Remarks
Claims 1, 2, 4-9, 11-16, and 18-20 are pending.  

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant's arguments filed 10/18/2022 have been fully considered but they are not persuasive.
Applicant alleges “Applicant has amended the claims and submits that the combination of references fails to disclose each feature of the claims.  Claim 1 is addressed first and the amendments to claim 1 address the argument on page 7 of the Office Action that the positions argued were content in the claims that are only intended use and were given no patentable weight.  When the maintaining and identifying steps are given patentable weight, then the combination of references fails to disclose these features.”  To the contrary, these limitations were rejected in full in the last office action, as they were previously found.  As no argument is present other than  a general allegation, no response is possible yet.  Applicant's arguments fail to comply with 37 CFR 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references.
Applicant alleges “The Office Action on pages 7, 15, and 17 had asserted that the ‘determining’ step had been disclosed by both Loach (page 15) and by Bradley (page 17).  However, this analysis was done while giving no patentable weight to the concept of identifying that the device associated with the security policy had previously connected to the network.”  This is not exactly correct.  All limitations of all claims were fully rejected previously.  While certain subject matter was also highlighted as having no patentable weight, such subject matter was still fully rejected using the prior art.  
Applicant then appears to quote the determining and identifying limitations of claim 1 and alleges “Neither the cited portions of Loach listed on page 15 nor the cited portions of Bradley listed on pages 17-18 include the concept of identifying, based on the match, that the device is associated with a security policy and has previously connected to the network to yield an identification.  In the analysis on page 17 with respect to the various paragraphs cited from Bradley, it merely states that ‘determining if device has existing ID, for example’ for the summary of the teachings of Bradley.  Applicant has not found the identifying step in any of the disclosure of Loach or Bradley.”  However, Applicant fails to provide any argument as to why this disclosure of Bradley is believed to fail to disclose the argued subject matter.  Indeed, determining if there is an existing ID for this device both shows that an identification of an existing ID as well as policy (since a policy may correspond to all functionality within the references that is performed for this device) are found.  Furthermore, Applicant fails to even attempt to argue the primary reference, Loach, in this respect.  Loach was previously cited as disclosing the following:
Determining, when the device connects to the network, whether there is a match between the device to the existing session ID and the device tracking information to identify that the device associated with a security policy has previously connected to the network (Exemplary Citations: for example, Abstract, Paragraphs 40, 42-45, 49-69, 71-79, 81-104, 115, and associated figures; this is any of the subject matter related to associating a device or packet with an existing or new device ID, such as via the many means described in the cited portions, for example); and
Based on the match, applying the security policy to the device (Exemplary Citations: for example, Abstract, Paragraphs 42, 43, 74-79, 120-123, and associated figures; this could be an enforcement action, dropping of a packet, marking a packet, forwarding the packet, sending the packet elsewhere for further processing, or the like.  Additionally, this could be found in the above citations (Exemplary Citations: for example, Abstract, Paragraphs 40, 42-45, 49-69, 71-79, 81-104, 115, and associated figures) disclosure of additional processing, such as updating of the device model, updating of information related to a device ID, associating a packet with the device ID, or any other functionality based on the above-described identifying, since all functionality based thereon is applied based on the policy that is the disclosure of Loach, for example);
Therefore, Loach indisputably discloses identifying, based on the match, that the device is associated with a security policy and has previously connected to the network to yield an identification.  
Applicant goes on to allege “since the identifying step is not disclosed, the final step of based on the identification, applying the security policy to the device, is also not disclosed in Bradley.  Page 18 lists a number of paragraphs from Bradley which relate to allowing or denying access to a device.”  The Examiner thanks Applicant for admitting that Bradley discloses applying the security policy to the device and, in fact, tacitly admitting that Bradley discloses based on the match, applying the security policy to the device, since this is what was previously rejected.  The Examiner also notes that Applicant’s allegation simply chains this to the previous erroneous argument regarding the identifying limitation (“since the identifying step is not disclosed...”).  As this has been proven to be within the art above, Applicant’s allegation is clearly incorrect.  
Applicant continues by alleging “However, for example, in FIG 1B of Bradley, step 186 in which an access request is received, and the response is to deny access 188/190 based on the distributed database, states nothing with respect to applying a security policy to a device based on the identification, which identification is related to whether or not the device is associated with the security policy and has previously connected to the network.”  Applicant appears to be arguing the final 2 limitations here, but has already admitted to the majority of the final limitation being within the references.  For clarity, Loach discloses based on the identification, applying the security policy to the device in Loach’s disclosure of an enforcement action, dropping of a packet, marking a packet, forwarding the packet, sending the packet elsewhere for further processing, or the like.  Additionally, this could be found in the above citations (Exemplary Citations: for example, Abstract, Paragraphs 40, 42-45, 49-69, 71-79, 81-104, 115, and associated figures) disclosure of additional processing, such as updating of the device model, updating of information related to a device ID, associating a packet with the device ID, or any other functionality based on the above-described identifying, since all functionality based thereon is applied based on the policy that is the disclosure of Loach, for example.  Also, Bradley discloses identifying, based on the match, that the device is associated with a security policy and has previously connected to the network to yield an identification in Bradley’s disclosure of allow, deny, or any other action, for example, which is based on determining if device has existing ID, for example.  
Again, Applicant has ignored all citations to Loach and solely argued Bradley.  In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).  Loach discloses many packets received from the same devices.  As one example of myriad disclosures in Loach, paragraph 87 states “The stored last IP ID of the matched Device ID is updated with the IP ID of the current packet.”  This clearly shows that a device ID matched a previous device ID and the IP ID is updated.  With respect to the policy, Loach explicitly references a “policy” that may be stored in a “Policy Repository” and includes “policy rules” that determine what actions to take.  Applicant is directed to the entirety of Loach, such as paragraph 120, which describes evaluating a policy for the device and determining if the packet should be forwarded or not.  

