DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

The following is a Final Office action in response to applicant's amendment and response received 03/24/2022, responding to the 01/10/2022 non-final/final office action provided in rejection of claims 1-17.

Claims 1, 3, 5, 7, 9, and 11-17 have been amended. Claim 2, 4, 6, 8, and 10 have been cancelled. Claims 1, 3, 5, 7, 9, and 11-17 are pending and are addressed in this office action. New grounds of rejection are presented in view of the newly presented limitation(s).
Examiner notes
 (A). Examiner interpreted “unit” and “controller” as software module / process which have been recited in claims 1, 15, and 17.
(B). Drawings submitted on 07/01/2019 comply with the provisions of 37 CFR 1.121(d), and have been fully considered by the Examiner.
(C)  Limitations have been provided with the Bold fonts in order to distinguish from the cited part of the reference (Italic).
(D).  Examiner has cited particular columns, line numbers, references, or figures in the references applied to the claims above for the convenience of the applicant. Although the specified citations are representative of the teachings of passages and figures may apply as well. It is respectfully requested from the applicant in preparing responses to fully consider the reference in entirety, as potentially teaching all or part of the claimed invention. See MPEP §§ 2141.02 and 2123.
The examiner requests, in response to this Office action, support be shown for language added to any original claims on amendment and any new claims. That is, indicate support for newly added claim language by specifically pointing to page(s) and line number(s) in the specification and/or drawing figure(s). This will assist the examiner in prosecuting the application.
When responding to this office action, Applicant is advised to clearly point out the patentable novelty which he or she thinks the claims present, in view of the state of the art disclosed by the references cited or the objections made. He or she must also show how the amendments avoid such references or objections See 37 CFR 1.111 (c).
Internet E-mail
A written authorization by Applicant is required for the Examiner to respond via Internet e-mail to any Internet correspondence which contains information subject to the confidentiality requirement as set forth in 35 U.S.C. 122, such as proposed Examiner’s Amendments or interview agenda items (MPEP 502.03; See Internet Usage Policy, 64 FR 33056 (June 21, 1999)). To authorize e-mail communications from the Examiner (e.g. proposed Examiner’s Amendments), the Applicant must place a written authorization in the record. Applicant may authorize electronic and email communication by the Examiner via PTO Automated Interview Request web service.  To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractlce. 
Information Disclosure Statement
The information disclosure statements (IDS) submitted on 06/15/2022 was filed with the application. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the references therein cited therein have been considered by the examiner.
Response to Arguments
In light of the amendment of claims, the Previous Action's rejections of those claims under 35 U.S.C. § 112 are hereby withdrawn.

Applicant argues with respect to newly amended that Voronkov fails to disclose or suggest at least the claimed features of "the central processing unit determines a corresponding policy according to a user type corresponding to the user identifier, the function used by the install target and a policy list, wherein a policy list having an install target group and a policy in association with one another" and "the central processing unit controls an installation of the install target in accordance with the corresponding policy".
Applicant’s arguments have been considered but moot in view new ground rejection.  
Applicant offers no other arguments beyond arguing allowability for the reasons cited for the independent claim(s) or dependence upon said claims. These arguments are considered met.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
 
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1, 14, 15, and 17 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Voronkov et al. (US 9,244,671 B2).

