Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1.This action is responsive to the communication filed on August 15, 2019. At this time, claims 1-19 are pending and addressed below.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
                                                   Double Patenting
4. The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the "right to exclude" granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993);  In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Omum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). 
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. 
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b). 

Claims 1- 19 are rejected on the ground of statutory obviousness-type double patenting as being unpatentable over claims 1-19 of US application number 16541735. The conflicting claims are identical, they are not patentably distinct from each other because the current application contains claims that are the same in scope as the claims of the application number 16541735 and is anticipated by the claims 1-19. 

This is a   provisional double patenting rejection.   

                                                               Claims Comparison Table
Current Application
16541795
Co-pending Application
16/541735

1. A computer-implemented method of determining whether a mobile device has been compromised, the mobile device having an internal storage that includes a managed portion of memory and an unmanaged portion of memory, the mobile device having a managed profile and an unmanaged profile, wherein the managed profile includes files stored in the managed portion of memory and the unmanaged profile includes files stored in the unmanaged portion of memory, and wherein the managed profile is governed by a device policy set by a remote administrator, the method comprising: obtaining file tree structure information for the managed profile of the mobile device, wherein the file tree structure information details at least a portion of a tree-based structure of folders and files in the managed portion of memory; determining from the file tree structure information that the mobile device has been compromised; and based on the determination that the mobile device has been compromised, taking an action.
2. The computer-implemented method of claim 1, wherein file structure information includes permissions associated with folders and files in the portion of the tree-based structure.
2. The computer-implemented method of claim 1, wherein file structure information includes permissions associated with folders and files in the portion of the tree-based structure.
3. The computer-implemented method of claim 2, wherein determining includes identifying a match between a permission setting of a file or folder on the mobile device and a compromised permission setting for that file or folder in a model.
3. The computer-implemented method of claim 2, wherein determining includes identifying a match between a permission setting of a file or folder on the mobile device and a compromised permission setting for that file or folder in a model.
4. The computer-implemented method of claim 3, wherein the permission setting identifies whether entities are able to read, write or execute the file or folder.
4. The computer-implemented method of claim 3, wherein the permission setting identifies whether entities are able to read, write or execute the file or folder.
5. The computer-implemented method of claim 2, wherein determining includes identifying a difference between a permission setting of a file or folder on the mobile device and an expected permission setting for that file or folder prescribed by an uncompromised device model.
5. The computer-implemented method of claim 2, wherein determining includes identifying a difference between a permission setting of a file or folder on the mobile device and an expected permission setting for that file or folder prescribed by an uncompromised device model.
6. The computer-implemented method of claim 1, wherein determining includes determining that the file tree structure information includes information regarding files stored in the managed portion of memory.
6. The computer-implemented method of claim 1, wherein determining includes determining that the file tree structure information includes information regarding files stored in the unmanaged portion of memory.
7. The computer-implemented method of claim 6, wherein the determining that the file tree structure information includes information regarding files stored in the managed portion of memory includes determining that the 


8. The computer-implemented method of claim 1, wherein the mobile device includes a reporting agent operating within the managed profile, and wherein obtaining includes receiving the file tree structure information at a remote enterprise server in a communication from the reporting agent.
9. The computer-implemented method of claim 1, wherein taking an action comprises at least one of sending a message to a remote device regarding the compromised mobile device, wiping the memory of the mobile device, storing in memory information regarding the compromised mobile device, disabling the mobile device, or changing settings at an enterprise network to deny access to the mobile device. 
9. The computer-implemented method of claim 1, wherein taking an action comprises at least one of sending a message to a remote device regarding the compromised mobile device, wiping the memory of the mobile device, storing in memory information regarding the compromised mobile device, disabling the mobile device, or changing settings at an enterprise network to deny access to the mobile device.
10. A computing device comprising: a processor; a memory; a device analysis application stored in the memory and containing processor-executable instructions that, when executed by the processor, cause the processor determine whether a mobile device has been compromised, wherein the mobile device has internal storage that includes a managed portion of memory and an unmanaged portion of memory, the mobile device having a managed profile and an unmanaged profile, wherein the managed profile includes files stored in the managed portion of memory and the unmanaged profile includes stored in the unmanaged portion of memory, and wherein the managed profile is governed by a device policy set by a remote administrator, wherein the processor-executable instructions are to cause the processor to: obtain file tree structure information for the unmanaged profile of the mobile device, wherein the file tree structure information details at least a portion of a tree-based structure of folders and files in the unmanaged portion of memory, determine from the file tree structure information that the mobile device is compromised, and based on the determination that the mobile device has been compromised, take an action. 
10. A computing device comprising: a processor; a memory; a device analysis application stored in the memory and containing processor-executable instructions that, when executed by the processor, cause the processor determine whether a mobile device has been compromised, the mobile device having an internal storage that includes a managed portion of memory and an unmanaged portion of memory, the mobile device having a managed profile and an unmanaged profile, wherein the managed profile includes files stored in the managed portion of memory and the unmanaged profile includes files stored in the unmanaged portion of memory, and wherein the managed profile is governed by a device policy set by a remote administrator, wherein the processor-executable instructions are to cause the processor to: obtain file tree structure information for the managed profile of the mobile device, wherein the file tree structure information details at least a portion of a tree-based structure of folders and files in the managed portion of memory, determine from the file tree structure information that the mobile device is compromised, and based on the determination that the mobile device has been compromised, take an action.
11. The computing device of claim 10, wherein file tree structure information includes permissions associated with folders and files in the portion of the tree-based structure.
11. The computing device of claim 10, wherein file structure information includes permissions associated with folders and files in the portion of the tree-based structure.
12. The computing device of claim 11, wherein the instructions, when executed, are to cause the processor to determine that the mobile 


