Remarks
Claims 1-18 are pending.  

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Examiner’s Note
For all Ishikawa based combinations and rejections, and others, Applicant is directed to the 8/30/2013 and 3/6/2014 office actions in parent application #13/857,714, which describe how this subject matter is met by the references with respect to similar subject matter found in the rejections therein.  

Response to Arguments
Applicant’s arguments with respect to claims 1-18 have been considered but are moot in view of the new ground(s) of rejection provided below.  

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3, 5, 6, 8, 10, 12, 14, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Grajek (U.S. Patent Application Publication 2014/0082715) in view of Wong (U.S. Patent Application Publication 2014/0181290) and Canavor (U.S. Patent 9,767,262).  
Regarding Claim 1,
Grajek discloses a method performed by one or more data processing apparatuses, the method comprising:
Authenticating, by a data processing apparatus connected to a first network, the first device based on a first set of device specific credentials, wherein the authentication occurs within the first network (Exemplary Citations: for example, Abstract; Figures 1-4 and associated written description; Paragraphs 27-36, 45, 46, 50, 54-60, 62, 69-72, 79, 82-87, 89, 97-99, 101, 102, and associated figures; authenticating persistent and/or session token, checking revocation status thereof, etc., as examples);
After authenticating the first device, permitting the first device to access a second network different than the first network (Exemplary Citations: for example, Abstract; Figures 1-4 and associated written description; Paragraphs 27-36, 45, 46, 48, 54-60, 69-72, 79, 82-87, 89, 97-99, 101, 102, and associated figures; accessing network resource, such as third party service server, enterprise service server, or other network based resource, as examples);
Authenticating, by a data processing apparatus connected to the second network, a user based on user specific credentials associated with the user and different than the first set of device specific credentials, wherein the authentication occurs while the user is using the first device and occurs within the second network (Exemplary Citations: for example, Abstract; Figures 1-4 and associated written description; Paragraphs 27-36, 45, 46, 51, 54-60, 62, 69-72, 79, 82-87, 89, 97-99, 101, 102, and associated figures; authenticating app ID, user ID, username, password, PIN, etc., to gain access to network or local resource, using app ID, user ID, username, password, PIN, etc., to acquire additional credentials, or the like, as examples);
Applying a first policy associated with the first device to the user while the user is using the first device (Exemplary Citations: for example, Abstract; Figures 1-4 and associated written description; Paragraphs 27-36, 45, 46, 54-60, 62, 69-72, 79, 82-87, 89, 90, 97-99, 101, 102, 108, 109, and associated figures; this/these policy/policies may be any policy (it is noted that the word "policy" is extremely broad and covers at least any computer programming that is performed) that is used in any fashion (e.g., in logging the user in and allowing access to a resource, requiring logout through a set policy, performing authorization for particular resources, globally logging the user out of all resources, etc.), all of which are based on the identity, authentication, and/or authorization of each of the device credentials and user credentials, since resource access is only granted based on both credentials, for example);
Authenticating, by the data processing apparatus connected to the first network, a second device based on a second set of device specific credentials, wherein the authentication occurs within the first network (Exemplary Citations: for example, Abstract; Figures 1-4 and associated written description; Paragraphs 27-36, 45, 46, 50, 54-60, 62, 69-72, 79, 82-87, 89, 97-99, 101, 102, and associated figures; authenticating persistent and/or session token, checking revocation status thereof, etc., as examples.  It is noted that the same functionality occurring for another device in the same fashion is clearly within the scope of any reference that includes multiple devices and the processing specifically mentioned for at least one of the devices, such as in the multiple devices shown in Figure 1 of Grajek.  As one of ordinary skill in the art understands, users use multiple devices as well.  Furthermore, it would have been obvious to try letting a user have multiple devices and perform the same authentication procedures for a user with multiple devices because this is chosen from a finite number of identified, predictable solutions (i.e., a user has 1 device and a user has multiple devices), with a reasonable expectation of success, since a user being authenticated via a second device will succeed by using the same techniques that a user could be authenticated via a first device);
After authenticating the second device, permitting the second device to access the second network (Exemplary Citations: for example, Abstract; Figures 1-4 and associated written description; Paragraphs 27-36, 45, 46, 48, 54-60, 69-72, 79, 82-87, 89, 97-99, 101, 102, and associated figures; accessing network resource, such as third party service server, enterprise service server, or other network based resource, as examples);
Authenticating, by the data processing apparatus connected to the second network, the user based on the user specific credentials, the user specific credentials being different than the second set of device specific credentials, wherein the authentication occurs while the user is using the second device and occurs within the second network (Exemplary Citations: for example, Abstract; Figures 1-4 and associated written description; Paragraphs 27-36, 45, 46, 51, 54-60, 62, 69-72, 79, 82-87, 89, 97-99, 101, 102, and associated figures; authenticating app ID, user ID, username, password, PIN, etc., to gain access to network or local resource, using app ID, user ID, username, password, PIN, etc., to acquire additional credentials, or the like, as examples); and
