DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 05 August 2021 has been entered.
 Response to Amendment
Applicant’s amendment filed 06 July 2021 amends claims 1, 2, 6-9, 13-16, and 20. Applicant’s amendment has been fully considered and entered.
Response to Arguments
Applicant argues, “The Office asserts that the certificate is essentially a public key and asserts that Mazza describes a system has an application certificate that is digitally signed and verifiable using a public key of a public key certificate. Thus, to further prosecution, Applicant has amended Claim 1 to further define that a determination is made as to whether the certificate is valid prior to installing the 
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1, 3, 5, 6, 8, 10-15, 17-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-19 of U.S. Patent No. 9,754,089, in view of Mazza, U.S. Patent No. 8,229,858, and further in view of Brown, U.S. Publication No. 2007/0260876. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the ‘089 patent include all the limitations of the instant claims except the claim limitation that requires the enrollment token to be certified by a valid certificate that stored with the enrollment token. Mazza discloses license files that are digitally signed such that they can be validated using the public key of a public key certificate (Col. 12, lines 4-8: public key certificate would read on the claimed certificate), which meets the limitation of the enrollment token being certified by a certificate, store the certificate in the memory. Mazza does not disclose that the public key certificate is validated prior to utilization of the public key. Brown discloses the acquisition of valid public key certificates prior to utilization of the public key ([0017] & [0052] & [0056]-[0057]: search a remote source for the valid certificate and downloading the valid certificate shows that the certificate will have been determined to be valid before downloading), which meets the limitation of determine whether the certificate is valid. It would have been obvious to one of ordinary skill in the art at the time the invention was made for the enrollment tokens of the ‘089 patent to have been digitally signed such that the signed enrollment tokens are verifiable using the public key of a public key certificate in order to provide trusted verification of the token’s validity as suggested by Mazza (Col. 12, lines 4-16). Additionally, it would have been obvious to one of ordinary skill in the art at the time the invention was made for the public key certificates of the modified ‘089 patent to have been validated prior to usage in order to ensure that the public key can be trusted as suggested by Brown ([0052]).
Instant Application 
US Patent No. 9,754,089
A system for managing execution of applications associated with an enterprise, said system comprising:
a mobile computing device comprising:
a memory; and
one or more processors programmed to: (Claim 1)
A system for managing execution of applications associated with an enterprise, said system comprising:
a mobile computing device comprising:
a memory; and
one or more processors programmed to: (Claim 1)
enroll the mobile computing device with the enterprise, the enrolling authorizing the enterprise to send applications to the mobile computing device; (Claim 1)
enroll the mobile computing device with the enterprise, the enrolling authorizing the enterprise to send applications to the mobile computing device; (Claim 1)
upon enrolling the mobile computing device with the enterprise, receive an enrollment token from the enterprise, [the enrollment token being certified by a certificate]; (Claim 1)
upon enrolling the mobile computing device with the enterprise, receive an enrollment token from the enterprise…(Claim 1)
store the enrollment token [and the certificate] in the memory; (Claim 1)
store the enrollment token in the memory; (Claim 1)
receive an application; (Claim 1)
receive, from the enterprise, an application…(Claim 1)
receive a request to install the application; (Claim 1)
receive a request to install the application; (Claim 2)
based on the request to install the application, determine whether the application is associated with the enrollment token, when it is determined that the application is associated with the enrollment token, determine the application is associated with the enterprise that has authorization to send applications to the mobile computing device; (Claim 1)
based at least one a determination that the first enterprise identifier matches the second enterprise identifier, determine the application is associated with the enterprise that has authorization to send applications to the mobile computing device; (Claim 1)
upon determining the application is associated with the enterprise, install the application. (Claim 1)
upon determining the application is associated with the enterprise, install the application. (Claim 1)


