each time that the device connects to the network through one of the plurality of switches” in one single step.  All independent claims have the same issue and are rejected for the same reasons.  All dependent claims are rejected at least based on their dependencies.  
Claim 1 states “storing, as managed by the centralized controller and in a database, the existing session ID...”.  It is unclear how this storing is performed and how this management by the centralized controller is performed, as well as how the 2 are intertwined to create this limitation.  The claim does not define that the controller stores the data, but also does not define what entity stores the data.  All independent claims have the same issue and are rejected for the same reasons.  All dependent claims are rejected at least based on their dependencies.  
Claim 1 recites the limitation "the device associated with a security policy" in the determining limitation.  There is insufficient antecedent basis for this limitation in the claim. All independent claims have the same issue and are rejected for the same reasons.  All dependent claims are rejected at least based on their dependencies.  
Claims 3, 10, and 17 are rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends.  Claim 1 requires that there is a match (e.g., “based on the match, applying the security policy to the device”.  However, claim 3 attempts to modify claim 1 to require that “there is not a match”.  Therefore, claim 3 does not further define claim 1 and, rather, changes claim 1 to remove a limitation required thereby and change it to be the opposite of what claim 1 requires.  Claims 10 and 17 have the same issue and are rejected for the same reasons.  Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 7-11, and 14-18 are rejected under 35 U.S.C. 103 as being unpatentable over Loach (U.S. Patent Application Publication 2015/0180774) in view of Bradley (U.S. Patent Application Publication 2017/0289134).
Regarding Claim 1,
Loach discloses a method for tracking a device at a network independent of where the device connects to the network, the method comprising:
Receiving, at a centralized controller from a plurality of switches in a network, network synchronization information, the network synchronization information comprising device tracking information (Exemplary Citations: for example, Abstract, Paragraphs 40, 42-45, 49-69, 71-79, 81-104, 106, 115, and associated figures; receiving data from other devices at the system, where the system is a switch/router (e.g., paragraph 106) connected to other routers/switches, as well as other similar systems that are themselves switches/routers, where the data includes packets, which include addresses and other information, for example);
Storing, as managed by the centralized controller and in a database, the existing session ID and the device tracking information (Exemplary Citations: for example, Abstract, Paragraphs 40, 42-45, 49-69, 71-79, 81-104, 115, and associated figures; this is any of the subject matter related to associating a device or packet with an existing or new device ID, such as via the many means described in the cited portions and storing thereof in a database, for example);
Determining, when the device connects to the network, whether there is a match between the device to the existing session ID and the device tracking information to identify that the device associated with a security policy has previously connected to the network (Exemplary Citations: for example, Abstract, Paragraphs 40, 42-45, 49-69, 71-79, 81-104, 115, and associated figures; this is any of the subject matter related to associating a device or packet with an existing or new device ID, such as via the many means described in the cited portions, for example); and
Based on the match, applying the security policy to the device (Exemplary Citations: for example, Abstract, Paragraphs 42, 43, 74-79, 120-123, and associated figures; this could be an enforcement action, dropping of a packet, marking a packet, forwarding the packet, sending the packet elsewhere for further processing, or the like.  Additionally, this could be found in the above citations (Exemplary Citations: for example, Abstract, Paragraphs 40, 42-45, 49-69, 71-79, 81-104, 115, and associated figures) disclosure of additional processing, such as updating of the device model, updating of information related to a device ID, associating a packet with the device ID, or any other functionality based on the above-described identifying, since all functionality based thereon is applied based on the policy that is the disclosure of Loach, for example);
But does not explicitly disclose that the network synchronization information is received periodically, that the network synchronization information comprises the existing session ID, that the device tracking information is added to the network synchronization information each time that the device connects to the network through one of the plurality of switches, and to maintain the existing session ID and the device tracking information consistently across the network independent of where in the network the device has connected.  