Applying a second policy associated with the second device to the user while the user is using the second device, the second policy being different than the first policy (Exemplary Citations: for example, Abstract; Figures 1-4 and associated written description; Paragraphs 27-36, 45, 46, 54-60, 62, 69-72, 79, 82-87, 89, 90, 97-99, 101, 102, 108, 109, and associated figures; this/these policy/policies may be any policy (it is noted that the word "policy" is extremely broad and covers at least any computer programming that is performed) that is used in any fashion (e.g., in logging the user in and allowing access to a resource, requiring logout through a set policy, performing authorization for particular resources, globally logging the user out of all resources, etc.), all of which are based on the identity, authentication, and/or authorization of each of the device credentials and user credentials, since resource access is only granted based on both credentials, for example);
But may not explicitly disclose maintaining a plurality of profiles, each profile specifying at least an authentication indication that indicates whether a device associated with the profile requires authentication for certain operations and a credential generation indication that indicates whether the device associated with the profile requires a randomly generated set of credentials that are unique to the device associated with the profile and conforming to a plurality of parameters that specify that the credentials comprise particular characters, associating, by a mobile device manager, a first device with a particular profile of the plurality of profiles, the particular profile specifying that the first device requires authentication for certain operations and requires and that the first device have a randomly generated set of credentials that are unique to the first device and conforming to the plurality of parameters that specify that the credentials comprise particular characters, generating, by the mobile device manager and responsive to associating the first device with the particular profile, randomly generated set of credentials that comprises at least one of the particular characters.  
Wong discloses a method performed by one or more data processing apparatuses, the method comprising:
Authenticating, by a data processing apparatus connected to a first network, a first device based on a first set of device specific credentials, wherein the authentication occurs within the first network (Exemplary Citations: for example, Paragraphs 10, 12, 20-32, 34, 36-46, and associated figures; authenticating a device via credentials, such as MAC address, 802.1x, or the like, via the Internet, wireless network, or the like, for example);
After authenticating the first device, permitting the first device to access a second network different than the first network (Exemplary Citations: for example, Paragraphs 10, 12, 20-32, 34, 36-46, and associated figures; accessing enterprise network, resources cloud, or the like, for example);
Authenticating, by a data processing apparatus connected to the second network, a user based on user specific credentials associated with the user and different than the first set of device specific credentials, wherein the authentication occurs while the user is using the first device and occurs within the second network (Exemplary Citations: for example, Paragraphs 10, 12, 20-32, 34, 36-46, and associated figures; authenticating user, for example);
Applying a first policy associated with the first device to the user while the user is using the first device (Exemplary Citations: for example, Paragraphs 10, 12, 20-32, 34, 36-46, and associated figures; applying any of the many policies discussed, for example);
Authenticating, by the data processing apparatus connected to the first network, a second device based on a second set of device specific credentials, wherein the authentication occurs within the first network (Exemplary Citations: for example, Paragraphs 10, 12, 20-32, 34, 36-46, and associated figures; authenticating another device the user uses (e.g., laptop as second network endpoint, desktop as third network endpoint, mobile phone as fourth network endpoint, tablet as fifth network endpoint, or any other device used after any other device, for example);
After authenticating the second device, permitting the second device to access the second network (Exemplary Citations: for example, Paragraphs 10, 12, 20-32, 34, 36-46, and associated figures; as above, for another device, for example);
Authenticating, by the data processing apparatus connected to the second network, the user based on the user specific credentials, the user specific credentials being different than the second set of device specific credentials, wherein the authentication occurs while the user is using the second device and occurs within the second network (Exemplary Citations: for example, Paragraphs 10, 12, 20-32, 34, 36-46, and associated figures; as above, for another, for example); and
Applying a second policy associated with the second device to the user while the user is using the second device, the second policy being different than the first policy (Exemplary Citations: for example, Paragraphs 10, 12, 20-32, 34, 36-46, and associated figures; as above, for another, for example).  It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention, which is before any effective filing date of the claimed invention, to incorporate the session management techniques of Wong into the multifactor SSO authentication system of Grajek in order to allow the system to track a user through use of multiple devices, to ensure that users and user devices are only authorized for access where they are currently located, to provide for additional authentication techniques, and/or to increase security in the system.  
