DETAILED ACTION

Information Disclosure Statement
The IDS filed 9/6/2019 has been considered and entered.
Drawings
The drawings filed 9/6/2019 are accepted.
Specification
The specification filed 9/6/2019 is accepted.

Examiners Note
Based on the examiners interpretation of applicant's inventive concept, examiner suggests the following amendment for further searching.

1.  A computer implemented method comprising: 

receiving, by a target device, a login request message from a client device initiated by a user to establish a communications session between the target device and the client device;

extracting, from the login request message, a login context comprising:
	a role of the user,
	a security level and location of the client device,
	a security level and location of the target device,
	a role of the target device, and
	a connection type of the communications session;

determining a first permission level base on the role of the user;
calculating a Context Trust Score (CTS) using respective weighted values assigned to each of:
the security level and location of the client device,
	the security level and location of the target device,
	the role of the target device, and
	the connection type of the communications connection;

calculating a second permission level from the CTS;

calculating, by the server, a permission level by selecting the lower of the first permission level and the second permission level; 

adjusting, by the server, the calculated permission level such that a resulting first adjusted permission level does not exceed a previous permission level assigned to the client device; 

assigning, by the server, the first adjusted permission level to the client device; 

collecting, by the server, activity data representative of network activity by the user while logged in to the network with the first adjusted permission level; 

during the session, by the server using a classifier model, at least a portion of the activity data to generate a second adjusted permission level for the client device; and

in a case wherein the second adjusted permission level is lower than the assigned first adjusted permission, assigning, by the server, the second adjusted permission level to the client device to control the communications session and storing the second adjusted permission level as a new value of the previous permission level .




Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under pre-AIA  35 U.S.C. 103(a) are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

This application currently names joint inventors. In considering patentability of the claims under pre-AIA  35 U.S.C. 103(a), the examiner presumes that the subject matter of the various claims was commonly owned at the time any inventions covered therein were made absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and invention dates of each claim that was not commonly owned at the time a later invention was made in order for the examiner to consider the applicability of pre-AIA  35 U.S.C. 103(c) and potential pre-AIA  35 U.S.C. 102(e), (f) or (g) prior art under pre-AIA  35 U.S.C. 103(a).

Claims 1-5, 9-13, and 17-19  are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Caine et al (US 10,348,561 hereinafter Caine)in view of Schlifstein et al ( US 2007/0038548 hereinafter Schlifstein)  .
As to claim 1,   Caine discloses a computer implemented method comprising:
calculating by the server, 
Fig 2B control server 102
in view of Fig 1 100 system including servers 102 and 104
a permission level  
 C3 27-36 determining access for particular content based on user, device, location, and asset
based at least in part on C18 27-37 in view of Fig 6A
a login context  
	Fig 2A 300, 202, 204, 208, and 210 as shown in Fig 6A 602 
	in view of  C10 57 - C11 43 administrator pairs user id, specific devices, content data, 
   and locations
associated with C3 4-8 the system is responsible for identifying the user by any mechanism
a login C3 7 manual logon 
[[request for]] connection 
C9 32-35 content connection 21
in view of C19 57 –  C20 4 devices linked through a communications network
to a network  Fig 1 17 network
from a user  Fig 1 7 and 11;  user T and user P respectively
via a client device; Fig 1 5 and 9;  tablet and phablet respectively
adjusting, by the server, the calculated permission level such that a resulting first adjusted permission level does not exceed 
C2 65-C3 3 if the user leaves the location, they will no longer be able to access the content
a previous permission level Fig 4 418 'YES' user has permission
assigned to the client device;  
Fig 4 402  'LOAD POLICIES' 
in view of  C10 59-65 administrator generates policies 212

assigning, by the server, the first adjusted permission level to the client device; 
C2 65-C3 3 if the user leaves the location, they will no longer be able to access the 
content on their mobile computing device

collecting, by the server, activity data representative of network activity by the user while logged in to the network with the first adjusted permission level; 
	C9 9 – 35  the monitor connection 19 provides the control server 102 with the relevant 
data from the mobile device

and classifying, Fig 2A 400 content delivery process in view of  Fig 4 400 step 418
by the server Fig 2A 102 control server 
using C11 54-63 system 100 determines if the device has satisfied the criteria within the policies
a classifier model, Fig 2A 212 policies
at least a portion of the activity data to generate a second adjusted permission level for the client device.
C9 9 – 35  when user P operating phablet 9 moves into location 25, control server 102 
receives data and enables access
Caine does not disclose
a login request for connection to a network