Claim 4 is rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1-19 of U.S. Patent No. 9,754,089 in view of Mazza, U.S. Patent No. 8,229,858, in view of Brown, U.S. Publication No. 2007/0260876, and further in view of Huitema, U.S. Publication No. 2003/0056094. Referring to claim 4, Mazza does not specify that the public key certificate includes an expiration. Huitema discloses certificates that include expiration information such that the certificate expiration date is checked ([0041] & Figure 2, 208), which meets the limitation of wherein an expiration of the certificate is determined. It would have been obvious to one of ordinary skill in the art at the time the invention was made for the public key certificate of Mazza to have been checked for expiration, in the manner described in Huitema, in order to ensure that the certificate is valid as suggested by Huitema ([0041]).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under pre-AIA  35 U.S.C. 103(a) are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 3, 5, 6, 8, 10, 12-15, 17, 19, 20 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Raleigh, U.S. Publication No. 2012/0084184, in view of Madsen, U.S. Patent No. 8,473,749, in view Huitema, U.S. Publication No. 2003/0056094, in view of Mazza, U.S. Patent No. 8,229,858, and further in view of Brown, U.S. Publication No. 2007/0260876. Referring to claims 1, 8, 15, Raleigh discloses an enterprise access control system wherein a wireless device is provisioned with functionality to enforce application access policies ([0149]-[0150]). The wireless device includes a memory and a processor ([0072]), which meets the limitation of a mobile computing device comprising memory, and one or more processors. The wireless devices can be enrolled with enterprises ([0153]), which meets the limitation of enroll the mobile computing device with the enterprise, the enrolling authorizing the enterprise to send application to the mobile computing device. The wireless device identifies approved enterprise applications by comparing the application certificate with an application signature ([0150]), which meets the limitation of based at least in part on enrolling the mobile computing device with the enterprise, receive an enrollment token from the enterprise, store the enrollment token [and the certificate] in memory, receive an application, [based at least in part on the request to install the application], determine whether the application is associated with the enrollment token.
Raleigh discloses that the wireless device can prevent the application from running based on the identification ([0150]). Raleigh does not specify that the validation occurs prior to installation. Madsen discloses performing a validation against a list in prior to installation (Col. 4, lines 37-47), which meets the limitation of receive a request to install the application, upon receiving a request to install the application, based at least in part on the request to install the application, determine whether the application is associated with the enrollment token, based at least in part on determining the application is associated with the enterprise, install the application. It would have been obvious to one of ordinary skill in the art at the time the invention was made for the enterprise access control system of Raleigh to have included pre-installation verification as described in Madsen in order to ensure that approved applications are installed on the device as suggested by Madsen (Col. 4, lines 37-40).
Raleigh discloses that the wireless device identifies approved enterprise applications by comparing the application certificate with an application signature ([0150]). Raleigh, as modified above in view of Madsen, does not specify that the certificate expiration is checked after the application signature comparison is performed. Huitema discloses that certificate expiration date is checked ([0041] & Figure 2, 208) after an ID verification is performed using the certificate ([0039] & Figure 2, 206), which meets the limitation of based at least in part on determining that the application is associated with the enrollment token, determine the application is associated with the enterprise that has authorization to send applications to the mobile computing device. Examiner notes that the certificate expiration verification reads on the claimed determining that the enterprise has authorization to send applications because Applicant’s specification discloses that the certificate expiration is checked after the enterprise identifier verification is performed ([0047] & Figure 5, 507). It would have been obvious to one of ordinary skill in the art at the time the invention was made for the certificates of Raleigh to have been checked after the application signature comparison is performed in order to ensure that the certificate is valid as suggested by Huitema ([0041]).
