DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to amendment filed on 7/26/2021.  Claims 1-6, 8-12, and 15-20, have been amended, and claims 13-14 has been canceled by the Applicant, and claims 21-23 have been added by the Applicant.  Claims 1-6, 8-12, and 15-23 have been examined.  This action is Final.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Response to Amendment
Applicant's arguments filed 7/26/2021 have been fully considered but they are not persuasive. 
On pages 7-8 of the Applicant’s arguments, in regards to the previous objection to claims 2-4, 6, 8-16, and 18-20, the Applicant has amended to overcome the objection; therefore, the objection has been withdrawn.  
On page 9 of the Applicant’s arguments, the Examiner has reviewed the cited art again, and claims 13 and 14 are disclosed in the prior art listed below.  
On page 10 of the Applicant’s arguments, the Applicant states that, “the cited art of Boyer nor Stuntebeck disclose wherein the device credentials are managed based at least in part on an association between the device credentials and the one or more device policy”.  
“wherein the device credentials are managed based at least in part on an association between the device credentials and the one or more device policy”, because Stuntebeck discloses device credentials such as passcode set are managed based at least in part on an association between the device credentials and the device policy, because Stuntebeck discloses a management policy may require that a device have a passcode set, that a specific application be used for real-time communications, and that only users within the same user group during working hours (Stuntebeck: para. 0016, 0038).  Stuntebeck discloses the device credentials, device characteristics of a client device are associated with the device policy, compliance rules (Stuntebeck: para. 0022-0023, 0038, 0060).   On pages 6-9 of the Applicant’s arguments, the Applicant’s arguments in regards to previous applied art are moot, because the Applicant is arguing newly added limitations, “device credentials that include authentication credentials shared by a plurality of devices, and (ii) a device policy document that is linked to the device credentials to allow the device policy document to be applied to the plurality of devices that share the device credentials”. Stuntebeck, Mortimore, and Shahbazi, individually and in combination, do not teach or suggest the limitations above, the newly added limitations are addressed by the newly cited art of Boyer et al. (2006/0230437).
8.	On pages 10-11 of the Applicant’s arguments, the Applicant states that the prior art of, “Boyer, Stuntebeck, and Shahbazi” do not disclose receiving, by a service provider, device credentials that include authentication credentials shared by a plurality of devices, and a device policy document that is linked to the device credentials to allow the device policy document to be applied to the plurality of devices that share the device credentials, wherein the device credentials are managed based at least in part on an association between the device credentials and a plurality of policy documents”.
“receiving, by a service provider, device credentials that include authentication credentials shared by a plurality of devices, and a device policy document that is linked to the device credentials to allow the device policy document to be applied to the plurality of devices that share the device credentials”, because Boyer discloses a computer system, including a server that receives the device credentials that include authentication credentials shared by the a plurality of devices, an entity can authorize credential sharing privileges among a plurality of entities.  Thus the device policy document, security policy is linked to the device credentials to allow the security policy to be applied to a plurality of entities (i.e. devices) that share the device credentials (Boyer: para. 0085, 0095).  Boyer discloses device credentials are managed, because Boyer discloses the device credentials are stored in a credential store, and the device credentials have rights in a policy document, security policy (Boyer: para. 0094-0095).
	(C).  Stuntebeck discloses the device credentials are managed based at least in part on an association between the device credentials and a plurality of policy documents, because Stuntebeck discloses access credentials uniquely identify a client device, and the access credentials are associated with the compliance restrictions/policies (Stuntebeck: para. 0019-0020, 0022-0023, 0038, 0060).
9.	On pages 10-11 of the Applicant’s arguments, the Applicant states that the prior art does not disclose or suggest, “receive a message, from a hub device, requesting performance of the resource action, wherein the message includes the authentication credentials for the device, wherein the hub device sends messages to the managed service on behalf of the devices associated with the hub device”.
	(C).  The Examiner disagrees with the Applicant.  Amireddy discloses hub device (i.e. communication hub) send messages on behalf of the devices (i.e. UE) associated with the hub device (i.e. communication hub) (Amireddy: col. 5, lines 38-40, col. 8, lines 26-33).  Amireddy (Amireddy: col. 8, lines 26-39).

