DETAILED ACTION

Response to Amendment
The applicant has amended the following: 
		Claims: 19, 21, 23, 26, 28, 30-33, 79 and 87 have been amended. 
		Claims: 24-25, 29, 80-86 and 88-89 have not been amended. 
		Claims: 104-108 have been added.
		Claims: 1-18, 20, 22, 27, 34-78 and 90-103 have been cancelled.  
	
EXAMINER’S NOTES:
	The examiner notes that the applicant’s current amendments have changed the scope of the claims and thus a new ground of rejection is presented herein.


Response to Arguments
Applicant’s arguments with respect to claim(s) 19, 21, 23-26, 28-33, 79-89 and 104-108 directed towards the limitations corresponding to “the application is validated using a secure credential” and “validating the application using a secure credential to enable execution of the application” have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.



Applicant’s arguments filed 10/28/21 with regards to claims 19, 21, 23-26, 28-33, 79-89 and 104-108 directed towards the limitations corresponding to “installing an application on a mobile user device to control activity within a first physical area under control of an entity” and “and the entity using the application to remotely control the mobile user device to disable WiFi communication capabilities and disable wireless telephony communication capabilities” have been fully considered but they are not persuasive.    

 	APPLICANT’S ARGUMENTS:
	The applicant argues that none of the cited references alone or in any combination show, teach or suggest features recited in claim 21 as amended herein of “installing an application on a mobile user device to control activity within a first physical area under control of an entity, validating the application using a secure credential to enable execution of the application and the entity using the application to remotely control the mobile user device to disable WiFi communication capabilities and disable wireless telephony communication capabilities” as there is nothing in Aaron about validating an application that disables wireless telephony or validating any other application and moreover, Applicant respectfully submits that Gupta and the other cited references either alone or in any combination do not teach anything about validating any application on a mobile user device (See Pages 9-14 of Applicant’s Arguments filed on 10/28/21).


EXAMINER’S RESPONSE:
	The examiner respectfully disagrees.  To begin with, the examiner would like to note that as indicated above, the applicant’s amendments to the claims have changed the scope of the claims and a new grounds of rejection are presented utilizing newly cited reference Barton et al. (US Patent Publication 2014/0298420), specifically with regards to the argued limitations of “the application is validated using a secure credential” and “validating the application using a secure credential to enable execution of the application” and as such the arguments directed towards said limitations against previously cited references are therefore moot.
In addition, in response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).  The test for obviousness is not whether the features of a secondary reference may be bodily incorporated into the structure of the primary reference; nor is it that the claimed invention must be expressly suggested in any one or all of the references.  Rather, the test is what the combined teachings of the references would have suggested to those of ordinary skill in the art.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981).  
The current rejection is an obviousness type rejection based on the combination of the references together as a whole wherein the invention of Gupta is modified to incorporate teachings disclosed by Aaron and the other cited references in order to  the test for obviousness does not require the secondary reference to suggest each and every element of the claimed invention but rather what the combined teachings of the primary reference and secondary reference suggest to one of ordinary skill in the art and furthermore, the modification is not intended to utilize each and every element of the secondary reference in combination with the primary reference but only the relevant elements of the secondary reference is utilized that suggests obviousness of the combination with the primary reference to one of ordinary skill in the art and as such, the prior art of Gupta and Aaron does not need to teach each and every element of the claimed limitations such as the limitations directed towards “validating the application” when said teachings is already taught by newly cited prior art Barton but rather only needs to teach the other missing aspects as would have been obvious to one of ordinary skill in the art.
With that in mind, the examiner believes that the combination of the teachings of Gupta and Aaron as a whole does disclose the applicant’s argued limitations of “installing an application on a mobile user device to control activity within a first physical area under control of an entity” and “and the entity using the application to remotely control the mobile user device to disable WiFi communication capabilities and disable wireless telephony communication capabilities” as will be apparent in the following explanations provided below. 



The examiner directs the applicant to the highlighted portions of Gupta, [0019], [0048] & [0034] seen below:

[0048] The application on the device 120 reads the cached securities policies from the device local database and instructs the OS of the device 120 to apply the area specific policies on the device 120 while entering the restricted area 130. Therefore, connectivity with the MDM server 110 may not be required every time. In case the policy related to the restricted area 130 is violated, the application sends an alert to the MDM server 110 and/or to the administrator that the policy related to the area is violated/breached. Upon receiving the alert, the MDM server 110 and/or the administrator can take necessary action, e.g., block the user from entering/leaving the area.


[0034] As shown in TABLE 3, for area A1 the applicable policies are P7 and P9 to allow the device in the area A1 when the features of the device are disabled (it may be a substitute for submitting the device at security for confidential labs or meetings) and the user is authenticated (e.g., by inquiring the name and ID number of the user to allow only the selected users to enter the area A1). For area A2, the selected policy is P4 to allow the device in the area A2 when the device camera is off and device recorder is on (e.g., to automatically record the meeting). Similarly, for area A3, the selected policy is P5 to allow device in the area A3 when the device internet connectivity is off and the device is in silent mode (e.g., to avoid disturbance in any urgent meeting). For area A4, the selected policy is P8 to allow the device in the area A4 when device Wi-Fi is off, device camera is off, and the device recorder is off (e.g., to disable recording of confidential meeting).


[0019] “Tag” refers to a label attached to an entity for purpose of identification. A tag may be attached to an entry point of a restricted area. For example, the tag may be attached to an access controller or a lock of the entry point of the restricted area. In an embodiment, the tag may be any physical object such as a chip, a sticker, etc. For example, the tag may be one of a near field communication (NFC) tag, a bar code, a matrix barcode or two-dimensional bar code, a quick response (QR) code, a radio-frequency identification (RFID) tag, etc. The tag is for the purpose of identification of the restricted area. The tag may be configurable and may store information and/or instruction configured by a user. For example, the tag includes information such as a name/identifier (ID) of the area restricted by the access controller (e.g., lock). The tag  instruct the device to install or download an application from cloud or execute the application.


As can be seen from the highlighted portions of Gupta seen above, Gupta, [0048] discloses the application on the device reads the cached securities policies from the device local database and instructs the OS of the device to apply the area specific policies on the device while entering the restricted area and Gupta, [0034] discloses as shown in TABLE 3, for area A1 the applicable policies are P7 and P9 to allow the device in the area A1 when the features of the device are disabled and the user is authenticated by inquiring the name and ID number of the user to allow only the selected users to enter the area A1 and for area A2, the selected policy is P4 to allow the device in the area A2 when the device camera is off and the device recorder is on and for area A3, the selected policy is P5 to allow device in the area A3 when the device internet connectivity is off and the device is in silent mode and for area A4, the selected policy is P8 to allow the device in the area A4 when device Wi-Fi-is off, device camera is off and device recorded is off and Gupta, [0019] discloses a command to instruct the device to install or download an application from the cloud or execute the application which clearly reads on the applicant’s argued limitations of “installing an application on a mobile user device to control activity within a first physical area under control of an entity” and “and the entity using the application to remotely control the mobile user device to disable WiFi communication capabilities”.
	
