DETAILED ACTION
This action is in response to amendments filed 11/08/2021. Claims 1-20 are pending with claims 1, 3-20 having been amended.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
Acknowledgment is made of applicant's claim for foreign priority under 35 U.S.C. 119(a)-(d).  The certified copy has been received.

Response to Arguments
Applicant's arguments filed 11/08/2021 have been fully considered.
Applicant’s arguments with respect to the rejection(s) of claim(s) 1, 8 and 15 under 103 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Brouwer et al (US 2014/0281540)  and  Zamir (US 2016/0162279).

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1-20 of U.S. Patent No. 10,318,154. Although the claims at issue are not identical, they are not patentably distinct from each other because each and every element of the above independent claims 1, 8 and 15 of the present application is broader and therefore anticipated by the corresponding independent claims 1, 13 and 18 of U.S. Patent No. 10,318,154 and each dependent claim has a corresponding dependent claim.
16/427235 claim 1
10,318,154 Claim 18
A method comprising: by a first device: 






A method performed at a first device, the method comprising: 








determining, based on the first device detecting a change to at least one property of the first device, that  the first device ineligible to be included in a first verification sub- group; 


removing the first device from the first verification sub-group; 
managing different groups of devices, wherein each group of devices is associated with a respective set of properties required to be possessed by each device that is a member of the group of devices; 
identifying a first synchronization sub-group and a second synchronization sub-group in which the first device participates; 
actively monitoring properties associated with the first device to determine whether the first device is eligible for membership in one of the groups; 

in response to detecting, based on a first update to the properties associated with the first device, that the first device is eligible for membership in a first group of which the first device is not currently a member: 

sending, to at least one other device that is a member of the first group, an application for membership in the first group, wherein the application is signed with at least a private key of the first device, and 

receiving a notification, from a particular device of other devices that are members of the first group, that the first device is accepted as a member of the first group, wherein the notification comprises a message, signed by the particular device, that lists the members of the group including the first device; and 
determining that the first device is ineligible to participate in the first synchronization sub-group after being removed from the first verification sub- group, and the first device is remains eligible to participate in the second synchronization sub-group after being removed from the first verification sub- group; and 
in response to determining, based on a second update to the properties associated with the first device, that the first device is no longer eligible for membership in the first group: 
removing first data items associated with the first synchronization sub-group while maintaining second data items associated with the second synchronization sub- group.
sending, to at least one other device that is a member of the first group, a notification of a removal of the first device from the first group.


16/427235 claim 8
10,318,154 Claim 13
a first device comprising: at least one processor; and at least one memory storing instructions that, when executed by the memory at least processor cause the first device to carry out steps that include:
A first device, comprising: at least one processor; and at least one memory storing instructions that, when executed by the at least one processor, cause the first device to carry out steps that include:
determine based on the first device detecting a change to at least one property of the first device that the first device is no longer eligible to be included in a first verification sub- group; 


responsive to determining the first device is no longer eligible to be included in the first verification sub-group, removing the first device from the first verification sub-group;
managing different groups of devices, wherein each group of devices is associated with a respective set of properties required to be possessed by each device that is a member of the group of devices; 

identify a first synchronization sub-group and a second synchronization sub-group in which the first device participates;
actively monitoring properties associated with the first device to determine whether the first device is eligible for membership in one of the groups; 


in response to detecting, based on a first update to the properties associated with the first device, that the first device is eligible for membership in a first group of which the first device is not currently a member: 


sending, to at least one other device that is a member of the first group, an application for membership in the first group, wherein the application is signed with at least a private key of the first device, and 


receiving a notification, from a particular device of other devices that are members of the first group, that the first device is accepted as a member of the first group, wherein the notification comprises a message, signed by the particular device, that lists the members of the group including the first device; and 
determine the first device is no longer able to participate in the first synchronization sub-group after being removed from the first verification sub- group, and the first device is still able to participate in the second synchronization sub-group after being removed from the first verification sub- group; and
in response to determining, based on a second update to the properties associated with the first device, that the first device is no longer eligible for membership in the first group: 

remove each data item that belongs to the first synchronization sub-group while maintaining each data item that belongs to the second synchronization sub- group.
sending, to at least one other device that is a member of the first group, a notification of a removal of the first device from the first group.


