Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant's response with amendments filed 03/25/2021 have been received and entered.
 Applicant has amended claims 1, 2, 4, 5, 15, 16, 18 and 19. Amended claims have been examined on the merits.
Applicant’s arguments, see Applicant Arguments pages 7-8, with respect to the rejection(s) of the independent claims claim(s) 1 (15) under 35 U.S.C. 103 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of Momchilov et al. (US 20170339564), hereinafter Momchilov in view of ADAMS et al. (US 20180309782), hereinafter ADAMS.
Terminal Disclaimer
The terminal disclaimer filed on 04/09/2021 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of any patent granted on Application Number 16 /513,025 has been reviewed and is accepted. The terminal disclaimer has been recorded.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 5-7, 15, 16, 19 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Momchilov et al. (US 20170339564), hereinafter Momchilov in view of ADAMS et al. (US 20180309782), hereinafter ADAMS in view of  Barton et al. (US 20140032691), hereinafter Barton.
	Regarding Claim 1, Momchilov teaches
	A system, comprising: at least one processing component; at least one memory component; a set of enterprise policies that are implemented on an enterprise device (Para [0008] For example, a computing platform having at least one processor, a memory, and a communication interface may receive, via the communication interface, end point analysis information from a mobile device. …
Para [0162] Enterprise mobility management server 1820 may include and/or provide at least one device enrollment system 1821 and at least one policy enforcement system 1822. … Policy enforcement system 1822 may enable and/or cause enterprise mobility management server 1820 to enforce one or more enterprise policies on one or more enrolled user devices, such as user device 1830 and/or one or more other user devices); and
	an access control component configured to: receive a request to carry out an action from a private device (Para [0178] At step 1907, virtualization server infrastructure 1810 may analyze the one or more compliance tags associated with the enrolled user device (e.g., user device 1830) requesting the hosted session and/or the other end point analysis information associated with the enrolled user device (e.g., user device 1830) requesting the hosted session (e.g., to determine whether to selectively enable or disable hosted application functionality for user device 1830 based on one or more smart access policies). …);
	allow the private device to carry out the requested action according to the at least one required policy when the private device is determined to have the at least one required policy in place (Para [0185] FIG. 20 depicts an example method of providing an enrolled device with smart access to hosted applications in accordance with one or more illustrative aspects described herein. … At step 2015, the computing platform may provide, via the communication interface, to the enrolled device, a hosted application experience based on analyzing the end point analysis information associated with the enrolled device and determining whether to selectively enable or disable the hosted application functionality based on the one or more smart access policies).
	Momchilov does not explicitly teach a system verify that the request is from a user associated with the enterprise device.
	In the same field of endeavor, ADAMS teaches
	verify that the request is from a user associated with the enterprise device (Para [0011] In a multimodal converged network, security mechanisms that are to be effective cannot make the assumption that a single access technology will be used because no single fixed set of mechanisms specific to a single access technology will be sufficient to provide security to the multimodal converged network. A fixed/mobile converged network which provides support for multimodal device mobility provides for end-user access to the network using any access technology of the multimodal device and provides dynamic security to a user's access when the user changes the access technology of the multimodal device while maintaining the same user identity registered on the security policy enforcement point).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system taught by Momchilov to incorporate the teachings of ADAMS so that the system of Momchilov verifies that the request is from a user associated with the enterprise device. One would have been motivated to make such combination in order to provide end-user access to the network using any access technology of the multimodal device and provides dynamic security to a user's access (ADAMS, paragraph [0011]).
verify  that the private device is associated with the enterprise device, a mapping component configured to: in response to the verifications, define one or more steps for carrying out the requested action; and determine that there is at least one required policy from the set of enterprise policies, wherein the at least one required policy is required for at least one step from the one or more steps; and a device manager configured to: determine whether the at least one required policy is in place on the private device.