Bradley, however, discloses receiving, periodically and at a centralized controller from a plurality of switches in a network, network synchronization information, the network synchronization information comprising an existing session ID and device tracking information that is added to the network synchronization information each time that the device connects to the network through one of the plurality of switches (Exemplary Citations: for example, Paragraphs 15-17, 20, 21, 25, 30-34, 36, 41, 45-48, 52-54, 58, 60-64, 67, 71, 73, 81-88, 91, 94-96, 107, 109-112, 117, and associated figures; periodically receiving data from SP or distributed database, including session IDs, session objects, network addresses, user IDs, client IDs, histories, locations, etc., as examples, where transaction can be added to distributed database for every access, for example);
Storing, as managed by the centralized controller and in a database, the existing session ID and the device tracking information to maintain the existing session ID and the device tracking information consistently across the network independent of where in the network the device has connected (Exemplary Citations: for example, Paragraphs 15-17, 20, 21, 25, 30-34, 36, 41, 45-48, 52-54, 58, 60-64, 67, 71, 73, 81-88, 91, 94-96, 107, 109-112, 117, and associated figures; store in database, replicate/propagate to all other distributed database instances, as examples);
Determining, when the device connects to the network, whether there is a match between the device to the existing session ID and the device tracking information to identify that the device associated with a security policy has previously connected to the network (Exemplary Citations: for example, Paragraphs 15-17, 20, 21, 25, 30-34, 36, 41, 45-48, 52-54, 58, 60-64, 67, 71, 73, 81-88, 91, 94-96, 107, 109-112, 117, and associated figures; determining if device has existing ID, for example); and
Based on the match, applying the security policy to the device (Exemplary Citations: for example, Paragraphs 15-17, 20, 21, 25, 30-34, 36, 41, 45-48, 52-54, 58, 60-64, 67, 71, 73, 81-88, 91, 94-96, 107, 109-112, 117, and associated figures; allow, deny, or any other action, for example).  It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention, which is before any effective filing date of the claimed invention, to incorporate the distributed database techniques of Bradley into the device analysis system of Loach in order to allow the system to properly synchronize data in a distributed database, to provide for a very extensive risk analysis, to allow each device to weight risk values independently, and/or to increase security in the system.  
Regarding Claim 8,
Claim 8 is a system claim that is broader than method claim 1 and is rejected for the same reasons.  
Regarding Claim 15,
Claim 15 is a medium claim that is broader than method claim 1 and is rejected for the same reasons.  
Regarding Claim 2,
Loach as modified by Bradley discloses the method of claim 1, in addition, Loach discloses that the device tracking information comprises IP device tracking information and remote authentication dial in user service accounting information, the IP device information tracking a MAC address and IP address of a device locally connecting to the network and the remote authentication dial in user service accounting information tracking a device remotely connecting to the network (Exemplary Citations: for example, Abstract, Paragraphs 40, 42-45, 49-69, 71-79, 81-104, 115, and associated figures; IP address, MAC address, and RADIUS information used in tracking a device, for example); and
Bradley discloses that the device tracking information comprises IP device tracking information, the IP device information tracking a MAC address and IP address of a device locally connecting to the network (Exemplary Citations: for example, Paragraphs 15-17, 20, 21, 25, 30-34, 36, 41, 45-48, 52-54, 58, 60-64, 67, 71, 73, 81-88, 91, 94-96, 107, 109-112, 117, and associated figures).  
Regarding Claim 9,
Claim 9 is a system claim that is broader than method claim 2 and is rejected for the same reasons.  
Regarding Claim 16,
Claim 16 is a medium claim that is broader than method claim 2 and is rejected for the same reasons.  
