DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim 1 is amended and claims 21 and 22 are added. Claims 1-17, 21, and 22 are now pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claims rejections under 35 USC 112 second were withdrawn due to applicant amendment.

Priority
The instant application, filed 02/25/2020, claims priority from Provisional Application 62/835,382, filed 04/17/2019.
Response to Arguments
Applicant’s arguments with respect to claim 1 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1- 2, 10, 21-22 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. PGPub No. 2015/0278488 (Batchu) in view of U.S. PGPub No. 20170329966 (Koganti).

With regards to claim 1, Batchu discloses, A method comprising: 
executing, on a device, a private personal mobile device management module (PPMDM) (FIG 1, 120 and associated text;[0039] The MDM broker (e.g., MDM broker 120...) is configured to facilitate and enforce with respect to the device, for each authority to which authority is granted, the corresponding scope of authority defined by the user {i.e. PPMDM being under exclusive control of a user of the device);
receiving, by the private personal mobile device management module, an enterprise mobile device management (EMDM) policy from an enterprise server, the enterprise mobile device management (EMDM) policy representing requested access to a first resource and a second resource of the device by a mobile device management (MDM) software ([0043] FIG. 6 is a flow chart illustrating an embodiment Note: removing some specific content  and not removing other content are considered as first resource and second resource), the MDM software being programmed to monitor the device for security threats; 
permitting by the private personal mobile device management (PPMDM) module management of security of a first resource by the MDM software according to the enterprise mobile device management (EMDM) policy in cooperation with the enterprise server (FIG 6 and associated text; ; the process of FIG. 6 may be implemented by an... MDM proxy agent/broker 120 {i.e. permitting, by the PPMDM} of FIG. 1... In the example shown, a command to “wipe”... the device itself... is received (602) {i.e. access to the first resource}. A scope of authority of an MDM authority (e.g., MDM server, application server) from which the command was received is determined (604)... If the command was a full wipe command and the sender has been granted the authority to initiate such a wipe (606), then the full (device) wipe command is forwarded to the device (608), e.g., by sending it from the MDM broker (120...) {i.e. PPMDM} to the device MDM agent (110) {i.e. permitting, by the PPMDM, access to the first resource by the MDM}. [¶ 43].); and 
providing, by the private personal mobile device management module  (PPMDM), data derived from a second resource to the MDM software for management according to the enterprise mobile device management (EMDM) policy in cooperation with the enterprise server ( [0017] In various embodiments, a device owner (e.g., an employee) may configure the management proxy agent (broker) 120 on a BYOD device 140 to be managed by multiple device management servers 100, application servers 150, and/or other nodes. A management proxy agent (broker) 120 may maintain configurations for a list of trusted device management servers 100, authorize device management functions/information, and/or perform other operations. In various embodiments, during registration, a device owner may select allowed permissions for device management server 100, application server 150, and/or other nodes. Permissions may include, for example, allow lock, disallow wipe, allow password policy, allow password compliance, disallow app inventory and/or other permissions. FIG 6 606 with “YES” Note: during registration device owner configure which app to be disallow wipe by the server. ).

Batchu does not but Koganti teaches, 
the MDM software being programmed to monitor the device for security threats (Koganti [0037] In this way, the DTMS 340 may provide device based security for the electronic device 11. In contrast, an MDM service, for example, may provide remote trust management services The DTMS 340 may enable the electronic device 11 to self-enforce one or more security policies.);  wherein the  resource includes a detected threat on the device (FIG 4 430 and associated text; [0094] At stage 430, the method includes detecting, by the electronic device, the one or more threats to the security of the electronic device based on the status of the electronic device and on one or more security policies associated with the electronic device.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Batchu’s method with teaching of Koganti in order to providing security for an 