As to claim 1, Voronkov discloses an information processing apparatus comprising: 
a memory (col.14, ll. 51-col.15 of ll. 18, FIG. 5 is a diagram illustrating in greater detail a computer system 1 on which aspects of the invention as described herein may be implemented according to various embodiments. The computer system 1 may include a computing device such as a personal computer 2. The personal computer 2 includes one or more processing units 4, a system memory 6, a video interface 8, an output peripheral interface 10, a network interface 12, a user input interface 14, removable 16 and non-removable 18 memory interfaces and a system bus or high-speed communications channel 20 coupling the various components. In various embodiments, the processing units 4 may have multiple logical cores that are able to process information stored on computer readable media such as the system memory 6 or memory attached to the removable 16 and non-removable 18 memory interfaces 18. The computer 2 system memory 6 may include non-volatile memory such as Read Only Memory (ROM) 22 or volatile memory such as Random Access Memory (RAM) 24. The ROM 22 may include a basic input/output system (BIOS) 26 to help communicate with the other portion of the computer 2. The RAM 24 may store portions of various software applications such as the operating system 28, application programs 30 and other program modules 32. … ); and 
a central processing (“administrative server”) unit that acquires an install instruction including a user identifier, an install target and an attribute of the install target, wherein the attribute of the install target indicates a function used by the install target (installation on target device is based attribute of user roles/functionalities and security policy. At col. 4, ll. 34-49, embodiment carries out a process for deployment of pre-configured software in stages, where: a) on the administration server, a task is created for installation of software to a user device; b) from the computer network attributes data store, attributes of such objects are loaded which match the user's account and correspond to the user-controlled device on which it is planned to install the software; b) the software installation package and data transfer channel are configured, determining the configuration parameters by the loaded attributes in accordance with the security policy set for that user and for that device; d) the installation tasks are launched for execution; in this case, the configured installation package is loaded to the user device through the data transfer channel, and the software is installed in accordance with the configuration parameters. Further, see col. 4, ll. 60-67, col. 5, ll. 12-26 and col. 6, ll. 9-26. Examiner note: a central processing unit determine security policy and installation process, see col. 7, ll. 59-65 and col. 9, ll. 22-33; Further, see claim 1 and 4; see also col. 17, lines 15-56; col. 18, lines 1-13 and lines 21-29); 
wherein the central processing (“administrative server”) unit determines a corresponding policy according to a user type corresponding to the user identifier, the function used by the install target and a policy list, wherein the policy list having an install target group and a policy in association with one another (Fig. 2, col. 11, ll. 1-col. 12 of ll. 16, "Organizational-Person"-a class providing information on the user's position in the company's structure (title, role,unit, office, room, etc.); "User"-a class of network users which includes information on employees or visitors. It is a sub-class of the "Organizational- Person" class. "Person"-a class which stores personal information on the user. Various attributes are used to describe classes-for example, "Address", "Department", "Employee-ID", "E-mail-Address", "Title", and other parameters. The classes are also linked to each other by logical links, which allows to define a user's connection parameters or the set of the programs used for work. The user is also matched with his/her devices. To define them, several classes are also used, such as: "Device"-the main class for storage of data on physical network devices; "Computer"-an account class for a network computer. To describe device classes, the following attributes are used: "Machine-Role", "Managed-By, Owner", "NetworkAddress"
"Operating-System", "Proxy-Addresses", and others. ….  The installation package can contain not only modified installation files, but also can be expanded and can include additional programs, libraries, resource files or updates, which will be installed and applied during the security agent installation. Then, the configured installation package is saved by the task manager or directly by the configurator in the file storage arrangement 140. Further at col. 6, ll. 26-51 discloses target group and col. 7, ll. 18-45 discloses target/device list. Further, see col. 7, ll. 59-65, col. 8, ll. 22-col. 9 of ll. 43; Further, see claim 1 and 4; see also col. 17, lines 15-56; col. 18, lines 1-13 and lines 21-29); and 
wherein the central processing unit controls an installation of the install target in accordance with the corresponding policy (col. 4, ll. 34-49. In operation, a system according to an example embodiment carries out a process for deployment of pre-configured software in stages, where: a) on the administration server, a task is created for installation of software to a user device; b) from the computer network attributes data store, attributes of such objects are loaded which match the user's account and correspond to the user-controlled device on which it is planned to install the software; b) the software installation package and data transfer channel are configured, determining the configuration parameters by the loaded attributes in accordance with the security policy set for that user and for that device; d) the installation tasks are launched for execution; in this case, the configured installation package is loaded to the user device through the data transfer channel, and the software is installed in accordance with the configuration parameters. Further, see col. 9, ll. 22-32, col. 11, ll. 45-56, and col. 13, ll. 1-26; Further, see claim 1 and 4; see also col. 17, lines 15-56; col. 18, lines 1-13 and lines 21-29).  