16/427235 claim 15
10,318,154 Claim 1
A non-transitory computer-readable storage medium storing instructions that, when executed by a processor included in a first device cause the first device to carry out the steps that include:
At least one non-transitory computer readable storage medium configured to store instructions that, when executed by at least one processor included in a first device, cause the first device to carry out steps that include: 
determining based on the first device detecting a change to at least one property of the first device that the first device is ineligible to be included in a first verification sub- group; 


removing the first device from the first verification sub-group;
managing different groups of devices, wherein each group of devices is associated with a respective set of properties required to be possessed by each device that is a member of the group of devices; 

identifying a first synchronization sub-group and a second synchronization sub-group in which the first device participates;
actively monitoring properties associated with the first device to determine whether the first device is eligible for membership in one of the groups; 


in response to detecting, based on a first update to the properties associated with the first device, that the first device is eligible for membership in a first group of which the first device is not currently a member: 


sending, to at least one other device that is a member of the first group, an application for membership in the first group, wherein the application is signed with at least a private key of the first device, and 


receiving a notification, from a particular device of other devices that are members of the first group, that the first device is accepted as a member of the first group, wherein the notification comprises a message, signed by the particular device, that lists the members of the group including the first device; and 
Determining that the first device is ineligble to participate in the first synchronization sub-group after being removed from the first verification sub- group, and the first device is remains eligible to participate in the second synchronization sub-group after being removed from the first verification sub- group; and
in response to determining, based on a second update to the properties associated with the first device, that the first device is no longer eligible for membership in the first group: 

Removing first data items associated with the first synchronization sub-group while maintaining second data items associated with the second synchronization sub- group.
sending, to at least one other device that is a member of the first group, a notification of a removal of the first device from the first group.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Brouwer et al (US 2014/0281540) in view of Zamir (US 2016/0162279).
With respect to claim 1 Brouwer teaches 1 a method performed at a first device, the method comprising: 
determining based on a change to the first device, that the first device ineligible to be included in a first verification sub- group (See Brouwer paragraph 0091 i.e. Some embodiments allow a device to be removed from a sync circle. For instance, if a user of a device in the sync circle suspects that another device in the sync circle was not authorized to join the sync circle, the user lost a device in the sync circle, a device in the sync circle was stolen, etc., the user may remove the unwanted device from the sync circle); 
removing the first device from the first verification sub-group (See Brouwer paragraph 0090 device removal, paragraph 0072 and paragraph 0147 i.e. the process 1200 sends (at 1250) the encrypted keychain items and the delta manifest to the peer device through the secure communication channel. Once the process 1200 sends the information to the peer device, the process 1200 then determines (at 1260) whether any peer device in the sync circle is left to process. When the process 1200 determines that there is a peer device left to process, the process 1200 returns to 1210 to continue sending updates that were applied to the local keychain to the remaining peer devices in the sync circle. When the process 1200 determines that there is no peer device left to process, the process 1200 then ends enabling/disabling keychain syncing and paragraph 0063 sync circle status updates); 
identifying a first synchronization sub-group and a second synchronization sub-group in which the first device participates (see Brouwer paragraph 0235 i.e. a device may join several different sync circles for syncing different keychain items (e.g., using the techniques described above by reference to FIGS. 4-6). In some embodiments, several devices form several different sync circles in order to sync keychain items that belong to several different protection domains); 
determining that the first device is ineligible to participate in the first synchronization sub-group after being removed from the first verification sub- group, and the first device is remains eligible to participate in the second synchronization sub-group after being removed from the first verification sub- group (See Brouwer paragraph 0173 i.e. The devices 1630 in this example meets all conditions of the protection domain 4, but not all the conditions of the protection domain 5 while the device 1635 meets all conditions of the protection domain 5 but not all the conditions of the protection domain 4. As a result, the keychain item C4 is available for the device 1630's use but the keychain item C5 is not. The keychain item C5 is available for the device 1635's use but the keychain item C4 is not); and 
removing first data items associated with the first synchronization sub-group while maintaining second data items associated with the second synchronization sub- group (See Brouwer paragraph 0090 device removal, paragraph 0072 enabling/disabling keychain syncing and paragraph 0063 sync circle status updates).
Brouwer does not teaches determining based on the first device detecting a change to at least one property of the first device, that the first device ineligible to be included in a first verification sub- group
Zamir teaches the first device detecting the change to at least one property of the first device (see Zamir paragraph 0028 i.e. For example, the system can be configured to periodically (for example, hourly) upload any changes that occur on a client device (e.g., 200), such as for backup purposes. The system can monitor the uploaded changes from the client device (e.g., 200) and detect when a new version of an application or a new version of an operating system has been uploaded. For example, the system can detect new versions by monitoring the Windows MSI database, Windows Update catalog, and Windows event log and paragraph 0034).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Brouwer in view of Zamir have the client device uploaded changes such as a new version of an application or a new version of an operating system by monitoring the Windows MSI database, Windows Update catalog, and Windows event log for changes and uploading the changes to the server as way to keep track of the state of the client device. 