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1, 2, 4-9, 11-16, and 18-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Claim 1 states “the device tracking information comprising an existing session identification (ID)”.  However, the claim then states “storing, by the centralized controller and in a database, the existing session ID and the device tracking information to yield stored data”.  The application as originally filed does not include basis for duplicate storing of the same piece of data in this fashion.  The same issue is present for numerous additional limitations, including anywhere both the existing session ID and device tracking information are referenced, based on Applicant’s amendment that they are the same.  All independent claims have similar issues and are rejected for the same reasons.  All dependent claims are rejected at least based on their dependencies.  
Claim 1 states “identifying, based on the match, that the device is associated with a security policy and has previously connected to the network to yield an identification”.  The application as originally filed does not have basis for the “identifying, based on the match, that the device is associated with a security policy” or “to yield an identification” aspects of this limitation.  The final limitation of claim 1 also does not have basis in the application as originally filed, since the yielding of the identification is not found therein, applying the policy is not “based on the identification” in the application as originally filed.  All independent claims have similar issues and are rejected for the same reasons.  All dependent claims are rejected at least based on their dependencies.  

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1, 2, 4-9, 11-16, and 18-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.  
Claim 1 states “the device tracking information comprising an existing session identification (ID)”.  However, the claim then states “storing, by the centralized controller and in a database, the existing session ID and the device tracking information to yield stored data”.  It is unclear just what the differences between the device tracking information and the existing session ID are in order to be separately stored.  In fact, the claim states that the device tracking information comprises only the existing session ID.  Therefore, storing of each separately is not possible, since one comprises the other.  The same issue is present for numerous additional limitations, including anywhere both the existing session ID and device tracking information are referenced, based on Applicant’s amendment that they are the same.  All independent claims have similar issues and are rejected for the same reasons.  All dependent claims are rejected at least based on their dependencies.  