13. The computing device of claim 12, wherein the permission setting identifies whether entities are able to read, write or execute the file or folder.
14. The computing device of claim 11, wherein the instructions, when executed, are to cause the processor to determine that the mobile device is compromised by identifying a difference between a permission setting of a file or folder on the mobile device and an expected permission setting for that file or folder prescribed by an uncompromised device model. 
14. The computing device of claim 11, wherein the instructions, when executed, are to cause the processor to determine that the mobile device is compromised by identifying a difference between a permission setting of a file or folder on the mobile device and an expected permission setting for that file or folder prescribed by an uncompromised device model.
15. The computing device of claim 10, wherein the instructions, when executed, are to cause the processor to determine that the mobile device is compromised by determining that the file tree structure information includes information regarding files stored in the managed portion of memory. 
15. The computing device of claim 10, wherein the instructions, when executed, are to cause the processor to determine that the mobile device is compromised by determining that the file tree structure information includes information regarding files stored in the unmanaged portion of memory.
16. The computing device of claim 15, wherein the determining that the file tree structure information includes information regarding files stored in the managed portion of memory includes determining that the unmanaged profile lacks sufficient permissions for accessing the files stored in the managed portion of memory. 
16. The computing device of claim 15, wherein the determining that the file tree structure information includes information regarding files stored in the unmanaged portion of memory includes determining that the managed profile lacks sufficient permissions for accessing the files stored in the unmanaged portion of memory.
17. The computing device of claim 10, wherein the mobile device includes a reporting agent operating within the unmanaged profile, and wherein the instructions, when executed, are to cause the processor to obtain the file tree structure information by receiving the file tree structure information at the computing device in a communication from the reporting agent. 
17. The computing device of claim 10, wherein the mobile device includes a reporting agent operating within the managed profile, and wherein the instructions, when executed, are to cause the processor to obtain the file tree structure information by receiving the file tree structure information at the computing device in a communication from the reporting agent.
18. The computing device of claim 10, wherein the instructions, when executed, are to cause the processor to take an action by at least one of sending a message to a remote device regarding the compromised mobile device, wiping the memory of the mobile device, storing in memory information regarding the compromised mobile device, disabling the mobile device, or changing settings at an enterprise network to deny access to the mobile device. 
18. The computing device of claim 10, wherein the instructions, when executed, are to cause the processor to take an action by at least one of sending a message to a remote device regarding the compromised mobile device, wiping the memory of the mobile device, storing in memory information regarding the compromised mobile device, disabling the mobile device, or changing settings at an enterprise network to deny access to the mobile device.
19. A non-transitory computer-readable storage medium storing processor-executable instructions to determine whether a mobile 
	







Claims 1-2, 10-11 and 18-19 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-2, 10-11 and 19-20 of US application number 16541672. The conflicting claims are identical, they are not patentably distinct from each other because the current application contains claims that are narrower in scope than the claims of the application number 16541672 and is anticipated by the claims 1-2, 10-11 and 19-20.  

This is a   provisional double patenting rejection.   