Claim Rejections - 35 USC § 103
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claims 1-6, 8-12, 16, 21, and 23 are rejected under 35 U.S.C. 103 as being unpatentable over Boyer et al (2006/0230437) in view of Stuntebeck et al (2016/0105463) and further in view of Shahbazi (2007/0143824).

             As per claim 1, Boyer et al. discloses a system for resolving credentials for a device, comprising: 
            at least one processor (Boyer et al: para. 0060, see Fig. 1  processor #5); 
(Boyer: para. 0057-0058, See Fig. 2 Credential Store #207 for storing device credentials (i.e. IP address, MAC address); 
            a memory device including instructions that, when executed by the at least one processor, cause the system to (Boyer: para. 0086, 0093, See Fig. 1, memory #10): 
            receive, for management by a service provider, device credentials that include authentication credentials shared by a plurality of devices (Boyer: para. 0006-0007, 0085, 0095, device credentials (i.e. entity credentials) include authentication credentials shared by a plurality of entities), and a device policy document (Boyer: para. 0070-0075,  the Examiner asserts that one of ordinary skill in the art would understand that a policy is defined or described in a form of a document) that is linked to the device credentials shared by a plurality of devices (Boyer: 0070-0075, 0097-0098, device policy (i.e. security policy) is included into an access rights table that is linked to device credentials (i.e. entity credentials) shared by a plurality of entities, policy document specifying the permissions used to authorize the resource action), and a device policy that is linked to the device credentials to allow the device policy document to be applied to the plurality of devices that share the device credentials (Boyer: para. 0096-0098,  security policy is linked to entity credentials to grant the device policy to be applied to the plurality of entities that share the entity credentials).
Boyer does not explicitly disclose wherein the device credentials are managed based at least in part on an association between the device credentials and one or more device policy documents, and wherein the authentication credentials are used to authenticate a device included in the plurality of devices configured to communicate via a network with resources provided by the service provider, receive a message from the device requesting that a managed service perform an action, wherein the device is in network communication with the managed service provided by the service provider and the message includes the authentication credentials for the device;  
Stuntebeck et al discloses wherein the device credentials are managed based at least in part on an association between the device credentials (Stuntebeck: para. 0022-0023, 0038, 0060, the one or more device policy documents device characteristics of a client device are associated with the device policy, compliance rules), and wherein the authentication credentials are used to authenticate a device included in the plurality of devices configured to communicate via a network with resources provided by the service provider, and the device policy document (Stuntebeck: para. 0060, states that ‘security policies may result in a log of the message(s) could be considered as documents) authorizes performance of a resource action requested by the device (Stuntebeck: para. 0040, 0042, the authentication credentials/device identifier used to authenticate a device, and device policy/compliance service specifies rules used to authorize resource requested by the device); receive a message from the device requesting that a managed service perform an action, wherein the device is in network communication with the managed service provided by the service provider and the message includes the authentication credentials for the device (Stuntebeck: para. 0034, 0040, the message the Examiner asserts is the request for access to resource, the client device request a resource); authenticate the device using the authentication credentials (Stuntebeck: para. 0040, authenticate the device/client device using the device identifier); 
obtain the device policy linked to the device from the device credentials data store (Stuntebeck: para. 0032, 0038, 0042, See Fig. 1, device policy/compliance service); determine that the policy condition is satisfied to allow the device to request performance of the action (Stuntebeck: para. 0042-0043, compliance rules/device permissions of the device policy/compliance service); and 
(Stuntebeck: para. 0043, 0045-0047, authorize the request to be sent to the managed service/physical access points to perform accessing the access points). 
 It would have been obvious to one of ordinary skill in the art of the effective filing date of the claimed invention to include the device credentials are managed based at least in part on an association between the device credentials and one or more device policy documents, and wherein the authentication credentials are used to authenticate a device included in the plurality of devices configured to communicate via a network with resources provided by the service provider, receive a message from the device requesting that a managed service perform an action, wherein the device is in network communication with the managed service provided by the service provider and the message includes the authentication credentials for the device;  authenticate the device using the authentication credentials; obtain the device policy document linked to the device from the credentials data store; determine that the policy condition is satisfied to allow the device to request performance of the action; and authorize the request to be sent to the managed service to perform computing services of the Stuntebeck with Boyer both are analogous in the art of security policies, the motivation is that enhancing network access control by assigning specific access rights based on access lists to client devices is an effective authentication method that authorizes access associated network resources (Stuntebeck: para. 0018).
     Boyer and Stuntebeck, do not explicitly disclose the policy includes a parameter that is updatable to include a device attribute for the device, and the parameter is associated with a policy condition; and update the parameter in the policy with the device attribute for the device.
     Shahbazi discloses the policy includes a parameter that is updatable to include a device attribute for the device (Shahbazi: para. 0024, 0034, device attribute (i.e. device type, serial number, manufacturer, model number), and the parameter is associated with a policy condition (Shahbazi: para. 0081, policy condition is whether to allow or restrict access to resources); and update the parameter in the policy with the device attribute for the device (Shahbazi: para. 0097, The device parameters include serial number, security settings, manufacturer, model number, etc. change in device parameters is detected).
     It would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to include the policy includes a parameter that is updatable to include a device attribute for the device, and the parameter is associated with a policy condition; and update the parameter in the policy with the device attribute for the device of Shahbazi with the combination of Boyer and Stuntebeck, all are analogous in the art of policies, the motivation is that there exists a need for an efficient and flexible system and method for securing data in mobile devices used under varying operating environments (Shahbazi: para. 0008).     As per claim 2, Boyer, Stuntebeck, and Shahbazi disclose the system of claim 1,   
     Boyer further discloses wherein the memory device includes instructions that, when executed by the processor, cause the system to further obtain metadata for the device that is used as the device attribute for the device (Boyer: para. 0055, metadata for the device, entity specific string, IP address, MAC address). 
     As per claim 3, Boyer, Stuntebeck, and Shahbazi disclose the system of claim 1.   
     Stuntebeck further discloses comprising obtaining a device profile for the device (Stuntebeck: see Fig. 1, para. 0036, device profile #123). 
      Same motivation as claim 1.
     As per claim 4, Boyer, Stuntebeck, and Shahbazi disclose the system of claim 3.   
     The combination of Stuntebeck and Shahbazi further disclose comprising populating the parameter in the device policy document associated with the policy condition with metadata (Shahbazi: para. 0024, 0034, 0081, populating the parameter (i.e. device parameters) in the device policy associated with the policy condition with metadata) obtained from the device profile (Stuntebeck: see Fig. 1, para. 0036, device profile #123). 
     Same motivation as claim 1.

