DETAILED ACTION
This office action is in response to the application filed on 08/15/2019. Claims 1-19 are pending and are examined.	
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Double Patenting
A rejection based on double patenting of the “same invention” type finds its support in the language of 35 U.S.C. 101 which states that “whoever invents or discovers any new and useful process... may obtain a patent therefor...” (Emphasis added). Thus, the term “same invention,” in this context, means an invention drawn to identical subject matter. See Miller v. Eagle Mfg. Co., 151 U.S. 186 (1894); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Ockert, 245 F.2d 467, 114 USPQ 330 (CCPA 1957).

A statutory type (35 U.S.C. 101) double patenting rejection can be overcome by canceling or amending the claims that are directed to the same invention so they are no longer coextensive in scope. The filing of a terminal disclaimer cannot overcome a double patenting rejection based upon 35 U.S.C. 101.


Claims 1-19 are provisionally rejected under 35 U.S.C. 101 as claiming the same invention as that of claims 1-19 of copending Application No. US 16/541,795. This is a provisional double patenting rejection since the conflicting claims have not in fact been patented. 

The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. 
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).

Claims 1-19 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-20 of copending application No. 16/541,630. Although the claims at issue are not identical, they are not patentably distinct from each other because they are both claiming a common subject matter, “Determining whether a computing device has been compromised, obtaining file tree structure for the computer device then taking an action based on the determination that the computer device has been compromised.”.

Claims 1-19 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-20 of copending application No. 16/541,672. Although the claims at issue are not identical, they are not patentably distinct from each other because they are both claiming a common subject matter, “Determining whether a computing device has been compromised, obtaining file tree structure for the computer device then taking an action based on the determination that the computer device has been compromised.”.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was.


Claims 1-19 are rejected under 35 U.S.C. 103 as being unpatentable over Bowers et al. (U.S. Pub. No. 2017/0147827 A1, referred to as Bowers), in view of Lam et al. (U.S Pub No. 2014/0344922 A1, referred to as Lam).

Regarding claims 1, 10 and 19, Bowers teaches:
A computer-implemented method of determining whether a mobile device has been compromised (Bowers: ¶ 0009, “The integrity checking module may provide an indication of a potential compromise to the integrity of the computing device based on the comparison of the values associated with the integrity check with the baseline integrity values”).
Bowers does not explicitly disclose, however Lam teaches:
the mobile device having an internal storage that includes a managed portion of memory and an unmanaged portion of memory, the mobile device having a managed profile and an unmanaged profile, wherein the managed profile includes files stored in the managed portion of memory and the unmanaged profile includes files stored in the unmanaged portion of memory (Lam: Fig. 1, Items 12, 14, 22, 24; ¶ 0024; ¶ 0025,  “Referring to FIG. 1, a dual persona mobile device 10 is segregated for combined personal and work use by providing a pair of environments as a secure work application environment 12 (managed profile includes files stored in the managed portion of memory) and a personal application environment 14 (unmanaged profile includes files stored in the unmanaged portion of memory) provisioned on the device 10”…”  as further described below. As such, the exchange of sensitive work data 22 and sensitive personal data 24 can be inhibited between the two discrete profiles provided by the environments 12,14, thereby helping to provide safeguarding for both corporate work information privacy and the device 10 user's personal information privacy”; Fig. 11, Items 12a, 14a; ¶ 0089), wherein the managed profile is governed by a device policy set by a remote administrator (Lam: Fig. 1, Items 12, 14, 22, 24, 36; ¶ 0039, “(for example one or more remote storages) that can be administered by a remote computer device 36 (e.g. a cloud server or enterprise server providing cloud based or enterprise based storage of device data 22,24 off-board the device 10. For example, the remote computer device 36 can provide cloud-based management of the work persona 12 on the device 10 (managed profile is governed by a device policy set by a remote ), from security and email settings, through to which applications 60 are installed in the memory 32 of the device components 30.”).
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Bowers by Lam to use a dual secure personal environment and a secure work environment in order to improve data security. (Lam: ¶ 0025).
Bowers further teaches:
obtaining file tree structure information for the managed profile of the mobile device, wherein the file tree structure information details at least a portion of a tree-based structure of folders and files (Bowers: ¶ 0037, “The open operating system 302 may allow the user 308 and/or the administrator 310 to access the file system and/or objects within the file system, including file structure, drives, partitions, folders, subfolders, files within folders or subfolders, memory, processes, etc. The user 308 and/or the administrator may submit queries (e.g., a query in Microsoft Windows® File Explorer for files, folders, etc.) to the user portion 304 and/or the system portion 306 to identify objects (e.g., files, folders, memory, processes, file attributes or metadata, etc.)”; ¶ 0045); 
determining from the file tree structure information that the mobile device has been compromised (Bowers: ¶ 0045; ¶ 0053- ¶ 0058, “The integrity checking module 412 may include rules to identify a potential unauthorized creation, modification, and/or deletion of a file as a potential threat to the integrity of the computing device 400.”, “If the integrity checking module 412 identifies a potential ”; ¶ 0060- ¶ 0061); and 
based on the determination that the mobile device has been compromised, taking an action (Bowers: Fig. 7D; ¶ 0102- ¶ 0103, “For example, the text may indicate that the current scan did detect a compromise, and the user, provisioner, etc. of the device may wish to provide immediate attention to the compromise. Action may be taken by the computing device (e.g., the computing device may be powered off) to prevent and/or reduce unauthorized access to the computing device. If the computing device is powered off, e.g., the user may contact a security personnel to determine future action. In other examples, the interface may provide that the scan detected a compromise, but the problem may be corrected at a later time using a defined solution.”).

