DETAILED ACTION
This Action is in response to Application Number 16911966 received on 6/25/2020.
Claims 1-20 are presented for examination.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 2 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 2 recites the limitation "the computing device" in the last line of the claim.  There is insufficient antecedent basis for this limitation in the claim.

The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

The following is a quotation of pre-AIA  35 U.S.C. 112, fourth paragraph:


Claim 16 is rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends.  Claim 16 is dependent from claim 15, and appears to recite substantially the same limitations as claim 15, and therefore appears to be a duplicate claim that does not further limit the subject matter of the claim up which it depends.  Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(s) 1-3, 6-10, 13-17, 20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Maheshwari et al. (US 20160087956).

Regarding claim 1, Maheshwari disclosed a method, comprising:
determining that a client device, located outside a corporate domain (Maheshwari, Figure 1, External Zone 102, Endpoint Devices 108, which are located outside the Green Zone 106, where the Enterprise Computer System is located; See also [0007], “managing access to an enterprise system using remote devices”),
lacks an application native to an operating system of the client device with a programming interface that supports direct communication with the client device for remotely initiating execution of an application that remotely adds the client device to the corporate domain (Maheshwari, [0007]-[0008], Maheshwari disclosed the concept of configuring an application for a client for access to the enterprise, and doing so upon registration of the client, as one example;   Upon registration, automatic configuration of an application is performed for the client device.  The determination that the client device is a device requesting to register with the enterprise is a determination that it lacks the application for remotely initiating execution of an application that remotely adds the client device to the enterprise);
in response to determining that the client device lacks the application, placing an enrollment application and virtual private network (VPN) settings in a command queue associated with the client device (Maheshwari, [0010], Maheshwari disclosed upon configuring the application, making the configured application available to the client;  Maheshwari disclosed ways of doing such, including storing the configured application 610 may include a configuration of one or more settings of an application with respect to a resource accessible using the application”; [0135] “Entry 630 in data structure 610 may indicate a configuration of a “VPN application” (field 612) for a “VPN service” (field 614). Field 616 may indicate connection information for the VPN application.”;); and
transmitting an instruction to the client device to retrieve the enrollment application and the VPN settings from the command queue associated with the client device (Maheshwari, [0010], Maheshwari disclosed upon configuring the application, making the configured application available to the client;  Maheshwari disclosed ways of doing such, including storing the configured application in a data store (command queue), and providing a notification to the remote device of the availability of the application in the data store).
Claim 8 recites a system, comprising a computing device comprising a processor and a memory; and machine-readable instructions stored in the memory that, when executed by the processor, cause the computing device to at least perform limitations that are substantially similar to the limitations of claim 1.
Claim 15 recites a non-transitory, computer-readable medium comprising machine-readable instructions that, when executed by a processor of a computing 
Maheshwari disclosed both a system with processor and memory, and medium, as claimed (Maheshwari, [0013]).
Therefore claims 8 and 15 are rejected under the same rationale applied above.
Claim 16 repeats the limitations of claim 15, and is therefore rejected under the same rationale applied above.

Regarding claims 2 and 9, Maheshwari disclosed the method of claim 1, further comprising:
receiving a notification from a domain controller within the corporate domain relating to addition of a new directory service account for the client device (Maheshwari, [0008], Based on a role of the user, an account may be provisioned to access a resource if an account is not already provisioned for the resource. [0055] ““If an account has not been provisioned for the identity of the user, enterprise computer system 150 may provision an account to access the resource.”;  [0055] Device access management system 120 is in charge of provisioning an application for a remote device, and the application may be configured with access information including account information;  The provisioning/supplying of the account by the enterprise computer system 150 is a notification of the new account, to which Device access management system 120 uses for the configuration of the application); and
in response to the notification, associating the client device with an organizational group for a management service executing on the computing device (Maheshwari, 