     As per claim 5, Boyer discloses a computer implemented method, comprising:
     Boyer discloses receiving, by a service provider, (i) device credentials that include authentication credentials shared by a plurality of devices (Boyer: para. 0006-0007, 0085, 0095, device credentials (i.e. entity credentials) include authentication credentials shared by a plurality of entities), and a device policy document (Boyer: para. 0070-0075,  the Examiner asserts that one of ordinary skill in the art would understand that a policy is defined or described in a form of a document), and (ii) a device policy document that is linked to the device credentials to allow the device policy document to be applied to the plurality of devices that share the device credentials (Boyer: para. 0096-0098,  security policy is linked to entity credentials to grant the device policy to be applied to the plurality of entities that share the entity credentials).
     Boyer does not explicitly disclose wherein the device credentials are managed based at least in part on an association between the device credentials and a plurality of policy documents, wherein the authentication credentials are used to authenticate a device included in the plurality of devices configured to communicate via a network with resources provided by a service provider; receiving a message requesting that a resource perform a resource action associated with the device; authenticating the device using the authentication credentials for the device; obtaining the device 
document is satisfied.
     However, in analogous art of Stuntebeck discloses disclose wherein the device credentials are managed based at least in part on an association between the device credentials and a plurality of policy documents (Stuntebeck: para. 0022-0023, 0038, 0060, the one or more device policy documents device characteristics of a client device are associated with the device policy, compliance rules), wherein the authentication credentials are used to authenticate a device included in the plurality of devices configured to communicate via a network with resources provided by a service provider (Stuntebeck: para. 0060, states that ‘security policies may result in a log of the message(s) could be considered as documents); receiving a message requesting that a resource perform a resource action associated with the device (Stuntebeck: para. 0040, 0042, the authentication credentials/device identifier used to authenticate a device, and device policy/compliance service specifies rules used to authorize resource requested by the device); authenticating the device using the authentication credentials for the device (Stuntebeck: para. 0040, authenticate the device/client device using the device identifier); obtaining the device policy document linked to the device credentials used to authorize performance of the resource action (Stuntebeck: para. 0032, 0038, 0042, See Fig. 1, device policy/compliance service); and authorizing the resource action when the policy condition in the device policy document is satisfied (Stuntebeck: para. 0043, 0045-0047, authorize the request to be sent to the managed service/physical access points to perform accessing the access points).
     It would have been obvious to one of ordinary skill in the art of the effective filing date of the claimed invention to include the device credentials are managed based at least in part on an association between the device credentials and a plurality of policy documents, wherein the 
document is satisfied of the Stuntebeck with Boyer both are analogous in the art of security policies, the motivation is that enhancing network access control by assigning specific access rights based on access lists to client devices is an effective authentication method that authorizes access associated network resources (Stuntebeck: para. 0018).
     Boyer and Stuntebeck do not explicitly disclose updating the parameter in the device policy document with the device attribute for the device; and the device policy document includes a parameter that is updatable to include a device attribute for the device, and the parameter is associated with a policy condition, that when satisfied, authorizes performance of a resource action requested by the device.
    Shahbazi discloses updating the parameter in the device policy document with the device attribute for the device attribute for the device (Shahbazi: para. 0024, 0034, device attribute (i.e. device type, serial number, manufacturer, model number); and the device policy document includes a parameter that is updatable to include a device attribute for the device (Shahbazi: para. 0081, policy condition is whether to allow or restrict access to resources), and the parameter is associated with a policy condition, that when satisfied, authorizes performance of a resource action requested by the device (Shahbazi: para. 0097, The device parameters include serial number, security settings, manufacturer, model number, etc. change in device parameters is detected). 
(Shahbazi: para. 0008).