	In the same field of endeavor, Barton teaches
	verify  that the private device is associated with the enterprise device (Para [0074] … The architecture enables a user of a mobile device 302 (e.g., as client 107, 211, or otherwise) to both access enterprise or personal resources from a mobile device 302 and use the mobile device 302 for personal use. The user may access such enterprise resources 304 or enterprise services 308 using a mobile device 302 that is purchased by the user or a mobile device 302 that is provided by the enterprise to the user. The user may utilize the mobile device 302 for business use only or for business and personal use. … The policies may be implanted through a firewall or gateway in such a way that the mobile device may be identified, secured or security verified, and provided selective or full access to the enterprise resources. …),
	a mapping component configured to: in response to the verifications, define one or more steps for carrying out the requested action (Para [0069] … In response to client requests, the management server 210 may include a resource manager configured to select and provision physical resources in the hardware layer of the cloud system based on the client requests. For example, the management server 210 and additional components of the cloud system may be configured to provision, create, and manage virtual machines and their operating environments (e.g., hypervisors, storage resources, services offered by the network elements, etc.) for customers at client computers 211-214, over a network (e.g., the Internet), providing customers with computational resources, data storage services, networking capabilities, and computer platform and application support. …); and
	determine that there is at least one required policy from the set of enterprise policies, wherein the at least one required policy is required for at least one step from the one or more steps (Para [0505] … Aspects also provide the ability to define actions for devices to perform based upon triggers determined from device context, and for the definition of rules that can be fired based on an inference engine to enable complex automation behaviors across devices. … Para [0530] FIG. 56 shows an illustrative method for managing process transfers and device integration using a mobile device and based on one or more policy files, as described above); and
	a device manager configured to: determine whether the at least one required policy is in place on the private device (Para [0082] The enterprise services 308 may include authentication services 358, threat detection services 364, device manager services 324, file sharing services 368, policy manager services 370, social integration services 372, application controller services 374, and the like. … Policy manager services 370 may include device policy manager services, application policy manager services, data policy manager services, and the like).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system taught by the combination of Momchilov and ADAMS to incorporate the teachings of Barton so that the system of the combination of Momchilov and ADAMS could verify  that the private device is associated with the enterprise device, a mapping component configured to: in response to the verifications, define one or more steps for carrying out the requested action; and determine that there is at least one required policy from the set of enterprise policies, wherein the at least one required policy is required for at least one step from the one or more steps; and a device manager configured to: determine whether the at least one required 
	Regarding Claim 2, the combination of Momchilov, ADAMS and Barton teaches all the limitations of claim 1 above,
	wherein the device manager is further configured to: determine that one or more policies from the at least one required policy are in place on the private device (Barton, Para [0082] The enterprise services 308 may include authentication services 358, threat detection services 364, device manager services 324, file sharing services 368, policy manager services 370, social integration services 372, application controller services 374, and the like. … Policy manager services 370 may include device policy manager services, application policy manager services, data policy manager services, and the like);
	determine that one or more additional policies from the at least one required policy are not in place on the private device (Barton, Para [0086] … The client agent 404 handles primary user authentication to the enterprise, normally to the access gateway (AG) with SSO to other gateway server components. The client agent 404 obtains policies from gateway server 406 to control the behavior of the managed applications 410 on the mobile device 402. As used herein, a managed application is one that is capable of being controlled based on and operated in accordance with independently defined and communicated policy files); and
	implement only the one or more additional policies on the private device (Para [0603] … For example, in step 4720, the enterprise application store may send one or more messages to the user computing device (which may, e.g., have sent the request received in step 4705) to inform the user computing device and/or the policy agent being executed thereon that one or more policy updates and/or available. In addition, the one or more messages sent by the enterprise application store to the policy agent may, for instance, include information about the new and/or modified policies, where such information is configured to cause the policy agent to implement and/or enforce the new and/or modified policies (e.g., with respect to the particular applications for which policy changes have occurred and/or with respect to the device itself). …)
	The motivation/rationale to combine the references is similar to claim 1 above.
	Regarding Claim 5, the combination of Momchilov, ADAMS and Barton teaches all the limitations of claim 1 above,
	wherein the mapping component is further configured to map the at least one required policy to the requested action (Barton, Para [0069] … In response to client requests, the management server 210 may include a resource manager configured to select and provision physical resources in the hardware layer of the cloud system based on the client requests. For example, the management server 210 and additional components of the cloud system may be configured to provision, create, and manage virtual machines and their operating environments (e.g., hypervisors, storage resources, services offered by the network elements, etc.) for customers at client computers 211-214, over a network (e.g., the Internet), providing customers with computational resources, data storage services, networking capabilities, and computer platform and application support. …)
	The motivation/rationale to combine the references is similar to claim 1 above.
	Regarding Claim 6, the combination of Momchilov, ADAMS and Barton teaches all the limitations of claim 1 above,
	wherein the enterprise device includes an application associated with the private device (Barton, Para [0058] As a general introduction to the subject matter described in more detail below, aspects described herein are directed towards controlling remote access to resources at an enterprise computing system using managed mobile applications at mobile computing devices. … As a result, individuals associated with the enterprise may advantageously utilize enterprise resources at their personal mobile devices).
	The motivation/rationale to combine the references is similar to claim 1 above.