With respect to claim 3 Brouwer teaches the method of claim 1, wherein the first device remains eligible to be included in a second verification sub-group (see Brouwer paragraph 0162 i.e. Some embodiments of the invention provide a data protection feature for limiting access to keychain data (e.g., keychain items) on devices according to defined sets of conditions and/or requirements. In some embodiments, several different protection domains (also referred to as data protection classes) are defined and each keychain item on a device belongs to one of the defined protection domains. Each protection domain is associated with a set of conditions. When a set of conditions are met for a particular data protection domain, the keychain items in the device that belong to the particular protection domain becomes available for use by the device, paragraph 0170 and 0171).

With respect to claim 4 Brouwer teaches the method of claim 1, further comprising notifying other devices included in the first verification sub-group that the first device is removed from the first verification sub-group (see Brouwer paragraph 0091 i.e. Some embodiments allow a device to be removed from a sync circle. For instance, if a user of a device in the sync circle suspects that another device in the sync circle was not authorized to join the sync circle, the user lost a device in the sync circle, a device in the sync circle was stolen, etc., the user may remove the unwanted device from the sync circle).

With respect to claim 5 Brouwer teaches the method of claim 1, further comprising synchronizing the second data items with a second device that is included in a second verification sub-group in which the first device is still included (see Brouwer paragraph 0063 i.e. FIG. 4 conceptually illustrates an example of starting a sync circle 420 and adding devices to the sync circle 420 according to some embodiments of the invention. In particular, FIG. 4 illustrates three stages 405-415 of registering devices A and B into the sync circle 420. Each of the stages 405-410 shows a conceptual depiction of the sync circle 420 and a storage 425 that stores data for the sync circle 420. In some embodiments, the storage 425 is implemented in the cloud storage service 305 and includes the data in storages 310-330, which is described above by reference to FIG. 3. In conjunction with implementing the storage 425 in a cloud storage service, each device that is a member of the sync circle 420 stores a copy of the data in the storage 425 locally on the device paragraph 0162 i.e. Some embodiments of the invention provide a data protection feature for limiting access to keychain data (e.g., keychain items) on devices according to defined sets of conditions and/or requirements. In some embodiments, several different protection domains (also referred to as data protection classes) are defined and each keychain item on a device belongs to one of the defined protection domains. Each protection domain is associated with a set of conditions. When a set of conditions are met for a particular data protection domain, the keychain items in the device that belong to the particular protection domain becomes available for use by the device and paragraph 0170, 0171 and 0235 i.e. a device may join several different sync circles for syncing different keychain items (e.g., using the techniques described above by reference to FIGS. 4-6). In some embodiments, several devices form several different sync circles in order to sync keychain items that belong to several different protection domains).

With respect to claim 6 Brouwer teaches the method of claim 1, but does not disclose wherein the at least on property comprises a software aspect or hardware aspect of the first device.
Zamir teaches wherein the at least on property comprises a software aspect or hardware aspect of the first device (see Zamir paragraph 0028 i.e. For example, the system can be configured to periodically (for example, hourly) upload any changes that occur on a client device (e.g., 200), such as for backup purposes. The system can monitor the uploaded changes from the client device (e.g., 200) and detect when a new version of an application or a new version of an operating system has been uploaded. For example, the system can detect new versions by monitoring the Windows MSI database, Windows Update catalog, and Windows event log and paragraph 0034).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Brouwer in view of Zamir have the client device uploaded changes such as a new version of an application or a new version of an operating system by monitoring the Windows MSI database, Windows Update catalog, and Windows event log for changes and uploading the changes to the server as way to keep track of the state of the client device. 