With regards to claim 2, Batchu in view of Koganti,  further teaches, receiving the EMDM policy comprises receiving executable code programmed to implement the EMDM policy (Koganti discloses providing data that causes a machine to operate in a specific fashion. [¶ 105]. A remote computer might load the instructions into its dynamic memory and send the instructions as signals over a transmission medium to be received and/or executed by a computer system. [¶ 108]. [A]n enterprise server may generate the security policy and push the security policy to the electronic device 11… [¶ 83]. A security policy may provide responses {i.e. instructions} to security threats to the device {i.e. see Table 5 for exemplary executable code to implement EMDM policy: Disable third party cookies… Deny access to website or request additional authorization from user… Deny access to website… Disable JavaScript ® for the website}... [¶ 1].). Motivation would be same as stated in claim 1.

With regards to claim 10, Batchu in view of Koganti , further teaches, wherein the EMDM policy specifies a zone and a location-specific security policy associated with the zone (Koganti discloses a geofence policy to prohibit the use of the electronic device 11 in a particular country. [¶ 49].), the method further comprising: detecting, by the PPMDM module, location of the device in the zone (Koganti discloses use of the electronic device in the particular country... [¶ 49].); and in response to detecting location of the device in 

With regards to claim 21, Batchu in view of Koganti , further teaches, wherein the second resource includes a location of the device (Koganti [0026] Thus, as used herein, an SPS may include any combination of one or more global and/or regional navigation satellite systems and/or augmentation systems, and SPS signals may include SPS, SPS-like, and/or other signals associated with such one or more SPS..) and the data derived from the second resource does not include the location of the device (Koganti [0038] The monitors 342 monitor a status of the electronic device 11 for one or more threats to the security and/or trust of the electronic device. As examples, the status of the electronic device 11 may include a location status, a device attestation status, a user authentication status, a hardware tampering status, a web access status, a malware status, a rooting status, a network connectivity status, an application threat status, or a combination thereof. Note: considering only authentication measure ).

With regards to claim 22, Batchu in view of Koganti, further teaches, wherein the resource includes a threat prevention action and the data derived from the resource indicates that the threat prevention action was performed with respect to the detected threat without specifying a nature of the threat prevention action (Koganti [0083] The electronic device 11 may generate and configure the client-based security policy and related security settings independently from (i.e., not based on) 

Claims 3 and 4 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. PGPub No. 2015/0278488 (Batchu) in view of U.S. PGPub No. 20170329966 (Koganti) and further in view of U.S. PGPub No. 2015/0222637 (Hung).

With regards to claim 3, Batchu in view of Koganti  and  do not explicitly teach the following combination of feature limitations that Hung teaches, providing an enterprise application installed on the device, the enterprise application being associated with the EMDM policy (Hung discloses [a] wrapped application 204 {i.e. enterprise application} includes a generic application 206 wrapped with a policy enforcement mechanism 208 {i.e. enterprise application is associated with the EMDM policy}... that replace conventional system calls of generic application 206. [FIG. 2; ¶ 43].);
providing a personal application installed on the device and not associated with the EMDM policy (Hung discloses preserving isolation of environments... [and] [s]upporting a personal environment and a work environment through virtualization on a personal mobile device... [¶ 3]. In the embodiment of FIG. 2, the operating system 216 of mobile device 100 supports a set of conventional applications 214 {i.e. personal application} and a set of enterprise applications 202. A wrapped application 204 {i.e. enterprise application} includes a generic application 206 wrapped with a policy enforcement mechanism 208 {i.e. EMDM policy}... that replace conventional system calls of generic application 206 {i.e. Examiner notes that conventional application 214 in FIG. 2, which is the personal application installed on the device, is not associated with the EMDM policy}. [¶ 43].);
managing, by the PPMDM module, the enterprise application according to the EMDM policy (Hung discloses an application management agent 106 {i.e. PPMDM}... to enable enterprise applications to operat[e] within workspace 104. [¶ 45]. Policy enforcement mechanism 208 {i.e. EMDM policy} communicates enterprise policies to wrapped application 204... [¶ 43].); and
refraining, by the PPMDM module, from managing the personal application according to the EMDM policy (Hung discloses application management agent 106 {i.e. PPMDM} runs only when an enterprise application calls it (e.g., to exchange authentication credentials, cryptographic keys and other data relating to working with the secured workspace, etc.) {i.e. refraining from managing personal applications}... [and may] remain running as long as there is at least one enterprise application running... [¶ 41].). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Batchu in view of Koganti  and ’s method with teaching of Hung in order to unify a user's work-related enterprise functionalities and his personal-use functionalities on the same mobile device. [Hung; ¶ 5].