	Regarding Claim 7, the combination of Momchilov, ADAMS and Barton teaches all the limitations of claim 1 above 
	wherein the device manager does not allow the private device to carry out actions other than the requested action (Barton, Para [0531] In step 5605 the mobile device executes the managed app in accordance with the policy files. That is, the mobile device security manager (or equivalent process) restricts operations of the managed app as defined by the one or more policy files. In step 5607, during operation of the managed app and based on one or more of the policy files, the managed app may restrict or enable the ability of a device to transfer a process or integrate with one or more other devices and/or resources, as discussed above. Various examples of such policy files and device integration features and processes that may be restricted/enforced are discussed above).
	The motivation/rationale to combine the references is similar to claim 1 above.
	Regarding Claims 15 and 16,
Claims 15 and 16 are rejected for similar reasons as in claim 1 and 2 respectively.
	Regarding Claims 19 and 20,
Claims 19 and 20 are rejected for similar reasons as in claim 5 and 6 respectively.
Claims 3, 4, 17 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Momchilov et al. (US 20170339564), hereinafter Momchilov in view of ADAMS et al. (US 20180309782), hereinafter ADAMS in view of  Barton et al. (US 20140032691), hereinafter Barton in view of Huang et al. (US 20200076902), hereinafter Huang.
Regarding Claim 3, the combination of Momchilov, ADAMS and Barton teaches all the limitations of claim 1 claim 2 above,
	[wherein the device manager is further configured to:] remove the one or more additional policies from the private device (Barton, Para [0606] Continuing to refer to FIG. 48, in instances in which a policy change for an application is received by the enterprise application store, but a request for updated policy information has not yet been received, at least with respect to the particular application from certain devices, the enterprise application store may determine to proactively provide the policy update to the affected devices. … Para [0607] Based on determining that the application is present on one or more devices (e.g., in step 4810), information associated with the policy change may be provided to the one or more devices in step 4815. … ).
	The combination of Momchilov, ADAMS and Barton does not explicitly teach a system wherein the device manager is further configured to: determine that the requested action has been completed.
	In the same field of endeavor, Huang teaches
	wherein the device manager is further configured to: determine that the requested action has been completed (Para [0068] …  The secure application wrapper 520 may include meta-data that points the secure native application 514 running on the mobile device 502 to the resources hosted at the enterprise (e.g., 504 and 508) that the secure native application 514 may require to complete the task requested upon execution of the secure native application 514. The secure remote applications 522 executed by a secure application launcher 518 may be executed within the secure application launcher 518. The virtualization applications 526 executed by a secure application launcher 518 may utilize resources on the mobile device 502, at the enterprise resources 504, and the like. … ).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system taught by the combination of 
	Regarding Claim 4, the combination of Momchilov, ADAMS and Barton teaches all the limitations of claim 1 above,
	wherein the determining that there is the at least one required policy comprises: providing a virtual machine that implements the set of enterprise policies (Huang, Para [0064] The example cloud computing environment shown in FIG. 4 also may include a virtualization layer (e.g., as shown in FIGS. 1-3) with additional hardware and/or software resources configured to create and manage virtual machines and provide other services to customers using the physical resources in the cloud);
	setting the set of enterprise policies to prohibit the one or more steps (Barton, Para [0531] In step 5605 the mobile device executes the managed app in accordance with the policy files. That is, the mobile device security manager (or equivalent process) restricts operations of the managed app as defined by the one or more policy files. In step 5607, during operation of the managed app and based on one or more of the policy files, the managed app may restrict or enable the ability of a device to transfer a process or integrate with one or more other devices and/or resources, as discussed above. Various examples of such policy files and device integration features and processes that may be restricted/enforced are discussed above); and
	attempting to carry out the requested action on the virtual machine (Huang, Para [0169] Continuing the example flow at FIG. 10B, at 1009-1013, the third resource 750 may configure to launch the application. As depicted in the example flow of FIG. 10B, the third resource 750 may perform this configuration using the connector 752 and the host 754. For example, at 1009, based on receiving the request to configure for the launch of the application, the connector 752 may transmit, to the host 754, a request to prepare the launch of the application. At 1010, the host 754 may configure itself to launch the application. This may include allocating resources (e.g., instantiating and/or assigning a virtual machine) for executing the application).
	The motivation/rationale to combine the references is similar to claim 3 above.
	Regarding Claims 17 and 18,
Claims 17 and 18 are rejected for similar reasons as in claim 3 and 4 respectively.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HAMID TALAMINAEI whose telephone number is (571)270-3283.  The examiner can normally be reached on Flexible, M-F 7:30 -5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 



/HAMID TALAMINAEI/Examiner, Art Unit 2436                                                                                                                                                                                                        
/Kevin Bechtel/Primary Examiner, Art Unit 2491