With respect to claim 7 Brouwer teaches the method of claim 6, but does not disclose, wherein the at least one property comprises at least one of: an operating system of the first device; a remote wipe capability of the first device; a password strength of a master password assigned on the first device; an inclusion of a biometric hardware sensor within the first device; or an inclusion of a secure processor within the first device.
Zamir teaches wherein determining the first device is no longer eligible to be included in the first verification sub-group further comprises determining a property has changed of the first device, and wherein the at least one property comprises at least one of: an operating system of the first device; a remote wipe capability of the first device; a password strength of a master password assigned on the first device; and an inclusion of a biometric hardware sensor within the first device (see Zamir paragraph 0028 i.e. For example, the system can be configured to periodically (for example, hourly) upload any changes that occur on a client device (e.g., 200), such as for backup purposes. The system can monitor the uploaded changes from the client device (e.g., 200) and detect when a new version of an application or a new version of an operating system has been uploaded. For example, the system can detect new versions by monitoring the Windows MSI database, Windows Update catalog, and Windows event log and paragraph 0034).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Brouwer in view of Zamir have the client device uploaded changes such as a new version of an application or a new version of an operating system by monitoring the Windows MSI database, Windows Update catalog, and Windows event log for changes and uploading the changes to the server as way to keep track of the state of the client device. 

With respect to claim 8 Brouwer teaches a first device, comprising: at least one processor; and at least one memory storing instructions that when executed by the at least processor cause the first device to carry out that include; 
determining based on a change to the first device that the first device is ineligible to be included in a first verification sub- group (See Brouwer paragraph 0091 i.e. Some embodiments allow a device to be removed from a sync circle. For instance, if a user of a device in the sync circle suspects that another device in the sync circle was not authorized to join the sync circle, the user lost a device in the sync circle, a device in the sync circle was stolen, etc., the user may remove the unwanted device from the sync circle); 
removing the first device from the first verification sub-group (See Brouwer paragraph 0090 device removal, paragraph 0072 and paragraph 0147 i.e. the process 1200 sends (at 1250) the encrypted keychain items and the delta manifest to the peer device through the secure communication channel. Once the process 1200 sends the information to the peer device, the process 1200 then determines (at 1260) whether any peer device in the sync circle is left to process. When the process 1200 determines that there is a peer device left to process, the process 1200 returns to 1210 to continue sending updates that were applied to the local keychain to the remaining peer devices in the sync circle. When the process 1200 determines that there is no peer device left to process, the process 1200 then ends enabling/disabling keychain syncing and paragraph 0063 sync circle status updates); 
identifying a first synchronization sub-group and a second synchronization sub-group in which the first device participates (see Brouwer paragraph 0235 i.e. a device may join several different sync circles for syncing different keychain items (e.g., using the techniques described above by reference to FIGS. 4-6). In some embodiments, several devices form several different sync circles in order to sync keychain items that belong to several different protection domains); 
determine that the first device is ineligible to participate in the first synchronization sub-group after being removed from the first verification sub- group, and the first device is remains eligible to participate in the second synchronization sub-group after being removed from the first verification sub- group (See Brouwer paragraph 0173 i.e. The devices 1630 in this example meets all conditions of the protection domain 4, but not all the conditions of the protection domain 5 while the device 1635 meets all conditions of the protection domain 5 but not all the conditions of the protection domain 4. As a result, the keychain item C4 is available for the device 1630's use but the keychain item C5 is not. The keychain item C5 is available for the device 1635's use but the keychain item C4 is not); and 
removing first data items associated with the first synchronization sub-group while maintaining second data items associated with the second synchronization sub- group (See Brouwer paragraph 0090 device removal, paragraph 0072 enabling/disabling keychain syncing and paragraph 0063 sync circle status updates).
Brouwer does not teaches determining based on the first device detecting a change to at least one property of the first device, that the first device ineligible to be included in a first verification sub- group
Zamir teaches the first device detecting the change to at least one property of the first device (see Zamir paragraph 0028 i.e. For example, the system can be configured to periodically (for example, hourly) upload any changes that occur on a client device (e.g., 200), such as for backup purposes. The system can monitor the uploaded changes from the client device (e.g., 200) and detect when a new version of an application or a new version of an operating system has been uploaded. For example, the system can detect new versions by monitoring the Windows MSI database, Windows Update catalog, and Windows event log and paragraph 0034).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Brouwer in view of Zamir have the client device uploaded changes such as a new version of an application or a new version of an operating system by monitoring the Windows MSI database, Windows Update catalog, and Windows event log for changes and uploading the changes to the server as way to keep track of the state of the client device. 


