Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  Claims 1, 9, 10, 15 and 20 are amended.  Claims 1-20 are pending.
Response to Arguments
2.	Applicant's arguments filed on 12/15/2021 have been fully considered but they are not persuasive. 
 	Applicant argues that the cited prior art, Lim, fails to disclose “determining (a) that the first security permits an action on the computing device not permitted by the second security policy; determining (b) that the second security policy permits a second action on the computing device not permitted by the first security policy…”.
	Examiner respectfully disagrees.  As describes in the Abstract, Lim discloses:
	In an information management system, activity data is collected and analyzed for patterns. The information management system may be policy based. Activity data may be organized as entries including information on user, application, machine, action, object or document, time, and location. When checking for patterns in the activity or historical data, techniques may include inferencing, frequency checking, location and distance checking, and relationship checking, and any combination of these. Analyzing the activity data may include comparing like types or categories of information for two or more entries.

Moreover, the cited paragraph 200-204 read as follows:
 [0200] In one implementation, a policy directive is used to label the locations where a policy is applicable. In such implementation, policies that are not labeled are applicable to all locations. A location label may refer to one or more locations. A location label may comprise of one or more constants or an expression. TABLE-US-00001 # Policy 1 [location.access-point ="AP-NY"] FOR document.name="\\server1\legal\highly-confidential\*" ON OPEN BY user=Legal DO (ALLOW AND LOG) OTHERS DENY # Policy 2 [location.access-point="AP-B"] FOR document.name="\\server1\legal\highly-confidential\*" ON OPEN BY user=Legal DO DENY
[0201] The policies in the above example are prefixed with location labels. In this case, a location label comprises an expression (e.g., location.access-point="AP-B"). During policy evaluation, a policy engine evaluates the location labels of "policy 1" and "policy 2" to determine if "policy 1" or "policy 2" is relevant. Further, there may be a catch all policy that is applied when the value of "location.access-point" does not match any other policy having a location label specifying "location.access-point" as a matching criterion. For example, a catch all label may be "[location.access-point=DEFAULT]."
[0202] In another implementation, policies are grouped into policy sets and a policy set directive is used to label the locations where a policy set is applicable. A policy set may be named or unnamed. A policy set comprises at least one policy. A policy set may also include another policy set. TABLE-US-00002 [location.access-point = "AP-NY"] PolicySet "NY-Office-Policies" { # Policy 3 FOR document.name="\\server1\legal\highly-confidential\*" ON OPEN BY user=Legal DO (ALLOW AND LOG) OTHERS DENY # Policy 4 FOR document.name="*.xls" OR document.name="*.pdf" ON PRINT BY user=Finance DO DENY }
[0203] The two policies "policy 3" and "policy 4" in the above example are grouped into a named policy set "NY-Office-Policies." The policy set is tagged (or prefixed) with a location label [location.access-point="AP-NY"] making the policies in the policy set applicable only when the label is evaluated to Boolean true.
[0204] In yet another implementation, a policy may comprise multiple expressions (or subexpressions) each assigned a different location label. Evaluating such policy includes selecting an expression (or subexpression) associates with the location detected by a policy engine. TABLE-US-00003 FOR document.name="\\server1\legal\highly-confidential\*" ON OPEN BY user=legal WHERE { SWITCH (location.access-point) CASE "AP-NY" connection.type = "LAN" OR (connection.type = "WLAN" AND connection.security = "VPN") DEFAULT connection.security = "VPN" } DO ALLOW OTHERS DENY
 	As shown in the above paragraphs, the policy based activity data encompasses different data elements organized different entries and analyzing and relationship checking and Identifying relevancy (Boolean, true or false) in different policies.  Grouping of policies into set.   Analyzing relationship between different policies with different types of data.  In order to analyze relationship in set. Analyzing policy relationship in set such as set theory in mathematics such as determining union, intersection etc. would be have been necessary. 
	Moreover, respect to claim 9, Applicant argues that the claim recites amended claim where the Applicant’s argument that the claim recites “without transmitting the location of the mobile device to the server system”.  However, as mention throughout the specification, Lim discloses the location associated with the AP, thus, suggest a client may be a mobile device.  Lim also discloses the client or computer system may act as a client or a server depending on whether . 
Claim Rejections - 35 USC § 103
3.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