Canavor, however, discloses maintaining a plurality of profiles, each profile specifying at least an authentication indication that indicates whether a device associated with the profile requires authentication for certain operations and a credential generation indication that indicates whether the device associated with the profile requires a randomly generated set of credentials that are unique to the device associated with the profile and conforming to a plurality of parameters that specify that the credentials comprise particular characters (Exemplary Citations: for example, Column 1, line 59 to Column 2, line 13; Column 2, line 57 to Column 3, line 8; Column 3, lines 41-50; Column 4, lines 16-34; Column 4, lines 50-61; Column 5, lines 19-32; Column 5, line 57 to Column 6, line 4; Column 7, line 62 to Column 9, line 29; Column 13, lines 15-33; Column 16, line 61 to Column 17, line 5; and associated figures; configuration files, credential specifications, etc., with requirements for generating strong random passwords, character sets, for password for a certain device, for example);
Associating, by a mobile device manager, a first device with a particular profile of the plurality of profiles, the particular profile specifying that the first device requires authentication for certain operations and requires and that the first device have a randomly generated set of credentials that are unique to the first device and conforming to the plurality of parameters that specify that the credentials comprise particular characters (Exemplary Citations: for example, Column 1, line 59 to Column 2, line 13; Column 2, line 57 to Column 3, line 8; Column 3, lines 41-50; Column 4, lines 16-34; Column 4, lines 50-61; Column 5, lines 19-32; Column 5, line 57 to Column 6, line 4; Column 7, line 62 to Column 9, line 29; Column 13, lines 15-33; Column 16, line 61 to Column 17, line 5; and associated figures; associating device with above, for example); and
Generating, by the mobile device manager and responsive to associating the first device with the particular profile, randomly generated set of credentials that comprises at least one of the particular characters (Exemplary Citations: for example, Column 1, line 59 to Column 2, line 13; Column 2, line 57 to Column 3, line 8; Column 3, lines 41-50; Column 4, lines 16-34; Column 4, lines 50-61; Column 5, lines 19-32; Column 5, line 57 to Column 6, line 4; Column 7, line 62 to Column 9, line 29; Column 13, lines 15-33; Column 16, line 61 to Column 17, line 5; and associated figures; generating unique strong random credentials, for example).  It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention, which is before any effective filing date of the claimed invention, to incorporate the security credential management techniques of Canavor into the multifactor SSO authentication system of Grajek as modified by Wong in order to allow the system to include credential specification for each separate network site, to ensure that credential requirements for each site are met, to allow for automatic generation of the strongest passwords allowed at any given site, and/or to increase security in the system.  
Regarding Claim 8,
Claim 18 is a medium claim that corresponds to method claim 1 and is rejected for the same reasons.  
Regarding Claim 14,
Claim 14 is a system claim that corresponds to method claim 1 and is rejected for the same reasons.  
Regarding Claim 3,
Grajek as modified by Wong and Canavor discloses the method of claim 1, in addition, Grajek discloses that authenticating the first and second user devices occurs via an insecure method, and authenticating the user occurs via a secure method (Exemplary Citations: for example, Abstract; Figures 1-4 and associated written description; Paragraphs 27-36, 45, 46, 54-60, 69-72, 79, 82-87, 89, 97-99, 101, 102, and associated figures; using HTTP for token authentication communication and HTTPS for app ID authentication communication, for example); and
Wong discloses that authenticating the first and second user devices occurs via an insecure method, and authenticating the user occurs via a secure method (Exemplary Citations: for example, Paragraphs 10, 12, 20-32, 34, 36-46, and associated figures; insecure may be any method that is less secure than a second method, such as by authenticating over the Internet vs. local network or MAC address authentication being less secure than 802.1x or RADIUS authentication, for example).  
Regarding Claim 10,
Claim 10 is a medium claim that corresponds to method claim 3 and is rejected for the same reasons.  