Schlifstein teaches
a login request for connection to a network  see  [0017]

Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Caine and Schlifstein as elements known in the prior art combined to yield predictable results.  For example, Caine suggest a login request in C3 6-7 any suitable authentication mechanism such as a manual login.  Caine also suggest an authenticated session in C5 14-15 access to a terminal server session between a mobile device and remote server.  As such, one of ordinary skill in the art would understand the combination of Caine and Schlifstein as an example of well-known practices in the art including login requests including credentials for creating authenticated sessions between client and server.
As to claim 2,   
Caine does not disclose
receiving, by the server, the login request and associated login credentials for the user; 
and responsive to the login request, establishing, by the server, an authenticated session with the 
client device.

Schlifstein teaches in [0017]
receiving, by the server, the login request and associated login credentials for the user; 
and responsive to the login request, establishing, by the server, an authenticated session with the 
client device.

Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Caine and Schlifstein as elements known in the prior art combined to yield predictable results.  For example, Caine suggest a login request in C3 6-7 any suitable authentication mechanism such as a manual login.  Caine also suggest an authenticated session in C5 14-15 access to a terminal server session between a mobile device and remote server.  As such, one of ordinary skill in the art would understand the combination of Caine and Schlifstein as being an example of well-known practices in the art including login requests including credentials for creating authenticated sessions between client and server

As to claim 3,   
Caine discloses wherein the assigning of the first adjusted permission level comprises
assigning  C4 57-59 policy configuration data is predefined by a system operator via a 
     management dashboard
			   see also C10 59-65 administrator generates policies 212
a role C4 2-5 wherein policy configuration data includes data defining at least one user role 
corresponding to users of the one or more mobile devices;
having 
Fig 4 418 'NO' user does not have permission
in view of  C16 25-33  user's permission to access content based on policies 212
the first adjusted permission level.
C2 65-C3 3 if the user leaves the location, they will no longer be able to access the 
content on their mobile computing device
As to claim 4,   
Caine discloses wherein
 the login context
Fig 2A 300, 202, 204, 208, and 210 as shown in Fig 6A 602 
	in view of  C10 57 - C11 43 administrator pairs user id, specific devices, content data, 
   and locations
includes data representative of 
	C10 57-62 process 300 receives several inputs(data entries) and generates policies 212
the previous permission level 
Fig 4 418 'YES' user has permission
assigned to the client device.
Fig 4 402  'LOAD POLICIES' 
in view of  C10 59-65 administrator generates policies 212

As to claim 5,   
Caine discloses 
wherein the login context 
Fig 2A 300, 202, 204, 208, and 210 as shown in Fig 6A 602 
	in view of  C10 57 - C11 43 administrator pairs user id, specific devices, content data, 
   and locations
includes data Fig 2A 202 LOCATION
representative C12 1-5 identify the presence of a mobile device within a proximity of an asset
of a geographical location  Fig 1 25 location of client in view of  C9 17-26
of the client device.  Fig 1 5 and 9;  tablet and phablet respectively
Claim 9  is rejected on the basis previously presented in the rejection of claim 1. 
Claim 10  is rejected on the basis previously presented in the rejection of claim 2. 
Claim 11  is rejected on the basis previously presented in the rejection of claim 3. 
Claim 12  is rejected on the basis previously presented in the rejection of claim 4. 
Claim 13  is rejected on the basis previously presented in the rejection of claim 5. 

Claim 17  is rejected on the basis previously presented in the rejection of claim 1. 
Claim 18  is rejected on the basis previously presented in the rejection of claim 2. 
Claim 19  is rejected on the basis previously presented in the rejection of claim 3. 

Claims  6-7 and 14-15 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Caine in view of  Schlifstein in further view of  Disraeli( US2014/0157381 hereinafter Disraeli).

 As to claim 6, Caine in view of  Schlifstein teaches all the subject matter pointed out in the above 103 rejection of parent claim 5.

As to claim 6,   
Caine discloses 
	the login context
Fig 2A 300, 202, 204, 208, and 210 as shown in Fig 6A 602 
	in view of  C10 57 - C11 43 administrator pairs user id, specific devices, content data, 
   and locations
		includes data Fig 2B 204
representative of [[a MAC address]]  C11 15-19  device IDs identify mobile computing devices
the client device. Fig 1 5 and 9;  tablet and phablet respectively

Neither Caine nor Schlifstein discloses
the login context includes data representative of a MAC address of the client device.