Regarding Claim 3,
Loach as modified by Bradley discloses the method of claim 1, in addition, Loach discloses determining that there is not a match between the device to the existing session ID and the device tracking information (Exemplary Citations: for example, Abstract, Paragraphs 40, 42-45, 49-69, 71-79, 81-104, 115, 120-123, and associated figures);
Based on the determination that there is not a match, assigning a current session ID (Exemplary Citations: for example, Abstract, Paragraphs 40, 42-45, 49-69, 71-79, 81-104, 115, 120-123, and associated figures);
Receiving a notification of a new authorization associated with the device (Exemplary Citations: for example, Abstract, Paragraphs 40, 42-45, 49-69, 71-79, 81-104, 115, 120-123, and associated figures); and
Storing the current session ID (Exemplary Citations: for example, Abstract, Paragraphs 40, 42-45, 49-69, 71-79, 81-104, 115, 120-123, and associated figures); and
Bradley discloses determining that there is not a match between the device to the existing session ID and the device tracking information (Exemplary Citations: for example, Paragraphs 15-17, 20, 21, 25, 30-34, 36, 41, 45-48, 52-54, 58, 60-64, 67, 71, 73, 81-88, 91, 94-96, 107, 109-112, 117, and associated figures);
Based on the determination that there is not a match, assigning a current session ID (Exemplary Citations: for example, Paragraphs 15-17, 20, 21, 25, 30-34, 36, 41, 45-48, 52-54, 58, 60-64, 67, 71, 73, 81-88, 91, 94-96, 107, 109-112, 117, and associated figures);
Receiving a notification of a new authorization associated with the device (Exemplary Citations: for example, Paragraphs 15-17, 20, 21, 25, 30-34, 36, 41, 45-48, 52-54, 58, 60-64, 67, 71, 73, 81-88, 91, 94-96, 107, 109-112, 117, and associated figures); and
Storing the current session ID (Exemplary Citations: for example, Paragraphs 15-17, 20, 21, 25, 30-34, 36, 41, 45-48, 52-54, 58, 60-64, 67, 71, 73, 81-88, 91, 94-96, 107, 109-112, 117, and associated figures).  
Regarding Claim 4,
Loach as modified by Bradley discloses the method of claim 1, in addition, Loach discloses that, based on the match, a prior authorization specific to the device is retrieved (Exemplary Citations: for example, Abstract, Paragraphs 40, 42-45, 49-69, 71-79, 81-104, 115, and associated figures; previous packets associated with the device ID were already authorized, RADIUS information, or the like, as examples); and
Bradley discloses that, based on the match, a prior authorization specific to the device is retrieved (Exemplary Citations: for example, Paragraphs 15-17, 20, 21, 25, 30-34, 36, 41, 45-48, 52-54, 58, 60-64, 67, 71, 73, 81-88, 91, 94-96, 107, 109-112, 117, and associated figures; getting already existing session information, for example).  
Regarding Claim 11,
Claim 11 is a system claim that is broader than method claim 4 and is rejected for the same reasons.  
Regarding Claim 18,
Claim 18 is a medium claim that is broader than method claim 4 and is rejected for the same reasons.  
Regarding Claim 7,
Loach as modified by Bradley discloses the method of claim 1, in addition, Loach discloses determining, based on the device being inactive for a period of time, that the device is no longer network hopping (Exemplary Citations: for example, Abstract, Paragraphs 40, 42-45, 49-69, 71-79, 81-104, 115, and associated figures; after idle or timeout timer, for example); and
Based on the determination, clearing the existing session ID (Exemplary Citations: for example, Abstract, Paragraphs 40, 42-45, 49-69, 71-79, 81-104, 115, and associated figures; setting as idle or deleting, as examples).  
Regarding Claim 14,
Claim 14 is a system claim that corresponds to method claim 7 and is rejected for the same reasons.  