As to claim 14, Voronkov discloses the information processing apparatus wherein, when the policy indicates permission of the installation, the central processing unit exerts control to install the install target (col. 6, ll. 9-39,A user of a device operating on the EPN is generally a company employee or authorized visitor registered on the network. In accordance with typical practice, at the time of hiring, an account is created for each employee; the account is used to store personal information, such as user name, birth date, position, and passwords, keys, or other access credentials necessary … Each group, as well as each account, contains attributes which characterize connection parameters, rights of access to specific resources and applications of the network. …; see also col. 17, lines 15-56; col. 18, lines 1-13 and lines 21-29).

As to claim 15, Voronkov discloses an information processing system comprising: 
a storage apparatus (col 15, ll. 23-46, the removable 16 and non-removable 18 memory interfaces may couple the computer 2 to disk drives 36 such as SSD or rotational disk drives. These disk drives 36 may provide further storage for various software applications such as the operating system 38, application programs 40 and other program modules 42. Further, the disk drives 36 may store other information such as program or application data 44. In various embodiments, the disk drives 36 store information that doesn't require the same low-latencies as in other storage mediums. … Further, the removable non-volatile memory interface 16 may couple the computer 2 to magnetic portable disk drives 46 that utilize magnetic media such as the floppy disk 48, Iomega® Zip or Jazz, or optical disk drives 50 that utilize optical media 52 for storage of computer readable media such); and 
a plurality of information processing apparatuses, wherein the storage apparatus includes a storage unit that stores a policy list having an install target group and a policy in association with one another, the install target group being obtained through classification using an attribute of an install target, the policy being defined for the install target group, and 4Customer No.: 31561Docket No.: 88165-US-348Application No.: 16/459.566wherein each of the plurality of information processing apparatuses includes a central processing unit that acquires an install instruction including a user identifier, the install target and the attribute of the install target, wherein the attribute of the install target indicates a function used by the install target, wherein the central processing unit determinates a corresponding policy according to a user type corresponding to the user identifier, the function used by the install target and the policy list (Fig. 2, col. 11, ll. 1-col. 12 of ll. 16, "Organizational-Person"-a class providing information on the user's position in the company's structure (title, role, unit, office, room, etc.); "User"-a class of network users which includes information on employees or visitors. It is a sub-class of the "Organizational- Person" class. "Person"-a class which stores personal information on the user. Various attributes are used to describe classes-for example, "Address", "Department", "Employee-ID", "E-mail-Address", "Title", and other parameters. The classes are also linked to each other by logical links, which allows to define a user's connection parameters or the set of the programs used for work. The user is also matched with his/her devices. To define them, several classes are also used, such as: "Device"-the main class for storage of data on physical network devices; "Computer"-an account class for a network computer. To describe device classes, the following attributes are used: "Machine-Role", "Managed-By, Owner", "NetworkAddress" "Operating-System", "Proxy-Addresses", and others. ….  The installation package can contain not only modified installation files, but also can be expanded and can include additional programs, libraries, resource files or updates, which will be installed and applied during the security agent installation. Then, the configured installation package is saved by the task manager or directly by the configurator in the file storage arrangement 140. Further at col. 6, ll. 26-51 discloses target group and col. 7, ll. 18-45 discloses target/device list. Further, see col. 8, ll. 22-col. 9 of ll. 43; Further, see claim 1 and 4; see also col. 17, lines 15-56; col. 18, lines 1-13 and lines 21-29), and wherein the central processing unit (col. 4, ll. 34-49. In operation, a system according to an example embodiment carries out a process for deployment of pre-configured software in stages, where: a) on the administration server, a task is created for installation of software to a user device; b) from the computer network attributes data store, attributes of such objects are loaded which match the user's account and correspond to the user-controlled device on which it is planned to install the software; b) the software installation package and data transfer channel are configured, determining the configuration parameters by the loaded attributes in accordance with the security policy set for that user and for that device; d) the installation tasks are launched for execution; in this case, the configured installation package is loaded to the user device through the data transfer channel, and the software is installed in accordance with the configuration parameters. Further, see col. 11, ll. 45-56, and col. 13, ll. 1-26; Further, see claim 1 and 4; see also col. 17, lines 15-56; col. 18, lines 1-13 and lines 21-29).  

