DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This action is in response to amendments filed on 6/3/2022.
Claims 2-21 remain pending. Claims 2-3, 10-13, & 16-18 are amended. Claims 2-21 have been examined and are rejected. 


Response to Arguments
Applicant’s arguments filed in the communications above have been fully considered but are moot because the arguments do not apply to the combination of references being used in the current rejection. 

For at least these reasons, applicant’s arguments are considered not persuasive. 


Claim Rejections – 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 2-4, 6, 9, 12-13, 16-18, & 20 are rejected under 35 U.S.C. 103 as being unpatentable over Nakamoto et al. (US 2014/0304765 A1) in view of Teeni et al. (US 2015/0312845 A1).
With regard to Claim 2, Nakamoto teaches:
A computer-implemented method comprising: 
receiving, from a client device, a connection to a server system; (a client device transmits user credentials to an authentication server [Nakamoto: 0062; 0120]);
assigning a first policy to the client device in response to the connection; (host credentials may be used for an initial network admission decision process to enable the port for network access, wherein the policy enforcement point (PEP) may restrict full network access until user authentication is successful [Nakamoto: 0063]);
authenticating a user account based on identification information of a user; (obtaining user identity information for authentication, wherein successful authentication results in the device being authorized to communicate on the IBIP network [Nakamoto: 0062; 0066; 0121]);
and assigning a second policy to the client device after authenticating the user account; (once the user is authenticated successfully, loading and enacting policies enforcing role based network access [Nakamoto: 0063; 0073-79]).

While Nakamoto teaches that a device may operate in a restricted mode until user authentication is successful [Nakamoto: 0063], Nakamoto does not explicitly teach that the client device operates in a first and second operation mode. In other words, Nakamoto does not teach (where underlining indicates the portion of each limitation not taught):
assigning a first policy to the client device with the client device in a first operation mode in response to the connection; 
and assigning a second policy to the client device with the client device in a second operation mode after authenticating the user account.
	
In a similar field of endeavor involving policy enforcement for mobile devices, Teeni discloses:
assigning a first policy to the client device with the client device in a first operation mode in response to the connection; (unmanaged devices (i.e. in a first operation mode) entering into a coverage zone are provided with limited service (i.e. assigned a limited first policy) [Teeni: 0009; 0036-37; 0059; Fig. 2]);
and assigning a second policy to the client device with the client device in a second operation mode after authenticating the user account; (in response to determining a mobile device has a policy client application installed, authenticating the validity of the policy client, wherein once the policy client is authenticated, providing the policy client with an access policy defining rules related to use and access to applications and devices of the mobile device [Teeni: 0006-8; 0038; 0058-60; Fig. 2]).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Nakamoto in view of Teeni in order to assign a first policy to a client device in a first operation mode and assign a second policy to a client device in a second operation mode in the system of Nakamoto. 
One of ordinary skill in the art would have been motivated to combine Nakamoto with Teeni as doing so would enable organizations to limit use of mobile communication devices or specific functions of the mobile communication devices at specific locations controlled by the organization [Teeni: 0003]. 

With regard to Claim 3, Nakamoto-Teeni teaches:
The computer-implemented method of claim 2, further comprising: prior to assigning the first policy, linking the user account to a first account with the client device in the first operation mode; (retrieving user-to-role mapping associated with a “normal” user [Nakamoto: 0073; 0076]. Teeni teaches determining if the mobile device has a policy client application installed on it, wherein if the device is an unmanaged device (i.e. in a first operation mode) the device is provided with limited service [Teeni: 0006-9; 0036-37; 0059; Fig. 2]);
and prior to assigning the second policy, linking the user account to a second account with the client device in the second operation mode; (escalating to a different role based on authentication and retrieving mapping associated with a privileged user [Nakamoto: 0073; 0076; 0079]. Teeni teaches determining if the mobile device has a policy client application installed on it, wherein if the device is an authenticated managed device (i.e. in a second operation mode) the device is provided with an access policy defining rules relating to use and access to applications and devices [Teeni: 0006-9; 0036-37; 0059; Fig. 2]).

With regard to Claim 4, Nakamoto teaches:
The computer-implemented method of claim 2, wherein the first policy enforces restrictions associated with an unmanaged account; (the policy enforcement point (PEP) may restrict full network access until user authentication is successful [Nakamoto: 0063]. Teeni teaches if the device is an unmanaged device (i.e. in a first operation mode) the device is provided with limited service [Teeni: 0006-9; 0036-37; 0059; Fig. 2]).