	Raleigh, as modified in view of Madsen and Huitema, does not disclose that the application certificate is digitally signed and verifiable using the public key of a public key certificate. Mazza discloses license files that are digitally signed such that they can be validated using the public key of a public key certificate (Col. 12, lines 4-8: public key certificate would read on the claimed certificate), which meets the limitation of the enrollment token being certified by a certificate, store the certificate in the memory. It would have been obvious to one of ordinary skill in the art at the time the invention was made for the application certificates to have been digitally signed such that the signed application certificates are verifiable using the public key of a public key certificate in order to provide trusted verification of the certificate’s validity as suggested by Mazza (Col. 12, lines 4-16).
	Mazza does not disclose that the public key certificate is validated prior to utilization of the public key. Brown discloses the acquisition of valid public key certificates prior to utilization of the public key ([0017] & [0052] & [0056]-[0057]: search a remote source for the valid certificate and downloading the valid certificate shows that the certificate will have been determined to be valid before downloading), which meets the limitation of determine whether the certificate is valid. It would have been obvious to one of ordinary skill in the art at the time the invention was made for the public key certificates of Mazza to have been validated prior to usage in order to ensure that the public key can be trusted as suggested by Brown ([0052]). 
Referring to claims 3, 10, 17, Raleigh, as modified in view of Madsen and Huitema, does not disclose that the application certificate is digitally signed and verifiable using the public key of a public key certificate. Mazza discloses license files that are digitally signed such that they can be validated using the public key of a public key certificate (Col. 12, lines 4-8: public key certificate would read on the claimed certificate) wherein the public key certificate is included in the license file and generated by an RFA system (Col. 4, lines 56-67 & Col. 8, line 60 – Col. 9, line 10: RFA system would read on the claimed third party), which meets the limitation of wherein the enrollment token is associated with a certificate that represents certification by a third party that the enterprise is a valid entity. It would have been obvious to one of ordinary skill in the art at the time the invention was made for the application certificates to have been digitally signed such that the signed application certificates are verifiable using the public key of a public key certificate in order to provide trusted verification of the certificate’s validity as suggested by Mazza (Col. 12, lines 4-16).
Referring to claim 4, Raleigh, as modified in view of Madsen and Huitema, does not disclose that the application certificate is digitally signed and verifiable using the public key of a public key certificate. Mazza discloses license files that are digitally signed such that they can be validated using the public key of a public key certificate (Col. 12, lines 4-8: public key certificate would read on the claimed certificate) wherein the public key certificate is included in the license file and generated by an RFA system (Col. 4, lines 56-67 & Col. 8, line 60 – Col. 9, line 10: RFA system would read on the claimed third party), which meets the limitation of wherein [an expiration of the certificate] is determined by the third party. It would have been obvious to one of ordinary skill in the art at the time the invention was made for the application certificates to have been digitally signed such that the signed application certificates are verifiable using the public key of a public key certificate in order to provide trusted verification of the certificate’s validity as suggested by Mazza (Col. 12, lines 4-16).
Mazza does not specify that the public key certificate includes an expiration. Huitema discloses certificates that include expiration information such that the certificate expiration date is checked ([0041] & Figure 2, 208), which meets the limitation of wherein an expiration of the certificate is determined. It would have been obvious to one of ordinary skill in the art at the time the invention was made for the public key certificate of Raleigh, as modified in view of Mazza, to have been checked for expiration, in the manner described in Huitema, in order to ensure that the certificate is valid as suggested by Huitema ([0041]).
Referring to claims 5, Raleigh, as modified in view of Madsen and Huitema, does not disclose that the application certificate is digitally signed and verifiable using the public key of a public key certificate. Mazza discloses license files that are digitally signed such that they can be validated using the public key of a public key certificate (Col. 12, lines 4-8: public key certificate would read on the claimed certificate) wherein the public key certificate is included in the license file and generated by an RFA system (Col. 4, lines 56-67 & Col. 8, line 60 – Col. 9, line 10: RFA system would read on the claimed third party and would be considered a certifying authority to the extent that the RFA system creates license files that include certificates), which meets the limitation of wherein the third party is a certifying authority. It would have been obvious to one of ordinary skill in the art at the time the invention was made for the application certificates to have been digitally signed such that the signed application certificates are verifiable using the public key of a public key certificate in order to provide trusted verification of the certificate’s validity as suggested by Mazza (Col. 12, lines 4-16).