Regarding Claim 10,
Loach as modified by Bradley discloses the system of claim 8, in addition, Loach discloses the server further to:
Determine that there is not a match between the device to the existing session ID and the device tracking information (Exemplary Citations: for example, Abstract, Paragraphs 40, 42-45, 49-69, 71-79, 81-104, 115, 120-123, and associated figures);
Based on the determination that there is not a match, assign a current session ID (Exemplary Citations: for example, Abstract, Paragraphs 40, 42-45, 49-69, 71-79, 81-104, 115, 120-123, and associated figures); and
Store the current session ID (Exemplary Citations: for example, Abstract, Paragraphs 40, 42-45, 49-69, 71-79, 81-104, 115, 120-123, and associated figures); and
Bradley discloses the server further to:
Determine that there is not a match between the device to the existing session ID and the device tracking information (Exemplary Citations: for example, Paragraphs 15-17, 20, 21, 25, 30-34, 36, 41, 45-48, 52-54, 58, 60-64, 67, 71, 73, 81-88, 91, 94-96, 107, 109-112, 117, and associated figures);
Based on the determination that there is not a match, assign a current session ID (Exemplary Citations: for example, Paragraphs 15-17, 20, 21, 25, 30-34, 36, 41, 45-48, 52-54, 58, 60-64, 67, 71, 73, 81-88, 91, 94-96, 107, 109-112, 117, and associated figures); and
Store the current session ID (Exemplary Citations: for example, Paragraphs 15-17, 20, 21, 25, 30-34, 36, 41, 45-48, 52-54, 58, 60-64, 67, 71, 73, 81-88, 91, 94-96, 107, 109-112, 117, and associated figures).  
Regarding Claim 17,
Claim 17 is a medium claim that is corresponds to system claim 10 and is rejected for the same reasons.  

Claims 5, 12, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Loach in view of Bradley and Orr (U.S. Patent 5,727,157).
Regarding Claim 5,
Loach does not appear to explicitly disclose periodically polling all devices for a newly connected device.  
Orr, however, discloses periodically polling all devices for a newly connected device (Exemplary Citations: for example, Abstract, Column 4, lines 43-56 and associated figures; periodically polling all devices to confirm all nodes connected, for example).  It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention, which is before any effective filing date of the claimed invention, to incorporate the network discovery techniques of Orr into the device analysis system of Loach as modified by Bradley in order to allow the system to find new devices that are connected, even if those devices have not yet sent packets, to properly maintain a network topology, to ensure that the network devices in the topology are removed when they are no longer in the network, and/or to maintain currency of network device knowledge.  
Regarding Claim 12,
Claim 12 is a system claim that is broader than method claim 5 and is rejected for the same reasons.  
Regarding Claim 19,
Claim 19 is a medium claim that is broader than method claim 5 and is rejected for the same reasons.  

Claims 6, 13, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Loach in view of Bradley and Nampelly (U.S. Patent Application Publication 2016/0366040).
Regarding Claim 6,
Loach as modified by Bradley discloses the method of claim 1, in addition, Loach discloses receiving a notification from an entity that the device has connected (Exemplary Citations: for example, Abstract, Paragraphs 40, 42-45, 49-69, 71-79, 81-104, 115, 120-123, and associated figures);
But does not explicitly disclose that the entity is an SNMP trap.  
Nampelly, however, discloses receiving a notification from an SNMP trap that the device has connected (Exemplary Citations: for example, Abstract, Paragraphs 19-25, 27-29, and associated figures; SNMP trap, for example).  It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention, which is before any effective filing date of the claimed invention, to incorporate the profiling techniques of Nampelly into the device analysis system of Loach as modified by Bradley in order to allow the system to better detect attributes of connecting devices, to provide for probes specific to each type of device, to allow for use of additional protocols, and/or to increase security in the system.  
Regarding Claim 13,
Claim 13 is a system claim that is broader than method claim 6 and is rejected for the same reasons.  
Regarding Claim 20,
Claim 20 is a medium claim that is broader than method claim 6 and is rejected for the same reasons.  

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jeffrey D Popham whose telephone number is (571)272-7215. The examiner can normally be reached Monday through Friday 9:00-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/Jeffrey D. Popham/Primary Examiner, Art Unit 2432