With respect to claim 10 Brouwer teaches the first device of claim 8, wherein the first device remain eligible to be included in a second verification sub-group, (see Brouwer paragraph 0162 i.e. Some embodiments of the invention provide a data protection feature for limiting access to keychain data (e.g., keychain items) on devices according to defined sets of conditions and/or requirements. In some embodiments, several different protection domains (also referred to as data protection classes) are defined and each keychain item on a device belongs to one of the defined protection domains. Each protection domain is associated with a set of conditions. When a set of conditions are met for a particular data protection domain, the keychain items in the device that belong to the particular protection domain becomes available for use by the device, paragraph 0170 and 0171).

With respect to claim 11 Brouwer teaches the first device of claim 8, wherein the steps further include notifying other devices included in the first verification sub-group that the first device is removed from the first verification sub-group (see Brouwer paragraph 0091 i.e. Some embodiments allow a device to be removed from a sync circle. For instance, if a user of a device in the sync circle suspects that another device in the sync circle was not authorized to join the sync circle, the user lost a device in the sync circle, a device in the sync circle was stolen, etc., the user may remove the unwanted device from the sync circle).

With respect to claim 12 Brouwer teaches the first device of claim 8, further comprising synchronizing data items with a second device that is included in a second verification sub-group in which the first device is still included (see Brouwer paragraph 0063 i.e. FIG. 4 conceptually illustrates an example of starting a sync circle 420 and adding devices to the sync circle 420 according to some embodiments of the invention. In particular, FIG. 4 illustrates three stages 405-415 of registering devices A and B into the sync circle 420. Each of the stages 405-410 shows a conceptual depiction of the sync circle 420 and a storage 425 that stores data for the sync circle 420. In some embodiments, the storage 425 is implemented in the cloud storage service 305 and includes the data in storages 310-330, which is described above by reference to FIG. 3. In conjunction with implementing the storage 425 in a cloud storage service, each device that is a member of the sync circle 420 stores a copy of the data in the storage 425 locally on the device paragraph 0162 i.e. Some embodiments of the invention provide a data protection feature for limiting access to keychain data (e.g., keychain items) on devices according to defined sets of conditions and/or requirements. In some embodiments, several different protection domains (also referred to as data protection classes) are defined and each keychain item on a device belongs to one of the defined protection domains. Each protection domain is associated with a set of conditions. When a set of conditions are met for a particular data protection domain, the keychain items in the device that belong to the particular protection domain becomes available for use by the device and paragraph 0170, 0171 and 0235 i.e. a device may join several different sync circles for syncing different keychain items (e.g., using the techniques described above by reference to FIGS. 4-6). In some embodiments, several devices form several different sync circles in order to sync keychain items that belong to several different protection domains).

With respect to claim 13 Brouwer teaches the first device of claim 8, but does not disclose wherein the at least one property comprises software aspect or hardware aspect of the first device.
Zamir wherein the at least on property comprises a software aspect or hardware aspect of the first device (see Zamir paragraph 0028 i.e. For example, the system can be configured to periodically (for example, hourly) upload any changes that occur on a client device (e.g., 200), such as for backup purposes. The system can monitor the uploaded changes from the client device (e.g., 200) and detect when a new version of an application or a new version of an operating system has been uploaded. For example, the system can detect new versions by monitoring the Windows MSI database, Windows Update catalog, and Windows event log and paragraph 0034).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Brouwer in view of Zamir have the client device uploaded changes such as a new version of an application or a new version of an operating system by monitoring the Windows MSI database, Windows Update catalog, and Windows event log for changes and uploading the changes to the server as way to keep track of the state of the client device. 