	

While Gupta fails to explicitly disclose disabling wireless telephony capabilities, such missing aspects are taught by the disclosure of Aaron, [0051] seen below:

[0051] When the premises 110 is an educational institution (school), the enabling and/or disabling of selected operations of a wireless terminal 120 may be tied via time/date to a class schedule (e.g., calls allowed in study hall but not in other class periods). They may be tied to a test schedule (e.g., calls and/or other communications not allowed during teacher-entered test periods, during SAT's, etc.). They may be tied to particular computing actions/features/applications as well as communications. Emergency and other specific calls (e.g. to school security departments, etc.) may be specifically allowed. The emergency call may be a "911" call or a call to a parent, principal, etc. Calls also may be allowed in certain school locations (e.g., the lunch room) but not in others (e.g., classroom buildings), via designating multiple sub-ID's for distinct locations within a single third party school ID location, with each sub-ID location being set up with its own transceiver(s) so multiple distinct proximity determinations are enabled within the overall school premises.



 
	As can be seen from the highlighted portions of Aaron seen above, Aaron, [0051] discloses when the premises is an educational institution such as a school, the enabling and/or disabling of selected operations of a wireless terminal may be tied via time/date to a class schedule where calls and/or other communications are not allowed during teacher-entered test periods, during SAT’s, etc. and calls may be allowed in certain school locations but not in others which clearly reads on the applicant’s argued limitations of “and disable wireless telephony communication capabilities”.
  



Therefore, the argued limitations read upon the cited references or are written broad such that they read upon the cited references, as follows: 



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claim 19, 21, 23-26, 30-33, 79-80, 86-89, 104 and 107-108 is/are rejected under 35 U.S.C. 103 as being unpatentable over GUPTA et al. (US Patent Publication 2016/0173531 herein after referenced as Gupta) in view of Aaron (US Patent .