Current Application
16541795
Co-pending Application
16541672
1. A computer-implemented method of determining whether a mobile device has been compromised, the mobile device having an internal storage that includes a managed portion of memory and an unmanaged portion of memory, the mobile device having a managed profile and an unmanaged profile, wherein the managed profile includes files stored in the managed portion of memory and the unmanaged profile includes files stored in the unmanaged portion of memory, and wherein the managed profile is governed by a device policy set by a remote administrator, the method comprising: obtaining file tree structure information for the unmanaged profile of the mobile device, wherein the file 


2. The computer-implemented method of claim 1, wherein file structure information includes permissions associated with folders and files in the portion of the tree-based structure.
10. A computing device comprising: a processor; a memory; a device analysis application stored in the memory and containing processor-executable instructions that, when executed by the processor, cause the processor determine whether a mobile device has been compromised, wherein the mobile device has internal storage that includes a managed portion of memory and an unmanaged portion of memory, the mobile device having a managed profile and an unmanaged profile, wherein the managed profile includes files stored in the managed portion of memory and the unmanaged profile includes stored in the unmanaged portion of memory, and wherein the managed profile is governed by a device policy set by a remote administrator, wherein the processor-executable instructions are to cause the processor to: obtain file tree structure information for the unmanaged profile of the mobile device, wherein the file tree structure information details at least a portion of a tree-based structure of folders and files in the unmanaged portion of memory, determine from the file tree structure information that the mobile device is compromised, and based on the determination that the mobile device has been compromised, take an action. 
10. A computing device comprising: a processor; a memory; a device analysis application stored in the memory and containing processor-executable instructions that, when executed by the processor, cause the processor to determine whether a mobile device has been compromised, wherein the processor-executable instructions are to cause the processor to: obtain file tree structure information for the mobile device, wherein the file tree structure information details at least a portion of a tree-based structure of folders and files in a portion of memory, analyze the file tree structure information to determine that the mobile device has been compromised, has not been compromised, or might be compromised, based on determining that the mobile device might be compromised, instruct the mobile device to execute a restricted action, wherein the mobile device includes at least a first user profile and a second user profile, the first user profile having a first associated portion of memory storing files and folders associated with the first user profile and the second user profile having a second associated portion of memory storing files and folder associated with the second user, and wherein the restricted action includes an operation carried out from within the first user profile with respect to a file or folder associated with the second user profile, determine that the restricted action occurs on the mobile device and, based on that occurrence, determine that the mobile device has been compromised, and 

11. The computing device of claim 10, wherein file structure information includes permissions associated with folders and files in the portion of the tree-based structure. 
18. The computing device of claim 10, wherein the instructions, when executed, are to cause the processor to take an action by at least one of sending a message to a remote device regarding the compromised mobile device, wiping the memory of the mobile device, storing in memory information regarding the compromised mobile device, disabling the mobile device, or changing settings at an enterprise network to deny access to the mobile device. 
19. The computing device of claim 10, wherein the instructions, when executed, are to cause the processor to take an action by at least one of sending a message to a remote device regarding the compromised mobile device, wiping the memory of the mobile device, storing in memory information regarding the compromised mobile device, disabling the mobile device, or changing settings at an enterprise network to deny access to the mobile device.
19. A non-transitory computer-readable storage medium storing processor-executable instructions to determine whether a mobile device has been compromised, the mobile device having an internal storage that includes a managed portion of memory and an unmanaged portion of memory, the mobile device having a managed profile and an unmanaged profile, wherein the managed profile includes files stored in the managed portion of memory and the unmanaged profile includes files stored in the unmanaged portion of memory, and wherein the managed profile is governed by a device policy set by a remote administrator, wherein the processor-executable instructions, when executed by a processor a remote server, are to cause the processor to: obtain file tree structure information for the unmanaged profile of the mobile device, wherein the file tree structure information details at least a portion of a tree-based structure of folders and files in the unmanaged portion of memory, determine from the file tree structure information that the mobile device is compromised, and based on the determination that the mobile device has been compromised, take an action.
20. A non-transitory computer-readable storage medium storing processor-executable instructions to determine whether a mobile device has been compromised, wherein the processor-executable instructions, when executed by a processor of the mobile device, are to cause the processor to: obtain file tree structure information for the mobile device, wherein the file tree structure information details at least a portion of a tree-based structure of folders and files in a portion of memory, analyze the file tree structure information to determine that the mobile device has been compromised, has not been compromised, or might be compromised, based on determining that the mobile device might be compromised, instruct the mobile device to execute a restricted action, wherein the mobile device includes at least a first user profile and a second user profile, the first user profile having a first associated portion of memory storing files and folders associated with the first user profile and the second user profile having a second associated portion of memory storing files and folder associated with the second user, and wherein the restricted action includes an operation carried out from within the first user profile with respect to a file or folder associated with the second user profile, determine that the restricted action occurs on the mobile device and, based on that occurrence, determine that the mobile device has been compromised, and based on the determination that the mobile device has been compromised, take an action.