Regarding Claim 16,
Claim 16 is a system claim that corresponds to method claim 3 and is rejected for the same reasons.  
Regarding Claim 5,
Grajek as modified by Wong and Canavor discloses the method of claim 1, in addition, Grajek discloses that authenticating the first and second devices occurs via a secure method (Exemplary Citations: for example, Abstract; Figures 1-4 and associated written description; Paragraphs 27-36, 45, 46, 54-60, 69-72, 79, 82-87, 89, 97-99, 101, 102 and associated figures; as explained above, insecure vs. secure is subjective; any security could be considered secure and anything less secure than something else may be considered insecure, for example); and
Wong discloses that authenticating the first and second devices occurs via a secure method (Exemplary Citations: for example, Paragraphs 10, 12, 20-32, 34, 36-46, and associated figures; secure authentication, such as 802.1x.  As explained above, insecure vs. secure is subjective; any security could be considered secure and anything less secure than something else may be considered insecure, for example).  
Regarding Claim 12,
Claim 12 is a medium claim that corresponds to method claim 5 and is rejected for the same reasons.  
Regarding Claim 6,
Grajek as modified by Wong and Canavor discloses the method of claim 1, in addition, Wong discloses tracking a usage pattern of the first device based on the user specific credentials of the user of the device (Exemplary Citations: for example, Paragraphs 10, 12, 20-32, 34, 36-46, and associated figures; tracking user through session(s) on multiple devices, for example).  

Claims 2, 9, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Grajek in view of Wong, Canavor, and Chen (U.S. Patent Application Publication 2006/0225130).  
Regarding Claim 2,
Grajek as modified by Wong and Canavor discloses the method of claim 1, in addition, Grajek discloses that the first device specific credentials and the second device specific credentials include device specific usernames and passwords (Exemplary Citations: for example, Abstract; Figures 1-4 and associated written description; Paragraphs 27-36, 45, 46, 54-60, 69-72, 79, 82-87, 89, 97-99, 101, 102, and associated figures); and
Wong discloses that the first device specific credentials and the second device specific credentials include device specific usernames (Exemplary Citations: for example, Paragraphs 10, 12, 20-32, 34, 36-46, and associated figures);
But Grajek and Wong do not explicitly disclose that the first and second device specific credentials include passwords.  
Chen, however, discloses that the first device specific credentials and the second device specific credentials include device specific usernames and passwords (Exemplary Citations: for example, Paragraphs 9, 11, 21, and associated figures; generating random username and random password for use in authenticating the device until the credentials expire, for example).  It would have been obvious to one of ordinary skill in the art at the time of applicant's invention, which is before the effective filing date of the claimed invention, to incorporate the secure credential generation and usage techniques of Chen into the multifactor SSO authentication system of Grajek as modified by Wong and Canavor in order to provide the credentials in a secure fashion, and/or to allow the client and server to generate a secure key from the credentials, thereby facilitating secure communications of any data that is sent.  
Regarding Claim 9,
Claim 9 is a medium claim that corresponds to method claim 2 and is rejected for the same reasons.  
Regarding Claim 15,
Claim 15 is a system claim that corresponds to method claim 2 and is rejected for the same reasons.  

Claims 4, 11, 17, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Grajek in view of Wong, Canavor, and Reed (U.S. Patent Application Publication 2005/0154785).  
Regarding Claim 4,
Grajek as modified by Wong and Canavor discloses the method of claim 1, in addition, Grajek discloses that the insecure method includes HTTP, and the second method includes HTTPS (Exemplary Citations: for example, Abstract; Figures 1-4 and associated written description; Paragraphs 27-36, 45, 46, 54-60, 69-72, 79, 82-87, 89, 97-99, 101, 102 and associated figures);
But does not explicitly refer to HTTP Basic Auth.  
Reed, however, discloses that the insecure method includes HTTP Basic Auth (Exemplary Citations: for example, Paragraphs 50, 104, 123, and associated figures; HTTP basic authentication being used to authenticate the client, for example).  It would have been obvious to one of ordinary skill in the art at the time of applicant's invention, which is before the effective filing date of the claimed invention, to incorporate the authentication techniques of Reed into the multifactor SSO authentication system of Grajek as modified by Wong and Canavor in order to allow the system to use a well-known technique to authenticate the client that is widely used, thereby allowing for high compatibility among devices.  
Regarding Claim 11,
Claim 11 is a medium claim that corresponds to method claim 4 and is rejected for the same reasons.  