Regarding claim 19, Gupta discloses:
A system for managing access by a visitor to one or more resources within a physical area, comprising: a mobile user device of the visitor associated to the physical area (Gupta, Fig. 6 & [0050]-[0051] discloses a time based access within a restricted area (i.e. reads on physical area) where the restricted area may be a secured room where a visitor is allowed to enter for a specified time period wherein a device detector detects whether the visitor (i.e. reads on visitor) is carrying any device (i.e. reads on mobile user device) and the device detector sends a message to the MDM server requesting to open or unlock the entry gate (i.e. reads on access to one or more resources) and the visitor can access the restricted area and discloses the MDM server sends policies applicable for the restricted area such as camera off, recorder off, etc. (i.e. reads on access to one or more resources) to the device and the OS of the device executes the area specific policies are executed and the device informs the MDM server to open the entry gate and the MDM server opens the entry gate and the visitor can enter the restricted area; Gupta, [0048] discloses the application on the device reads the cached securities polices from the device local database and instructs the OS of the device to apply the area specific policies on the device while entering the restricted area; Gupta, [0034] discloses as shown in TABLE 3, for area A1 the applicable policies are P7 and P9 to allow the device in the area A1 when the features of the device are disabled and the user is authenticated by inquiring the name and ID number of the user to allow only the selected users to enter the area A1 and for area A2, the selected policy is P4 to allow the device in the area A2 when the device camera is off and the device recorder is on and for area A3, the selected policy is P5 to allow device in the area A3 when the device internet connectivity is off and the device is in silent mode and for area A4, the selected policy is P8 to allow the device in the area A4 when device Wi-Fi-is off, device camera is off and device recorded is off).
(Gupta, [0041]-[0043] discloses before authenticating the device, the MDM server authenticates the user and may inquire the user about its ID and name (i.e. reads on at least one credential) though the application and determines whether the user is authenticated or registered user by mapping the received user ID and name with the user database and discloses when the user authentication is successful, the MDM server authenticates the device based upon the device information received from the OS of the device and when the device is authenticated, the MDM server retrieves area specific policy applicable to the area ID corresponding to the restricted area received from the device and discloses when the user tries to come out of the restricted area, the user flashes or swipes the device at the entry or exit gate to open the gate from the inside and the security unit stores the device ID when the user enters the area long with the device and when the device is swiped from inside, the security unit identifies the device and instruct the access controller to get opened; Gupta, [0029] discloses the MDM server maintains a policy database (i.e. reads on data structure) to store area specific policies corresponding to one or more accessible areas (i.e. reads on a plurality of entities) and refers to one or more rules (i.e. reads on one or more attributes corresponding to access to the one or more resources) that has to be complied for entering the accessible area; Gupta, [0034] discloses as shown in TABLE 3, for area A1 the applicable policies are P7 and P9 to allow the device in the area A1 when the features of the device are disabled and the user is authenticated by inquiring the name and ID number of the user to allow only the selected users to enter the area A1 and for area A2, the selected policy is P4 to allow the device in the area A2 when the device camera is off and the device recorder is on and for area A3, the selected policy is P5 to allow device in the area A3 when the device internet connectivity is off and the device is in silent mode and for area A4, the selected policy is P8 to allow the device in the area A4 when device Wi-Fi-is off, device camera is off and device recorded is off; Gupta, [0048] discloses the application on the device reads the cached securities policies from the device local database and instructs the OS of the device to apply the area specific policies on the device while entering the restricted area; Gupta, [0019] discloses a command to instruct the device to install or download an application from the cloud or execute the application).
wherein the application remotely controls the mobile user device to disable WIFI communication capabilities (Gupta, [0034] discloses as shown in TABLE 3, for area A1 the applicable policies are P7 and P9 to allow the device in the area A1 when the features of the device are disabled and the user is authenticated by inquiring the name and ID number of the user to allow only the selected users to enter the area A1 and for area A2, the selected policy is P4 to allow the device in the area A2 when the device camera is off and the device recorder is on and for area A3, the selected policy is P5 to allow device in the area A3 when the device internet connectivity is off and the device is in silent mode and for area A4, the selected policy is P8 to allow the device in the area A4 when device Wi-Fi-is off, device camera is off and device recorded is off; Gupta, [0047] discloses area specific policies are cached on the device and are executed on the device whenever the device enters the restricted area within the predefined time interval; Gupta, [0048] discloses the application on the device reads the cached securities policies from the device local database and instructs the OS of the device to apply the area specific policies on the device while entering the restricted area).
“with a secure component having stored thereon at least one credential for authorizing the mobile user device to communicate transactions with other components of the system;” and “and disable wireless telephony communication capabilities while the user is within the physical area and wherein the application is validated using a secure credential.”
In a related field of endeavor, Aaron discloses:
and disable wireless telephony communication capabilities while the user is within the physical area (Aaron, [0051] discloses when the premises is an educational institution such as a school, the enabling and/or disabling of selected operations of a wireless terminal may be tied via time/date to a class schedule where calls and/or other communications are not allowed during teacher-entered test periods, during SAT’s, etc. and calls may be allowed in certain school locations but not in others (i.e. reads on disable wireless telephony communication capabilities while the user is within the physical area); Aaron, [0008] discloses the monitoring system is responsive to the proximity detector and the rules database and is configured to disable and/or enable selected operations of the at least one wireless terminal that is located at the premises in response to at least one operational authorization rule for the at least one wireless terminal that applies to the premises; Aaron, [0025] discloses the proximity detector may employ global positioning system and/or other location signals and other techniques of detecting proximity may also be used).
Therefore, at the time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the invention of Gupta to incorporate the teachings of Aaron for the purpose of making the system more dynamic, versatile and adaptable by providing the system with various different alternatives thereby allowing the system to handle a number of various different combination of specific design structure / embodiment / scenarios and preventing the system from being limited to a single specific design structure / embodiment / scenario and furthermore, one of ordinary skill in the art would recognize that the modification would involve a simple substitution of one known element and base device (i.e. performing a process of enabling and disabling various different applications of a mobile device within a premises as taught by Gupta) with another known element and comparable device utilizing a known technique (i.e. performing a process of enabling and disabling various different applications of a mobile device within a premises, wherein the various different applications includes the enabling and disabling of calls and GPS as taught by Aaron) to improve the similar devices in the same way and to obtain the predictable result of the system performing a process of enabling and disabling various different applications of a mobile device within a premises (i.e. as taught by Gupta & Aaron) and is dependent upon the specific design incentives, needs and requirements (i.e. such as due to 
Gupta in view of Aaron explicitly fails to disclose “with a secure component having stored thereon at least one credential for authorizing the mobile user device to communicate transactions with other components of the system;” and “and wherein the application is validated using a secure credential.” 
	In a related field of endeavor, Barton discloses:
with a secure component having stored thereon at least one credential for authorizing the mobile user device to communicate transactions with other components of the system; and wherein the application is validated using a secure credential (Barton, [0083] discloses the certificates (i.e. reads on at least one credential) stored on the mobile device may be stored in an encrypted location (i.e. reads on secure component) on the mobile device; Barton, [0128] discloses those skilled in the art will recognize that the android operating system may include built-in mechanisms for requesting the signing certificate (i.e. reads on using a secure credential) of an application which the access manager may utilize to validate the identity of a managed mobile application (i.e. reads on the application is validated) requesting access (i.e. reads on transactions) to the computing resources such as enterprise resources; Barton, [0125] discloses the access manger may be configured to validate the identity of the managed mobile application in order to ensure that the managed mobile application has accurately identified itself and/or to ensure that the managed mobile application has not been altered after installation at the mobile device and the access manager may rely on identification information included in the application metadata to validate the identity of the managed mobile application and if the stored identification information matches the identification information received from the operating system, the access manager may identify the application as a trusted application and grant access to the enterprise resources and if the stored identification information does not match the identification information received from the operating system, then the access manager may identify the managed mobile application as suspicious or untrustworthy mobile application and deny access to the enterprise resources and the access manager may also grant or deny access to local computing resources at the mobile device itself that includes, a camera, location services such as GPS, cellular or internet services, etc.; Barton, [0082] discloses the enterprise resources may be premise-based resources, cloud based resources and the like; Barton, [0040] discloses transactions based on geographic locations; Barton, [0009] discloses an access manager may perform a validation process to determine whether a mobile application requesting access to computing resources has accurately identified itself and has not been subsequently altered after installation at the mobile device and in this way, the access manager may ensure that the mobile application can be trusted and is not attempting to circumvent the security mechanisms used to protect those resources and as a result).
Therefore, at the time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the invention of Gupta in view of Aaron to incorporate the teachings of Barton for the purpose of ensuring security 
Regarding claim 21, Gupta discloses:
A method of controlling activity within a first physical area under control of an entity, comprising: determining a current location of a mobile user device of a user relative to the first physical area, wherein the mobile user device is not affiliated with the entity; installing an application on the mobile user device to control activity within the first physical area under control of the entity; (Gupta, Fig. 6 & [0050]-[0051] discloses a time based access within a restricted area (i.e. reads on first physical area) where the restricted area may be a secured room where a visitor is allowed to enter for a specified time period wherein a device detector detects whether the visitor (i.e. reads on user) is carrying any device (i.e. reads on mobile user device) and the device detector sends a message to the MDM server (i.e. reads on first entity) requesting to open or unlock the entry gate and the visitor can access the restricted area and discloses the MDM server sends policies applicable for the restricted area such as camera off, recorder off, etc. (i.e. reads on controlling activity and remotely control one or more capabilities of the mobile user device) to the device and the OS of the device executes the area specific policies are executed and the device informs the MDM server to open the entry gate and the MDM server opens the entry gate and the visitor can enter the restricted area; Gupta, [0023] discloses the MDM server identifies the restricted area (i.e. reads on determining a current location of a mobile user device of a user relative to the first physical area) through the received restricted area ID and upon identifying the restricted area, the MDM server retrieves one or more area specific policies predefined for the restricted area and the area specific policies include rules for defining the configuration of the device to allow the device to access the restricted area; Gupta, [0048] discloses the application on the device reads the cached securities policies from the device local database and instructs the OS of the device to apply the area specific policies on the device while entering the restricted area; Gupta, [0019] discloses a command to instruct the device to install or download an application from the cloud or execute the application). 
and the entity using the application to remotely control the mobile user device to disable WIFI communication capabilities (Gupta, [0034] discloses as shown in TABLE 3, for area A1 the applicable policies are P7 and P9 to allow the device in the area A1 when the features of the device are disabled and the user is authenticated by inquiring the name and ID number of the user to allow only the selected users to enter the area A1 and for area A2, the selected policy is P4 to allow the device in the area A2 when the device camera is off and the device recorder is on and for area A3, the selected policy is P5 to allow device in the area A3 when the device internet connectivity is off and the device is in silent mode and for area A4, the selected policy is P8 to allow the device in the area A4 when device Wi-Fi-is off, device camera is off and device recorded is off; Gupta, [0047] discloses area specific policies are cached on the device and are executed on the device (i.e. indicates obviousness of remotely controlling one or more capabilities of the mobile user device) whenever the device enters the restricted area (i.e. reads on while the mobile user device is located within, the first physical area) within the predefined time interval; Gupta, [0017]-[0018] discloses restricted area refers to an area in which security or restrictive measures are employed to prevent unauthorized entry for example a server room within an organization may be a restricted area and an area specific policy may be specified for a corresponding restricted area for example the area specific policy may be to switch off device camera and radio within the server room and the area may be secured or restricted using an access controller at an entry point of the area and discloses the access controller may refer to an imaginary boundary for example a geofence surrounding the restricted area (i.e. indicates obviousness of a predefined proximity of, the first physical area) such that a device has a signal drop when a user enters the boundaries of the restricted area demarcated by the access controller; Gupta, [0044] discloses once the exit is opened and the user is out, the device configuration is reverted back to the original configuration and in an embodiment, the application stores the modified device configuration locally on a local device database and once the user is out of the restricted area, the application instruct the OS of the device to revert to the original configuration or call off and withdraw the modified configuration and in an embodiment, the MDM server instructs the OS of the device to revert to the original configuration once the user is out of the restricted area; Gupta, [0048] discloses the application on the device reads the cached securities policies from the device local database and instructs the OS of the device to apply the area specific policies on the device while entering the restricted area.  Therefore one of ordinary skill in the art would recognize and find obvious based on the combined teachings of the cited portions, that a predefined proximity could be implemented to enable or disable specific functionalities of the user device whenever the user device enters or leaves a predefined proximity according to the specific area policy and said predefined proximity could be interpreted as within the area itself or on the geofence of the access controller surrounding the area).
Gupta discloses sending credentials from the mobile device to the server as well as a security unit that performs authentication in order to provide the mobile device with access to a restricted area but fails to explicitly disclose the use of a secure component to store the credentials as well as validating an application and Gupta discloses various different area specific policies that includes disabling WiFi and radio but fails to explicitly disclose disabling telephony communication capabilities and therefore fails to disclose “validating the application using a secure credential to enable execution of the application;” and “disable wireless telephony communication capabilities while the mobile user device is located within, or within a predefined proximity of, the first physical area.” 
In a related field of endeavor, Aaron discloses:
(Aaron, [0051] discloses when the premises is an educational institution such as a school, the enabling and/or disabling of selected operations of a wireless terminal may be tied via time/date to a class schedule where calls and/or other communications are not allowed during teacher-entered test periods, during SAT’s, etc. and calls may be allowed in certain school locations but not in others (i.e. reads on disable wireless telephony communication capabilities while the user is within the physical area); Aaron, [0008] discloses the monitoring system is responsive to the proximity detector and the rules database and is configured to disable and/or enable selected operations of the at least one wireless terminal that is located at the premises in response to at least one operational authorization rule for the at least one wireless terminal that applies to the premises; Aaron, [0025] discloses the proximity detector may employ global positioning system and/or other location signals and other techniques of detecting proximity may also be used).
Therefore, at the time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the invention of Gupta to incorporate the teachings of Aaron for the purpose of making the system more dynamic, versatile and adaptable by providing the system with various different alternatives thereby allowing the system to handle a number of various different combination of specific design structure / embodiment / scenarios and preventing the system from being limited to a single specific design structure / embodiment / scenario and 
Gupta in view of Aaron explicitly fails to disclose “validating the application using a secure credential to enable execution of the application;”.
In a related field of endeavor, Barton discloses:
validating the application using a secure credential to enable execution of the application; (Barton, [0128] discloses those skilled in the art will recognize that the android operating system may include built-in mechanisms for requesting the signing certificate (i.e. reads on using a secure credential) of an application which the access manager may utilize to validate the identity of a managed mobile application (i.e. reads on the application is validated) requesting access (i.e. reads on enable execution) to the computing resources such as enterprise resources; Barton, [0125] discloses the access manger may be configured to validate the identity of the managed mobile application in order to ensure that the managed mobile application has accurately identified itself and/or to ensure that the managed mobile application has not been altered after installation at the mobile device and the access manager may rely on identification information included in the application metadata to validate the identity of the managed mobile application and if the stored identification information matches the identification information received from the operating system, the access manager may identify the application as a trusted application and grant access to the enterprise resources and if the stored identification information does not match the identification information received from the operating system, then the access manager may identify the managed mobile application as suspicious or untrustworthy mobile application and deny access to the enterprise resources and the access manager may also grant or deny access to local computing resources at the mobile device itself that includes, a camera, location services such as GPS, cellular or internet services, etc.; Barton, [0082] discloses the enterprise resources may be premise-based resources, cloud based resources and the like; Barton, [0040] discloses transactions based on geographic locations; Barton, [0083] discloses the certificates stored on the mobile device may be stored in an encrypted location on the mobile device; Barton, [0009] discloses an access manager may perform a validation process to determine whether a mobile application requesting access to computing resources has accurately identified itself and has not been subsequently altered after installation at the mobile device and in this way, the access manager may ensure that the mobile application can be trusted and is not attempting to circumvent the security mechanisms used to protect those resources and as a result).
Therefore, at the time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the invention of Gupta in view of Aaron to incorporate the teachings of Barton for the purpose of ensuring security by providing the system with a means to identify whether a requesting mobile application is a trusted application or a suspicious application thereby ensuring that the mobile application can be trusted and is not attempting to circumvent the security mechanisms used to protect those resources and as a result (Barton, [0009] & [0125] & [0083]).  
Regarding claim 23 and claim 104, Gupta in view of Aaron and further in view of Barton discloses:
The method of claim 21 and The system of claim 19, wherein GPS and near field communication capabilities remain enabled after disabling WIFI communication capabilities and wireless telephony communication capabilities (Aaron, [0025] discloses the proximity detector may employ global positioning system and/or other location signals and other techniques of detecting proximity may also be used; Aaron, [0008] discloses the monitoring system is responsive to the proximity detector and the rules database and is configured to disable and/or enable selected operations of the at least one wireless terminal that is located at the premises in response to at least one operational authorization rule for the at least one wireless terminal that applies to the premises; Aaron, [0051] discloses when the premises is an educational institution such as a school, the enabling and/or disabling of selected operations of a wireless terminal may be tied via time/date to a class schedule where calls and/or other communications are not allowed during teacher-entered test periods, during SAT’s, etc. and calls may be allowed in certain school locations but not in others; Gupta, [0037] discloses the tag can be any acceptable tag known in the art such as an NFC tag, QR code, RFID tag, etc.; Gupta, [0039] discloses when the device gets near the access controller, the tag reader within the device reads the tag and reads the command from the tag and the command may be to execute the application on the device to get connected to the MDM server and the OS executes the command and runs the application to get connected to the MDM server; Gupta, [0029] discloses the MDM server maintains a policy database to store area specific policies corresponding to one or more accessible areas and refers to one or more rules that has to be complied for entering the accessible area; Gupta, [0034] discloses as shown in TABLE 3, for area A1 the applicable policies are P7 and P9 to allow the device in the area A1 when the features of the device are disabled and the user is authenticated by inquiring the name and ID number of the user to allow only the selected users to enter the area A1 and for area A2, the selected policy is P4 to allow the device in the area A2 when the device camera is off and the device recorder is on and for area A3, the selected policy is P5 to allow device in the area A3 when the device internet connectivity is off and the device is in silent mode and for area A4, the selected policy is P8 to allow the device in the area A4 when device Wi-Fi-is off, device camera is off and device recorded is off.  Therefore one of ordinary skill in the art would recognize and find obvious based on the combined teachings of the cited portions, that a policy or authorization rule may be implemented where GPS and RFID is allowed at a specific area of the premises while WiFi and calls are disabled).
Regarding claim 24, Gupta in view of Aaron and further in view of Barton discloses:
The method of claim 21, further comprising: providing one or more access codes for things located within the first physical area (Gupta, [0043] discloses the security unit stores the device ID when the user enters the area along with the device and when the device is swiped from the inside, the security unit identifies the device and instructs the access controller to get opened).
Regarding claim 25, Gupta in view of Aaron and further in view of Barton discloses:
The method of claim 21, wherein determining a current location includes determining that the user device is within a predefined proximity to one or more second physical areas within the first physical area and, in response to detecting that the user device is within the predefined proximity, issuing an alert to one or more parties (Gupta, [0054]-[0056] discloses it is determined whether the device is outside the restricted area and when the device is outside the restricted area, the one or more area specific policies applied on the device are withdrawn and the device is reverted to the original configuration and discloses the embodiments also help to track the movement of the authorized user device and the tracking information may be reported to the administrator such as when authentication fails for a predefined number of  times, the administrator is informed that some unauthorized user tried entering the area 4th time and discloses the time restricted policy can be configured for the restricted area to allow visitors to enter the area for a specified time interval and when the specified time is lapsed, an alarm may be blown or triggered on the user’s device and the administration is informed about the time lapse as well; Gupta, [0017] discloses restricted area refers to an area in which security or restrictive measures are employed to prevent unauthorized entry for example a server room within an organization may be a restricted area and an area specific policy may be specified for a corresponding restricted area for example the area specific policy may be to switch off device camera and radio within the server room and the area may be secured or restricted using an access controller at an entry point of the area; Gupta, [0021] discloses the context may be related to location such as an office premise or a restricted area within the office premise).
 Regarding claim 26, Gupta in view of Aaron and further in view of Barton discloses:
The method of claim 21, wherein the first physical area includes a reception area, wherein determining the current location of the mobile user device includes determining that the mobile user device is leaving the reception area and wherein the entity controls disabling one or more capabilities of the mobile user device in response to determining that the user is leaving the reception area (Gupta, [0056] discloses the time restricted policy can be configured for the restricted area to allow visitors to enter the area for a specified time interval and when the specified time is lapsed, an alarm may be blown or triggered on the user’s device and the administration is informed about the time lapse as well; Gupta, [0044] discloses once the exit is opened and the user is out, the device configuration is reverted back to the original configuration and in an embodiment, the application stores the modified device configuration locally on a local device database and once the user is out of the restricted area, the application instruct the OS of the device to revert to the original configuration or call off and withdraw the modified configuration and in an embodiment, the MDM server instructs the OS of the device to revert to the original configuration once the user is out of the restricted area; Gupta, [0047] discloses area specific policies are cached on the device and are executed on the device whenever the device enters the restricted area within the predefined time interval; Gupta, [0017]-[0018] discloses restricted area refers to an area in which security or restrictive measures are employed to prevent unauthorized entry for example a server room within an organization may be a restricted area and an area specific policy may be specified for a corresponding restricted area for example the area specific policy may be to switch off device camera and radio within the server room and the area may be secured or restricted using an access controller at an entry point of the area and discloses the access controller may refer to an imaginary boundary for example a geofence surrounding the restricted area such that a device has a signal drop when a user enters the boundaries of the restricted area demarcated by the access controller; Gupta, [0034] discloses as shown in TABLE 3, for area A1 the applicable policies are P7 and P9 to allow the device in the area A1 when the features of the device are disabled and the user is authenticated by inquiring the name and ID number of the user to allow only the selected users to enter the area A1 and for area A2, the selected policy is P4 to allow the device in the area A2 when the device camera is off and the device recorder is on and for area A3, the selected policy is P5 to allow device in the area A3 when the device internet connectivity is off and the device is in silent mode and for area A4, the selected policy is P8 to allow the device in the area A4 when device Wi-Fi-is off, device camera is off and device recorded is off.  Therefore one of ordinary skill in the art would recognize and find obvious based on the combined teachings of the cited portions, that an area where the visitors enter may be considered a visitors reception area and when the device leaves a previous area to enter a new area, different functionalities are disabled according to the area policy of the new area).