Regarding claim 10, Bowers further teaches:
A computing device comprising: a processor; a memory;  - 30 - a device analysis application stored in the memory and containing processor (Bowers: Fig. 1, Items 102 (processor), 106 (a memory); ¶ 0022; Fig. 4B, Item 412 (a device analysis application stored in the memory and containing processor); ¶ 0046- ¶ 0047).

Regarding claim 19, Bowers further teaches:
A non-transitory computer-readable storage medium storing processor-executable instructions (Bowers: Fig. 1, Items 102 (processor), 106 (a memory); ¶ 0022).

Regarding claims 2, 11, the combination of Bowers and Lam teaches all the features of claims 1 and 10, as outlined above.
Bowers  teaches:
wherein file structure information includes permissions associated with folders and files in the portion of the tree-based structure (Bowers: ¶ 0033- ¶ 0036, “The user 308 may be restricted from reading and/or writing to identified files and/or folders (permissions associated with folders and files) in the system portion 306, but files and/or folders in the system portion 306 may be identified to the user 308. The administrator 310 may be able to access, read, and/or write to the identified files and/or folders in the system portion 306.”; ¶ 0054).

Regarding claims 3, 12, the combination of Bowers and Lam teaches all the features of claims 2 and 11, as outlined above.
Bowers  teaches:
wherein determining includes identifying a match between a permission setting of a file or folder on the mobile device and a compromised permission setting for that file or folder in a model (Bowers: ¶ 0054, “The integrity checking module 412 may include rules to identify a potential unauthorized creation, modification, and/or deletion of a file as a potential threat to the integrity of the computing device 400. For example, the integrity checking module 412 may perform a check to determine if a file (e.g., a passwd file) has been unexpectedly created, modified, and/or deleted. Files may be expected to be created, modified, and/or deleted at certain times of a day, week, month, ”).

Regarding claims 4, 13, the combination of Bowers and Lam teaches all the features of claims 3 and 12, as outlined above.
Bowers  teaches:
wherein the permission setting identifies whether entities are able to read, write or execute the file or folder (Bowers: ¶ 00660, “The integrity checking module 412 may include rules to identify potentially unauthorized permissions (e.g., access, read, write, etc.) that have been given to a user and identified in the device integrity parameters as a potential threat to the integrity of the computing device 400”).

