DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

				General Remarks
	1/ claims 1-10 are pending
	2/ claims 1, 9, and 10 are independent
	3/ Application claims foreign priority date of 12/03/2020
	4/ ID filed 11/30/2021 has been considered

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-6, and 9-10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Saito (US pg. no. 20030061166), further in view of Martinez (US pg. no. 20090006109).
Regarding claim 1. Saito discloses a device management apparatus (fig. 2, 10 security management apparatus) comprising: 
at least one memory storing instructions (fig. 2, 10 the memory of security management apparatus corresponds to memory); and 
at least one processor executing the instructions causing the device management apparatus to (fig. 2, 10 the processor of security management apparatus corresponds to processor): 	
set a second setting regarding a region to a user ([0058] discloses user can access the files and folders containing secret matters and so on in a readable and writable mode in the user's home and company (setting the user access region corresponds to setting user regions), but cannot access them in the user's commutation route; fig. 3, position ranges of user corresponds to regions set for the user); 
set a third setting regarding a region to a device and a device group ([0009] discloses  a portable personal computer (device and group of devices), etc., to be booted or files thereof to be accessed when the prescribed device (device and group of devices) exists in a specific area (setting the device access region corresponds to setting region for the device) alone, while making it impossible to boot the OS and/or access the files when the prescribed device has moved out of the specific area; [0010] discloses  the security management apparatus further comprises a security information storing section storing Ago security levels of the prescribed device in association with positions of the prescribed device, wherein the control unit changes the security level of the prescribed device into one of the security levels stored in the security information storing section based on the position of prescribed device detected by the position detecting section); 
set a fourth setting regarding a region to a task defining an operation for a management target device ([0007] discloses permitting a user to boot an OS (task), access files, etc., only in a specific area such as the premises of a company (set region for the task) for which the user is working); and 
control access of a user to the device, the device group, and the task in accordance with set regions ([0007] discloses permitting a user to boot an OS (task), access files, etc., only in a specific area (region) such as the premises of a company (region) for which the user is working; [0062] discloses the current position of the computer 20 (region of device and group of devices) is detected by an application (in step S52). In this case, the "position range" is: latitude; I and longitude; J. and the "user's name" is "User1", so this case corresponds to record No. 5 (region) in FIG. 3. As a result, it is set in such a manner that the user belongs to the group of "Administrators" (in step S62). Thus, in cases where the user (User1) is trying to access the folders (task) "C:.Yen.DOC.Yen.secret matters" and "C:.Yen.DOC.Yen.public information", he or she can access these folders in a freely readable and writable mode (in step S67); [0063] Next, in cases where the user is moving in order to go to his or her company or office, when the position of the computer 20 (device and a group of devices) is detected after the user has moved into the range of the commutation route (region) (in step S52), it is set in such a manner that the user belongs to the group of "Users" because this case corresponds to record No. 3 in the security information table 14 in FIG. 3 (in step S62). Accordingly, the user can access the folder "C:.Yen.DOC.Yen.public information" in a freely readable and writable mode (in step S67), but cannot access the folder "C:.Yen.DOC.Yen.secret matters" (in step S65)).  
But, Saito does not explicitly disclose set a first setting regarding an attribute for each of a plurality of regions;
However, in the same field of endeavor, Martinez discloses set a first setting regarding an attribute for each of a plurality of regions ([0111]  territorial restrictions may be enforced by comparing the source IP address of the request with a database that maps IP addresses or address ranges to geographical locations. Setting the range of Ip addresses to geographical locations corresponds to setting attributes for geographical regions). 
Therefore, it would have been obvious to a person having ordinary skill in the art at the time of the invention was effectively filed to combine the teaching of Saito with Martinez. The modification would allow using location attributes of geolocation database to determine the device location to enforce location based access control for enabling a secured communication system.
Regarding claim 2. The combination discloses device management apparatus according to claim 1.