As to claim 17, Voronkov discloses a non-transitory computer readable medium storing a program causing a computer to execute a process comprising: 
acquiring an install instruction including a user identifier an install target and an attribute of the install target (“device”)(Automated deployment of a software application to be installed via a software installation package onto different user devices for different users. An initial software installation package, is obtained, along with information representing (a) associations between the users and the user devices, (b) user attributes from which access privilege level information for individual users is determinable, and (c) device attributes for each of the plurality of user devices, including network connectivity information. The initial software installation package is custom-configured for individual user devices based on the information representing (a) and (b) to produce a different specially-configured software installation packages, see abstract. Further, see col. 8, ll. 21-35),  wherein the attribute of the install target indicates a function used by the install target (installation on target device is based attribute of user roles/functionalities and security policy. At col. 4, ll. 34-49, embodiment carries out a process for deployment of pre-configured software in stages, where: a) on the administration server, a task is created for installation of software to a user device; b) from the computer network attributes data store, attributes of such objects are loaded which match the user's account and correspond to the user-controlled device on which it is planned to install the software; b) the software installation package and data transfer channel are configured, determining the configuration parameters by the loaded attributes in accordance with the security policy set for that user and for that device; d) the installation tasks are launched for execution; in this case, the configured installation package is loaded to the user device through the data transfer channel, and the software is installed in accordance with the configuration parameters. Further, see col. 4, ll. 60-67, col. 5, ll. 12-26 and col. 6, ll. 9-26; Further, see claim 1 and 4; see also col. 17, lines 15-56; col. 18, lines 1-13 and lines 21-29); 5Customer No.: 31561 Docket No.: 88165-US-348 Application No.: 16/459,566 
determining a corresponding policy according to a user type corresponding to the user identifier, the function used by the install target and a policy list, wherein the policy list having an install target group and a policy in association with one another (Fig. 2, col. 11, ll. 1-col. 12 of ll. 16, "Organizational-Person"-a class providing information on the user's position in the company's structure (title, role,unit, office, room, etc.); "User"-a class of network users which includes information on employees or visitors. It is a sub-class of the "Organizational- Person" class. "Person"-a class which stores personal information on the user. Various attributes are used to describe classes-for example, "Address", "Department", "Employee-ID", "E-mail-Address", "Title", and other parameters. The classes are also linked to each other by logical links, which allows to define a user's connection parameters or the set of the programs used for work. The user is also matched with his/her devices. To define them, several classes are also used, such as: "Device"-the main class for storage of data on physical network devices; "Computer"-an account class for a network computer. To describe device classes, the following attributes are used: "Machine-Role", "Managed-By, Owner", "NetworkAddress" "Operating-System", "Proxy-Addresses", and others. ….  The installation package can contain not only modified installation files, but also can be expanded and can include additional programs, libraries, resource files or updates, which will be installed and applied during the security agent installation. Then, the configured installation package is saved by the task manager or directly by the configurator in the file storage arrangement 140. Further at col. 6, ll. 26-51 discloses target group and col. 7, ll. 18-45 discloses target/device list. Further, see col. 8, ll. 22-col. 9 of ll. 43; Further, see claim 1 and 4; see also col. 17, lines 15-56; col. 18, lines 1-13 and lines 21-29); and 
controlling an installation of the install target in accordance with the corresponding policy (col. 4, ll. 34-49. In operation, a system according to an example embodiment carries out a process for deployment of pre-configured software in stages, where: a) on the administration server, a task is created for installation of software to a user device; b) from the computer network attributes data store, attributes of such objects are loaded which match the user's account and correspond to the user-controlled device on which it is planned to install the software; b) the software installation package and data transfer channel are configured, determining the configuration parameters by the loaded attributes in accordance with the security policy set for that user and for that device; d) the installation tasks are launched for execution; in this case, the configured installation package is loaded to the user device through the data transfer channel, and the software is installed in accordance with the configuration parameters. Further, see col. 11, ll. 45-56, and col. 13, ll. 1-26; Further, see claim 1 and 4; see also col. 17, lines 15-56; col. 18, lines 1-13 and lines 21-29).  

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

This application currently names joint inventors. In considering patentability of the claims, the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 3, 5, 7, 9, and 11-13 are rejected under 35 U.S.C. 103 as being obvious over Voronkov et al (US 9,244,671 B2) in view of Schultz et al (US 2019/0347420 A1).