detecting, by the PPMDM module, a network connection violating the EMDM policy (Hung discloses using the mobile device's regular, unencrypted data connectivity… [¶ 27]… [which] may be precluded from using the mobile device's regular, unencrypted data connectivity. [¶ 32].); and in response to detecting the network connection violating the EMDM policy, blocking access to the network connection by the enterprise application while allowing access to the network connection by the personal application (Hung discloses enterprise applications can reside within a secure, exclusive "virtual workspace" that is isolated from other regular {i.e. personal} applications… enterprise applications may communicate with an enterprise intranet via a virtual private network (VPN) tunnel, and may be precluded from using the mobile device's regular, unencrypted data connectivity. [¶ 27]. To facilitate this isolated workspace, certain embodiments of enterprise applications satisfy two conditions: (1) they use an exclusive, secure network connection (e.g., VPN, etc.) to access resources at the enterprise… that is not accessible to other applications on the same mobile device {i.e. allowing access to the [regular, unencrypted] network connection by the personal application}... [¶ 32]. Note that… data connectivity 108… is available to all applications on mobile device 100 {i.e. allowing access to the network connection by the personal application }… [¶ 40]… application management agent 106 runs only when an enterprise application calls it {i.e. personal applications are not affected}… [¶ 41].). Motivation would be same as stated in claim 3.

Claims 5-8 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. PGPub No. 2015/0278488 (Batchu) in view of U.S. PGPub No. 20170329966 (Koganti) and, further in view of U.S. PGPub No. 2016/0314299 (Almer).

With regards to Claim 5, Batchu in view of Koganti  and  do not explicitly teach the following combination of feature limitations that Almer teaches, providing an enterprise data stored on the device, the enterprise data being associated with the EMDM policy (Almer discloses three types of separated partitions that operate applications in the enterprise partition, personal partition and generic partition... [¶ 18]... [and] security policies for each partition to control which applications can be installed in each partition and what resources are accessible for each installed application. [¶ 22].);
providing a personal data stored on the device and not associated with the EMDM policy (Almer discloses three types of separated partitions that operate applications in the enterprise partition, personal partition and generic partition, such that a user can only access one partition at a time, and data cannot be transferred between partitions... [¶ 18]... [and] security policies for each partition {i.e. personal partition data is not associated with the enterprise policy} to control which applications can be installed in each partition and what resources are accessible for each installed application. [¶ 22].);
managing, by the PPMDM module, the enterprise data according to the EMDM policy (Almer discloses an enterprise partition... [¶ 18]... [and] security policies for each partition to control which applications can be installed in each partition and what resources are accessible for each installed application. [¶ 22]. [T]he Hypervisor type 1 software module running on the mobile device bare machine… [is] adapted for creating managing… the enterprise partition… each of said separate partitions running its own operating system… [¶ 34]. Koganti discloses monitors 342 may monitor for and detect a connection of the electronic device 11 to a public Wi-Fi network. The security policy associated with a banking application {i.e. enterprise data}, for example, may designate the public Wi-Fi network as a security threat {i.e. managing the enterprise data according to the EMDM policy}. Therefore, based on the security policy of the banking application, the targeted security action service 360 may detect the security threat in the presence of the public network connection. [¶ 66].); and
refraining, by the PPMDM module, from managing the personal data according to the EMDM policy (The broadest reasonable interpretation of the term “refraining” includes “stopping”. See OneLook.com. Almer discloses a personal partition and... [¶ 18]... security policies for each partition {i.e. implements refraining from managing the personal data according to the EMDM policy} to control which applications can be installed in each partition and what resources are accessible for each installed application. [¶ 22]. [T]he Hypervisor type 1 software module running on the mobile device bare machine… [is] adapted for creating and managing… the personal partition… each of said separate partitions running its own operating system… [¶ 34]. Koganti discloses monitors 342 may monitor for and detect a connection of the electronic device 11 to a public Wi-Fi network. The security policy associated with a banking application {i.e. enterprise data}, for example, may designate the public Wi-Fi network as a security threat. Therefore, based on the security policy of the banking application, the targeted security action service 360 may detect the security threat in the presence of the public network connection. However, the security policy associated with a weather application {i.e. personal data}, for example, may not designate the public Wi-Fi network at the security threat. Based on the security policy of the weather application, the targeted security action service 360 may not detect the security threat in the presence of the public network connection {i.e. refraining from managing the personal data according to the EMDM policy}. [¶ 66].). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Batchu in view of Koganti  and ’s method with teaching of Almer in order to provide a mobile device with improved security for running enterprise applications. [Almer; ¶ 11].

