Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
The instant application having Application No. 15/937,617 is presented for examination by the examiner.  Claims 1, 18, and 20 have been amended.  Claim 20-22 have been added but claim 20 was already pending.  Claims 1-22 are pending.

Response to Amendment


Claim Objections
Claim 20 (new) is objected to because of the following informalities:  
Newly added claim 20 conflicts with previous claim 20.  As such it will be interpreted as claim 23, the next unused number for purposes of this Office Action.


Response to Arguments
Applicant’s arguments with respect to claim(s) 12/15/20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-23 (new claim 20 renumbered as 23) is/are rejected under 35 U.S.C. 103 as being unpatentable over USP Application Publication 2014/0237545 to applicant Marble in view of USP Application Publication 2014/0359777 to Lam et al., hereinafter Lam.


As per claim 1, Marble teaches a system, comprising:
 a memory or other data storage device configured to store one or both of enterprise mobility management (EMM) data associated with a set of enterprise users of mobile devices (0072) associated with an enterprise and cloud service data associated with use of a cloud service by users associated with the enterprise (0091 and 0103); and the cloud service data includes usage data generated by a cloud service (0103, service behavior on the service is logged, user behavior in logging into Marble Service;  
a processor coupled to the memory or other data storage device (0084) and configured to correlate the EMM data and the cloud service data to analyze usage of the cloud service by said users associated with the enterprise (0105 and 0131 [received log feeds]), including one or both of access of the cloud service using one or more 
Marble does not explicitly teach the EMM data includes usage data generated by an EMM server.  On the other hand Lam teaches this limitation as the mobile server creates and stores usage data received by sensors from mobile devices (0028-30).  This data is used to calculate risk scores.  Marble uses data from many sources to calculate risk scores (Figs. 5 and 15).  Knowing what users are doing on their mobile phone is another source the system of Marble would be interested in because Marble explicitly treats devices that user’s connect to its service as bound to such service (0072).  The claim is obvious because one of ordinary skill in the art can combine known methods which do not produce unpredictable results.  


As per claim 2, Marble teaches to determine a level of risk associated with said access of the cloud service using one or more unmanaged devices and access of the cloud service using one or more unmanaged mobile apps (0107).


As per claim 3, Marble teaches to determine the level of risk at least in part by determining an extent across the enterprise users of said access of the cloud service using one or more unmanaged devices and access of the cloud service using one or more unmanaged mobile apps (0120).


As per claim 4, Marble teaches to determine the level of risk at least in part by determining an application reputation score for one or more of said one or more unmanaged apps (0119).


As per claim 5, Marble teaches to determine the level of risk based on data correlated across multiple cloud service providers (0119 and 0120).


As per claim 6, Marble teaches taking a responsive action determined based at least in part on the determined level of risk (0119).
As per claim 7, Marble teaches to block said one or more unmanaged devices from accessing the cloud service (0057 and 0113).


As per claim 8, Marble teaches to block said one or more unmanaged devices by blocking access to the cloud service by blocking one or more users associated with said one or more unmanaged devices (0057 and 0059).
As per claim 9, Marble teaches to block said one or more unmanaged devices from accessing the cloud service (0057 and 0059).





As per claim 11, Marble teaches to migrate users of an unmanaged app that is a sanctioned app to use of a managed version of the sanctioned app to access the cloud service (0076).


As per claim 12, Marble teaches to map said cloud service provider log data to one or more associated mobile apps (0094 and 0103).


As per claim 13, Marble teaches to generate a dashboard, report, event, alert, or other output reflecting a level of risk associated with said access of the cloud service using one or more unmanaged devices and access of the cloud service using one or more unmanaged mobile apps (0113 and 0126).





As per claim 15, Marble teaches 	the dashboard, report, or other output aggregates risk information by one or more of user, user group, role, sensitivity of enterprise data accessible via the cloud service, unmanaged app, unsanctioned app, and unmanaged device (0129).


As per claim 16, Marble teaches the processor is further configured to assign a risk score to each of a plurality of component risks identified by said analysis of usage of the cloud service and to combine the component risk scores to determine a consolidated risk score (0119 and 0126).
As per claim 17, Marble teaches the EMM data is received from a plurality of EMM data sources (0119).
As per claim 18 and 20, they are rejected for the same reasons as claim 1.

As per claim 19, Marble teaches taking action without human intervention in response to said analysis [step 1103; paragraph 0129].


As per claim 22, the combined system of Marble and Lam teaches correlating the EMM data and the cloud service data includes joining and comparing the EMM data and the cloud service data [all data feeds are aggregated and compared; Marble: Fig. 15, Fig. 5 all fed into the facility; 0120]; the cloud service data includes at least one of: application identity and user (0103); and the EMM data includes at least one of: user identity, device disposition, app identity, app disposition, device type, timestamp, and location [Lam: 0030].
As per claim 23 (newly added 20), the combined system of Marble and Lam teaches correlating the EMM data includes device and app usage data (Lam: correlates VPN usage with device’s time/location to typical device usage; 0030-0031). 

Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP 
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is (571)270-7316.  The examiner can normally be reached on Monday - Thursday, 7:30am - 5:00pm, EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 

/MICHAEL R VAUGHAN/
Primary Examiner, Art Unit 2431