	Disraeli teaches
the login context  [0032] one or more tables to perform user authentication
 includes data [0032] location table 265
 representative of a MAC address [0032] MAC address
 of the client device.  Fig 6 305 login client


Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Caine and Schlifstein with those of Disraeli as elements known in the prior art combined to yield predictable results.  For example, Caine discloses the use of device IDs identify mobile computing devices in C11 15-19.  Those of ordinary skill in the art would understand that a MAC address as taught by Disraeli provides a device unique id sufficient and available for the purpose of Caine to thereby arrive at the claimed invention.

As to claim 7,   
Caine discloses 
[[the login]]  a request for  connection to the network includes an indication of a target device with which the client device is requesting to connect, 
	C12 37-39 request 214 contains information identifying the asset 13

and wherein the login context 
Fig 2A 300, 202, 204, 208, and 210 as shown in Fig 6A 602 
	in view of  C10 57 - C11 43 administrator pairs user id, specific devices, content data, 
   and locations
includes data representative of information about the target device. Fig 2A 202 ASSET IDS

Caine does not disclose
 the login request for connection to the network includes an indication of a target device with which the client device is requesting to connect, 

Schlifstein teaches
a login request for connection to a network  see  [0017]

therefore
	Caine as modified by Schlifstein teaches
the login request for connection to the network includes an indication of a target device with which the client device is requesting to connect, 

because 
Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Caine and Schlifstein as elements known in the prior art combined to yield predictable results. In C12 37-39, Caine discloses  content delivery request 214 containing asset information 13.  Moreover, in [0017] Schlifstein teaches a login request.  

As such, one of ordinary skill in the art would understand that the teachings of Caine and Schlifstein may be combined to arrive at the claimed invention whereby Schlifstein' s login request may include Caine's login context data to form a login request including login context data similar to Caine's content delivery request 214.     

As is known by those of ordinary skill in the art, a login request directed to a URL as part of an HTTP post/get message, results in an HTTP response message including an HTTP content body appropriate for returning the content requested in Caine's content delivery request 214.  Therefore, the combined message having two purposes (1) login and (2) content request  is operable to serve the purposes of both Caine and Schlifstein' s inventions.


Claim 14  is rejected on the basis previously presented in the rejection of claim 6. 
Claim 15  is rejected on the basis previously presented in the rejection of claim 7. 

Claim  8, 16, and 20 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Caine in view of  Schlifstein in further view of  Disraeli in further view of  Sprague et al ( US2015/0089568 hereinafter Sprague).

 As to claim 8, Caine in view of  Schlifstein in further view of  Disraeli teaches all the subject matter pointed out in the above 103 rejection of parent claim 7.

As to claim 8,   
Neither Caine, Schlifstein, nor Disraeli discloses 
wherein the calculating of the permission level includes calculating a Context Trust Score (CTS) based at least in part on the geographical location of the client device, the MAC address of the client device, and information about the target device.

Sprague  teaches
calculating a Context Trust Score (CTS)  
Fig 2A 226 Yes/No as a function of [0018] trust score and  [0138] trust score threshold
based at least in part on 
the geographical location of the client device, [0024] geographic location
the MAC address of the client device, [0115] MAC address in view of [0023] trusted ID
and information about the target device.  [0138] relative sensitivity value

Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Caine, Schlifstein and Disraeli with those of  Sprague  as elements previously known in the prior art combined to yield practical results.  

For example in Fig 6A, Caine discloses factors 606, 608, 610, 612, and 616 that serve as criteria to determine access level 614 of Fig 6A.  Caine, Schlifstein and Disraeli may incorporated Sprague 's teaching of a [0018] trust score as an implementation detail for arriving at access level 614 from the criteria factors 606, 608, 610, 612, and 616 similar to that as described by Sprague in [0018] wherein  a user may selected a combination of external factors which can be aggregated together to produce a trust score  to thereby allow the device access.  

 As such, one of ordinary skill in the art would understand that Sprague 's teaching of a score based access decision may be used to realize an implementation of Caine's Fig 4, Fig 5, or  Fig 6A  to thereby arrive at the claimed invention because Caine's access levels include more than two levels which are advantageously implemented by a score based model as taught by Sprague.


Claim 16  is rejected on the basis previously presented in the rejection of claim 8. 

Claim 20  is rejected on the basis previously presented in the rejections of claims 4-8. 








		
		

Conclusion

	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RICHARD A MCCOY whose telephone number is (313)446-6520.  The examiner can normally be reached on M - F 10 - 6.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571 272 2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/RICHARD A MCCOY/Examiner, Art Unit 2431