DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claims 1-2, 5, 8-9, 12, 15-16, and 18 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Bryant et al. (US 2005/0063377 A1) in view of Gray et al. (US 2009/0028118 A1).
As to claim 1, Bryant teaches a method comprising:
monitoring network traffic between a source device [client 202] and an authentication system [server 204] (par. [0002], [0047]-[0048]);
inspecting a data packet from the source device of the network traffic [analyzing monitored packets] (par. [0047]-[0048]), [0057]);
identifying, based on monitoring the network traffic, one or more authentication attempts associated with the source device (par. [0003], [0038], [0081]); and
updating, base on the one or more authentication attempts, the record in the device status table corresponding to the source device [logging messages and reporting on the sender, receiver, time, status, and other parameters associated with the messages and endpoints (par. [0080]) to indicate a status of the source device [statement of intended use].
While Bryant teaches database 122 that logs messages and reports, as discussed above, Bryant fails to expressly teach determining, based on inspection of the data packet, whether the source device is included in a device status table; and in response to determining that the source device of the data packet is not included in the device status table, adding a record in the device status table corresponding to the source device.
Gray is directed to detection of rogue and other devices by monitoring traffic (abstract, par. [0009]). In particular, Gray teaches determining, based on inspection of the data packet, whether the source device is included in a device status table [detecting a new/unknown device] (par. [0051]); and in response to determining that the source device of the data packet is not included in the device status table, adding a record in the device status table corresponding to the source device [creating a new entry into a rogue_master_table and reporting to a network administrator] (par. [0051]).
It would have been obvious to one of ordinary skill in the art at the time of the invention to modify the method and system of Bryant by determining, based on inspection of the data packet, whether the source device is included in a device status table; and in response to determining that the source device of the data packet is not included in the device status table, adding a record in the device status table corresponding to the source device in order to keep messages and reports associated with endpoints, including new endpoints organized in a table as was well known in the art at the time the invention was made.

As to claim 2, Bryant teaches that monitoring network traffic between the source device and the authentication system is performed by a monitoring device [monitor system 100] communicatively coupled to the source device and the authentication system (Figs. 2A-2C).

As to claim 5, Bryant teaches that updating the record in the device status table comprises determining that the one or more authentication attempts were successful (par. [0075], [0081]); and marking the source device as authenticated in the device status table (par. [0080]).

As to claim 8, Bryant in view of Gray teaches a system (Figs. 2A-2C in Bryant) comprising: a memory; and a processing device, operably coupled to the memory (par. [0070]) in Bryant), to perform the method steps as discussed per claim 1 above.

As to claim 15, Bryant in view of Gray teaches a non-transitory computer readable medium having instructions encoded thereon that (par. [0070] in Bryant), when executed by a processing device (Figs. 2A-2C in Bryant), cause the processing device to perform the method steps as discussed per claim 1 above.

As to claims 9, 12, 16, and 18, Bryant teaches all the elements as discussed per claims 2 and 5 above.

Claims 3 and 10 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Bryant et al. in view of Gray et al. and in further view of Taylor (US 2009/0274060 A1).
As to claims 3 and 10, Bryant in view of Gray teaches all the elements except that monitoring network traffic between the source device and the authentication system comprises receiving replicated network traffic at a monitoring device [monitor system 100], wherein the replicated network traffic is replicated and forwarded to the monitoring device from a network communication device [router 208 or switch 212].
Taylor is directed to a system and method for remote monitoring (abstract). In particular, Taylor teaches a data replicating functionality (par. [0002]) configured to replicate data traffic and send a replicate of the data traffic to a monitoring device [observer 406] (par. [0048], [0051]).
It would have been obvious to one of ordinary skill in the art at the time of the invention to modify the method and system of Bryant in view of Gray by having the switch or the router perform data replicating functionality such that the router or switch is configured to replicate data traffic and send a replicate of the data traffic to the monitor system in order to selectively forward some packets to the monitoring system 100 of Bryant instead of having the monitoring system 100 of Bryant having to examine every packets that traverses the network towards the server 204 (par. [0050] in Taylor).

Claims 4, 6-7, 11, 13-14, 17, and 19-20 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Bryant et al. in view of Gray et al. and in further view of Wahl (US 2008/0034412 A1).
As to claims 4, 11, and 17, Bryant in view of Gray teaches all the elements except in response to adding the record in the device status table, making the source device as guest in the device status table. In Gray, the added device is marked as “rogue” (par. [0051]).
Wahl is directed to intercepting access requests before the reach the target resource and checking status of the user for the resource in the database (abstract). In particular, Wahl teaches marking the source device as guest in the device status table [PENDING] (par. [0041], [0042]-[0043], Fig. 4 in Wahl).
It would have been obvious to one of ordinary skill in the art at the time of the invention to modify the method and system of Bryant in view of Gray by making the source device as guest in the device status table in order to allow the administrator to determine whether to place the discovered device in the ignored category (par. [0051] in Gray).

As to claims 6, 13, and 19, Bryant teaches that the monitor system 100 can confirm the identity of the entity making a request by searching the stored messages according to various criteria (par. [0076], [0081]). However, Bryant in view of Gray fails to expressly teach in response to marking the source device as authenticated in the device status table, providing the source device with access permissions to one or more network resources.
Wahl is directed to intercepting access requests before they reach the target resource and checking status of the user for the resource in the database (abstract). In particular, Wahl teaches in response to marking the source device as authenticated in the device status table, providing the source device with access permissions to one or more network resources (par. [0041]).
It would have been obvious to one of ordinary skill in the art at the time of the invention to modify the method and system of Bryant by providing the source device with access permissions to one or more network resources in response to marking the source device as authenticated in the device status table in order to avoid malicious attached and information misuse (par. [0075] in Bryant; par. [0013] in Wahl). 

As to claims 7, 14, and 20, Bryant in view of Gray teaches all the elements except that updating the record in the device status table comprises determining that a threshold number of authentication attempts associated with the source device have failed; and marking the source device as rogue in the device status table.
Wahl is directed to intercepting access requests before they reach the target resource and checking status of the user for the resource in the database (abstract). In particular, Wahl teaches determining that a threshold number of authentication attempts associated with the source device have failed; and marking the source device as rogue in the device status table [changing user status from PENDING to LOCKOUT] (par. [0043]-[0046], Fig. 4 in Wahl).
It would have been obvious to one of ordinary skill in the art at the time of the invention to modify the method and system of Bryant by determining that a threshold number of authentication attempts associated with the source device have failed; and marking the source device as rogue in the device status table in order to avoid malicious attached and information misuse (par. [0075] in Bryant; par. [0013] in Wahl). 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to OLEG SURVILLO whose telephone number is (571)272-9691. The examiner can normally be reached 9:00am - 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William Trost can be reached on 571-272-7872. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/OLEG SURVILLO/Primary Examiner, Art Unit 2442