DETAILED ACTION
 	Claims 1-20 are pending. Claims 1-2, 4, 8-9, 11, 15-16 and 18 are amended. This is in response to Applicant’s arguments and amendments filed on January 27, 2021.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Authorization
Authorization for this examiner’s amendment was given in an interview with Danny Osborne on February 24, 2021.

Claim Amendments
	1. (Currently Amended) A system comprising: 
 	a hardware data store comprising executable instructions; and 
 	a client device comprising at least one hardware processor, wherein the instructions, when executed by the at least one hardware processor, cause the client device to at least: 
 		transmit an authentication request to an identity manager; 
 	receive, from the identity manager, instructions to obtain a ticket from a key distribution center using a device-identifying certificate comprising a unique device identifier of the client device that is issued by a management service; 

 	authenticate the client device through the identity manager using the ticket, thereby providing secure device compliance verification based on the secure authentication chaining of the unique device identifier.

	2. (Currently Amended) The system of claim 1, wherein the instructions, when executed by the at least one hardware processor, further cause the client device to at least: transmit, to the management service, an enrollment request to enroll the client device with the management service; and receive, from the management service, the device-identifying certificate comprising the unique device identifier.

 	3. (Original) The system of claim 1, wherein the authentication request comprises an authentication credential.

 	4. (Previously Presented) The system of claim 1, wherein the authentication request is transmitted based on a logging into a user account on the identity manager, wherein the identity manager provides access to resources based on permissions of the user account.  



6. (Original) The system of claim 1, wherein the unique device identifier is assigned to the client device by the management service.  

7. (Currently Amended) The system of claim 1, wherein the instructions, when executed by the at least one hardware processor, further cause the client device to at least: transmit a second authentication request to the identity manager; negotiate a second ticket with the key distribution center; transmit the second ticket to the identity manager; and receive, from the identity manager, an indication that the client device is non- compliant with at least one compliance rule of the management service.

 	8. (Previously Presented) A non-transitory computer-readable medium embodying executable instructions, wherein the instructions, when executed by at least one processor, cause a client device to at least: 
 	transmit an authentication request to an identity manager; 
 3


receive, from the identity manager, instructions to obtain a ticket from a key distribution center using a device-identifying certificate comprising a unique device identifier of the client device that is issued by a management service; 
transmit the device-identifying certificate to the key distribution center to obtain the ticket for secure authentication chaining of the unique device identifier, wherein the 
authenticate the client device through the identity manager using the ticket, thereby providing secure device compliance verification based on the secure authentication chaining of the unique device identifier.  

 	9. (Previously Amended) The non-transitory computer-readable medium of claim 8, wherein the instructions, when executed by the at least one processor, further cause the client device to at least: transmit, to the management service, an enrollment request to enroll the client device with the management service; and receive, from the management service, the device-identifying certificate comprising the unique device identifier.  

 	10. (Original) The non-transitory computer-readable medium of claim 8, wherein the authentication request comprises an authentication credential.  

11. (Previously Presented) The non-transitory computer-readable medium of claim 8, wherein the authentication request is transmitted based on a logging into a user account on the identity manager, wherein the identity manager provides access to resources based on permissions of the user account.  



13. (Original) The non-transitory computer-readable medium of claim 8, wherein the unique device identifier is assigned to the client device by the management service.  

14. (Original) The non-transitory computer-readable medium of claim 8, wherein the instructions, when executed by the at least one processor, further cause the client device to at least: transmit a second authentication request to the identity manager; negotiate a second ticket with the key distribution center; transmit the second ticket to the identity manager; and receive, from the identity manager, an indication that the client device is non- compliant with at least one compliance rule of the management service.  

15. (Previously Presented) A method performed by instructions executed in a client device, the method comprising: 
transmitting an authentication request to an identity manager; 
receiving, from the identity manager, instructions to obtain a ticket from a key distribution center using a device-identifying certificate comprising a unique device identifier of the client device that is issued by a management service; 

authenticating the client device through the identity manager using the ticket, thereby providing secure device compliance verification based on the secure authentication chaining of the unique device identifier.  

16. (Previously Presented) The method of claim 15, further comprising: transmitting, to the management service, an enrollment request to enroll the client device with the management service; and receiving, from the management service, the device-identifying certificate comprising the unique device identifier.  

17. (Original) The method of claim 15, wherein the authentication request comprises an authentication credential.  

18. (Previously Presented) The method of claim 15, wherein the authentication request is transmitted based on a logging into a user account on the identity manager, wherein the identity manager provides access to resources based on permissions of the user account.  



20. (Original) The method of claim 15, wherein the unique device identifier is assigned to the client device by the management service.

Reasons for Allowance
The following is an examiner’s statement of reasons for allowance:
 	After further search and consideration, Examiner concedes there is no art singly or in combination teaches all claimed features in claims 1, 8 and 15. Furthermore, Applicant agrees to submit the Terminal Disclaimer to avoid Double Patenting rejection in view of the parent granted Patent No. 10,341,325 in previous action. Therefore, the claims are allowed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”


Inquiry communication
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRI M TRAN whose telephone number is (571)270-1994.  The examiner can normally be reached on Mon-Fri: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung Kim can be reached on 5712723804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/TRI M TRAN/Primary Examiner, Art Unit 2494