With regards to Claim 6, Batchu in view of Koganti ,  and Almer further teaches, determining, by the PPMDM module, that data associated with the EMDM policy should be deleted (Batchu discloses a command from “Enterprise 1” to remove {i.e. deleted} all managed apps {i.e. data associated with the EMDM policy}… [¶ 43]. Almer discloses remote wipe (deletion) of the applications and data in the mobile enterprise partition... [¶ 64].);
in response to determining, by the PPMDM module, that data associated with the EMDM policy should be deleted, deleting the enterprise data without deleting the personal data (Batchu discloses a command from “Enterprise 1” to remove all managed apps may be translated at the MDM broker to be a command to remove a list of specific apps that were installed by and/or otherwise made subject to management by “Enterprise 1”. If the originator of the request is determined not to have been authorized to remove even partial data from the device (610), the request is rejected {i.e. without deleting the personal data} as exceeding the originator's authority with respect to the device (614). [¶ deletion of the applications and data in the enterprise partition... [¶ 90]. [T]he mobile device operates… several virtualized independent partitions... [¶ 32]... adapted for creating and managing the three separated partitions: the enterprise partition, the personal partition and the generic partition, each of said separate partitions running its own operating system... [¶ 34]... precluding direct and indirect transfer of data (and malware) from the generic 40 and enterprise 20 partitions to the personal 30 partition and vice versa and includes the denial of inter-partitions cut & paste operations. [¶ 91].).

With regards to Claim 7, Batchu in view of Koganti,  and Almer further teaches, wherein determining that the data associated with the EMDM policy should be deleted comprises determining that the device has been stolen and that the EMDM policy requires wiping of the device in response to determining that the device has been stolen (Almer discloses "freezing" of the access to the enterprise partition 20 whenever the mobile device 10 is… declared as lost or stolen... [and] remote wipe/deletion of the applications and data in the enterprise partition 20 if one of the previous events occur... [¶ 90].). Motivation would be same as stated in claim 5.