Regarding claims 3, 10, and 17, Maheshwari disclosed the method of claim 1, further comprising determining that the client device complies with at least one compliance policy, wherein placing the enrollment application and the VPN settings in the command queue occurs in response to determining that the client devices complies with the at least one compliance policy (Maheshwari, [0070], “Settings (e.g., device settings and installation settings) for some remote devices 108 may be verified for enrollment”;  [0071], “Device access management system 120 may determine whether remote devices 108 are compliant with policies. A policy may define access to enterprise computer system 150 using a remote device.”, “ Notifications can be sent to remote devices 108 to inform them of compliance and/or non-compliance with a policy and a time period for compliance.”;  See [0125] which discusses data structure 510 which is used to determine a configuration of an application, as indicated in [0123];  In [0125], “the information in data structure 510 may be determined based on one or more policies, e.g., a compliance policy”;  As such, the configuration of the application is based on satisfying the compliance policy and is therefore set up for the client to download in the above embodiment according to compliance).



Regarding claims 7 and 14, Maheshwari disclosed the method of claims 1 and 8, wherein the enrollment application further comprises one or more client device credentials (Maheshwari, [0044]).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

s 5, 12, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Maheshwari et al. (US 20160087956) in view of Rykowski et al. (US 20170063857).

Regarding claims 5, 12, and 19, Maheshwari disclosed the method of claim 1, further comprising providing VPN connection information to utilize a VPN service (Maheshwari, [0135], “ Entry 630 in data structure 610 may indicate a configuration of a “VPN application” (field 612) for a “VPN service” (field 614). Field 616 may indicate connection information for the VPN application. Connection information in field 616 may indicate values for connection attributes such as a port address of a VPN service system that provides the VPN service and a host address for the VPN service system”), in which the configuration of the remote device may be used to configure an application to access a resource ([0160]) and the application may enable the user to access the resource from a remote device ([0163]).
	While Maheshwari disclosed providing such VPN settings through the command queue in which the VPN settings are for access to a resource, Maheshwari did not explicitly disclose establishing a VPN connection between the client device and the domain controller, wherein the VPN connection is based at least in part on the VPN settings.
	In an analogous art, Rykowski disclosed providing access to applications with varying enrollment levels, in which the management service requires the client to install a VPN profile that causes network traffic associated with the application to be sent through a VPN tunnel associated with a VPN connection associated with the VPN 
	One of ordinary skill in the art would have been motivated to combine the teachings of Maheshwari and Rykowski as they both relate to client device application enrollment, and as such are within similar environments.
	Therefore it would have been obvious to one of ordinary skill in the art at the time the invention was filed to incorporate the teachings of Rykowski into Maheshwari in order to provide the users of Maheshwari with the ability to access the applications using the configuration settings provided, thereby providing clients with access to the applications they are entitled to access with increased security, as suggested by Maheshwari.

Allowable Subject Matter
Claims 4, 11, and 18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Regarding claims 4, 11, and 18, while the combination of Maherhwari and Rykowski disclosed the concept of independent claims 1, 8 and 15, including accessing the resource using the VPN connection settings, as noted in the above rejection of claim 5, the prior art did not disclose, in addition to the limitations of their base claims, wherein the enrollment application is configured to perform a method comprising: establishing a VPN connection with a domain controller located within the corporate domain using the 

Conclusion
	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Jacobsen et al. (US 9894099) which disclosed the concept of allowing VPN access after compliance policies are met (col. 9, lines 30-50).
Mistry et al (US 20170094509) disclosed, responsive to a command to enroll with an enterprise mobile device management server, may launch an enrollment application (Mistry, [0008]), to allow for enrollment of a mobile computing device and access of enterprise resources from the enrolled mobile computing device without the need for the enterprise user to know or enter their network or directory service password and without the need for the PIV or CAC card to be physically connected to the mobile computing device during enrollment or subsequent access of enterprise resources (Mistry, [0007]).


Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rupal Dharia can be reached on 571-272-3880.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.