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 4, 7-9, 11, 14-16, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Loach (U.S. Patent Application Publication 2015/0180774) in view of Bradley (U.S. Patent Application Publication 2017/0289134).
Regarding Claim 1,
Loach discloses a method for tracking a device at a network independent of where the device connects to the network, the method comprising:
Receiving, via a network synchronization with a plurality of switches in a network, at a centralized controller and from the plurality of switches in the network, device tracking information associated with each time that the device connects to the network through one of the plurality of switches (Exemplary Citations: for example, Abstract, Paragraphs 40, 42-45, 49-69, 71-79, 81-104, 106, 115, and associated figures; receiving data from other devices at the system, where the system is a switch/router (e.g., paragraph 106) connected to other routers/switches, as well as other similar systems that are themselves switches/routers, where the data includes packets, which include addresses and other information, for example);
Storing, by the centralized controller and in a database, the existing session ID and the device tracking information to yield stored data (Exemplary Citations: for example, Abstract, Paragraphs 40, 42-45, 49-69, 71-79, 81-104, 115, and associated figures; this is any of the subject matter related to associating a device or packet with an existing or new device ID, such as via the many means described in the cited portions and storing thereof in a database, for example);
Determining, when the device connects to the network, whether there is a match between the device to the existing session ID and the device tracking information (Exemplary Citations: for example, Abstract, Paragraphs 40, 42-45, 49-69, 71-79, 81-104, 115, and associated figures; this is any of the subject matter related to associating a device or packet with an existing or new device ID, such as via the many means described in the cited portions, for example);
Identifying, based on the match, that the device is associated with a security policy and has previously connected to the network to yield an identification (Exemplary Citations: for example, Abstract, Paragraphs 40, 42-45, 49-69, 71-79, 81-104, 115, and associated figures; this is any of the subject matter related to associating a device or packet with an existing or new device ID, such as via the many means described in the cited portions, for example); and
Based on the identification, applying the security policy to the device (Exemplary Citations: for example, Abstract, Paragraphs 42, 43, 74-79, 120-123, and associated figures; this could be an enforcement action, dropping of a packet, marking a packet, forwarding the packet, sending the packet elsewhere for further processing, or the like.  Additionally, this could be found in the above citations (Exemplary Citations: for example, Abstract, Paragraphs 40, 42-45, 49-69, 71-79, 81-104, 115, and associated figures) disclosure of additional processing, such as updating of the device model, updating of information related to a device ID, associating a packet with the device ID, or any other functionality based on the above-described identifying, since all functionality based thereon is applied based on the policy that is the disclosure of Loach, for example);
But does not explicitly disclose that the network synchronization is periodical, that the received device tracking information comprises an existing session ID, and maintaining, based on the stored data, the existing session ID and the device tracking information consistently across the network independent of where in the network the device has connected.  
Bradley, however, discloses receiving, via a periodical network synchronization with a plurality of switches in a network, at a centralized controller and from the plurality of switches in the network, device tracking information associated with each time that the device connects to the network through one of the plurality of switches, the device tracking information comprising an existing session ID (Exemplary Citations: for example, Paragraphs 15-17, 20, 21, 25, 30-34, 36, 41, 45-48, 52-54, 58, 60-64, 67, 71, 73, 81-88, 91, 94-96, 107, 109-112, 117, and associated figures; periodically receiving data from SP or distributed database, including session IDs, session objects, network addresses, user IDs, client IDs, histories, locations, etc., as examples, where transaction can be added to distributed database for every access, for example);
Storing, by the centralized controller and in a database, the existing session ID and the device tracking information to yield stored data (Exemplary Citations: for example, Paragraphs 15-17, 20, 21, 25, 30-34, 36, 41, 45-48, 52-54, 58, 60-64, 67, 71, 73, 81-88, 91, 94-96, 107, 109-112, 117, and associated figures; store in database, replicate/propagate to all other distributed database instances, as examples);
Maintaining, based on the stored data, the existing session ID and the device tracking information consistently across the network independent of where in the network the device has connected (Exemplary Citations: for example, Paragraphs 15-17, 20, 21, 25, 30-34, 36, 41, 45-48, 52-54, 58, 60-64, 67, 71, 73, 81-88, 91, 94-96, 107, 109-112, 117, and associated figures; store in database, replicate/propagate to all other distributed database instances, as examples);
Determining, when the device connects to the network, whether there is a match between the device to the existing session ID and the device tracking information (Exemplary Citations: for example, Paragraphs 15-17, 20, 21, 25, 30-34, 36, 41, 45-48, 52-54, 58, 60-64, 67, 71, 73, 81-88, 91, 94-96, 107, 109-112, 117, and associated figures; determining if device has existing ID, for example);
Identifying, based on the match, that the device is associated with a security policy and has previously connected to the network to yield an identification (Exemplary Citations: for example, Paragraphs 15-17, 20, 21, 25, 30-34, 36, 41, 45-48, 52-54, 58, 60-64, 67, 71, 73, 81-88, 91, 94-96, 107, 109-112, 117, and associated figures; determining if device has existing ID, for example); and
Based on the identification, applying the security policy to the device (Exemplary Citations: for example, Paragraphs 15-17, 20, 21, 25, 30-34, 36, 41, 45-48, 52-54, 58, 60-64, 67, 71, 73, 81-88, 91, 94-96, 107, 109-112, 117, and associated figures; allow, deny, or any other action, for example).  It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention, which is before any effective filing date of the claimed invention, to incorporate the distributed database techniques of Bradley into the device analysis system of Loach in order to allow the system to properly synchronize data in a distributed database, to provide for a very extensive risk analysis, to allow each device to weight risk values independently, and/or to increase security in the system.  
Regarding Claim 8,
Claim 8 is a system claim that is broader than method claim 1 and is rejected for the same reasons.  
Regarding Claim 15,
Claim 15 is a medium claim that is broader than method claim 1 and is rejected for the same reasons.  
Regarding Claim 2,
Loach as modified by Bradley discloses the method of claim 1, in addition, Loach discloses that the device tracking information comprises IP device tracking information and remote authentication dial in user service accounting information, the IP device information tracking a MAC address and IP address of a device locally connecting to the network and the remote authentication dial in user service accounting information tracking a device remotely connecting to the network (Exemplary Citations: for example, Abstract, Paragraphs 40, 42-45, 49-69, 71-79, 81-104, 115, and associated figures; IP address, MAC address, and RADIUS information used in tracking a device, for example); and
Bradley discloses that the device tracking information comprises IP device tracking information, the IP device information tracking a MAC address and IP address of a device locally connecting to the network (Exemplary Citations: for example, Paragraphs 15-17, 20, 21, 25, 30-34, 36, 41, 45-48, 52-54, 58, 60-64, 67, 71, 73, 81-88, 91, 94-96, 107, 109-112, 117, and associated figures).  
Regarding Claim 9,
Claim 9 is a system claim that is broader than method claim 2 and is rejected for the same reasons.  
Regarding Claim 16,
Claim 16 is a medium claim that is broader than method claim 2 and is rejected for the same reasons.  
Regarding Claim 4,
Loach as modified by Bradley discloses the method of claim 1, in addition, Loach discloses that, based on the match, a prior authorization specific to the device is retrieved (Exemplary Citations: for example, Abstract, Paragraphs 40, 42-45, 49-69, 71-79, 81-104, 115, and associated figures; previous packets associated with the device ID were already authorized, RADIUS information, or the like, as examples); and
Bradley discloses that, based on the match, a prior authorization specific to the device is retrieved (Exemplary Citations: for example, Paragraphs 15-17, 20, 21, 25, 30-34, 36, 41, 45-48, 52-54, 58, 60-64, 67, 71, 73, 81-88, 91, 94-96, 107, 109-112, 117, and associated figures; getting already existing session information, for example).  
Regarding Claim 11,
Claim 11 is a system claim that is broader than method claim 4 and is rejected for the same reasons.  
Regarding Claim 18,
Claim 18 is a medium claim that is broader than method claim 4 and is rejected for the same reasons.  
Regarding Claim 7,
Loach as modified by Bradley discloses the method of claim 1, in addition, Loach discloses determining, based on the device being inactive for a period of time, that the device is no longer network hopping (Exemplary Citations: for example, Abstract, Paragraphs 40, 42-45, 49-69, 71-79, 81-104, 115, and associated figures; after idle or timeout timer, for example); and
Based on the determination, clearing the existing session ID (Exemplary Citations: for example, Abstract, Paragraphs 40, 42-45, 49-69, 71-79, 81-104, 115, and associated figures; setting as idle or deleting, as examples).  
Regarding Claim 14,
Claim 14 is a system claim that corresponds to method claim 7 and is rejected for the same reasons.  

