DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant’s submission filed on 3/29/2021, for application 16/401,588 has been entered. 
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the Amendment filed on 3/29/2021 and Terminal Disclaimer filed and approved on 4/13/2021.
Examiner’s Amendments
An Examiner’s Amendment to the record appears below.  Should the changes and/or additions be unacceptable to Applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this Examiner’s Amendment was given in a telephone interview with Applicant’s representative, Ms. Eunice N. Chan (Reg. No. 68,981) on April 9, 2021.  onference, Ms. Chan has agreed and authorized the Examiner to amend Claims 1, 9, and 17, to add new dependent claim 21, and to cancel claim 8.

Claims
Replacing Claims 1, 9, 17, adding dependent claim 21, and canceling claim 8 as following:
Claim 1:	(Currently Amended) A method comprising:
determining, by an enterprise agent of a client device, that a user of the client device is a verified user associated with an enterprise based on one or more enterprise credentials associated with the user;
providing, by the enterprise agent, access for the verified user to an encrypted secure container in a first portion of a computer-readable storage of the client device;
establishing, by the enterprise agent, one or more secure connections to a server associated with the enterprise;
communicating over the one or more secure connections to maintain user authentication for access to the secure container;
communicating, by the enterprise agent via a secure tunnel, with the 
receiving, by the enterprise agent via the secure tunnel, enterprise data from the server;
storing, by the enterprise agent, the enterprise data received from the server via the secure tunnel in the secure container in accordance with one or more policies associated with the enterprise; and

wherein the enterprise data received from the server via the secure tunnel and stored in the secure container is only accessible to the one or more applications authorized by the enterprise agent to access the secure container and to the verified user using the one or more applications authorized by the enterprise agent to access the secure container.

Claim 8:	(Canceled)
.

Claim 9:	 (Currently Amended) A client device comprising: at least one processor; and
a non-transitory computer-readable storage comprising instructions that, when executed by the at least one processor, cause an enterprise agent on the client device to:
access an encrypted secure container in a first portion of the computer-readable storage;
determine that a user of the client device is a verified user associated with an enterprise based on one or more enterprise credentials associated with the user;

establish one or more secure connections to a server associated with the enterprise;
communicate over one or more secure connections to maintain user authentication for access to the secure container; 
communicate, via a secure tunnel, with the 

store the enterprise data received from the server via the secure tunnel in the secure container in accordance with one or more policies of the enterprise, wherein the enterprise data received from the server via the secure tunnel and stored in the secure container is only accessible to one or more applications permitted access to the secure container and to the verified user associated with the enterprise using the one or more applications permitted access to the secure container.

Claim 17:	(Currently Amended) A method comprising:
determining, utilizing an enterprise agent of a client device, that a user of the client device is a verified user associated with an enterprise based upon one or more enterprise credentials associated with the user;
providing, utilizing the enterprise agent, access to an encrypted secure container in a first portion of a computer-readable storage of the client device to the verified user;
establishing, utilizing the enterprise agent, one or more secure connections to a server associated with the enterprise;
communicating over the one or more secure connections to maintain user authentication for access to the secure container;
communicating, utilizing the enterprise agent and via a secure tunnel, with the 
receiving, utilizing the enterprise agent and via the secure tunnel, enterprise data from the server;
storing, utilizing the enterprise agent, the enterprise data in the secure container in accordance with one or more policies associated with the enterprise; and

wherein, among a plurality of users of the client device and a plurality of applications, the enterprise data received from the server via the secure tunnel and stored in the secure container is only accessible to one or more applications authorized access to the secure container and to one or more verified users associated with the enterprise using the one or more applications authorized access to the secure container.

Claim 21:	(New)  The method of 18, comprising:
preventing, by the enterprise agent, enterprise data stored in the secure container from being copied and stored in the second portion of the computer-readable storage.



Examiner's Statement of reason for Allowance
Claims 1-7 and 9-21 are allowed.
The following is an examiner’s statement of reasons for allowance: 
The present invention is directed to a method and electronic device for enabling enterprise users to securely access enterprise resources (documents, data, application servers, etc.) using their mobile devices. An enterprise can use some or all components of the system to, for example, securely but flexibly implement a BYOD (bring your own 
The closest prior art, as previously recited, Raleigh (US20100192212), Touboul (20080276302), Ahmed (US20120047425), and Sarnoff (US20120092374), are also generally directed to various aspects of securely accessing enterprise resources.  However, none of Raleigh, Touboul, Ahmed, and Sarnoff teaches or suggests, alone or in combination, the particular combination of steps or elements as recited in the independent claims, claims 1, 9, and 17.  For example, none of the cited prior art teaches or suggest the steps of determining, by an enterprise agent of a client device, that a user of the client device is a verified user associated with an enterprise based on one or more enterprise credentials associated with the user; providing, by the enterprise agent, access for the verified user to an encrypted secure container in a first portion of a computer-readable storage of the client device; establishing, by the enterprise agent, one or more secure connections to a server associated with the enterprise; communicating over the one or more secure connections to maintain user authentication for access to the secure container; storing, by the enterprise agent, the enterprise data received from the server via the secure tunnel in the secure container in accordance with one or more policies associated with the enterprise; and wherein the enterprise data received from the server via the secure tunnel and stored in the secure container is only accessible to the one or more applications authorized by the enterprise agent to access the secure container and to the verified user using the one or more applications authorized by the enterprise agent to access the secure container.
Therefore the claims are allowable over the cited prior art.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WALTER J MALINOWSKI whose telephone number is (571)272-5368.  The examiner can normally be reached on 8-6:30 MTWH.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/W.J.M/Examiner, Art Unit 2439               


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439