     As per claim 6, Boyer, Stuntebeck, and Shahbazi disclose the method of claim 5.   
     Stuntebeck further discloses wherein the device policy document includes static parameters specifying the resource and the resource action (Stuntebeck: para. 0020, policy includes static parameters such as device security or integrity specifying the resource and the resource action such as editing access to the content for the class). 
     Same motivation as claim 1.
     As per claim 8, Boyer, Stuntebeck, and Shahbazi disclose the method of claim 5,  
     Shahbazi further discloses further comprising: obtaining device metadata for the device; and populating the parameter in the device policy document with the device metadata (Shahbazi: para. 0024, 0034, 0081, populating the parameter (i.e. device parameters) in the device policy document). 
     Same motivation as claim 2. 


     As per claim 9, Boyer, Stuntebeck, and Shahbazi disclose the method of claim 5,  
     Stuntebeck further discloses obtaining a group attribute for a group of devices (Stuntebeck: para. 0021-0022); and populating the parameter in the device policy document (Shahbazi: para. para. 0024, 0034, 0081, populating the parameter (i.e. device parameters) in the device policy document) with the group attribute (Stuntebeck: para. 0021-0022, deploy the configuration profiles to specific user devices, such as to groups of user devices of users with similar roles, privileges and/or titles). 
      Same motivation as claim 1.
     As per claim 10, Boyer, Stuntebeck, and Shahbazi disclose the method of claim 5.  
     Stuntebeck further discloses identifying a resource associated with the action requested in the message (Stuntebeck: para. 0043, 0045-0047); and identifying the device policy document associated with the resource ((Stuntebeck: para. 0040, 0042, identifying the device policy/compliance service specifies rules used to authorize resource requested by the device). 
     Same motivation as claim 1.
     As per claim 11, Boyer, Stuntebeck, and Shahbazi disclose the method of claim 5.  
     Stuntebeck further discloses providing the device credentials to a managed service configured to perform the action requested in the message (Stuntebeck: para. 0023, 0034, 0040, Access credentials may uniquely identify a client device).
     Same motivation as claim 1. 

     As per claim 12, Boyer, Stuntebeck, and Shahbazi disclose the method of claim 5. 
     Stuntebeck further discloses wherein the message is received from the device (Stuntebeck: para. 0001, 0015, 0034, 0080, messages are received from the device). 
      Same motivation as claim 1. 

     As per claim 16, Boyer, Stuntebeck, and Shahbazi disclose a method of claim 5. 
     Stuntebeck further discloses managing the associations using computing resources included in a computing service provider environment (Stuntebeck: Fig. 1).  
      Same motivation as claim 1. 