With regard to Claim 6, Nakamoto-Teeni teaches:
The computer-implemented method of claim 2, wherein assigning the first policy enables the client device to access a first set of resource, and assigning the second policy enables the client device to access a second set of resource; (the policy enforcement point (PEP) may restrict full network access until user authentication is successful [Nakamoto: 0063], wherein once the user is authenticated successfully, policies enforcing role based network access are loaded and enacted [Nakamoto: 0063; 0073-79]. Teeni teaches that unmanaged devices are provided with limited service (i.e. a first policy with limited access to resources) while authenticated devices are provided with an access policy defining rules related to use and access to applications and devices of the mobile device (i.e. second policy with additional access to resources) [Teeni: 0006-9; 0036-38; 0058-60; Fig. 2]).

With regard to Claim 9, Nakamoto-Teeni teaches:
The computer-implemented method of claim 3, wherein the first operation mode is an unmanaged mode associated with the first policy, and the second operation mode is a managed mode associated with the second policy; (unmanaged devices are provided with limited service (i.e. a first policy with limited access to resources) while authenticated devices are provided with an access policy defining rules related to use and access to applications and devices of the mobile device (i.e. second policy with additional access to resources) [Teeni: 0006-9; 0036-38; 0058-60; Fig. 2]).

With regard to Claims 12-13, 16-18, & 20, they appear substantially similar to the limitations recited by claims 2-4 & 6 and consequently do not appear to teach or further define over the citations provided for said claim. Accordingly, claims 12-13, 16-18, & 20 are rejected for the same reasons as set forth in claims 2-4 & 6.


Claims 7-8, 10-11, 14, & 19 are rejected under 35 U.S.C. 103 as being unpatentable over Nakamoto et al. (US 2014/0304765 A1) in view of Teeni et al. (US 2015/0312845 A1) as applied to Claims 2-3, 13, & 18 above, and further in view of Krzyzanowski et al. (US 2012/0303476 A1).
With regard to Claim 7, Nakamoto-Teeni teaches:
The computer-implemented method of claim 3, wherein the first operation mode is a first unmanaged mode in accordance with the first policy, and the second operation mode is a second managed mode managed by the device manager in accordance with the second policy; (unmanaged devices are provided with limited service (i.e. a first policy with limited access to resources) while authenticated devices are provided with an access policy defining rules related to use and access to applications and devices of the mobile device (i.e. second policy with additional access to resources) [Teeni: 0006-9; 0036-38; 0058-60; Fig. 2]).

However, Nakamoto-Teeni does not teach (where underlining indicates the portion of each limitation not taught):
wherein the first operation mode is a first managed mode managed by a device manager in accordance with the first policy.
	
In a similar field of endeavor involving mobile policy enforcement, Krzyzanowski discloses:
wherein the first operation mode is a first managed mode managed by a device manager in accordance with the first policy, and the second operation mode is a second managed mode managed by the device manager in accordance with the second policy; (each profile may have different policy management logic associated therewith, wherein the first profile may include first profile policy management logic and second profile may include second profile policy management logic, the policy management logic may comprise logic that enforces enterprise-related policies [Krzyzanowski: 0299; Fig. 57]).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Nakamoto-Teeni in view of Krzyzanowski in order to utilize a first account with the client device in a first managed operation mode and a second account with the client device in a second managed operation mode in the system of Nakamoto-Teeni. 
One of ordinary skill in the art would have been motivated to combine Nakamoto-Teeni with Krzyzanowski as doing so would allow various profiles with differing security levels to be enforced based on context of the mobile device such as the location of the mobile device [Krzyzanowski: 0162-63].

With regard to Claim 8, Nakamoto-Teeni-Krzyzanowski teaches:
The computer-implemented method of claim 7, wherein: linking the user account to the first account comprises providing access to a first managed account to data stored according to a first protocol, and linking the user account to the second account comprises providing access to a second managed account to data stored according to a second protocol; (storing data associated with the first applications in an unencrypted format and storing data associated with the second applications in an encrypted format [Krzyzanowski: 0043]).

With regard to Claim 10, Nakamoto-Teeni teaches:
The computer-implemented method of claim 2, further comprising: 
detect that the client device is capable of running in a first operation mode and a second operation mode; (determining whether a mobile device has a policy client application installed [Teeni: 0006-8; 0034-38; 0058-60; Fig. 2]);
provisioning a remote resource to communicate with the client device; (authenticated devices are provided with an access policy defining rules related to use and access to applications and devices of the mobile device (i.e. second policy with additional access to resources) [Teeni: 0006-9; 0036-38; 0058-60; Fig. 2]. Nakamoto teaches that once the user is authenticated successfully, loading and enacting policies enforcing role based network access [Nakamoto: 0063; 0073-79]).