With regards to Claim 8, Batchu in view of Koganti,  and Almer further teaches, providing an enterprise application installed on the device (Batchu discloses specific apps that were installed by and/or otherwise made subject to management by “Enterprise 1”. [¶ 43]. Almer discloses applications downloading from enterprise's applications library … [¶ 64].);
associating, by the PPMDM module, the enterprise application with the EMDM policy on the device (Almer discloses an enterprise applications set and the rules of access to the enterprise services, networks and servers. [¶ 4]. [The] business/work-related applications 80 are grouped in a separate enterprise/work partition/domain 20 that is precluded from directly or indirectly communicating with other partitions/domains… [¶ 62]. [T]he MDM, MAM and MCM services… are controlled, managed and monitored… according with the enterprise security policies {i.e. EMDM policy}. [¶ 42]. In… FIG. 2, there is shown an application dispatcher for the Work (enterprise) partition 20… Application Dispatcher for the Work partition 20 allows the Enterprise IT personnel to remotely download, manage, control, monitor and wipe/inactivate the applications in this partition 20… [¶ 78]. The multi-partition middleware {i.e. element of the PPMDM module} software component… creates and manages three types of separated partitions 20, 30 and 40 that operate applications in the enterprise (work) 20 {i.e. associating, by the PPMDM module, the enterprise application with the EMDM policy}, personal 30 and generic 40 partitions, while precluding the inter-partition transfer of data (and malware). [¶ 88].); and
flagging, by the PPMDM module, data received by the enterprise application as the enterprise data (Almer discloses (a) virtual internal memory with specific mapping {i.e. flagging} for each application; (b) virtual file system specific to each application {i.e. flagging}... [¶ 21]. Each applications container (partition) operates one or more applications from the same service provider, uses its own private memory space and usually encrypts all the personal content... [¶ 86].). Motivation would be same as stated in claim 5.

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over U.S. PGPub No. 2015/0278488 (Batchu) in view of U.S. PGPub No. 20170329966 (Koganti), and further in view of U.S. PGPub No. 2016/0314299 (Almer) and of U.S. PGPub No. 2014/0344420 (Rjeili).

Regarding Claim 9, Batchu in view of Koganti,  and Almer further teaches, wherein the EMDM policy specifies a zone (Koganti discloses a geofence policy to prohibit the use of the electronic device 11 in a particular country. [¶ 49].); and
detecting, by the PPMDM module, location of the device in the zone (Koganti discloses use of the electronic device in the particular country... [¶ 49].).
Batchu in view of Koganti  and  and Almer do not explicitly teach the following combination of feature limitations that Rjeili teaches, detecting, by the PPMDM module, capture of sensor data using the device while the device is in the zone (Rjeili discloses a mobile computing device may capture data using a camera, scanner, near field communication data reader, or the like {i.e. detecting capture of sensor data}, and may use the captured data to identify a specific enterprise system resource... [that] may correspond to location, such as an office or conference room {i.e. while the device is in the zone}... [¶ 7].); and
flagging, by the PPMDM module, the sensor data as enterprise data in response to detecting capture of the sensor data while the device is in the zone (Rjeili discloses [a]fter determining the enterprise system resource {i.e. flagging the sensor data as enterprise data}, the mobile device may retrieve and access a set of associated capabilities from an enterprise server. For instance, if the enterprise system resource is a device, the mobile device may receive network connection data or device driver .


Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over U.S. PGPub No. 2015/0278488 (Batchu) in view of U.S. PGPub No. 20170329966 (Koganti), and further in view of U.S. PGPub No. 2016/0358432 (Branscomb).

With regards to claim 11, Batchu in view of Koganti  and  do not explicitly teach the following feature limitations that Branscomb teaches, wherein the location-specific security policy requires disabling of one or more sensors of the device (Branscomb discloses [g]eofences provide for automatically disabling the camera and silencing the phone automatically upon the phone entering the geofence. [¶ 47].). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Batchu in view of Koganti  and ’s method with teaching of Branscomb in order to ensure[] proper operation of these [mobile] devices, the safety of the public, and the rights of property owners. [Branscomb; ¶ 46].

Claims 12 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. PGPub No. 2015/0278488 (Batchu) in view of U.S. PGPub No. 20170329966 (Koganti), in view of  et al(US 20140298462 A1) and further in view of U.S. PGPub No. 2016/0321452 (Richardson).