Regarding Claim 17,
Claim 17 is a system claim that corresponds to method claim 4 and is rejected for the same reasons.  
Regarding Claim 18,
Grajek as modified by Wong, Canavor, and Reed discloses the system of claim 17, in addition, Grajek discloses that authenticating the first and second devices occurs via a secure method (Exemplary Citations: for example, Abstract; Figures 1-4 and associated written description; Paragraphs 27-36, 45, 46, 54-60, 69-72, 79, 82-87, 89, 97-99, 101, 102 and associated figures; as explained above, insecure vs. secure is subjective; any security could be considered secure and anything less secure than something else may be considered insecure, for example); and
Wong discloses that authenticating the first and second devices occurs via a secure method (Exemplary Citations: for example, Paragraphs 10, 12, 20-32, 34, 36-46, and associated figures; secure authentication, such as 802.1x.  As explained above, insecure vs. secure is subjective; any security could be considered secure and anything less secure than something else may be considered insecure, for example).  

Claims 7 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Grajek in view of Wong, Canavor, and Schmelzer (U.S. Patent Application Publication 2012/0215328).  
Regarding Claim 7,
Grajek as modified by Wong and Canavor discloses the method of claim 6, in addition, Wong discloses logging the user out of the first device in response to the usage pattern indicating that the user has used the first device for a time greater than a maximum usage time associated with the first device (Exemplary Citations: for example, Paragraphs 10, 12, 20-32, 34, 36-46, and associated figures; terminating session with longest period of idle time, timeout locks, or the like, for example).  
Schmelzer also discloses logging the user out of the first device in response to the usage pattern indicating that the user has used the first device for a time greater than a maximum usage time associated with the first device (Exemplary Citations: for example, Paragraphs 29, 36, 45, 47, 61, 69-72 and associated figures; showing various timers for unlocking a device of functionality thereof, such as providing 1 hour of TV time or 4 hours of gaming, where such access will be locked upon crossing the threshold, for example).  It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention, which is before the effective filing date of the claimed invention, to incorporate the activity monitoring techniques of Schmelzer into the multifactor SSO authentication system of Grajek as modified by Wong and Canavor in order to allow the system to provide access to various systems and functionality based on activities performed, thereby ensuring that a user will perform certain activities prior to being able to gain access to the system or devices, applications, features, etc. thereof, and/or to allow certain parties, such as parents, bosses, and the like, lock out their child’s or employee’s access to devices, applications, features, and the like, thereby allowing concerned parties to control user access.  
Regarding Claim 13,
Claim 13 is a medium claim that corresponds to method claim 7 and is rejected for the same reasons.  

Claims 1, 2, 6-9, and 13-15 are rejected under 35 U.S.C. 103 as being unpatentable over Ichikawa (U.S. Patent Application Publication 2009/0222896) in view of Schmelzer, Hoese (U.S. Patent 5,941,972), and Canavor.
Regarding Claim 1,
Ichikawa discloses a method performed by one or more data processing apparatuses, the method comprising:
Authenticating, by a data processing apparatus connected to a first network, the first device based on a first set of device specific credentials, wherein the authentication occurs within the first network (Exemplary Citations: for example, Paragraphs 101-107, 139, 164-169, and associated figures);
After authenticating the first device, permitting the first device to access a storage system different than the first network (Exemplary Citations: for example, Paragraphs 108-109, 170-172, and associated figures);
Authenticating, by a data processing apparatus connected to the storage system, a user based on user specific credentials associated with the user and different than the first set of device specific credentials, wherein the authentication occurs while the user is using the first device and occurs within the storage system (Exemplary Citations: for example, Paragraphs 111-120, 173-182, and associated figures);
Applying a first policy associated with the first device to the user while the user is using the first device (Exemplary Citations: for example, Paragraphs 110-122, 172-184, 188-202, 222-226, and associated figures; allowing the user and first device to access the LUs, for example);
Authenticating, by the data processing apparatus connected to the first network, a second device based on a second set of device specific credentials, wherein the authentication occurs within the first network (Exemplary Citations: for example, Paragraphs 14, 101-107, 139, 164-169, 188-192, and associated figures; authenticating the second device in the same fashion as the first device, for example);