Regarding claim 30 and claim 107, Gupta in view of Aaron and further in view of Barton discloses:
The method of claim 21 and The system of claim 19, wherein the mobile user device is allowed to read QRC labels and/or detect RFID signals from things within the first physical area after disabling WIFI communication capabilities and wireless telephony communication capabilities (Gupta, [0029] discloses the MDM server maintains a policy database to store area specific policies corresponding to one or more accessible areas and refers to one or more rules that has to be complied for entering the accessible area; Gupta, [0039] discloses when the device gets near the access controller, the tag reader within the device reads the tag and reads the command from the tag and the command may be to execute the application on the device to get connected to the MDM server and the OS executes the command and runs the application to get connected to the MDM server; Gupta, [0037] discloses the tag can be any acceptable tag known in the art such as an NFC tag, QR code, RFID tag, etc.; Aaron, [0051] discloses when the premises is an educational institution such as a school, the enabling and/or disabling of selected operations of a wireless terminal may be tied via time/date to a class schedule where calls and/or other communications are not allowed during teacher-entered test periods, during SAT’s, etc. and calls may be allowed in certain school locations but not in others;  Gupta, [0034] discloses as shown in TABLE 3, for area A1 the applicable policies are P7 and P9 to allow the device in the area A1 when the features of the device are disabled and the user is authenticated by inquiring the name and ID number of the user to allow only the selected users to enter the area A1 and for area A2, the selected policy is P4 to allow the device in the area A2 when the device camera is off and the device recorder is on and for area A3, the selected policy is P5 to allow device in the area A3 when the device internet connectivity is off and the device is in silent mode and for area A4, the selected policy is P8 to allow the device in the area A4 when device Wi-Fi-is off, device camera is off and device recorded is off.    Therefore one of ordinary skill in the art would recognize and find obvious based on the combined teachings of the cited portions, that an area specific policy may include a policy that allows the tag to be read while WiFi and calls are disabled).
Regarding claim 31 and claim 108, Gupta in view of Aaron and further in view of Barton discloses:
(Gupta, [0044] discloses once the exit is opened and the user is out, the device configuration is reverted back to the original configuration and in an embodiment, the application stores the modified device configuration locally on a local device database and once the user is out of the restricted area, the application instruct the OS of the device to revert to the original configuration or call off and withdraw the modified configuration and in an embodiment, the MDM server instructs the OS of the device to revert to the original configuration once the user is out of the restricted area).
Regarding claim 32, Gupta in view of Aaron and further in view of Barton discloses:
A non-transitory computer-readable medium containing software that controls activity within a first physical area under control of an entity, (Gupta, [0058]-[0059] discloses software components are tangibly stored on a computer readable storage medium as instructions and may be a non-transitory computer readable storage medium and discloses the computer system includes a processor that executes software instructions or code stored on a computer readable storage medium).
the software comprising executable code that performs the steps of the method according claim 21 when executed by a processor (see claim 21).
Regarding claim 33, Gupta in view of Aaron and further in view of Barton discloses:
(Gupta, [0059] discloses the computer system includes a processor that executes software instructions or code stored on a computer readable storage medium).
the system having means that perform one or more of the steps according to claim 21 (see claim 21).
Regarding claim 79, Gupta in view of Aaron and further in view of Barton discloses:
The method of claim 21, further comprising: in response to detecting the mobile user device leaving the predefined proximity of the physical area, the entity remotely enabling the one or more disabled capabilities of the mobile user device (Gupta, [0044] discloses once the exit is opened and the user is out, the device configuration is reverted back to the original configuration and in an embodiment, the application stores the modified device configuration locally on a local device database and once the user is out of the restricted area, the application instruct the OS of the device to revert to the original configuration or call off and withdraw the modified configuration and in an embodiment, the MDM server instructs the OS of the device to revert to the original configuration once the user is out of the restricted area; Gupta, [0047] discloses area specific policies are cached on the device and are executed on the device whenever the device enters the restricted area within the predefined time interval; Gupta, [0017]-[0018] discloses restricted area refers to an area in which security or restrictive measures are employed to prevent unauthorized entry for example a server room within an organization may be a restricted area and an area specific policy may be specified for a corresponding restricted area for example the area specific policy may be to switch off device camera and radio within the server room and the area may be secured or restricted using an access controller at an entry point of the area and discloses the access controller may refer to an imaginary boundary for example a geofence surrounding the restricted area such that a device has a signal drop when a user enters the boundaries of the restricted area demarcated by the access controller).
Regarding claim 80, Gupta in view of Aaron and further in view of Barton discloses:
The method of claim 79, wherein the visitor registers a visit to the physical area (Gupta, [0027] discloses a user can enroll or register their device by accessing a device registration portal and the device can be enrolled or registered at any time before entering the restricted area).
Regarding claim 86, Gupta in view of Aaron and further in view of Barton discloses:
The method of claim 79, wherein detecting the mobile user device leaving the predefined proximity of the area includes determining that the user device has entered a visitor reception area (Gupta, [0056] discloses the time restricted policy can be configured for the restricted area to allow visitors to enter the area for a specified time interval and when the specified time is lapsed, an alarm may be blown or triggered on the user’s device and the administration is informed about the time lapse as well.  Therefore one of ordinary skill in the art would recognize and find obvious based on the combined teachings of the cited portions, that an area where the visitors enter may be considered a visitors reception area).
Regarding claim 87, Gupta in view of Aaron and further in view of Barton discloses:
The method of claim 79, wherein an application is associated with one or more resources corresponding to the physical areas while the visitor was within the physical area, the method further comprising: the mobile user device continuing to be enabled to allow the user to use the first application after leaving the first physical area (Gupta, [0048] discloses the application on the device reads the cached securities polices from the device local database and instructs the OS of the device to apply the area specific policies on the device while entering the restricted area; Gupta, [0034] discloses as shown in TABLE 3, for area A1 the applicable policies are P7 and P9 to allow the device in the area A1 when the features of the device are disabled and the user is authenticated by inquiring the name and ID number of the user to allow only the selected users to enter the area A1 and for area A2, the selected policy is P4 to allow the device in the area A2 when the device camera is off and the device recorder is on and for area A3, the selected policy is P5 to allow device in the area A3 when the device internet connectivity is off and the device is in silent mode and for area A4, the selected policy is P8 to allow the device in the area A4 when device Wi-Fi-is off, device camera is off and device recorded is off).
Regarding claim 88, Gupta in view of Aaron and further in view of Barton discloses:
(Gupta, [0058]-[0059] discloses software components are tangibly stored on a computer readable storage medium as instructions and may be a non-transitory computer readable storage medium and discloses the computer system includes a processor that executes software instructions or code stored on a computer readable storage medium).
the software comprising executable code that performs the steps of the method according to claim 79 when executed by a processor (see claim 79).
Regarding claim 89, Gupta in view of Aaron and further in view of Barton discloses:
A system that handles a mobile user device of a visitor to a physical area that is under control of an entity with one or more capabilities of the mobile user device being remotely disabled by the entity while the visitor is within a predefined proximity of the physical area, (Gupta, [0059] discloses the computer system includes a processor that executes software instructions or code stored on a computer readable storage medium).
the system having means that perform one or more of the steps of the method according to claim 79 (see claim 79).