With respect to claim 14 Brouwer teaches the first device of claim 13, but does not disclose wherein the at least one property comprises at least one of: a password strength of a master password assigned on the first device; an inclusion of a biometric hardware sensor within the first device; or an inclusion of a secure processor within the first device.
Zamir teaches wherein determining the first device is no longer eligible to be included in the first verification sub-group further comprises determining a property has changed of the first device, and wherein the at least one property comprises at least one of: an operating system of the first device; a remote wipe capability of the first device; a password strength of a master password assigned on the first device; and an inclusion of a biometric hardware sensor within the first device (see Zamir paragraph 0028 i.e. For example, the system can be configured to periodically (for example, hourly) upload any changes that occur on a client device (e.g., 200), such as for backup purposes. The system can monitor the uploaded changes from the client device (e.g., 200) and detect when a new version of an application or a new version of an operating system has been uploaded. For example, the system can detect new versions by monitoring the Windows MSI database, Windows Update catalog, and Windows event log and paragraph 0034).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Brouwer in view of Zamir have the client device uploaded changes such as a new version of an application or a new version of an operating system by monitoring the Windows MSI database, Windows Update catalog, and Windows event log for changes and uploading the changes to the server as way to keep track of the state of the client device. 

With respect to claim 15 Brouwer teaches a non-transitory computer readable medium configured to store instructions that, when executed by a processor included in a first device cause the first device to carry out steps that include:
determining based on a change to the first device that the first device ineligible to  be included in a first verification sub- group (See Brouwer paragraph 0091 i.e. Some embodiments allow a device to be removed from a sync circle. For instance, if a user of a device in the sync circle suspects that another device in the sync circle was not authorized to join the sync circle, the user lost a device in the sync circle, a device in the sync circle was stolen, etc., the user may remove the unwanted device from the sync circle); 
removing the first verification sub-group, removing the first device from the first verification sub-group (See Brouwer paragraph 0090 device removal, paragraph 0072 and paragraph 0147 i.e. the process 1200 sends (at 1250) the encrypted keychain items and the delta manifest to the peer device through the secure communication channel. Once the process 1200 sends the information to the peer device, the process 1200 then determines (at 1260) whether any peer device in the sync circle is left to process. When the process 1200 determines that there is a peer device left to process, the process 1200 returns to 1210 to continue sending updates that were applied to the local keychain to the remaining peer devices in the sync circle. When the process 1200 determines that there is no peer device left to process, the process 1200 then ends enabling/disabling keychain syncing and paragraph 0063 sync circle status updates); 
identifying a first synchronization sub-group and a second synchronization sub-group in which the first device participates (see Brouwer paragraph 0235 i.e. a device may join several different sync circles for syncing different keychain items (e.g., using the techniques described above by reference to FIGS. 4-6). In some embodiments, several devices form several different sync circles in order to sync keychain items that belong to several different protection domains); 
determine that: the first device is insligible to participate in the first synchronization sub-group after being removed from the first verification sub- group, and the first device is remains eligible to participate in the second synchronization sub-group after being removed from the first verification sub- group (See Brouwer paragraph 0173 i.e. The devices 1630 in this example meets all conditions of the protection domain 4, but not all the conditions of the protection domain 5 while the device 1635 meets all conditions of the protection domain 5 but not all the conditions of the protection domain 4. As a result, the keychain item C4 is available for the device 1630's use but the keychain item C5 is not. The keychain item C5 is available for the device 1635's use but the keychain item C4 is not); and 
removing first data items associated with the first synchronization sub-group while maintaining second data items associated with the second synchronization sub- group (See Brouwer paragraph 0090 device removal, paragraph 0072 enabling/disabling keychain syncing and paragraph 0063 sync circle status updates).
Brouwer does not teaches determining based on the first device detecting a change to at least one property of the first device, that the first device ineligible to be included in a first verification sub- group
Zamir teaches the first device detecting the change to at least one property of the first device (see Zamir paragraph 0028 i.e. For example, the system can be configured to periodically (for example, hourly) upload any changes that occur on a client device (e.g., 200), such as for backup purposes. The system can monitor the uploaded changes from the client device (e.g., 200) and detect when a new version of an application or a new version of an operating system has been uploaded. For example, the system can detect new versions by monitoring the Windows MSI database, Windows Update catalog, and Windows event log and paragraph 0034).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Brouwer in view of Zamir have the client device uploaded changes such as a new version of an application or a new version of an operating system by monitoring the Windows MSI database, Windows Update catalog, and Windows event log for changes and uploading the changes to the server as way to keep track of the state of the client device. 