After authenticating the second device, permitting the second device to access the storage system (Exemplary Citations: for example, Paragraphs 14, 101-109, 139, 164-172, 188-192, and associated figures);
Authenticating, by the data processing apparatus connected to the storage system, the user based on the user specific credentials, the user specific credentials being different than the second set of device specific credentials, wherein the authentication occurs while the user is using the second device and occurs within the storage system (Exemplary Citations: for example, Paragraphs 111-120, 173-182, 188-202, 222-226, and associated figures; authenticating the user while the user is using another device (e.g., client B), for example); and
Applying a second policy associated with the second device to the user while the user is using the second device (Exemplary Citations: for example, Paragraphs 110-122, 172-184, 188-202, 222-226, and associated figures; allowing the user and second device to access the LUs, for example); and
Ichikawa discloses that a storage router may be used to connect to the storage devices using SCSI and to connect to the devices using TCP/IP and/or FC (Exemplary Citations: for example, Paragraphs 90-91, 152-153, and associated figures; as just explained);
But does not appear to explicitly disclose the second policy being different than the first policy, or that the storage system is a second network, maintaining a plurality of profiles, each profile specifying at least an authentication indication that indicates whether a device associated with the profile requires authentication for certain operations and a credential generation indication that indicates whether the device associated with the profile requires a randomly generated set of credentials that are unique to the device associated with the profile and conforming to a plurality of parameters that specify that the credentials comprise particular characters, associating, by a mobile device manager, a first device with a particular profile of the plurality of profiles, the particular profile specifying that the first device requires authentication for certain operations and requires and that the first device have a randomly generated set of credentials that are unique to the first device and conforming to the plurality of parameters that specify that the credentials comprise particular characters, generating, by the mobile device manager and responsive to associating the first device with the particular profile, randomly generated set of credentials that comprises at least one of the particular characters.  
Schmelzer, however, discloses the second policy being different than the first policy (Exemplary Citations: for example, Paragraphs 15, 26, 29-36, 38, 42, 60, 61, and associated figures; each of the devices having a different policy, such as the TV being unlocked after certain activities, but the computer remaining locked until other activities are performed, or a gaming device remaining locked or being unlocked independently of the other devices, and/or profiles that specify specific behavior on each device, where each device may be locked/unlocked independently and/or have functionality, applications, features, etc. thereon locked/unlocked independently from other devices and the like, as examples).  It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention, which is before any effective filing date of the claimed invention, to incorporate the activity monitoring techniques of Schmelzer into the access control system of Ichikawa in order to allow the system to provide access to various systems and functionality based on activities performed, thereby ensuring that a user will perform certain activities prior to being able to gain access to the system or devices, applications, features, etc. thereof, and/or to allow certain parties, such as parents, bosses, and the like, lock out their child’s or employee's access to devices, applications, features, and the like, thereby allowing concerned parties to control user access.  
Hoese, however, discloses that the storage system comprises a second network connecting the storage router and storage devices, such that the storage router can provide access controls to the storage devices (Exemplary Citations: for example, Abstract; Figures 2-3 and associated written description; Column 1, line 58 to Column 2, line 17; Column 3, line 24 to Column 4, line 52; and associated figures).  It would have been obvious to one of ordinary skill in the art at the time of applicant's invention, which is before any effective filing date of the claimed invention, to incorporate the storage router and storage network techniques of Hoese into the access control system of Ichikawa as modified by Schmelzer in order to allow storage devices as well as client devices to communicate in their own protocols, and to include a system that translates between the protocols, thereby allowing access to data stored on the storage devices/network by the client devices on another network, and/or to implement access controls at the storage router, thereby ensuring that only authorized entities can even see data on the storage devices/network, while also allowing access to global data by other clients.  