 	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Lim (U.S. Patent Application Publication No. 20080066149).
 	With respect to claim 1, Lim discloses a method comprising:
 	determining, via a processor of a computing device, a location of the computing device; receiving a first security policy based on a first determination of a first zone representing a first section of a geographic area including the location of the computing device (e.g. Lim, paragraph 0015, “The information management system may be rule or policy based.  Activity data may be organized as entries, including information on user…time, and location”; paragraph 0091, “The policies that a policy enforcer can handle may be defined based on the type of action, user, user group, user attribute…location (e.g., New York office versus London office);
 	receiving a second security policy based on a second determination of a second zone representing a second section of the geographic area including the location ( e.g., Lim, paragraph 0198, “the policy engine detects the current location of a device (e.g. a laptop computer) and evaluates a selected subset of policies received from the policy server according to the current location:);
determining (a) that the first security policy permits an action on the computing device not permitted by the second security policy; determining (b) that the second security policy permits a second action on the computing device not permitted by the first security policy (e.g. Lim, paragraph 0200-0201, “a policy directive is used to label the locations where a policy is applicable…A location label may comprises of one or more constraints or an expression…”);
 	Lim discloses implementing an aggregate security policy with respect to the computing device, the aggregate security policy being based on the first security policy and the second security policy on the computing device (e.g. Lim, paragraphs 000203-0204, “The two policies “policy 3” and “policy 4”…are grouped into a named policy set “NY-Office-policies.”...making the policies in the policy set applicable only when the label is evaluated to Boolean true”)).
Lim does not explicitly mention: “the aggregate security policy prohibiting the first action on the computing device and prohibiting the second action on the computing device”.  
 	 However, Lim discloses in situation where two policies are grouped into a named policy set, making the policies in the policy set applicable only when the label is evaluated to Boolean true.  Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to derive the claimed feature by implementing the Boolean table to determine which policy is applicable when the evaluation of the policies according to the location labels does not result in the same result.  

 	With respect to claim 2, Lim discloses the method of claim 1, wherein a map is stored that correlates each zone of a plurality of zones to a security policy identifier of a plurality of security policy identifiers, the plurality of zones including the first zone and the second zone, the method further comprising:
 	receiving a security policy identifier of the plurality of security policy identifiers mapped to the first zone on a server system, the server system storing data defining a plurality of security policies mapped to the plurality of security policy identifiers, the data defining the plurality of security policies not being stored on the computing device (e.g. Lim, paragraphs 0201-0202; 0206-0207, “location labels”-location zones; “policy numbers”-policy identifier).

 	With respect to claim 3, Lim discloses the method of claim 1, wherein the first zone is a smaller than the second zone (Lim, paragraph 0207).

  	With respect to claim 4, Lim discloses the method of claim 1, further comprising:
 	transmitting the location to a category server; receiving a category from the category server; identifying the first security policy as being a security policy mapped to the category (e.g. Lim, paragraph 0015).

 	With respect to claim 5, Lim discloses the method of claim 1, wherein detecting the location comprises detecting a wireless signal from a transmitter and a signal strength of the wireless signal (e.g. Lim, Fig. 11)

 	With respect to claim 6, Lim discloses the method of claim 1, wherein implementing the aggregate security policy comprises at least one of requiring a specified level of authentication to access data and services of a server system and restricting access to one or more resources external to the server system (e.g. Lim, paragraphs 0200-0203).

 	With respect to claim 7, Lim discloses the method of claim 1, wherein the computing device executes an operating system including a personal partition and an enterprise partition, the method further comprising:
 	executing a first security component within the personal partition and a second security component within the enterprise partition;
 communicating, by the first security component and the second security component with a server system in order to associate the first security component and the second security component with one another; and
implementing the aggregate security policy with the first security component and the second security component (e.g. Fig. 12)

 	With respect to claim 8, Lim discloses the method of claim 1 further comprising:
 	executing, by the computing device, an application on the computing device, the application including an embedded security component;
 	implementing, by the security component, the aggregate security policy (e.g. Lim, Fig. 11 and 12).

 	With respect to claim 9, discloses a non-transitory computer-readable medium storing executable code that, when executed by one or more processing devices of a mobile device, causes the one or more processing devices to:
detect a location of the mobile device; identify a corresponding zone of a plurality of zones including the location, each zone of the plurality of zones being mapped to a security policy of a plurality of security policies; and implement the security policy of the plurality of security policies mapped to the corresponding zone in cooperation with a server system (e.g. Fig. 11 and 12, paragraphs 0015, 0198 and 0200-0203). 
 Lim does not explicitly mention “without transmitting the location of the mobile device to the server system”.  However, Lim discloses a client or particular system may act as both a client or a server depending on whether the computer system is requesting or providing information (e.g. Lim, paragraph 0058).  Moreover, transmitting information without disclosing location is well-known in the art, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to derive this claimed feature with Lim’s teaching of cooperating between the mobile device and the server as a matter of design choice. 

 	With respect to claim 10, Lim discloses the non-transitory computer-readable medium of claim 9, wherein the executable code, when executed by one or more processing devices of a mobile device, further causes the one or more processing devices to:
 	store a map that maps each zone of the plurality of zones to a security policy identifier of a plurality of security policy identifiers; and
 	transmit a security policy identifier of the plurality of security policy identifiers mapped to the corresponding zone to a server system, the server system storing data defining the plurality of security policies, the data defining the plurality of security policies not being stored on the computing device (e.g. Lim, paragraphs 0201-0202; 0206-0207, “location labels”-location zones; “policy numbers”-policy identifier).