With respect to claim 17 Brouwer teaches the non-transitory computer readable storage medium of claim 15, wherein the first device remains eligible to be included in a second verification sub-group (see Brouwer paragraph 0162 i.e. Some embodiments of the invention provide a data protection feature for limiting access to keychain data (e.g., keychain items) on devices according to defined sets of conditions and/or requirements. In some embodiments, several different protection domains (also referred to as data protection classes) are defined and each keychain item on a device belongs to one of the defined protection domains. Each protection domain is associated with a set of conditions. When a set of conditions are met for a particular data protection domain, the keychain items in the device that belong to the particular protection domain becomes available for use by the device, paragraph 0170 and 0171).

With respect to claim 18 Brouwer teaches the non-transitory computer readable storage medium of claim 15, wherein the processor is further to notify other devices included in the first verification sub-group that the first device is removed from the first verification sub-group (see Brouwer paragraph 0091 i.e. Some embodiments allow a device to be removed from a sync circle. For instance, if a user of a device in the sync circle suspects that another device in the sync circle was not authorized to join the sync circle, the user lost a device in the sync circle, a device in the sync circle was stolen, etc., the user may remove the unwanted device from the sync circle).

With respect to claim 19 Brouwer teaches the non-transitory computer readable storage medium of claim 15, further comprising synchronizing data items with a second device that is included in a second verification sub-group in which the first device is still included (see Brouwer paragraph 0063 i.e. FIG. 4 conceptually illustrates an example of starting a sync circle 420 and adding devices to the sync circle 420 according to some embodiments of the invention. In particular, FIG. 4 illustrates three stages 405-415 of registering devices A and B into the sync circle 420. Each of the stages 405-410 shows a conceptual depiction of the sync circle 420 and a storage 425 that stores data for the sync circle 420. In some embodiments, the storage 425 is implemented in the cloud storage service 305 and includes the data in storages 310-330, which is described above by reference to FIG. 3. In conjunction with implementing the storage 425 in a cloud storage service, each device that is a member of the sync circle 420 stores a copy of the data in the storage 425 locally on the device paragraph 0162 i.e. Some embodiments of the invention provide a data protection feature for limiting access to keychain data (e.g., keychain items) on devices according to defined sets of conditions and/or requirements. In some embodiments, several different protection domains (also referred to as data protection classes) are defined and each keychain item on a device belongs to one of the defined protection domains. Each protection domain is associated with a set of conditions. When a set of conditions are met for a particular data protection domain, the keychain items in the device that belong to the particular protection domain becomes available for use by the device and paragraph 0170, 0171 and 0235 i.e. a device may join several different sync circles for syncing different keychain items (e.g., using the techniques described above by reference to FIGS. 4-6). In some embodiments, several devices form several different sync circles in order to sync keychain items that belong to several different protection domains).

With respect to claim 20 Brouwer teaches the non-transitory computer readable storage medium of claim 15, but does not disclose wherein the at least one property comprises a software aspect or hardware aspect of the first device, and wherein the property comprises at least one of: an operating system of the first device; a remote wipe capability of the first device; a password strength of a master password assigned on the first device; and an inclusion of a biometric hardware sensor within the first device.
Zamir teaches wherein the at least one property comprises a software aspect or hardware aspect of the first device, and wherein the property comprises at least one of: an operating system of the first device; a remote wipe capability of the first device; a password strength of a master password assigned on the first device; and an inclusion of a biometric hardware sensor within the first device (see Zamir paragraph 0028 i.e. For example, the system can be configured to periodically (for example, hourly) upload any changes that occur on a client device (e.g., 200), such as for backup purposes. The system can monitor the uploaded changes from the client device (e.g., 200) and detect when a new version of an application or a new version of an operating system has been uploaded. For example, the system can detect new versions by monitoring the Windows MSI database, Windows Update catalog, and Windows event log and paragraph 0034).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Brouwer in view of Zamir have the client device uploaded changes such as a new version of an application or a new version of an operating system by monitoring the Windows MSI database, Windows Update catalog, and Windows event log for changes and uploading the changes to the server as way to keep track of the state of the client device. 