Saito discloses, wherein, in the control, restriction of access of a user to a device, a device group, and a task that belong to a region to which the user does not belong ([0007] discloses permitting a user to boot an OS (task), access files, etc., only in a specific area such as the premises of a company (region) for which the user is working; [0063] Next, in cases where the user is moving in order to go to his or her company or office, when the position of the computer 20 (region of device and a group of devices) is detected after the user has moved into the range of the commutation route (user region) (in step S52), it is set in such a manner that the user belongs to the group of "Users" because this case corresponds to record No. 3 in the security information table 14 in FIG. 3 (in step S62). Accordingly, the user … cannot access (restricting) the folder "C:.Yen.DOC.Yen.secret matters" (in step S65)).  
Regarding claim 3. The combination discloses device management apparatus according to claim 2.
Martinez further discloses, wherein, in the second setting, belonging to no region can be set to a user ( [0081] discloses region is set to be global with no regional restriction) and wherein, in the control, the restriction is not executed on a user belonging to no region ([0081] discloses user interface 900, the rights holder can select whether the distribution of rights or the rights that are being granted for a specific content item or bulk of content items is to be global (selecting global territory without territory restriction corresponds to belonging to no region) or very specific territory (belonging to region). In other words, a rights holder can specify the geographical scope of coverage that is provided with the granting of a right or rights associated with the content item. In one embodiment, the rights holder is provided with a radio button 902 and a radio button 904 in order to make a selection of whether the rights are to be made global or per territory. If the rights holder selects radio button 902, the rights are generally assigned globally that corresponds to region based restriction is not executed on a user).  
Regarding claim 4. The combination discloses the device management apparatus according to claim 1.
Martinez further discloses wherein, in the control, among processing results of the task for each device, a processing result of the task for a device belonging to a region to which a user does not belong is not provided to the user ([0082] discloses if the IP address of the content consumer is indicative of a corresponding territory that is unauthorized, the content consumer will not be able to receive the content item. The task of processing the content access request and producing result corresponds to task result).  
Regarding claim 5. The device management apparatus according to claim 4, wherein, in the control, an execution result of the task is provided to a user irrespective of a region to which the user belongs ([0081] discloses user interface 900, the rights holder can select whether the distribution of rights or the rights that are being granted for a specific content item or bulk of content items is to be global (selecting global territory without territory restriction corresponds to belonging to no region) or very specific territory (belonging to region). In other words, a rights holder can specify the geographical scope of coverage that is provided with the granting of a right or rights associated with the content item. In one embodiment, the rights holder is provided with a radio button 902 and a radio button 904 in order to make a selection of whether the rights are to be made global or per territory. If the rights holder selects radio button 902, the rights are generally assigned globally that corresponds request to tasks are granted to the request irrespective of region the requester is located).  
Regarding claim 6. The combination discloses device management apparatus according to claim 4
Martinez further discloses, wherein, in the second setting, belonging to no region can be set to a user, wherein, in the control, among processing results of the task for each device, processing results of the task for all devices are provided to the user belonging to no region ([0081] discloses user interface 900, the rights holder can select whether the distribution of rights or the rights that are being granted for a specific content item or bulk of content items is to be global (selecting global territory without territory restriction corresponds to belonging to no region) or very specific territory (belonging to region). In other words, a rights holder can specify the geographical scope of coverage that is provided with the granting of a right or rights associated with the content item. In one embodiment, the rights holder is provided with a radio button 902 and a radio button 904 in order to make a selection of whether the rights are to be made global or per territory. If the rights holder selects radio button 902, the rights are generally assigned globally that corresponds request to tasks are granted to the request irrespective of region the requester is located. In light of the instant application disclosed in [0005]; [0174], and [0177], having global access to resources and getting results for access requests with global right corresponds to results of all tasks are provided).  
Regarding claim 9. The combination discloses a control method for device management comprising:
All other limitations of claim 9 are similar with the limitations of claim 1 above. Claim 9 is rejected on the analysis of claim 1 above.