Claim 28, 81-82, 84-85 and 105 is/are rejected under 35 U.S.C. 103 as being unpatentable over GUPTA et al. (US Patent Publication 2016/0173531 herein after referenced as Gupta) in view of Aaron (US Patent Publication 2006/0099965 herein after referenced as Aaron) in view of Barton et al. (US Patent Publication 2014/0298420 herein after referenced as Barton) and further in view of Campero et al. (US Patent Publication 2018/0089971 herein after referenced as Campero).

Regarding claim 28, Gupta in view of Aaron and further in view of Barton discloses:
The method of claim 21, further comprising: accessing a secure component that provides a secure platform having stored thereon at least one (Barton, [0083] discloses the certificates stored on the mobile device may be stored in an encrypted location on the mobile device; Barton, [0128] discloses those skilled in the art will recognize that the android operating system may include built-in mechanisms for requesting the signing certificate of an application which the access manager may utilize to validate the identity of a managed mobile application requesting access to the computing resources such as enterprise resources; Barton, [0125] discloses the access manger may be configured to validate the identity of the managed mobile application in order to ensure that the managed mobile application has accurately identified itself and/or to ensure that the managed mobile application has not been altered after installation at the mobile device and the access manager may rely on identification information included in the application metadata to validate the identity of the managed mobile application and if the stored identification information matches the identification information received from the operating system, the access manager may identify the application as a trusted application and grant access to the enterprise resources and if the stored identification information does not match the identification information received from the operating system, then the access manager may identify the managed mobile application as suspicious or untrustworthy mobile application and deny access to the enterprise resources and the access manager may also grant or deny access to local computing resources at the mobile device itself that includes, a camera, location services such as GPS, cellular or internet services, etc.; Barton, [0082] discloses the enterprise resources may be premise-based resources, cloud based resources and the like; Barton, [0040] discloses transactions based on geographic locations; Gupta, [0034] discloses as shown in TABLE 3, for area A1 the applicable policies are P7 and P9 to allow the device in the area A1 when the features of the device are disabled and the user is authenticated by inquiring the name and ID number of the user to allow only the selected users to enter the area A1 and for area A2, the selected policy is P4 to allow the device in the area A2 when the device camera is off and the device recorder is on and for area A3, the selected policy is P5 to allow device in the area A3 when the device internet connectivity is off and the device is in silent mode and for area A4, the selected policy is P8 to allow the device in the area A4 when device Wi-Fi-is off, device camera is off and device recorded is off; Gupta, [0047] discloses area specific policies are cached on the device and are executed on the device whenever the device enters the restricted area within the predefined time interval).
Gupta in view of Aaron and further in view of Barton discloses sending credentials from the mobile device to the server as well as a security unit that performs authentication in order to provide the mobile device with access to a restricted area but fails to explicitly disclose the use of a secure component to store the credentials and also fails to explicitly disclose the use of a block chain technology in the transmission and therefore fails to disclose “accessing a secure component that provides a secure platform having stored thereon at least one block chain credential for authorizing the mobile user device to communicate block chain transactions with one or more components affiliated with the entity; and the mobile user device using the block chain credential to communicate block chain transactions with the one or more components in connection with the entity using the application to remotely control the mobile user device.” 
In a related field of endeavor, Campero discloses:
accessing a secure component that provides a secure platform having stored thereon at least one block chain credential for authorizing the mobile user device to communicate block chain transactions with one or more components affiliated with the entity; and the mobile user device using the block chain credential to communicate (Campero, [0048] discloses the smartcard may also have various physical forms and the identity wallets are housed in the smart phones and includes an application that executes on an electronic device and which allows a user of the device to store identity information encrypt such identity information and communicate with external systems via communication functions / circuitry on the smartphone; Campero, [0008] discloses the new architecture employs blockchain technology that allows an access reader to validate information presented via the identity card and the access system has a higher level of security since it would be extremely difficult to hack; Campero, [0108] discloses permitting access to a registered mobile credential stored on the user device to an access control system wherein the access process allows the access control system to verify the identity of the user possessing the mobile credential for permitting access to the facility or logical structures; Campero, [0054] discloses physical access is meant access to physical locations where as logical access relates to access to logical structures such as electronic devices or applications / data accessible via electronic devices).
	Therefore, at the time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the invention of Gupta in view of Aaron and further in view of Barton to incorporate the teachings of Campero for the purpose of providing the system with a means to a higher level of security (Campero, [0008]) and for the purpose of making the system more dynamic, versatile 
Regarding claim 81, Gupta in view of Aaron and further in view of Barton discloses:
The method of claim 79, further comprising: in response to detecting the mobile user device leaving, transmitting one or more transaction blocks (Gupta, [0041]-[0043] discloses before authenticating the device, the MDM server authenticates the user and may inquire the user about its ID and name though the application and determines whether the user is authenticated or registered user by mapping the received user ID and name with the user database and discloses when the user authentication is successful, the MDM server authenticates the device based upon the device information received from the OS of the device and when the device is authenticated, the MDM server retrieves area specific policy applicable to the area ID corresponding to the restricted area received from the device and discloses when the user tries to come out of the restricted area, the user flashes or swipes the device at the entry or exit gate to open the gate from the inside and the security unit stores the device ID when the user enters the area long with the device and when the device is swiped from inside, the security unit identifies the device and instruct the access controller to get opened; Gupta, [0017] discloses restricted area refers to an area in which security or restrictive measures are employed to prevent unauthorized entry for example a server room within an organization may be a restricted area and an area specific policy may be specified for a corresponding restricted area for example the area specific policy may be to switch off device camera and radio within the server room and the area may be secured or restricted using an access controller at an entry point of the area).
Gupta in view of Aaron and further in view of Barton discloses sending credentials from the mobile device to the server as well as a security unit that performs “transmitting one or more transaction blocks of a blockchain from the mobile user device to one or more remotely located components affiliated with the entity.”
In a related field of endeavor, Campero discloses:
transmitting one or more transaction blocks of a blockchain from the mobile user device to one or more remotely located components affiliated with the entity (Campero, [0048] discloses the smartcard may also have various physical forms and the identity wallets are housed in the smart phones and includes an application that executes on an electronic device and which allows a user of the device to store identity information encrypt such identity information and communicate with external systems via communication functions / circuitry on the smartphone; Campero, [0008] discloses the new architecture employs blockchain technology that allows an access reader to validate information presented via the identity card and the access system has a higher level of security since it would be extremely difficult to hack; Campero, [0108] discloses permitting access to a registered mobile credential stored on the user device to an access control system wherein the access process allows the access control system to verify the identity of the user possessing the mobile credential for permitting access to the facility or logical structures; Campero, [0054] discloses physical access is meant access to physical locations where as logical access relates to access to logical structures such as electronic devices or applications / data accessible via electronic devices).
	Therefore, at the time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the invention of Gupta in view of Aaron and further in view of Barton to incorporate the teachings of Campero for the purpose of providing the system with a means to a higher level of security (Campero, [0008]) and for the purpose of making the system more dynamic, versatile and adaptable by providing the system with various different alternatives thereby allowing the system to handle a number of various different combination of specific design structure / embodiment / scenarios and preventing the system from being limited to a single specific design structure / embodiment / scenario and furthermore, one of ordinary skill in the art would recognize that the modification would involve a simple substitution of one known element and base device (i.e. performing a process of providing access to various different applications within a premises based on identity credentials of the mobile device as taught by Gupta) with another known element and comparable device utilizing a known technique (i.e. performing a process of providing access to various different applications within a premises based on identity credentials of the mobile device, wherein the identity credentials is stored in a secure element such as a wallet of the mobile device and utilizes block chain communication in transmitting the identity credentials as taught by Campero) to improve the similar devices in the same way and to obtain the predictable result of the system performing a process of providing access to various different applications within a premises based on identity credentials of the mobile device (i.e. as taught by Gupta & Campero) and is dependent 
Regarding claim 82, Gupta in view of Aaron in view of Barton and further in view of Campero discloses:
The method of claim 81, further comprising: accessing a secure component that provides a secure platform having stored thereon at least one block chain credential for authorizing the mobile user device to communicate transaction blocks of a blockchain with the one or more remotely located components; and the mobile user device using the block chain credential to transmit the one or more transaction blocks (Campero, [0048] discloses the smartcard may also have various physical forms and the identity wallets are housed in the smart phones and includes an application that executes on an electronic device and which allows a user of the device to store identity information encrypt such identity information and communicate with external systems via communication functions / circuitry on the smartphone; Campero, [0008] discloses the new architecture employs blockchain technology that allows an access reader to validate information presented via the identity card and the access system has a higher level of security since it would be extremely difficult to hack; Campero, [0108] discloses permitting access to a registered mobile credential stored on the user device to an access control system wherein the access process allows the access control system to verify the identity of the user possessing the mobile credential for permitting access to the facility or logical structures; Campero, [0054] discloses physical access is meant access to physical locations where as logical access relates to access to logical structures such as electronic devices or applications / data accessible via electronic devices).
Regarding claim 84, Gupta in view of Aaron in view of Barton and further in view of Campero discloses:
The method of claim 81, wherein the secure component is contained within the mobile user device (Barton, [0083] discloses the certificates stored on the mobile device may be stored in an encrypted location on the mobile device; Campero, [0048] discloses the smartcard may also have various physical forms and the identity wallets are housed in the smart phones and includes an application that executes on an electronic device and which allows a user of the device to store identity information encrypt such identity information and communicate with external systems via communication functions / circuitry on the smartphone).
Regarding claim 85, Gupta in view of Aaron in view of Barton and further in view of Campero discloses:
The method of claim 81, wherein the one or more transaction blocks include information associated with one or more interactions between the mobile user device and one or things within the physical area (Gupta, [0041]-[0043] discloses before authenticating the device, the MDM server authenticates the user and may inquire the user about its ID and name though the application and determines whether the user is authenticated or registered user by mapping the received user ID and name with the user database and discloses when the user authentication is successful, the MDM server authenticates the device based upon the device information received from the OS of the device and when the device is authenticated, the MDM server retrieves area specific policy applicable to the area ID corresponding to the restricted area received from the device and discloses when the user tries to come out of the restricted area, the user flashes or swipes the device at the entry or exit gate to open the gate from the inside and the security unit stores the device ID when the user enters the area long with the device and when the device is swiped from inside, the security unit identifies the device and instruct the access controller to get opened; Campero, [0108] discloses permitting access to a registered mobile credential stored on the user device to an access control system wherein the access process allows the access control system to verify the identity of the user possessing the mobile credential for permitting access to the facility or logical structures; Campero, [0054] discloses physical access is meant access to physical locations where as logical access relates to access to logical structures such as electronic devices or applications / data accessible via electronic devices).
Regarding claim 105, Gupta in view of Aaron and further in view of Barton discloses:
The system of claim 19, wherein the mobile user device includes a secure component that provides a secure platform having stored thereon at least one (Barton, [0083] discloses the certificates stored on the mobile device may be stored in an encrypted location on the mobile device; Barton, [0128] discloses those skilled in the art will recognize that the android operating system may include built-in mechanisms for requesting the signing certificate of an application which the access manager may utilize to validate the identity of a managed mobile application requesting access to the computing resources such as enterprise resources; Barton, [0125] discloses the access manger may be configured to validate the identity of the managed mobile application in order to ensure that the managed mobile application has accurately identified itself and/or to ensure that the managed mobile application has not been altered after installation at the mobile device and the access manager may rely on identification information included in the application metadata to validate the identity of the managed mobile application and if the stored identification information matches the identification information received from the operating system, the access manager may identify the application as a trusted application and grant access to the enterprise resources and if the stored identification information does not match the identification information received from the operating system, then the access manager may identify the managed mobile application as suspicious or untrustworthy mobile application and deny access to the enterprise resources and the access manager may also grant or deny access to local computing resources at the mobile device itself that includes, a camera, location services such as GPS, cellular or internet services, etc.; Barton, [0082] discloses the enterprise resources may be premise-based resources, cloud based resources and the like; Barton, [0040] discloses transactions based on geographic locations; Gupta, [0034] discloses as shown in TABLE 3, for area A1 the applicable policies are P7 and P9 to allow the device in the area A1 when the features of the device are disabled and the user is authenticated by inquiring the name and ID number of the user to allow only the selected users to enter the area A1 and for area A2, the selected policy is P4 to allow the device in the area A2 when the device camera is off and the device recorder is on and for area A3, the selected policy is P5 to allow device in the area A3 when the device internet connectivity is off and the device is in silent mode and for area A4, the selected policy is P8 to allow the device in the area A4 when device Wi-Fi-is off, device camera is off and device recorded is off; Gupta, [0047] discloses area specific policies are cached on the device and are executed on the device whenever the device enters the restricted area within the predefined time interval).
Gupta in view of Aaron and further in view of Barton discloses sending credentials from the mobile device to the server as well as a security unit that performs authentication in order to provide the mobile device with access to a restricted area but fails to explicitly disclose the use of a secure component to store the credentials and also fails to explicitly disclose the use of a block chain technology in the transmission and therefore fails to disclose “a secure component that provides a secure platform having stored thereon at least one block chain credential for authorizing the mobile user device to communicate block chain transactions with the one or more components remotely located from the mobile user device and wherein the mobile user device uses the block chain credential to communicate block chain transactions with the one or more components remotely located from the mobile user device in connection with using the application to remotely control the mobile user device.”
In a related field of endeavor, Campero discloses:
a secure component that provides a secure platform having stored thereon at least one block chain credential for authorizing the mobile user device to communicate block chain transactions with the one or more components remotely located from the mobile user device and wherein the mobile user device uses the block chain credential to communicate block chain transactions with the one or more components remotely located from the mobile user device in connection with using the application to remotely control the mobile user device (Campero, [0048] discloses the smartcard may also have various physical forms and the identity wallets are housed in the smart phones and includes an application that executes on an electronic device and which allows a user of the device to store identity information encrypt such identity information and communicate with external systems via communication functions / circuitry on the smartphone; Campero, [0008] discloses the new architecture employs blockchain technology that allows an access reader to validate information presented via the identity card and the access system has a higher level of security since it would be extremely difficult to hack; Campero, [0108] discloses permitting access to a registered mobile credential stored on the user device to an access control system wherein the access process allows the access control system to verify the identity of the user possessing the mobile credential for permitting access to the facility or logical structures; Campero, [0054] discloses physical access is meant access to physical locations where as logical access relates to access to logical structures such as electronic devices or applications / data accessible via electronic devices).
	Therefore, at the time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the invention of Gupta in view of Aaron and further in view of Barton to incorporate the teachings of Campero for the purpose of providing the system with a means to a higher level of security (Campero, [0008]) and for the purpose of making the system more dynamic, versatile and adaptable by providing the system with various different alternatives thereby allowing the system to handle a number of various different combination of specific design structure / embodiment / scenarios and preventing the system from being limited to a single specific design structure / embodiment / scenario and furthermore, one of ordinary skill in the art would recognize that the modification would involve a simple substitution of one known element and base device (i.e. performing a process of providing access to various different applications within a premises based on identity credentials of the mobile device as taught by Gupta) with another known element and comparable device utilizing a known technique (i.e. performing a process of providing access to various different applications within a premises based on identity credentials of the mobile device, wherein the identity credentials is stored in a secure element such as a wallet of the mobile device and utilizes block chain communication in transmitting the identity credentials as taught by Campero) to improve the similar devices in the same way and to obtain the predictable result of the system performing a process of .   