Regarding Claim 12, Batchu in view of Koganti  and  does not explicitly teach the following combined feature limitations that Richardson teaches, wherein the EMDM policy specifies blocking of access to a plurality of unsafe resources (Richardson discloses handling of an application on a mobile device may be based on whether the source of the application is trusted or untrusted. [Abstract].), the method further comprising:  
detecting, by the PPMDM module, an attempt to access one or more unsafe resources of the plurality of unsafe resources (Richardson discloses a software application being newly-installed on a mobile device of a user is determined to be untrusted... [Abstract].);
blocking, by the PPMDM module the attempt to access the one or more unsafe resources (Richardson discloses [i]f a software application being newly-installed on a mobile device of a user is determined to be untrusted, installation or execution is blocked. [Abstract].);
providing, by the PPMDM module, a report of the attempt to an enterprise server, the report not identifying the one or more unsafe resources (Richardson discloses one… of the following actions is taken... [¶ 502]... [t]ransmit the determined time of installation of the app {i.e. thus, not identifying the unsafe resource}… to a server {i.e. enterprise server}... [¶ 504].). It would have been obvious to one of ordinary skill in the art .

Regarding Claim 13, the combination of Batchu, Koganti and Richardson teaches wherein the one or more unsafe resources include a uniform resource locator (URL) (Richardson discloses an identifier for the source of the download, e.g., a network IP address, or domain name, or URL {i.e. uniform resource locator}.... In such a variation, the system may choose to not allow {i.e. blocking} a network connection to a network location known to be a source of bad channel IDs for applications, based on user preference, user policy or enterprise policy... [¶ 346].). Motivation would be same as stated in claim 12.

Claims 14 -17 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. PGPub No. 2015/0278488 (Batchu) in view of U.S. PGPub No. 20170329966 (Koganti), and further in view of U.S. Patent No. 8,656,016 (Bender).

With regards to claim 14, Batchu in view of Koganti  and  does not explicitly teach the following feature limitations that Bender teaches, wherein the EMDM policy is a first EMDM policy and received from a first enterprise server (Bender discloses multiple enterprise perimeters. Each enterprise perimeter can be... associated with different enterprises {i.e. first and second enterprise}... [col. 12 @ 51-54]... managed by a remote a first EMDM policy received from a first enterprise server}. [col. 5 @ 15].), 
receiving, by the PPMDM module, a second EMDM policy from a second enterprise server (Bender discloses an enterprise perimeter... may be managed by a remote management server {i.e. a second EMDM policy received from a second enterprise server}. [col. 5 @ 13-15].); and
implementing, by the PPMDM module, a combination of the first EMDM policy and the second EMDM policy subject to control of the user (Bender discloses each application is executable within one or more perimeters {i.e. a combination of first and second enterprise policies} installed on the device in a controlled access environment defined and scoped by user choices or enterprise policies (or combinations of them) {i.e. a combination of the first EMDM policy and the second EMDM policy subject to control of the user, subject to enterprise policies, or subject to both user control and user policies}. [col. 3 @ 9-12]. [T]he device can implement the user preference over the enterprise policy {i.e. subject to control of the user}. [col. 3 @ 37-38]. [T]he device 302 can include a policy (e.g., a policy assigned to the personal perimeter 306b) that allows personal applications in the personal perimeter 306a to access data... in the enterprise perimeter 306a. Such access may be provided... independent of a policy assigned to the enterprise perimeter 306a {i.e. subject to control of the user}. [col. 12 @ 3-9].). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Batchu in view of Koganti  and ’s method with teaching of Bender in order to provide security restrictions. [Bender; col. 2 @ 18].

Regarding Claim 15, Batchu in view of Koganti  and  and Bender further teaches, implementing restrictions from both of the first EMDM policy and the second EMDM policy (Bender further discloses a unified inbox showing both personal and corporate email {i.e. a combination of first and second enterprise policies}. [col. 2 @ 59]. [E]ach application is executable within one or more perimeters {i.e. also suggests a combination of first and second enterprise policies}… [col. 3 @ 11]). Motivation would be same as stated in claim 14.