Claims 5, 12, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Loach in view of Bradley and Orr (U.S. Patent 5,727,157).
Regarding Claim 5,
Loach does not appear to explicitly disclose periodically polling all devices for a newly connected device.  
Orr, however, discloses periodically polling all devices for a newly connected device (Exemplary Citations: for example, Abstract, Column 4, lines 43-56 and associated figures; periodically polling all devices to confirm all nodes connected, for example).  It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention, which is before any effective filing date of the claimed invention, to incorporate the network discovery techniques of Orr into the device analysis system of Loach as modified by Bradley in order to allow the system to find new devices that are connected, even if those devices have not yet sent packets, to properly maintain a network topology, to ensure that the network devices in the topology are removed when they are no longer in the network, and/or to maintain currency of network device knowledge.  
Regarding Claim 12,
Claim 12 is a system claim that is broader than method claim 5 and is rejected for the same reasons.  
Regarding Claim 19,
Claim 19 is a medium claim that is broader than method claim 5 and is rejected for the same reasons.  

Claims 6, 13, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Loach in view of Bradley and Nampelly (U.S. Patent Application Publication 2016/0366040).
Regarding Claim 6,
Loach as modified by Bradley discloses the method of claim 1, in addition, Loach discloses receiving a notification from an entity that the device has connected (Exemplary Citations: for example, Abstract, Paragraphs 40, 42-45, 49-69, 71-79, 81-104, 115, 120-123, and associated figures);
But does not explicitly disclose that the entity is an SNMP trap.  
Nampelly, however, discloses receiving a notification from an SNMP trap that the device has connected (Exemplary Citations: for example, Abstract, Paragraphs 19-25, 27-29, and associated figures; SNMP trap, for example).  It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention, which is before any effective filing date of the claimed invention, to incorporate the profiling techniques of Nampelly into the device analysis system of Loach as modified by Bradley in order to allow the system to better detect attributes of connecting devices, to provide for probes specific to each type of device, to allow for use of additional protocols, and/or to increase security in the system.  
Regarding Claim 13,
Claim 13 is a system claim that is broader than method claim 6 and is rejected for the same reasons.  
Regarding Claim 20,
Claim 20 is a medium claim that is broader than method claim 6 and is rejected for the same reasons.  

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jeffrey D Popham whose telephone number is (571)272-7215. The examiner can normally be reached Monday through Friday 9:00-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/Jeffrey D. Popham/Primary Examiner, Art Unit 2432