DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 21, 29-31 and 33 are rejected under 35 U.S.C. 102 (a)(1) and (a)(2) as being anticipated by Hickie, (US Publication No. 2013/0029641).

Regarding claims 21 and 31, Hickie discloses
A method of managing security in a network domain [Hickie, paragraph 20], the method comprising: 
receiving information describing one or more user groups, each user group containing one or more users associated with the network domain [Hickie, paragraphs 86, Example Rule 2, paragraph 97, determine membership groups]; 
Hickie, paragraphs 64, 65, rules describe who, what and how a mobile user may access or act; rules are established on the basis of membership of one or more groups]; 
determining that a user of the first user group is logged into a managed device [Hickie, paragraphs 99, 103]; 
generating, based on the rule, first management instructions for enforcing the rule at the managed device logged into by the user in the first user group, 
the first management instructions for regulating communications between the managed server and the first set of labeled servers based on a user identifier of the user [Hickie, paragraphs 99, 103, 109, user id and group of what user can access]; 
generating based on the rule, second management instructions for enforcing the rule at the first set of labeled servers, 
the second management instructions for regulating communications between the first set of labeled servers and the managed device based on a device identifier of the managed device [Hickie, paragraphs 99, 103, 109, this list may then be delivered, see also figure 6]; 
sending the first management instructions to the managed device, the first management instructions to configure the managed device to implement the rule at the managed device [Hickie, paragraphs 99, 103, 109, user id and group of what user can access]; 
sending the second management instructions to the first set of labeled servers, 
Hickie, paragraphs 99, 103, 109, this list may then be delivered, see also figure 6].  

Regarding claim 29, Hickie further discloses
wherein the information describing one or more user groups is received from a directory and identity service [Hickie, paragraphs 99, 103, 109, see also figure 6, determine membership groups].  

Regarding claim 30, Hickie further discloses
periodically synchronizing with the directory and identity service to receive updated information describing the one or more user groups [Hickie, paragraph 64, synchronizing accessible resources].  

Regarding claim 33, Hickie further discloses
A method of managing security in a network domain, the method comprising: 
receiving information describing one or more user groups, each user group containing one or more users associated with the network domain [Hickie, paragraphs 86, Example Rule 2, paragraph 97, determine membership groups]; 
receiving a rule specifying an association between a first user group and a first set of labeled services, the rule indicating that users of the first user group are permitted to access the first set of labeled services [Hickie, paragraphs 64, 65, rules describe who, what and how a mobile user may access or act; rules are established on the basis of membership of one or more groups]; 
determining that a user of the first user group is logged into a managed device [Hickie, paragraphs 99, 103]; 
generating, based on the rule, first management instructions for enforcing the rule at the managed device logged into by the user in the first user group, the first management instructions for regulating communications between the managed device and the first set of labeled services based on a user identifier of the user [Hickie, paragraphs 99, 103, 109, user id and group of what user can access]; 
generating based on the rule, second management instructions for enforcing the rule at one more servers providing the first set of labeled services, 
Hickie, paragraphs 99, 103, 109, this list may then be delivered, see also figure 6]; 
sending the first management instructions to the managed device, the first management instructions to configure the managed device to implement the rule at the managed device [Hickie, paragraphs 99, 103, 109, user id and group of what user can access]; and 
sending the second management instructions to the one or more servers providing the first set of labeled services, the second management instructions to configure the one or more servers to implement the rule at the one or more servers [Hickie, paragraphs 99, 103, 109, this list may then be delivered, see also figure 6].   



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 22-23 and 25 are rejected under 35 U.S.C. 103 as being unpatentable over Hickie as applied to claim 21 above, and further in view of Dutcher et al., (US Patent No. 6,065,054), hereinafter “Dutcher”.