Regarding Claim 16, Batchu in view of Koganti  and  and Bender further teaches, associating, by the PPMDM module, a first enterprise application with the first EMDM policy (Bender discloses a first perimeter on the device may include a first policy that defines rules for accessing resources (e.g., applications, data, network resources, etc.) associated with the first perimeter... [col. 12 @ 30-32]... [and] an application assigned to a first perimeter on the device. [col. 12 @ 57-58]. [T]he device includes multiple enterprise perimeters. Each enterprise perimeter can be... associated with different enterprises. [col. 12 @ 52-54].);
associating, by the PPMDM module, a second enterprise application with the second EMDM policy (Bender discloses a second perimeter may include a second policy that defines rules for accessing resources (e.g., applications, data, network resources, etc.) associated with the second perimeter. [col. 12 @ 34-36].);
implementing, by the PPMDM module, the first EMDM policy while the first enterprise application is in use (Bender discloses multiple enterprise perimeters. Each first and second enterprises}. [col. 12 @ 51-54]. [W]hen an instance of application is running in a perimeter {i.e. while the first enterprise application is in use}, permissions for the instance of the application are determined based at least partially on the management policy of the perimeter {i.e. implementing the first EMDM policy}. [col. 2 @ 40-43].); and
implementing, by the PPMDM module, the second EMDM policy while the second enterprise application is in use (Bender discloses multiple enterprise perimeters. Each enterprise perimeter can be... associated with different enterprises {i.e. first and second enterprises}. [col. 12 @ 51-54]. [W]hen an instance of application is running in a perimeter {i.e. while the second enterprise application is in use}, permissions for the instance of the application are determined based at least partially on the management policy of the perimeter {i.e. implementing the second EMDM policy}. [col. 2 @ 40-43]. The device 200 can execute the telephony application {i.e. second enterprise application} within the personal perimeter 110a {second enterprise perimeter, as per [col. 12 @ 51-54]} to receive an incoming call... [T]he device 200 can execute the telephony application {i.e. while the second enterprise application is in use} to access data {i.e. implementing the second EMDM policy} and network resources assigned to the enterprise perimeter 110b independent of the management policy of the enterprise perimeter 110b. [col. 10 @ 32-37].). Motivation would be same as stated in claim 14.