As per claim 21, Boyer, Stuntebeck, and Shahbazi discloses the system of claim 3.  Stuntebeck further discloses wherein the device policy document comprises permissions to be applied to the device when authenticating the device, based at least in part on the device profile (Stuntebeck: para. 0022, 0025, device profile (i.e. configuration profile)).
     Same motivation as claim 1 above.

     As per claim 23, Boyer, Stuntebeck, and Shahbazi discloses the system of claim 1.  Boyer further discloses the device policy document is disassociated with a device, based at least in part on unlinking the device policy document from the device credentials (Boyer: para. 0095-0096, policy document is disassociated (i.e. revocable)).
     Same motivation as claim 1 above.



Claims 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Boyer et al (2006/0230437) in view of Stuntebeck et al (2016/0105463) and in view of Shahbazi (2007/0143824), and further in view of Amireddy et al. (9,444,892).

     As per claim 17, Boyer discloses a non-transitory machine readable storage medium having instructions embodied thereon, the instructions when executed by a processor:
     receive, for management by a managed service, (1) device credentials
shared by a plurality of devices configured to request a resource to perform a resource
action (Boyer: para. 0006-0007, 0085, 0095, device credentials (i.e. entity credentials) include authentication credentials shared by a plurality of entities), and (ii) a device policy document that is linked to the device credentials to allow the device policy document to be applied to the plurality of devices that share the device credentials (Boyer: para. 0070-0075,  the Examiner asserts that one of ordinary skill in the art would understand that a policy is defined or described in a form of a document).
     Boyer does not explicitly disclose wherein the device credentials include authentication credentials, and the device credentials are used to authenticate an identity of a device included in the plurality of devices, and authorizes performance of the resource action requested by
the device; receive a message, from a hub device, requesting performance of the resource action, wherein the message includes the authentication credentials for the device, wherein the hub device sends messages to the managed service on behalf of devices associated with the hub device; authenticate the device using the authentication credentials; retrieve the device policy document linked to the device credentials which includes; and authorize the action requested in the message.
     Stuntebeck discloses wherein the device credentials include authentication credentials, and the device credentials are used to authenticate an identity of a device included in the plurality of devices (Stuntebeck: para. 0060, security policies may result in a log of the message(s) could be considered as documents), and authorizes performance of the resource action requested by the device (Stuntebeck: para. 0040, 0042, device policy/compliance service specifies rules used to authorize resource requested by the device);
     authenticate the device using the authentication credentials (Stuntebeck: para. 0060, authenticate the device/client device using the device identifier);
     retrieve the device policy document linked to the device credentials (Stuntebeck: para. 0032, 0038, 0042, See Fig. 1, device policy/compliance service); and 
     authorize the action requested in the message (Stuntebeck: para. 0043, 0045-0047, authorize the request to be sent to the managed service/physical access points to perform accessing the access points).
(Stuntebeck: para. 0018).
     Boyer and Stuntebeck does not explicitly disclose parameter that is updatable to include the device attribute; update the parameter in the device policy document with the device
attribute for the device; determine that the parameter satisfies the policy condition of the device policy document.
     Shahbazi discloses parameter that is updatable to include the device attribute (Shahbazi: para. 0024, 0034, device attribute (i.e. device type, serial number, manufacturer, model number); update the parameter in the device policy document with the device attribute for the device (Shahbazi: para. 0024, 0034, device attribute (i.e. device type, serial number, manufacturer, model number); determine that the parameter satisfies the policy condition of the device policy document (Shahbazi: para. 0081, policy condition is whether to allow or restrict access to resources).
          It would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to include the policy includes disclose parameter that is updatable to include the device attribute; update the parameter in the device policy document with the device attribute for the device; determine that the parameter satisfies the policy condition of the device policy document of Shahbazi with the combination of Boyer, Stuntebeck, all are analogous in the art of policies, the motivation is that there exists a need for an efficient and flexible system and method for securing data in mobile devices used under varying operating environments (Shahbazi: para. 0008).
     Boyer, Stuntebeck, and Shahbazi do not explicitly disclose receive a message, from a hub device, requesting performance of the resource action, wherein the message includes the authentication credentials for the device, wherein the hub device sends messages to the managed service on behalf of devices associated with the hub device.
     Amireddy discloses receive a message, from a hub device (Amireddy: col. 5, lines 38-40, hub device (i.e. communication hub), requesting performance of the resource action, wherein the message includes the authentication credentials for the device, wherein the hub device sends messages to the managed service on behalf of devices associated with the hub device Amireddy: col. 8, lines 26-40, hub device (i.e. communication hub) send messages on behalf of devices (i.e. UE) associated with the hub device (i.e. communication hub).  
     It would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to include receive a message, from a hub device, requesting performance of the resource action, wherein the message includes the authentication credentials for the device, wherein the hub device sends messages to the managed service on behalf of devices associated with the hub device of Amireddy with the combination of Boyer, Stuntebeck, and Shahbazi all are analogous in the art of communicating messages, the motivation to have a hub is (Amireddy: col. 5, lines 60-67, col. 6, lines 1-2).