Regarding claims 5, 14, the combination of Bowers and Lam teaches all the features of claims 2 and 11, as outlined above.
Bowers  teaches:
wherein determining includes identifying a difference between a permission setting of a file or folder on the mobile device and an expected permission setting for that file or folder prescribed by an uncompromised device model (Bowers: ¶ 0061, “The provisioner of the computing device 400 may define compromises (e.g., jailbreaking, rooting, etc.) and/or alterations (e.g., impermissible reading, writing, accessing of objects) of the computing device 400 as an unauthorized use of the computing device 400, such that compromising (e.g., jailbreaking, rooting, etc.) uncompromised device model) and/or altering the computing device 400 may be flagged as a potential threat to the integrity of the computing device 400.”).

Regarding claims 6, 15, the combination of Bowers and Lam teaches all the features of claims 1 and 10, as outlined above.
Bowers  teaches:
wherein determining includes determining that the file tree structure information includes information regarding files stored in the unmanaged portion of memory (Bowers: Fig. 3, Items 304, 306; ¶ 0033, “ FIG. 3 shows an example of a computing device 300 having an open operating system 302. As shown in FIG. 3, the operating system 302 may have a user portion 304 and/or a system portion 306. The user portion 304 and the system portion 306 (unmanaged portion of memory) may include different objects, such as files (e.g., applications) and/or attributes (e.g., memory, processes, file attributes or metadata, etc.)”; ¶ 0034- ¶ 0035, “The user profile information may include the permissions available to different users of the operating system 302. The user profile information may indicate the users (e.g., the user 308 and/or the administrator 310) that have access to the system portion 306 and/or the user portion 304.”).

Regarding claims 7, 16, the combination of Bowers and Lam teaches all the features of claims 6 and 15, as outlined above.
Bowers  teaches:
(Bowers: Fig. 4, Items 404, 406; ¶ 0039- ¶ 0044, “Different files (e.g., applications) that may be stored by the user 408 or on the user portion 406 of the operating system 402 may be given similar permissions to those of the user 408 by the closed operating system 402. For example, the files (e.g., applications) that are stored on the user portion 404 (managed profile) of the operating system may be unable to access (lacks sufficient permissions for accessing) folders, folder structures, and/or the location of files or folders in the system portion 406 (unmanaged portion of memory) of the closed operating system 402”).

Regarding claims 8, 17, the combination of Bowers and Lam teaches all the features of claims 1 and 10, as outlined above.
Bowers  teaches:
	wherein the mobile device includes a reporting agent operating within the managed profile, and wherein obtaining includes receiving the file tree structure information at a remote enterprise server in a communication from the reporting agent (Bowers: Fig. 2, Items 200, 202; ¶ 0028, “one or more computing devices 200-200 n may be capable of communicating digital messages to and/or from the external trusted network device 202 via the network 216.”; ¶ 0030, “Computing devices 200-200 n may be configured to run software. For example, the computing device 200 may run software that may include system software, application software, and/or the like.”).

Regarding claims 9, 18, the combination of Bowers and Lam teaches all the features of claims 1 and 10, as outlined above.
Bowers  teaches:
wherein taking an action comprises at least one of sending a message to a remote device regarding the compromised mobile device, wiping the memory of the mobile device, storing in memory information regarding the compromised mobile device, disabling the mobile device, or changing settings at an enterprise network to deny access to the mobile device (Bowers: ¶ 0102- ¶ 0103, “Text of the scanning result 762 may be provided to the user. The text of the interface 790 may allow additional information be provided to the user, provisioner, etc. of the device. For example, the text may indicate that the current scan did detect a compromise” (sending a message to a remote device regarding the compromised mobile device)).


Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:  See PTO-892.  

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASSAN SAADOUN whose telephone number is (571)272-8408.  The examiner can normally be reached on Mon-Fri 9:00-5:00.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/HASSAN SAADOUN/Examiner, Art Unit 2435 


/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435