Regarding Claim 17, Batchu in view of Koganti  and  and Bender further teaches, associating, by the PPMDM module, a first enterprise application with the first EMDM policy (Bender discloses a first perimeter on the device may include a first multiple enterprise perimeters. Each enterprise perimeter can be... associated with different enterprises. [col. 12 @ 52-54].);
associating, by the PPMDM module, a second enterprise application with the second EMDM policy (Bender discloses a second perimeter may include a second policy that defines rules for accessing resources (e.g., applications, data, network resources, etc.) associated with the second perimeter. [col. 12 @ 34-36].);
determining, by the PPMDM module, that the first requirement is in conflict with the second requirement (Bender discloses the device receives a request to access data from an application assigned to a first perimeter on the device. The requested data is assigned to a second, different perimeter on the device {i.e. determining that the first requirement is in conflict with the second requirement}... [col. 12 @ 57-59].);
in response to determining that the first requirement is in conflict with the second requirement (Bender discloses applications can be aware {i.e. determining} of perimeter separation logic {i.e. that the first requirement is in conflict with the second requirement}... [col. 9 @ 13-14]. [A] given perimeter's policy may identify {i.e. determining} … internal resources that are not accessible to other perimeters {i.e. that the first requirement is in conflict with the second requirement}…. [col. 4 @ 49-52].):
implementing, by the PPMDM module, the first EMDM policy while the first enterprise application is in use (Bender discloses multiple enterprise perimeters. Each enterprise perimeter can be... associated with different enterprises {i.e. first and second enterprises}. [col. 12 @ 52-54]. [W]hen an instance of application is running in a perimeter {i.e. while the first enterprise application is in use}, permissions for the instance of the application are determined based at least partially on the management policy of the perimeter {i.e. implementing the first EMDM policy}. [col. 2 @ 40-43]. For example, an application in a first perimeter may be granted access to data in a second perimeter independent of the second perimeter's policies. [col. 4 @ 59-62]. That is… the calendar application can display a conflicting event on the enterprise {i.e. first enterprise} calendar without displaying details of the conflicting event. [col. 9 @ 34-38].); and
implementing, by the PPMDM module, the second EMDM policy while the second enterprise application is in use (Bender discloses multiple enterprise perimeters. Each enterprise perimeter can be... associated with different enterprises {i.e. implies first and second enterprises}. [col. 12 @ 52-54]. [W]hen an instance of application is running in a perimeter {i.e. while the second enterprise application is in use}, permissions for the instance of the application are determined based at least partially on the management policy of the perimeter {i.e. implementing the second EMDM policy}. [col. 2 @ 40-43]. The device 200 can execute the telephony application {i.e. second enterprise application} within the personal perimeter 110a { second enterprise perimeter, as per [col. 12 @ 51]} to receive an incoming call... [T]he device 200 can execute the telephony application {i.e. while the second enterprise application is in use} to access data {i.e. implementing the second EMDM policy} and network resources assigned to the enterprise perimeter 110b independent of the management policy of the enterprise second enterprise perimeter, as per [col. 12 @ 51]} to schedule an event on the personal {i.e. second enterprise} calendar, then the calendar application can display a conflicting event on the enterprise {i.e. first enterprise} calendar without displaying details of the conflicting event. [col. 9 @ 34-38].). Motivation would be same as stated in claim 14.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Refer to PTO-892, Notice of References Cited for a listing of analogous art.
US 20160321452 (Richardson; David et al.) -  handling of an application on a mobile device may be based on whether the source of the application is trusted or untrusted. If a software application being newly-installed on a mobile device of a user is determined to be untrusted, installation or execution is blocked.
US 20140282828 (; Erich) - provides configurable permissions to share items between data sets associated with the same entity. In some situations, a single entity, such as a work team or an individual user, may want to share event items between the data sets of different calendars. For example, a user may have a personal calendar with private appointments, birthdays, vacation details, etc. as well as a work calendar with meetings, office holidays, and deadlines.
US 20180255101 (Adam; Preston Derek et al.) - system may delegate authority to manage aspects of a security policy developed by administrative 
US 9367705 (Ryerson; Christopher Maybee) - implementing security policies on a wireless device. The wireless device may include a non-volatile memory comprising a security type hard-coded in the non-volatile memory. Based on the security type, it may be determined whether a received security policy governing behavior of one or more resources designated as personal is applicable to the one or more resources designated as personal. If the security type is determined to indicate that the received security policy is not applicable to the one or more resources designated as personal, the security policy may not be applied to the one or more resources designated as personal.
US 20150264052 (Cho; Kookrae et al.) - managing a mobile device using device-to-device (D2D ) communication in which a D2D communication-based mobile device management (MDM) manager is given authority to manage a D2D communication-based MDM client by an MDM server and can directly manage a user mobile device at a short distance based on D2D communication.
US 20140040979 (Barton; Gary et al.) - techniques for managing enterprise applications on mobile devices are described herein. Each enterprise mobile application running on the mobile device has an associated policy through which it interacts with its environment. The policy selectively blocks or allows activities involving the enterprise application in accordance with rules established by the enterprise. Together, the enterprise applications running on the mobile device form a set of managed applications. Managed applications are typically allowed to exchange data with other managed applications, but are blocked from exchanging data with other applications, such as the user's own personal applications. Policies may be defined to manage data sharing, mobile resource management, application specific information, networking and data access solutions, device cloud and transfer, dual mode application software, enterprise app store access, and virtualized application and resources, among other things.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED WALIULLAH whose telephone number is (571)270-7987.  The examiner can normally be reached on 8.30 to 430 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 1-571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.





/MOHAMMED WALIULLAH/Primary Examiner, Art Unit 2498