Regarding claim 22, Hickie does not specifically disclose, however Dutcher teaches
storing, by the server, the first management instructions and the second management instructions in memory [Dutcher, Abstract]; 
receiving an indication of the user logging out of the managed device [Dutcher, Abstract]; and 
responsive to receiving the indication of the user logging out of the managed device, disabling the first management instructions and the second management instructions stored in the memory [Dutcher, Abstract].  
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to maintain the instructions of a user for repeated logon’s in order to reduce the amount of time for future login’s.

Regarding claim 23, Hickie-Dutcher further discloses 
receiving an indication of a subsequent user login to the managed device by the user [Dutcher, Summary, column 2, paragraphs 2-7, manage that account through user logoff, maintain and manage a user account]; and 
responsive to determining that the user is logged in again, enabling the first and second management instructions stored in the memory [Dutcher, Summary, column 2, paragraphs 2-7, manage that account through user logoff, maintain and manage a user account].  

Regarding claim 25, Hickie-Dutcher further discloses 
receiving, from the managed device, an indication of the user logging out of the managed device [Dutcher, Abstract, Summary, column 2, paragraphs 2-7, manage that account through user logoff, maintain and manage a user account]; 
sending a request to the managed device to disable the first management instructions [Dutcher, Abstract, Summary, column 2, paragraphs 2-7, manage that account through user logoff, maintain and manage a user account]; and 
sending a request to the first set of labeled servers to disable the second management instructions [Dutcher, Abstract, Summary, column 2, paragraphs 2-7, manage that account through user logoff, maintain and manage a user account].  
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to manage a user’s login instructions and access control and maintain the access control based on the user’s group authorization in order to maintain a secure system and allow future login’s.

Claims 24 and 32 are rejected under 35 U.S.C. 103 as being unpatentable over Hickie as applied to claims 21 and 31 above.
Regarding claims 24 and 32, Hickie does not specifically disclose, however is obvious
receiving, from the managed device, information indicating that a second user logged into the managed device [Hickie, paragraphs 99, 103, 109, user access]; 
generating a third management instructions regulating communications between the managed device and a second set of labeled servers related to user groups containing the second user [Hickie, paragraphs 99, 103, 109, user id and group of what user can access]; and 
sending the third management instructions to the managed device [Hickie, paragraphs 99, 103, 109, this list may then be delivered, see also figure 6].  
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to allow multiple user’s to log onto a system, as creating a group and assigning user’s to that group in order to allow the different users to access the system and access the system that there assigned roles would allow.

Claim 26 is rejected under 35 U.S.C. 103 as being unpatentable over Hickie as applied to claim 21 above, and further in view of Peles, (US Publication No. 2004/0177247).

Regarding claim 26, Hickie further discloses
wherein the rule has a used by portion, wherein the used by portion specifies a label set comprising one or more labels identifying the one or more user groups [Hickie, paragraphs 99, 103, 109, this list may then be delivered, see also figure 6].  

Hickie does not specifically disclose, however Peles teaches
provided by portion;
wherein the provided by portion specifies a label set for the first set of servers that provide a service [Peles, paragraph 5].
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the list of user’s able to access the service to the server’s containing the service in order to let the server’s know which users are authorized to use their services.

Claims 27 and 28 are rejected under 35 U.S.C. 103 as being unpatentable over Hickie as applied to claim 21 above, and further in view of Miller et al., (US Publication No. 2002/0181691), hereinafter “Miller”.

Regarding claim 27, Hickie does not specifically disclose, however Miller teaches
wherein the management instructions configure the managed device to block a communication responsive to receiving a request for a communication to another server providing a service that is not associated with the user group of the user currently logged in to the managed device [Miller, paragraph 51].  
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to block a user trying to access a system that they may not have access to in order to protect and secure the system.

Regarding claim 28, Hickie-Miller further disclose
receiving an alert responsive to the managed device blocking the communication, the alert indicating a request for an unauthorized access [Miller, paragraph 51, notified of the login failure].  

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM J GOODCHILD whose telephone number is (571)270-1589. The examiner can normally be reached M-F 8am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeff Pwu can be reached on 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/William J. Goodchild/Primary Examiner, Art Unit 2433