As to claim 3, Voronkov does not explicitly discloses the information processing apparatus wherein, when the policy indicates rejection of the installation. 

However, Schultz discloses the information processing apparatus wherein, when the policy (par. 0030, the host 100 may include network hardware 114 which allows the host 100 to contact external entities for obtaining trust policy. For example, the network hardware 114 may be connected to a trust server 116 which includes a policy store 118. The policy store 118 may store various policies related to trust) indicates rejection of the installation, the central processing unit exerts control so as not to install the install target (pars. 0059-0060, a predetermined trust condition or the predetermined license condition, then the method 400 includes at least one of storing, installing or launching the application in a first, more secure operating system while preventing the application from, being at least one of stored, installed or launched in a second, less secure operating system (act 404). For example, FIG. 1-3 illustrate that an application can be installed on a host operating system (102, 202, 302) when certain trust and/or licensing conditions are met … installed or launched in the first, more secure operating system (act 402). FIGS. 1-3 above illustrate that applications not meeting certain trust and/or licensing conditions are stored, installed, and/or launched in a guest operating system (104, 204, 304)).  

Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Voronkov to include the method when the policy indicates rejection of the installation, as disclosed by Schultz, because such inclusion will enhance determination process of predetermined security policy (see paragraph 13 and Abstract of Schultz).

As to claim 5, Voronkov discloses information for recommending a different install target, the different install target having a function corresponding to the function of the install target (“user device”) (abstract, a software application to be installed via a software installation package onto different user devices for different users. An initial software installation package, is obtained, along with information representing (a) associations between the users and the user devices, (b) user attributes from which access privilege level information for individual users is determinable, and (c) device attributes for each of the plurality of user devices, including network connectivity information. The initial software installation package is custom-configured for individual user devices based on the information representing (a) and (b) to produce a different specially-configured software installation packages. Each one includes installation parameters that establish functionality for the software application based on the access privilege level of the corresponding user. Data transfer channels are custom-configured for individual user devices based on the information representing (a) and (c)), the different install target being an install target for which a policy of permission of the installation is defined (col. 7, ll. 19-col. 10 of ll. 21, The administration server 120 can contain information on the connection between the users 100 and the devices (101-103) and can identify a user 100 by a specified device or vice versa. Therefore, the policy and the tasks for the devices can be transmitted to the relevant user accounts. … … an installation package 131 used to install programs in operating systems of the Windows® family of operating systems. An installation package 131 is a file which has the extension .msi and contains all the information required for the installation. … Each installation stage involves a sequence of actions (instructions) written in a database. Most actions are standard actions usual for a typical information gathering and installation process. The user can define a specialized set of actions. The user-defined actions can be either written in one of the script languages built in the operating system (JScript or VBScript), or located in a specially created library of function … . Further, see claim 1 and 4; see also col. 17, lines 15-56; col. 18, lines 1-13 and lines 21-29).
Schultz discloses  the information processing apparatus wherein when the policy indicates rejection of the2Customer No.: 31561 Docket No.: 88165-US-348Application No.: 16/459,566installation (pars. 0059-0060, a predetermined trust condition or the predetermined license condition, then the method 400 includes at least one of storing, installing or launching the application in a first, more secure operating system while preventing the application from, being at least one of stored, installed or launched in a second, less secure operating system (act 404). For example, FIG. 1-3 illustrate that an application can be installed on a host operating system (102, 202, 302) when certain trust and/or licensing conditions are met … installed or launched in the first, more secure operating system (act 402). FIGS. 1-3 above illustrate that applications not meeting certain trust and/or licensing conditions are stored, installed, and/or launched in a guest operating system (104, 204, 304), the central processing unit transmits, to a source from which the install instruction is acquired (par. 0030, the host 100 may include network hardware 114 which allows the host 100 to contact external entities for obtaining trust policy. For example, the network hardware 114 may be connected to a trust server 116 which includes a policy store 118. The policy store 118 may store various policies related to trust. The policies can be transmitted through the network hardware 114 to the host 104. The host trust manager 106 references the policies to determine whether or not an application meets certain trust characteristic thresholds allowing the application to be stored, installed, and/or launched on the host operating 102. Note that in an alternative embodiment, the host trust manager 106 can provide trust characteristics to the trust server 116 for evaluation. The trust server 116 can indicate to the host trust manager 106 whether or not the trust characteristics meet the threshold conditions. Note that in some embodiments, trust server 116 may be composed of multiple distributed servers, and/or implemented as a cloud computing service),

Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Voronkov to include the method the information processing apparatus wherein when the policy indicates rejection of the installation the central processing unit transmits, to a source from which the install instruction is acquired, as disclosed by Schultz, because such inclusion will enhance determination process of predetermined security policy (see paragraph 13 and Abstract of Schultz).