This is a  provisional double patenting rejection.   


                                                      Claims Comparison Table

Current Application
16541795
Co-Pending Application
16541630
1. A computer-implemented method of determining whether a mobile device has been compromised, the mobile device having an internal storage that includes a managed portion of memory and an unmanaged portion of memory, the mobile device having a managed profile and an unmanaged profile, wherein the managed profile includes files stored in the managed portion of memory and the unmanaged profile includes files stored in the unmanaged portion of memory, and wherein the managed profile is governed by a device policy set by a remote administrator, the method comprising: obtaining file tree structure information for the unmanaged profile of the mobile device, wherein the file tree structure information details at least a portion of a tree-based structure of folders and files in the unmanaged portion of memory; determining from the file tree structure information that the mobile device has been compromised; and based on the determination that the mobile device has been compromised, taking an action. 
1. A computer-implemented method of determining whether a computing device has been compromised, the method comprising: obtaining file tree structure information for the computing device, wherein the file tree structure information details at least a portion of a tree-based structure of folders and files in a memory on the computing device; determining from the file tree structure information that the computing device is compromised; and based on the determination that the computing device has been compromised, taking an action.
2. The computer-implemented method of claim 1, wherein file structure information includes permissions associated with folders and files in the portion of the tree-based structure. 
2. The computer-implemented method of claim 1, wherein file tree structure information includes permissions associated with folders and files in the portion of the tree-based structure. 
3. The computer-implemented method of claim 2, wherein determining includes identifying a match between a permission setting of a file or folder on the mobile device and a compromised permission setting for that file or folder in a model. 
3. The computer-implemented method of claim 2, wherein determining includes identifying a match between a permission setting of a file or folder on the computing device and a compromised permission setting for that file or folder in a model.
9. The computer-implemented method of claim 1, wherein taking an action comprises at least one of sending a message to a remote device regarding the compromised mobile device, wiping the memory of the mobile device, storing in memory information regarding the 


10. An electronic device comprising: a processor; a memory; a device analysis application stored in the memory and containing processor-executable instructions that, when executed by the processor, cause the processor determine whether a computing device has been compromised, wherein the processor-executable instructions are to cause the processor to: obtain file tree structure information for the computing device, wherein the file tree structure information details at least a portion of a tree-based structure of folders and files in a memory on the computing device, determine from the file tree structure information that the computing device is compromised, and based on the determination that the computing device has been compromised, take an action. 
11. The computing device of claim 10, wherein file tree structure information includes permissions associated with folders and files in the portion of the tree-based structure. 
11. The electronic device of claim 10, wherein file tree structure information includes permissions associated with folders and files in the portion of the tree-based structure. 
14. The computing device of claim 11, wherein the instructions, when executed, are to cause the processor to determine that the mobile device is compromised by identifying a difference between a permission setting of a file or folder on the mobile device and an expected permission setting for that file or folder prescribed by an uncompromised device model. 
13. The electronic device of claim 11, wherein the instructions, when executed, are to cause the processor to determine that the computing device is compromised by identifying a difference between a permission setting of a file or folder on the computing device and an expected permission setting for that file or folder prescribed by an uncompromised device model. 
18. The computing device of claim 10, wherein the instructions, when executed, are to cause the processor to take an action by at least one of sending a message to a remote device regarding the compromised mobile device, wiping the memory of the mobile device, storing in memory information regarding the compromised mobile device, disabling the mobile device, or changing settings at an 


	20. A non-transitory computer-readable storage medium storing processor-executable instructions to determine whether a computing device has been compromised, wherein the processor-executable instructions, when executed by a processor, are to cause the processor to: obtain file tree structure information for the computing device, wherein the file tree structure information details at least a portion of a tree-based structure of folders and files in a memory on the computing device, determine from the file tree structure information that the computing device is compromised, and based on the determination that the computing device has been compromised, take an action.






Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 6, 11, 15 and 19 are rejected under 35 U.S.C 103 as being unpatentable over Xiao (US 2019/0394221, ids submitted) in view of Lam, US pat.No 20140344922 (Ids submitted).  


determining from the file tree structure information that the mobile device has been compromised; ([0055]: analyzing the application directory structure which includes subdirectories, hence a tree structure layout; [0056]: the examination parses code/library groups into common, uncommon and unrecognized groups, which might have malicious codes added)
and based on the determination that the mobile device has been compromised, taking an action. ([0050]: malicious malware determined and blocked). 
Xiao does not appear to explicitly disclose a computer-implemented method of determining whether a mobile device has been compromised, the mobile device having an internal storage that includes a managed portion of memory and an unmanaged portion of memory, the mobile device having a managed profile and an unmanaged profile, wherein the managed profile includes files stored in the managed portion of memory and the unmanaged profile includes files stored in the unmanaged portion of memory, and wherein the managed profile is governed by a device policy set by a remote administrator, the method comprising: 
However, Lam discloses a computer-implemented method of determining whether a mobile device has been compromised, the mobile device having an internal storage that includes a managed portion of memory and an unmanaged portion of memory, the mobile device having a managed profile and an unmanaged profile, wherein the managed profile includes files stored in the managed portion of memory and the unmanaged profile includes files stored in the unmanaged portion of memory, (Lam: Fig. 1, Items 12, 14, 22, 24; ¶ 0024; ¶ 0025,  “Referring to FIG. 1, a dual persona mobile device 10 is segregated for combined personal and work use by providing a pair of environments as a secure work application environment 12 (managed profile includes files stored in the managed portion of memory) and a personal application environment 14 (unmanaged profile includes files stored in the unmanaged portion of memory) provisioned on the device 10”…”  as further described below. As such, the exchange of sensitive work data 22 and sensitive personal data 24 can be inhibited 
Xiao and Lam are analogous art because they are from the same field of endeavor which is access control. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Xiao with the teaching of  Lam to include a dual environment because it would have allowed a secure work environment in order to improve data security. (See Lam, [0025])2. The combination of Xiao and Lam discloses the computer-implemented method of claim 1, wherein file structure information includes permissions associated with folders and files in the portion of the tree-based structure. ([0054], [0065]: permission to the application files)

6. The combination of Xiao and Lam discloses the computer-implemented method of claim 1, wherein determining includes determining that the file tree structure information includes information regarding files stored in the managed portion of memory. (Lam: Fig. 1, Items 12, 14, 22, 24; ¶ 0024; ¶ 0025)Xiao and Lam are analogous art because they are from the same field of endeavor which is access control. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Xiao with the teaching of  Lam to include a dual environment because it would have allowed a secure work environment in order to improve data security. 
11. As to claim 11, the claim is rejected under the same rationale as claim 2. See the rejection of claim 2 above.  

15. As to claim 15, the claim is rejected under the same rationale as claim 6. See the rejection of claim 6 above.   

Claims 3-5, 7-9, 12, 13, 14 and 16-18  are rejected under 35 U.S.C 103 as being unpatentable over Xiao (US 2019/0394221, ids submitted) in view of Lam, US pat. No 20140344922 in further view of Bowers (US 2017/0147827, ids submitted).
3. The combination of Xiao and Lam does not appear to explicitly disclose the computer-implemented method of claim 2, wherein determining includes identifying a match between a permission setting of a file or folder on the mobile device and a compromised permission setting for that file or folder in a model. 
However, Bowers discloses wherein determining includes identifying a match between a permission setting of a file or folder on the mobile device and a compromised permission setting for that file or folder in a model. (Bowers: ¶ 0054, “The integrity checking module 412 may include rules to identify a potential unauthorized creation, modification, and/or deletion of a file as a potential threat to the integrity of the computing device 400. For example, the integrity checking module 412 may perform a check to determine if a file (e.g., a passwd file) has been unexpectedly created, modified, and/or deleted. Files may be expected to be created, modified, and/or deleted at certain times of a day, week, month, year, etc. (e.g., updating a password, updating files according to regular reading/writing performed by user, etc.). ”). 
Xiao, Lam and Bowers are analogous art because they are from the same field of endeavor which is access control. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Xiao with the teaching of  Lam to include a dual environment because it would have allowed unauthorized access. 
The integrity checking module 412 may include rules to identify potentially unauthorized permissions (e.g., access, read, write, etc.) that have been given to a user and identified in the device integrity parameters as a potential threat to the integrity of the computing device 400”). 
Xiao, Lam and Bowers are analogous art because they are from the same field of endeavor which is access control. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Xiao with the teaching of  Lam to include a dual environment because it would have allowed unauthorized access. 
 5. The combination of Xiao and Lam does not appear to explicitly disclose the computer-implemented method of claim 2, wherein determining includes identifying a difference between a permission setting of a file or folder on the mobile device and an expected permission setting for that file or folder prescribed by an uncompromised device model. 
However, Bowers discloses wherein determining includes identifying a difference between a permission setting of a file or folder on the mobile device and an expected permission setting for that file or folder prescribed by an uncompromised device model. (Bowers: ¶ 0061, “The provisioner of the computing device 400 may define compromises (e.g., jailbreaking, rooting, etc.) and/or alterations (e.g., impermissible reading, writing, accessing of objects) of the computing device 400 as an unauthorized use of the computing device 400, such that compromising (e.g., jailbreaking, rooting, etc.) (uncompromised device model) and/or altering the computing device 400 may be flagged as a potential threat to the integrity of the computing device 400.”).
Xiao, Lam and Bowers are analogous art because they are from the same field of endeavor which is access control. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Xiao with the teaching of  Lam to include a dual environment because it would have allowed unauthorized access. 
 