Regarding claim 10. The combination discloses a non-transitory computer-readable storage medium storing a computer program (Saito fig. 2, 10 the memory of security management apparatus corresponds to memory) for causing a computer to execute a control method for device management, the control method comprising:
All other limitations of claim 10 are similar with the limitations of claim 1 above. Claim 10 is rejected on the analysis of claim 1 above.

Claim(s) 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over the combination of Saito (US pg. no. 20030061166), and  Martinez (US pg. no. 20090006109), further in view of Chatley (US pg. no. 20160359963).
Regarding claim 7. The combination discloses device management apparatus according to claim 1.
But, the combination does not explicitly disclose:
wherein, in the first setting, an attribute of a region is set using information including a range of an internet protocol (IP) address; and wherein, in the third setting, a region is set to a device based on an IP address of a device and a range of an IP address that is included in the attribute of the region;
However, in the same field of endeavor, Chatley discloses  wherein, in the first setting, an attribute of a region is set using information including a range of an internet protocol (IP) address([0017] Every computer or device that communicates over the Internet has a unique Internet Protocol (IP) address assigned to it. Computers and devices residing within a predetermined geographic region or area are typically assigned a specified range of IP addresses (range of IP address). For example, all computers within Japan may have IP addresses in the range of 43.0.0.0-43.255.255.255 (Source: IANA, Japan Inet, Japan (NET-JAPAN-A)) , and wherein, in the third setting, a region is set to a device based on an IP address of a device and a range of an IP address that is included in the attribute of the region ([0017] Every computer or device that communicates over the Internet has a unique Internet Protocol (IP) address assigned to it. Computers and devices residing within a predetermined geographic region or area are typically assigned a specified range of IP addresses. For example, all computers within Japan (location) may have IP addresses in the range of 43.0.0.0-43.255.255.255 (range of IP addresses). Determining tha location of an IP address (IP address) of a device that is in Japan (location) based on the IP address being in the above ranges of IP addresses (range of IP addresses) allocated to Japan corresponds to setting location; [0018] the request is received by a file system server (a.k.a., “core system server”) which translates the IP address associated with the incoming request into a geocode. In one embodiment, the system looks up a table that correlates IP addresses with geocodes, or IP address ranges with geocode ranges (setting region) ).
Therefore, it would have been obvious to a person having ordinary skill in the art at the time of the invention was effectively filed to combine the teaching of the combination with Chatley. The modification would allow translating IP address to geocode to determine geolocation of devices for effective location based access control system of a secured system.
Claim(s) 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over the combination of Saito (US pg. no. 20030061166), and  Martinez (US pg. no. 20090006109), further in view of Moden (US pg. no. 20150163373).
Regarding claim 8. The combination discloses the device management apparatus according to claim 1.
But, the combination does not explicitly disclose:
 wherein, in the task, execution of at least any operation of delivery of a setting value to a device selected from among management target devices is defined.  
However, in the same field of endeavor, Moden discloses wherein, in the task, execution of at least any operation of delivery of a setting value to a device selected from among management target devices is defined ([0074] discloses in a case where a setting value for implementing an image process function is input to the mobile terminal 110 by way of a screen displaying the remote application 420, the setting value is transmitted (delivery of setting value) to the operation data reception unit 502 (target device) via the operation data transmission unit 511).
Therefore, it would have been obvious to a person having ordinary skill in the art ate the time of the invention was effectively filed to combine the teaching of the combination with Moden. The modification would allow incorporating different operation requests and execution of these operation on secured devices in a secured manner using location based access control system.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MESSERET F GEBRE whose telephone number is (571)272-8272. The examiner can normally be reached M-F 9:00AM-5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar Louie can be reached on 571-2701684. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MESSERET F GEBRE/Examiner, Art Unit 2445                                                                                                                                                                                                        
/OSCAR A LOUIE/Supervisory Patent Examiner, Art Unit 2445