 	With respect to claim 11, Lim discloses the non-transitory computer-readable medium of claim 9, wherein the executable code, when executed by one or more processing devices of a mobile device, further causes the one or more processing devices to identify the corresponding zone of a plurality of zones including the location by:
identifying two or more zones of the plurality of zones that include the location; and
selecting the corresponding zone from the two or more zones (e.g. Lim, paragraphs 0201-0203; 0206-0207).

 	With respect to claim 12, Lim discloses the non-transitory computer-readable medium of claim 9, wherein the executable code, when executed by the one or more processing devices, further causes the one or more processing devices to:
 	identify two or more zones of the plurality of zones that include the location, the corresponding zone being one of the two or more zones;
 	identify two or more security policies of the plurality of security policies mapped to the two or more zones; and select the corresponding zone as being mapped to a more restrictive security policy of the two or more security policies (e.g. Lim, paragraphs 0201-0203; 0206-0207)

 	With respect to claim 13, Lim discloses the non-transitory computer-readable medium of claim 9, wherein the executable code, when executed by the one or more processing devices, further causes the one or more processing devices to:
 	identify two or more zones of the plurality of zones that include the location, the corresponding zone being one of the two or more zones; identify two or more security policies of the plurality of security policies mapped to the two or more zones; and
 	implement a combination of the two or more security policies (e.g. Lim, paragraphs 0201-0202; 0206-0207).

 	With respect to claim 14, Lim discloses a system comprising:
 	a computing device including one or more processing devices and one or more memory devices operably coupled to the one or more processing devices, the one or more memory devices storing executable code that, when executed by the one or more processing devices, causes the one or more processing devices to:
 	detect a location of the computing device;
identify a corresponding zone of a plurality of zones including the location, each zone of the plurality of zones being mapped to a security policy of a plurality of security policies; and implement the security policy of the plurality of security policies mapped to the corresponding zone in cooperation with a server system without transmitting the location of the computing device to the server system (e.g. Fig. 11 and 12, paragraphs 0015, 0198 and 0200-0203). 
 Lim does not explicitly mention “without transmitting the location of the computing device to the server system”.  However, transmitting information without disclosing location is well-known in the art, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to derive this claimed feature with Lim’s teaching of cooperating between the mobile device and the server as a matter of design choice.

 	With respect to claim 15, Lim discloses the system of claim 14, wherein the computing device stores map that maps each zone of the plurality of zones to a security policy identifier of a plurality of security policy identifiers; and
 	wherein the executable code, when executed by the one or more processing devices, further causes the one or more processing devices to transmit a security policy identifier of the plurality of security policy identifiers mapped to the corresponding zone to a server system, the server system storing data defining the plurality of security policies, the data defining the plurality of security policies not being stored on the computing device (e.g. Lim, paragraphs 0201-0202; 0206-0207, “location labels”-location zones; “policy numbers”-policy identifier).
 .

 	With respect to claim 16, Lim  discloses the system of claim 14, wherein the executable code, when executed by the one or more processing devices, further causes the one or more processing devices to identify the corresponding zone of a plurality of zones including the location by:
 	identifying two or more zones of the plurality of zones that include the location; and
selecting the corresponding zone from the two or more zones (e.g. Lim, paragraphs 0201-0202; 0206-0207) .

 	With respect to claim 17, Lim discloses the system of claim 16, wherein the corresponding zone is a smaller of the two or more zones (e.g. Lim, paragraph 0207).

 	With respect to claim 18, Lim discloses the system of claim 14, wherein the executable code, when executed by the one or more processing devices, further causes the one or more processing devices to:
 	identify two or more zones of the plurality of zones that include the location, the corresponding zone being one of the two or more zones; identify two or more security policies of the plurality of security policies mapped to the two or more zones; and select the corresponding zone as being mapped to a more restrictive security policy of the two or more security policies (e.g. Lim, paragraphs 0201-0202; 0206-0207).

With respect to claim 19, discloses the system of claim 14, wherein the executable code, when executed by the one or more processing devices, further causes the one or more processing devices to: 
identify two or more zones of the plurality of zones that include the location, the corresponding zone being one of the two or more zones; identify two or more security policies of the plurality of security policies mapped to the two or more zones; and
 	implement a combination of the two or more security policies (e.g. Lim, paragraphs 0201-0202; 0206-0207) .

 	With respect to claim 20, discloses the system of claim 19, wherein the combination of the two or more security comprises whichever components of one of the two or more security policies that are more restrictive than corresponding components of other security polices of the two or more security policies (e.g. Lim, paragraphs 0201-0202; 0206-0207) .

Conclusion
4.	THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TONGOC TRAN whose telephone number is (571)272-3843.  The examiner can normally be reached on 9-5 Monday - Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571) 272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.