However, Bowers disclose wherein the determining that the file tree structure information includes information regarding files stored in the managed portion of memory includes determining that the unmanaged profile lacks sufficient permissions for accessing the files stored in the managed portion of memory. (Bowers: Fig. 4, Items 404, 406; ¶ 0039- ¶ 0044,)
Xiao, Lam and Bowers are analogous art because they are from the same field of endeavor which is access control. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Xiao with the teaching of  Lam to include a dual environment because it would have allowed unauthorized access. 

8. The combination of Xiao and Lam does not appear to explicitly disclose the computer-implemented method of claim 1, wherein the mobile device includes a reporting agent operating within the unmanaged profile, and wherein obtaining includes receiving the file tree structure information at a remote server in a communication from the reporting agent. 
However, Bowers disclose wherein the mobile device includes a reporting agent operating within the unmanaged profile, and wherein obtaining includes receiving the file tree structure information at a remote server in a communication from the reporting agent. (Bowers: Fig. 2, Items 200, 202; ¶ 0028, “one or more computing devices 200-200 n may be capable of communicating digital messages to and/or from the external trusted network device 202 via the network 216.”; ¶ 0030, “Computing devices 200-200 n may be configured to run software. For example, the computing device 200 may run software that may include system software, application software, and/or the like.”).
Xiao, Lam and Bowers are analogous art because they are from the same field of endeavor which is access control. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Xiao with the teaching of  Lam to include a dual environment because it would have allowed unauthorized access. 

9. The combination of Xiao and Lam does not appear to explicitly disclose the computer-implemented method of claim 1, wherein taking an action comprises at least one of sending a message to a remote device regarding the compromised mobile device, wiping the memory of the mobile device, storing in memory information regarding the compromised mobile device, disabling the mobile device, or changing settings at an enterprise network to deny access to the mobile device. 
However, Bowers disclose wherein taking an action comprises at least one of sending a message to a remote device regarding the compromised mobile device, wiping the memory of the mobile device, storing in memory information regarding the compromised mobile device, disabling the mobile device, or changing settings at an enterprise network to deny access to the mobile device. (Bowers: ¶ 0102- ¶ 0103, “Text of the scanning result 762 may be provided to the user. The text of the interface 790 may allow additional information be provided to the user, provisioner, etc. of the device. For example, the text may indicate that the current scan did detect a compromise” (sending a message to a remote device regarding the compromised mobile device)).
Xiao, Lam and Bowers are analogous art because they are from the same field of endeavor which is access control. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Xiao with the teaching of  Lam to include a dual environment because it would have allowed unauthorized access. 
 
12. As to claim 12, the claim is  rejected under the same rationale as claim 3. See the rejection of claim 3 above.  

13. As to claim 13, the claim is rejected under the same rationale as claim 4. See the rejection of claim 4 above.  

14. As to claim 14, the claim is rejected under the same rationale as claim 5. See the rejection of claim 5 above.   

17. As to claim 17, the claim is rejected under the same rationale as claim 8. See the rejection of claim 8 above.  
18. As to claim 18, the claim is rejected under the same rationale as claim 9. See the rejection of claim 9 above.  
                                                                 Conclusion 
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Godman, US20190332576, title “ Filesystem block sampling to identify user consumption of storage resources. “
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSNEL JEUDY whose telephone number is (571)270-7476. The examiner can normally be reached M-F 10:00-8:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Arani T Taghi can be reached on (571)272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more 
Date: 3/16/2022
 /JOSNEL JEUDY/ Primary Examiner, Art Unit 2438