Claims 2, 9 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Brouwer et al (US 2014/0281540) in view of Zamir (US 2016/0162279) in view of Hanna (US 8,458,462).
With respect to claim 2 Brouwer teaches the method of claim 1, but does not disclose, wherein the first verification sub-group requires installation of a certain operating system to be eligible to be included in the first verification sub-group.
Hanna teaches wherein the first verification sub-group requires installation of a certain operating system to be eligible to be included in the first verification sub-group (see Hanna column 16 lines 13-64 i.e. Health policy database 94 defines a set of one or more policies that define specific criteria to which an endpoint device 10 must conform to be considered for participation in a multicast group. For example … A third policy may define permissible operating systems that can be installed on the endpoint devices, while additional policies may define the required patches for the different operation systems. Additional policies may define specific registry values, require enablement of software firewalls on the endpoint devices, or require that certain applications, such as applications known to be vulnerable to malicious software, not be installed on the endpoint. Other policies may define specific software "footprints" for known or typical malicious software, such as identifiers for threads or processes or resource consumption, that must be absent from the endpoint devices).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Brouwer in view of Hanna to have defined a set of one or more policies that define specific criteria to which an endpoint device must conform to be considered for participation in a group such as permissible operating systems that can be installed on the endpoint devices (see Hanna column 16 lines 13-64). Therefore one would have been motivated to have define a set of one or more policies that define specific criteria to which an endpoint device must conform to be considered for participation in a group.

With respect to claim 9 Brouwer teaches the first device of claim 8, but does not disclose wherein the first verification sub-group requires installation of a certain operating system to be eligible to be included in the first verification sub-group.
Hanna teaches wherein the first verification sub-group requires installation of a certain operating system to be eligible to be included in the first verification sub-group (see Hanna column 16 lines 13-64 i.e. Health policy database 94 defines a set of one or more policies that define specific criteria to which an endpoint device 10 must conform to be considered for participation in a multicast group. For example … A third policy may define permissible operating systems that can be installed on the endpoint devices, while additional policies may define the required patches for the different operation systems. Additional policies may define specific registry values, require enablement of software firewalls on the endpoint devices, or require that certain applications, such as applications known to be vulnerable to malicious software, not be installed on the endpoint. Other policies may define specific software "footprints" for known or typical malicious software, such as identifiers for threads or processes or resource consumption, that must be absent from the endpoint devices).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Brouwer in view of Hanna to have defined a set of one or more policies that define specific criteria to which an endpoint device must conform to be considered for participation in a group such as permissible operating systems that can be installed on the endpoint devices (see Hanna column 16 lines 13-64). Therefore one would have been motivated to have define a set of one or more policies that define specific criteria to which an endpoint device must conform to be considered for participation in a group.

With respect to claim 16 Brouwer teaches the non-transitory computer readable storage medium of claim 15, but does not disclose, wherein the first verification sub-group requires installation of a certain operating system to be eligible to be included in the first verification sub-group. 
Hanna teaches wherein the first verification sub-group requires installation of a certain operating system to be eligible to be included in the first verification sub-group (see Hanna column 16 lines 13-64 i.e. Health policy database 94 defines a set of one or more policies that define specific criteria to which an endpoint device 10 must conform to be considered for participation in a multicast group. For example … A third policy may define permissible operating systems that can be installed on the endpoint devices, while additional policies may define the required patches for the different operation systems. Additional policies may define specific registry values, require enablement of software firewalls on the endpoint devices, or require that certain applications, such as applications known to be vulnerable to malicious software, not be installed on the endpoint. Other policies may define specific software "footprints" for known or typical malicious software, such as identifiers for threads or processes or resource consumption, that must be absent from the endpoint devices).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Brouwer in view of Hanna to have defined a set of one or more policies that define specific criteria to which an endpoint device must conform to be considered for participation in a group such as permissible operating systems that can be installed on the endpoint devices (see Hanna column 16 lines 13-64). Therefore one would have been motivated to have define a set of one or more policies that define specific criteria to which an endpoint device must conform to be considered for participation in a group.

Prior Art not relied on
	Chang et al (US 2015/0215398) titled “WEB BROWSER SYNCHRONIZATION WITH MULTIPLE SIMULTANEOUS PROFILES”.
Kay et al (US 2015/0222700) titled “MODE INDICATORS FOR APPLICATIONS, WEB APPLICATIONS, AND BROWSER EXTENSIONS”.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DEVIN E ALMEIDA whose telephone number is (571)270-1018.  The examiner can normally be reached on Monday-Thursday from 7:30 A.M. to 5:00 P.M.  The examiner can also be reached on alternate Fridays from 7:30 A.M. to 4:00 P.M. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Saleh Najjar, can be reached on 571-272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).


/DEVIN E ALMEIDA/Examiner, Art Unit 2492                                                                                                                                                                                                        


/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492