DETAILED ACTION
This Office action is in response to a non-provisional utility patent application filed by Applicant on 6/24/2020.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Information Disclosure Statement PTO-1449
The Information Disclosure Statement submitted by applicant on 5/17/2021 has been considered. The submission is in compliance with the provisions of 37 CFR § 1.97. Form PTO-1449 signed and attached hereto.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1, 5, 7, 13, 17, 19 rejected under 35 U.S.C. 102(a)(1) as being anticipated by Zhang (U.S. Pat. App. Pub. 2015/0310194 A1).
Regarding claims 1 and 13, Zhang discloses: a method comprising: receiving, at a lookup service executing on data processing hardware (authentication server 101 reads on the recited lookup service. Zhang Figs. 1, 3 and para. 0031.), from a first application executing on a particular device associated with a user (browser software running on a mobile device. Zhang para. 0032.), a resource identifier (ID) request requesting the lookup service to provide the first application access to a resource ID that identifies the particular device (in attempting to access a protected resource, the software sends an authentication request to the authentication server, which generates a device ID using the received device attributes. Zhang para. 0036.); determining, by the lookup service, whether the first application executing on the particular device is authorized to access the resource ID (the authentication server compares the login information and only generates the device ID if valid. Zhang para. 0036.); and when the first application is authorized to access the resource ID: obtaining, by the lookup service, the resource ID (the authentication server generates the device ID based upon the received device attributes, received with the request. Zhang Fig. 3, step 303 and para. 0036. The device ID comprises a string of randomly generated characters that uniquely and persistently identify the device from which the user submitted the authentication request. Zhang para. 0036.); and transmitting, by the lookup service, to the first application executing on the particular device, the resource ID (after generating the device ID, the authentication server creates an authentication token signed with the device ID. Zhang Fig. 3, step 305 and para. 0037. The authentication token is encrypted with the device ID such that the authentication token comprises the device ID. Zhang para. 0037. The authentication server transmits the authentication token to the computing device that transmitted the authentication request. Zhang Fig. 3, step 307 and para. 0038.).   
Regarding claims 5 and 17, Zhang discloses the limitations of claims 1 and 13, respectively, wherein the particular device associated with the user comprises a physical device (mobile device. Zhang para. 0032.).  
Regarding claims 7 and 19, Zhang discloses the limitations of claim 1 and 13, respectively, wherein the resource ID is assigned by an entity of the lookup service and shared by one or more computing interfaces of the lookup service to identify the particular device (the authentication server generates the device ID based upon the received device attributes, received with the request. Zhang Fig. 3, step 303 and para. 0036. The device ID comprises a string of randomly generated characters that uniquely and persistently identify the device from which the user submitted the authentication request. Zhang para. 0036.).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 6, 18 rejected under 35 U.S.C. 103 as being unpatentable over Zhang in view of Li (U.S. Pat. 10,114,944 B1).
Regarding claims 6 and 18, Zhang discloses the limitations of claims 1 and 13, respectively. Zhang does not disclose:  wherein the particular device associated with the user comprises a virtual device.
However, Li does disclose: wherein the particular device associated with the user comprises a virtual device (implemented in a virtual environment. Li col. 17, ll. 8-27.).  
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the control and protection of device identifiers to unauthenticated applications of Zhang with the implementation of the device and application system in a virtual environment based upon the teachings of Li. The motivation being enabling the management of applications and services with respect to a virtual architecture of a network system. Li col. 17, ll. 8-27.


Claims 8-10, 20-22 rejected under 35 U.S.C. 103 as being unpatentable over Zhang in view of Grajek (U.S. Pat. App. Pub. 2014/0082715 A1, cited in IDS filed 5/17/2021).
Regarding claims 8 and 20, Zhang discloses the limitations of claims 1 and 13, respectively. Zhang does not disclose: wherein, after the lookup service transmits the resource ID to the first application: the first application is configured to transmit the resource ID to a first remote service associated with the first application (identity tokens are presented to enterprise services 103 by client apps 111. Grajek fig. 1 and para. 0047.); and the first remote service is configured to use the resource ID to retrieve information about the particular device from a second remote service.
However, Grajek does disclose: wherein, after the lookup service transmits the resource ID to the first application: the first application is configured to transmit the resource ID to a first remote service associated with the first application (identity tokens are presented to enterprise services 103 by client apps 111. Grajek fig. 1 and para. 0047.); and the first remote service is configured to use the resource ID to retrieve information about the particular device from a second remote service (the received tokens or credentials by the enterprise services from the client apps are used to for authentication to provide services. Grajek fig. 1 and para. 0047.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the control and protection of device identifiers to unauthenticated applications of Zhang with sharing identifiers and credentials with network services and other related services for access to desired resources based upon the teachings of Grajek.  The motivation being to facilitate and control access to network-based information by a single mobile device. Grajek para. 0002.
Regarding claims 9 and 21, Zhang in view of Grajek discloses the limitations of claims 8 and 20, respectively, wherein the first remote service is associated with a different entity than the second remote service (enterprise services are associated via network communication. Grajek Fig. 1, elements 103a-n, and para. 0047.).  
Regarding claims 10 and 22, Zhang in view of Grajek discloses the limitations of claims 8 and 20, respectively, wherein the second remote service is associated with a second application executable on the particular device (client device is able to host multiple client apps on a single device. Grajek para. 0005.).  

Claims 12, 24 rejected under 35 U.S.C. 103 as being unpatentable over Zhang in view of Grajek in view of Li.
Regarding claims 12 and 24, Zhang in view of Grajek discloses the limitations of claims 10 and 22, respectively. Zhang in view of Grajek does not disclose: wherein the first application executes in a first execution environment and the second application executes in a second execution environment, and wherein the first execution environment is isolated from the second execution environment.
However, Li does disclose: wherein the first application executes in a first execution environment and the second application executes in a second execution environment, and wherein the first execution environment is isolated from the second execution environment (the implementation of the device and application system in a virtual environment where functional elements are abstracted in separate computing spaces managed by a hypervisor. Li col. 17, ll. 8-27.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the control and protection of device identifiers to unauthenticated applications of Zhang with the implementation of the device and application system in a virtual environment based upon the teachings of Li. The motivation being enabling the management of applications and services with respect to a virtual architecture of a network system. Li col. 17, ll. 8-27.

Allowable Subject Matter
Claims 2-4, 11, 14-16, 23 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Zhao (U.S. Pat. App. Pub. 2020/0245150 A1), controlling access to device ID including checking user permissions in a database; Eisen (U.S. Pat. App. Pub. 2013/0273879 A1), distributing device IDs to applications to satisfy requests; Takechi (U.S. Pat. App. Pub. 2001/0056545 A1), access management table including permission information.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VANCE M LITTLE whose telephone number is (571) 270-0408.  The examiner can normally be reached on Monday - Friday 9:30am - 5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung (Jay) Kim can be reached on (571) 272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/VANCE M LITTLE/Examiner, Art Unit 2493