Claim 29, 83 and 106 is/are rejected under 35 U.S.C. 103 as being unpatentable over GUPTA et al. (US Patent Publication 2016/0173531 herein after referenced as Gupta) in view of Aaron (US Patent Publication 2006/0099965 herein after referenced as Aaron) in view of Barton et al. (US Patent Publication 2014/0298420 herein after referenced as Barton) in view of Campero et al. (US Patent Publication 2018/0089971 herein after referenced as Campero) and further in view of Kurian et al. (US Patent Publication 2018/0174591 herein after referenced as Kurian).  

Regarding claim 29 and claim 83 and claim 106, Gupta in view of Aaron in view of Barton and further in view of Campero discloses:
The method of claim 28 (see claim 28) and The method of claim 81 (see claim 81) and The system of claim 105 (see claim 105).  Gupta in view of Aaron in view of Barton and further in view of Campero discloses a mobile device that stores authentication and credential information but fails to explicitly disclose the use of a dongle and therefore fails to disclose “wherein the secure component is contained within a dongle locally coupled to the mobile user device.”

wherein the secure component is contained within a dongle locally coupled to the mobile user device (Kurian, [0021] discloses the SVA device may connect to a mobile phone or other such device as a dongle via a hardwired connection such as USB, etc. or via a wireless connection such as Bluetooth, WiFi, etc.; Kurian, [0025] discloses one or more computing systems may send or receive a synthetic voice identifier for verification as part of a user authentication procedure and the synthetic voice identifier information may be stored in a block chain configuration for each user; Kurian, [0033] discloses the SVA node my receive a request to capture an audio input signal in response to a request based on the user attempting an activity requiring authentication of user credentials and secure data handling based on the requested activity and at least a portion of the audio sample may be saved in a data repository local to the SVA node and/or at a centralized data repository; Kurian, [0036] discloses the SVA may generate a synthesized voice identifier based at least in part on geolocation information captured by the SVA device and other information such as biometric information and the like).
Therefore, at the time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the invention of Gupta in view of Aaron in view of Barton and further in view of Campero to incorporate the teachings of Kurain for the purpose of making the system more dynamic, versatile and adaptable by allowing the system to handle a number of various different combination of specific design structure / embodiment / scenarios and preventing the system from .


Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  


Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL Y MAPA whose telephone number is (571)270-5540. The examiner can normally be reached Monday thru Thursday: 10 AM - 8 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Anthony Addy can be reached on (571) 272 - 7795. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, 





/MICHAEL Y MAPA/           Primary Examiner, Art Unit 2645