As to claim 7, Schultz discloses the information processing apparatus wherein, when the policy indicates a policy of making the installation pending, the central processing unit exerts control so as to install the install target in response to satisfaction of a defined condition pars. 0059-0060, a predetermined trust condition or the predetermined license condition, then the method 400 includes at least one of storing, installing or launching the application in a first, more secure operating system while preventing the application from, being at least one of stored, installed or launched in a second, less secure operating system (act 404). For example, FIG. 1-3 illustrate that an application can be installed on a host operating system (102, 202, 302) when certain trust and/or licensing conditions are met … installed or launched in the first, more secure operating system (act 402). FIGS. 1-3 above illustrate that applications not meeting certain trust and/or licensing conditions are stored, installed, and/or launched in a guest operating system (104, 204, 304)).  

Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Voronkov to include the method policy of making the installation pending, the central processing unit exerts control so as to install the install target in response to satisfaction of a defined condition, as disclosed by Schultz, because such inclusion will enhance determination process of predetermined security policy (see paragraph 13 and Abstract of Schultz).

As to claim 9, it is the device claim, having similar limitations of claim 7. Thus, claim 9 is also rejected under the same rationale as cited in the rejection of claim 7.

As to claim 11, Schultz discloses the information processing apparatus wherein, when the policy indicates a policy of making the installation pending, the central processing unit exerts control so as to install the install target in response to satisfaction (“condition met”)  of a defined condition (pars. 0059-0060, When the trust characteristic or the license characteristic assigned to the application meets or exceeds a predetermined trust condition or the predetermined license condition, then the method 400 includes at least one of storing, installing or launching the application in a first, more secure operating system while preventing the application from, being at least one of stored, installed or launched in a second, less secure operating system (act 404). For example, FIG. 1-3 illustrate that an application can be installed on a host operating system (102, 202, 302) when certain trust and/or licensing conditions are met. … less secure operating system while preventing the application from being at least one of stored, installed or launched in the first, more secure operating system (act 402). FIGS. 1-3 above illustrate that applications not meeting certain trust and/or licensing conditions are stored, installed, and/or launched in a guest operating system (104, 204, 304). Further see par. 0070 and claim 1). 

Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Voronkov to include the method making the installation pending, the central processing unit exerts control so as to install the install target in response to satisfaction of a defined condition, as disclosed by Schultz, because such inclusion will enhance determination process of predetermined security policy (see paragraph 13 and Abstract of Schultz).

As to claim 12, Schultz discloses the information processing apparatus wherein, when the policy indicates a policy of making the installation pending, the central processing unit exerts control so as to install the install target in response to satisfaction (“condition met”) of a defined condition (pars. 0059-0060, When the trust characteristic or the license characteristic assigned to the application meets or exceeds a predetermined trust condition or the predetermined license condition, then the method 400 includes at least one of storing, installing or launching the application in a first, more secure operating system while preventing the application from, being at least one of stored, installed or launched in a second, less secure operating system (act 404). For example, FIG. 1-3 illustrate that an application can be installed on a host operating system (102, 202, 302) when certain trust and/or licensing conditions are met. … less secure operating system while preventing the application from being at least one of stored, installed or launched in the first, more secure operating system (act 402). FIGS. 1-3 above illustrate that applications not meeting certain trust and/or licensing conditions are stored, installed, and/or launched in a guest operating system (104, 204, 304). Further see par. 0070 and claim 1).  

Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system disclosed by Voronkov to include the method making the installation pending, the central processing unit exerts control so as to install the install target in response to satisfaction of a defined condition, as disclosed by Schultz, because such inclusion will enhance determination process of predetermined security policy (see paragraph 13 and Abstract of Schultz).