Canavor, however, discloses maintaining a plurality of profiles, each profile specifying at least an authentication indication that indicates whether a device associated with the profile requires authentication for certain operations and a credential generation indication that indicates whether the device associated with the profile requires a randomly generated set of credentials that are unique to the device associated with the profile and conforming to a plurality of parameters that specify that the credentials comprise particular characters (Exemplary Citations: for example, Column 1, line 59 to Column 2, line 13; Column 2, line 57 to Column 3, line 8; Column 3, lines 41-50; Column 4, lines 16-34; Column 4, lines 50-61; Column 5, lines 19-32; Column 5, line 57 to Column 6, line 4; Column 7, line 62 to Column 9, line 29; Column 13, lines 15-33; Column 16, line 61 to Column 17, line 5; and associated figures; configuration files, credential specifications, etc., with requirements for generating strong random passwords, character sets, for password for a certain device, for example);
Associating, by a mobile device manager, a first device with a particular profile of the plurality of profiles, the particular profile specifying that the first device requires authentication for certain operations and requires and that the first device have a randomly generated set of credentials that are unique to the first device and conforming to the plurality of parameters that specify that the credentials comprise particular characters (Exemplary Citations: for example, Column 1, line 59 to Column 2, line 13; Column 2, line 57 to Column 3, line 8; Column 3, lines 41-50; Column 4, lines 16-34; Column 4, lines 50-61; Column 5, lines 19-32; Column 5, line 57 to Column 6, line 4; Column 7, line 62 to Column 9, line 29; Column 13, lines 15-33; Column 16, line 61 to Column 17, line 5; and associated figures; associating device with above, for example); and
Generating, by the mobile device manager and responsive to associating the first device with the particular profile, randomly generated set of credentials that comprises at least one of the particular characters (Exemplary Citations: for example, Column 1, line 59 to Column 2, line 13; Column 2, line 57 to Column 3, line 8; Column 3, lines 41-50; Column 4, lines 16-34; Column 4, lines 50-61; Column 5, lines 19-32; Column 5, line 57 to Column 6, line 4; Column 7, line 62 to Column 9, line 29; Column 13, lines 15-33; Column 16, line 61 to Column 17, line 5; and associated figures; generating unique strong random credentials, for example).  It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention, which is before any effective filing date of the claimed invention, to incorporate the security credential management techniques of Canavor into the access control system of Ichikawa as modified by Schmelzer and Hoese in order to allow the system to include credential specification for each separate network site, to ensure that credential requirements for each site are met, to allow for automatic generation of the strongest passwords allowed at any given site, and/or to increase security in the system.  
Regarding Claim 8,
Claim 18 is a medium claim that corresponds to method claim 1 and is rejected for the same reasons.  
Regarding Claim 14,
Claim 14 is a system claim that corresponds to method claim 1 and is rejected for the same reasons.  
Regarding Claim 2,
Ichikawa as modified by Schmelzer, Hoese, and Canavor discloses the method of claim 1, in addition, Ichikawa discloses that the first device specific credentials and the second device specific credentials include device specific usernames and passwords (Exemplary Citations: for example, Paragraphs 14, 101-107, 139, 164-169, 188-192, and associated figures).  
Regarding Claim 9,
Claim 9 is a medium claim that corresponds to method claim 2 and is rejected for the same reasons.  
Regarding Claim 15,
Claim 15 is a system claim that corresponds to method claim 2 and is rejected for the same reasons.  
Regarding Claim 6,
Ichikawa as modified by Schmelzer, Hoese, and Canavor discloses the method of claim 1, in addition, Schmelzer discloses tracking a usage pattern of the first device based on the user specific credentials of the user of the device (Exemplary Citations: for example, Paragraphs 14-21, 27, 29-33, 36, 38, 46-48, 56, and associated figures).  
Regarding Claim 7,
Ichikawa as modified by Schmelzer, Hoese, and Canavor discloses the method of claim 6, in addition, Schmelzer discloses logging the user out of the first device in response to the usage pattern indicating that the user has used the first device for a time greater than a maximum usage time associated with the first device (Exemplary Citations: for example, Paragraphs 29, 36, 45, 47, 61, 69-72, and associated figures).  
Regarding Claim 13,
Claim 13 is a medium claim that corresponds to method claim 7 and is rejected for the same reasons.  

Claims 3, 5, 10, 12, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Ichikawa in view of Schmelzer, Hoese, Canavor, and Kramer (U.S. Patent 6,986,040).
Regarding Claim 3,
Ichikawa as modified by Schmelzer, Hoese, and Canavor discloses the method of claim 1, in addition, Ichikawa discloses that authenticating the first and second devices occurs via an insecure method and authenticating the user occurs via a secure method (Exemplary Citations: for example, Paragraphs 14, 101-107, 139, 164-169, 188-192, and associated figures; all methods are subjectively secure/insecure and change between the 2 depending on what they are being compared against, for example).  