Referring to claim 6, Raleigh discloses that the wireless device identifies approved enterprise applications by comparing the application certificate with an application signature ([0150]), which meets the limitation of receive a second application, [based at least in part on the request to install the second application] determine that the second application is not associated with the enrollment token. 
Raleigh discloses that the wireless device can prevent the application from running based on the identification ([0150]). Raleigh does not specify that the validation occurs prior to installation. Madsen discloses performing a validation against a list in prior to installation (Col. 4, lines 37-47) such that applications can be rejected and not provided on the list of approved applications (Col. 8, lines 17-20: an application being rejected from entry on the list of approved applications would effectively rejection installation of that application), which meets the limitation of receive a request to install the second application, based at least in part on the request to install the second application, determine that the second application is not associated with the enrollment token, and reject installation of the second application. It would have been obvious to one of ordinary skill in the art at the time the invention was made for the enterprise access control system of Raleigh to have included pre-installation verification as described in Madsen in order to ensure that approved applications are installed on the device as suggested by Madsen (Col. 4, lines 37-40).
Referring to claims 12, 19, Raleigh discloses that the a third party service provider includes an application server providing application access to the enterprise ([0088]), which meets the limitation of a web service provides the application to the enterprise.
Referring to claims 13, 20, Raleigh discloses that the wireless device can prevent the application from running based on the identification ([0150]). Raleigh does not specify that the validation occurs prior to installation. Madsen discloses performing a validation against a list in prior to installation (Col. 4, lines 37-47) such that applications can be rejected and not provided on the list of approved applications (Col. 8, lines 17-20: an application being rejected from entry on the list of approved applications would effectively rejection installation of that application), which meets the limitation of based at least in part on determining that the application is not associated with the enrollment token, rejecting installation of the application. It would have been obvious to one of ordinary skill in the art at the time the invention was made for the enterprise access control system of Raleigh to have included pre-installation verification as described in Madsen in order to ensure that approved applications are installed on the device as suggested by Madsen (Col. 4, lines 37-40).
Referring to claim 14, Raleigh discloses that the enterprise application is downloaded to the mobile device ([0043]), which meets the limitation of wherein the package containing the application is received by the computing device based at least on a location of the computing device.
Claims 11, 18 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Raleigh, U.S. Publication No. 2012/0084184, in view of Madsen, U.S. Patent No. 8,473,749, in view Huitema, U.S. Publication No. 2003/0056094, in view of Mazza, U.S. Patent No. 8,229,858, in view of Brown, U.S. Publication No. 2007/0260876, and further in view of Boniface, U.S. Patent No. 8,719,908. Referring to claims 11, 18, Raleigh, as modified above in view of Madsen and Huitema, does not specify that the content of the application certificate includes an enterprise policy, location identifier, device identifier, and a user identifier. Boniface discloses enterprise certificates that include 802.11x authentication system information, physical location information, ip address, and an employee ID/name (Figure 2 & Col. 5, lines 16-39, 58-66 & Col. 6, lines 23-30), which meets the limitation of wherein the enrollment token further includes an enterprise policy, a location identifier, a device identifier, and a user identifier. It would have been obvious to one of ordinary skill in the art at the time the invention was made for the application certificates of Raleigh to have included the identified certificate information of Boniface in order to provide certificates that consolidate enterprise information as suggested by Boniface (Col. 1, lines 31-34).
Allowable Subject Matter
Claims 2, 7, 9, 16 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BENJAMIN E LANIER whose telephone number is (571)272-3805.  The examiner can normally be reached on M-Th: 6:20-4:50.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 5712724063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/BENJAMIN E LANIER/Primary Examiner, Art Unit 2437