As to claim 13, Voronkov discloses the information processing apparatus further comprising: 
wherein when the policy indicates the policy of making the installation pending, the central processing unit transmits, to a predetermined transmission destination, information for inquiring whether or not the installation is to be permitted, wherein the central processing unit controls the installation of the install target in accordance with a response to the inquiry (col. 4, ll. 34-49. In operation, a system according to an example embodiment carries out a process for deployment of pre-configured software in stages, where: a) on the administration server, a task is created for installation of software to a user device; b) from the computer network attributes data store, attributes of such objects are loaded which match the user's account and correspond to the user-controlled device on which it is planned to install the software; b) the software installation package and data transfer channel are configured, determining the configuration parameters by the loaded attributes in accordance with the security policy set for that user and for that device; d) the installation tasks are launched for execution; in this case, the configured installation package is loaded to the user device through the data transfer channel, and the software is installed in accordance with the configuration parameters. Further at col. 9, 3-33 discloses compatibility checker check and transition, …"Deployment" group, where a task of automatic security agent installation is created. Computers with an installed agent are put in the "Compatibility Check" group, where incompatible program removal tasks are created, etc. Finally, fully protected computers are moved into a permanent management structure. The groups of users, devices … the devices (101-103) and can identify a user 100 by a specified device or vice versa. Therefore, the policy and the tasks for the devices can be transmitted to the relevant user accounts. In the scope of,  Further, see col. 9, ll. 22-32, col. 11, ll. 45-56, col. 12, ll. 41-56 and col. 13, ll. 1-26;  col. 17, lines 15-56; col. 18, lines 1-13 and lines 21-29).  

Claim 16 is rejected under 35 U.S.C. 103 as being obvious over Voronkov et al (US 9,244,671 B2) in view of Tyhurst et al (US 2011/0154135 A1).

As to claim 16, Voronkov discloses the information processing system according to wherein the central processing unit sets a policy of rejecting the installation or a policy of making the installation pending, 

Voronkov does not disclose classification using an attribute incompatible with a different install target that has been already installed, wherein the storage unit stores the new install target group and the policy in association with one another, the policy being set by the setting unit.

However, Tyhurst discloses for a new install target group obtained through classification using an attribute incompatible with a different install target that has been already installed, wherein the storage unit stores the new install target group and the policy in association with one another (par. 0026, mobile electronic device 102 [i.e. target] and proxy server 105 can each be associated with an entity 108, for example a network operator, a carrier, a business, an organization, a company, or the like. For example, entity 108 can operate proxy server 105, and issue mobile electronic device 102 to a user associated with entity 108 (an employee, a customer, or the like) …  which can cause mobile electronic device 102 to become at least partially inoperable and/or the unapproved software can be incompatible with applications already installed on mobile electronic device 102. Furthermore, entity 108 may desire to limit/hide certain software upgrades available from public server 106, such as system software upgrades. Examiner Note: In response to receiving query 113, proxy server 105 generates a list 114 [i.e. classification an attribute] of software available for installation at mobile electronic device 102, and modifies list 114 to produce a modified list 115 of approved software approved by entity 108. In some embodiments, list 114 can be filtered based on rules 116 [i.e. target group and the policy in association with one another] available to proxy server 105, see par. 0028. Further, see par. 0031-0033).

It would have been obvious to a person in the ordinary skill in the art before the effective filing date of the claimed invention to combine Voronkov by incorporating the teaching of Tyhurst into the method of Voronkov. One having ordinary skill in the art would have found it motivated to include classification using an attribute incompatible with a different install target that has been already installed, wherein the storage unit stores the new install target group and the policy in association with one another, the policy being set by the setting unit of Tyhurst into system of Voronkov for the purpose to provide support on a specific version of software. (par. 0026 of Tyhurst)

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Mohammad Kabir whose telephone number is (571)270-13411. The examiner can normally be reached on M-F, 8:00 am - 5:00 pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lewis Bullock can be reached on (571) 272-3759. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.  Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Mohammad Kabir/
Examiner, AU 2199
/LEWIS A BULLOCK  JR/Supervisory Patent Examiner, Art Unit 2199