     As per claim 18, Boyer, Stuntebeck, Shahbazi, and Amireddy disclose the non-transitory machine readable storage medium of claim 17.   Stuntebeck further discloses wherein the device policy document specifies permissions that allow requests associated with the device to be sent to a managed service configured to perform the action requested in the message (Stuntebeck: para. 0040, 0042, device policy/compliance service specifies rules used to authorize resource requested by the device).
      Same motivation as claim 1. 
     As per claim 19, Boyer, Stuntebeck, Shahbazi, and Amireddy disclose the non-transitory machine readable storage medium of claim 17.  The combination of Stuntebeck and Shahbazi further discloses wherein the parameter in the device policy document (Shahbazi: para. 0018, 0024, parameter (i.e. static or dynamic parameters) in the device policy document is populated with a group attribute such as device capabilities, such that all devices will have the device capability) is populated with a group attribute for a group of devices (Stuntebeck: para. 0021-0022, deploy the configuration profiles to specific user devices, such as to groups of user devices of users with similar roles, privileges and/or titles). 
     Same motivation as claim 1.

     As per claim 20, Boyer, Stuntebeck, Shahbazi, and Amireddy disclose the non-transitory machine readable storage medium of claim 17. Stuntebeck further discloses wherein the device credentials are owned by the resource and the device credentials are used to authenticate the identities of the devices configured to request that the resource perform a resource action (Stuntebeck: para. 0040, 0043, 0045-0047, entity credentials are used to authenticate entities).
     Same motivation as claim 1.  

Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Boyer et al (2006/0230437) in view of Stuntebeck et al (2016/0105463) and in view of Shahbazi (2007/0143824), and further in view of Linga et al (2019/0018801).

     As per claim 15, Boyer, Stuntebeck, and Shahbazi disclose the method of claim 5.
     Boyer, Stuntebeck, and Shahbazi do not explicitly disclose further comprising updating a device profile for a device to disassociate the device from a first device policy document and associate the device with a second device policy document. 
    However, analogous art of Linga discloses updating a device profile for a device to disassociate the device from a first device policy document and associate the device with a second device policy document (Linga: para. 0091, 0093, 0096, updating device profile by updating and/or modifying the user device). 
      It would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to include updating a device profile for a device to disassociate the device from a first device policy document and associate the device with a second device policy document of Linga with the Boyer, Stuntebeck, and Shahbazi combination all are analogous in the (Linga: para. 0094).

13.	Claim 22 is rejected under 35 U.S.C. 103 as being unpatentable over Boyer et al (2006/0230437) in view of Stuntebeck et al (2016/0105463) and in view of Shahbazi (2007/0143824), and in view of Amireddy et al. (9,444,892) further in view of Chaput et al. (2017/0199796).

As per claim 22, Boyer, Stuntebeck, Shahbazi, and Amireddy discloses the non-transitory machine readable storage medium of 17.
Boyer, Stuntebeck, and Shahbazi, and Amireddy does not explicitly disclose wherein the hub device is authenticated using device credentials assigned to the hub device.
However, in analogous art of Chaput discloses wherein the hub device is authenticated using device credentials assigned to the hub device (Chaput: para. 0040, hub is authenticated using credentials).
It would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to include wherein the hub device is authenticated using device credentials assigned to the hub device of Chaput with Boyer-Stuntebeck-Shahbazi-Amireddy, the motivation is that this is a security measure that maintains system integrity (Chaput: para. 0040).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
    Any inquiry concerning this communication or earlier communications from the examiner should be directed to JENISE E JACKSON whose telephone number is (571)272-3791.  The examiner can normally be reached on M-F 8:00am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T Pham can be reached on (571)270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished 


11/4/2021
/JJ/
AU 2439


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439