Kramer also discloses that authenticating the first and second devices occurs via an insecure method and authenticating the user occurs via a secure method (Exemplary Citations: for example, Column 6, line 29 to Column 7, line 3; Column 7, lines 20-45, and associated figures).  It would have been obvious to one of ordinary skill in the art at the time of applicant's invention to incorporate the authorization techniques of Kramer into the access control system of Ichikawa as modified by Schmelzer, Hoese, and Canavor in order to allow the system to readily grant access to various applications and services via a trusted web server/ticket service, such that each of the application server and user/client only need to trust the web server/ticket service in order to mutually trust and authenticate each other, and/or to ensure that secured connections are used whenever user authentication credentials are transmitted.  
Regarding Claim 10,
Claim 10 is a medium claim that corresponds to method claim 3 and is rejected for the same reasons.  
Regarding Claim 16,
Claim 16 is a system claim that corresponds to method claim 3 and is rejected for the same reasons.  
Regarding Claim 5,
Ichikawa as modified by Schmelzer, Hoese, and Canavor discloses the method of claim 1, in addition, Ichikawa discloses that authenticating the first and second devices occurs via a secure method (Exemplary Citations: for example, Paragraphs 14, 101-107, 139, 164-169, 188-192, and associated figures).  
Kramer also discloses that authenticating the first and second devices occurs via a secure method (Exemplary Citations: for example, Column 6, line 29 to Column 7, line 3; Column 7, lines 20-45; and associated figures; sending session ID in encrypted form, for example).  It would have been obvious to one of ordinary skill in the art at the time of applicant's invention to incorporate the authorization techniques of Kramer into the access control system of Ichikawa as modified by Schmelzer, Hoese, and Canavor in order to allow the system to readily grant access to various applications and services via a trusted web server/ticket service, such that each of the application server and user/client only need to trust the web server/ticket service in order to mutually trust and authenticate each other, and/or to ensure that secured connections are used whenever user authentication credentials are transmitted.  
Regarding Claim 12,
Claim 12 is a medium claim that corresponds to method claim 5 and is rejected for the same reasons.  

Claims 4, 11, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Ichikawa in view of Schmelzer, Hoese, Canavor, Kramer, and Reed.
Regarding Claim 4,
Ichikawa as modified by Schmelzer, Hoese, Canavor, and Kramer discloses the method of claim 3, in addition, Kramer discloses that the secure method includes HTTPS (Exemplary Citations: for example, Column 5, lines 37-67; Column 6, line 40 to Column 7, line 3; Column 9, lines 8-67; and associated figures);
But does not explicitly disclose that the insecure method includes HTTP Basic Auth.  
Reed, however, discloses that the insecure method includes HTTP Basic Auth (Exemplary Citations: for example, Paragraphs 50, 104, 123, and associated figures; HTTP basic authentication being used to authenticate the client, for example).  It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention to incorporate the authentication techniques of Reed into the access control system of Ichikawa as modified by Schmelzer, Hoese, Canavor, and Kramer in order to allow the system to use a well-known technique to authenticate the client that is widely used, thereby allowing for high compatibility among devices.  
Regarding Claim 11,
Claim 11 is a medium claim that corresponds to method claim 4 and is rejected for the same reasons.  
Regarding Claim 17,
Claim 17 is a system claim that corresponds to method claim 4 and is rejected for the same reasons.  

Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Ichikawa in view of Schmelzer, Hoese, Canavor, Reed, and Kramer.
Regarding Claim 18,
Ichikawa as modified by Schmelzer, Hoese, Canavor, and Reed discloses the system of claim 17, in addition, Ichikawa discloses that authenticating the first and second devices occurs via a secure method (Exemplary Citations: for example, Paragraphs 14, 101-107, 139, 164-169, 188-192, and associated figures).
Kramer also discloses that authenticating the first and second devices occurs via a secure method (Exemplary Citations: for example, Column 6, line 29 to Column 7, line 3; Column 7, lines 20-45; and associated figures).  It would have been obvious to one of ordinary skill in the art at the time of applicant's invention to incorporate the authorization techniques of Kramer into the access control system of Ichikawa as modified by Schmelzer, Hoese, Canavor, and Reed in order to allow the system to readily grant access to various applications and services via a trusted web server/ticket service, such that each of the application server and user/client only need to trust the web server/ticket service in order to mutually trust and authenticate each other, and/or to ensure that secured connections are used whenever user authentication credentials are transmitted.  

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jeffrey D Popham whose telephone number is (571)272-7215. The examiner can normally be reached Monday through Friday 9:00-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/Jeffrey D. Popham/Primary Examiner, Art Unit 2432