However, Nakamoto-Teeni does not explicitly teach (where underlining indicates the portion of each limitation not taught):
monitoring the client device to detect that the client device is capable of running in a first operation mode and a second operation mode.
	
In a similar field of endeavor involving mobile policy enforcement, Krzyzanowski discloses:
monitoring the client device to detect that the client device is capable of running in a first operation mode and a second operation mode; (determining whether the mobile device is operating in a first managed (e.g. enterprise) mode of operation or a second unmanaged (e.g. residential/personal) mode of operation by determining whether application access is being controlled by a first profile application launcher associated with a first profile or a second profile application launcher associated with a second profile [Krzyzanowski: 0323-30; 0161-63; Figs. 59-60]).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Nakamoto-Teeni in view of Krzyzanowski in order to detect that the client device is capable of running in a first operation mode and a second operation mode by monitoring the client device in the system of Nakamoto-Teeni. 
One of ordinary skill in the art would have been motivated to combine Nakamoto-Teeni with Krzyzanowski as doing so would provide a simple technique for determining an access mode based on detecting a corresponding application launcher.  

With regard to Claim 11, Nakamoto-Teeni teaches the computer-implemented method of claim 2, but does not teach:
receiving a new request to store data associated with the client device; and storing the data associated with the client device in a first operation mode according to a first protocol and with the client device in a second operation mode according to a second protocol.
	
In a similar field of endeavor involving mobile policy enforcement, Krzyzanowski discloses:
receiving a new request to store data associated with the client device; and storing the data associated with the client device in a first operation mode according to a first protocol and with the client device in a second operation mode according to a second protocol; (storing data associated with the first applications in an unencrypted format and storing data associated with the second applications in an encrypted format [Krzyzanowski: 0043]).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Nakamoto-Teeni in view of Krzyzanowski in order to store data in a first operation mode according to a first protocol and in a second operation mode according to a second protocol in the system of Nakamoto-Teeni. 
One of ordinary skill in the art would have been motivated to combine Nakamoto-Teeni with Krzyzanowski as doing so would allow the device to further enhance security when operating in the higher security mode by encrypting application data.

With regard to Claims 14 & 19, they appear substantially similar to the limitations recited by claims 7 & 11 and consequently do not appear to teach or further define over the citations provided for said claims. Accordingly, claims 14 & 19 are rejected for the same reasons as set forth in claims 7 & 11.


Claims 5, 15, & 21 are rejected under 35 U.S.C. 103 as being unpatentable over US Nakamoto et al. (US 2014/0304765 A1) in view of Teeni et al. (US 2015/0312845 A1) as applied to Claims 2-3, 13, & 18 above, and further in view of Hannel et al. (US 2011/0231443 A1).
With regard to Claim 5, Nakamoto-Teeni teaches the computer-implemented method of claim 2 including providing an API to connect to external sources such as LDAP and activity directory servers [Nakamoto: 0073], but does not teach: 
binding the user account to a directory service associated with a plurality of access rights, wherein the user account corresponds to a network account provided by the directory service.
	
In a similar field of endeavor involving controlling client access to a network, Hannel discloses:
binding the user account to a directory service associated with a plurality of access rights, wherein the user account corresponds to a network account provided by the directory service; (receives the custom authentication type's name, here LDAP Bind, that defines a custom authentication method which authenticates a user based on an entry for the user in a directory accessible via LDAP [Hannel: 0515; Fig. 46]).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Nakamoto-Teeni in view of Hannel in order to bind the user account to a directory service associated with a plurality of access rights in the system of Nakamoto-Teeni. 
One of ordinary skill in the art would have been motivated to combine Nakamoto-Teeni with Hannel as doing so would utilize LDAP which is a well-known protocol running over TCP/IP for accessing directories of people or other entities. 

With regard to Claims 15 & 21, they appear substantially similar to the limitations recited by claim 5 and consequently do not appear to teach or further define over the citations provided for said claim. Accordingly, claims 15 & 21 are rejected for the same reasons as set forth in claim 5.


Conclusion
Applicant’s amendment necessitated any new grounds of rejection presented in this office action. Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
In the case of amendments, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and support, for ascertaining the metes and bounds of the claimed invention.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AUSTIN MOREAU whose telephone number is (571) 272-5179.  The examiner can normally be reached on Monday to Thursday and alternate Fridays.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Brian Gillis can be reached at (571) 272-7952.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000.

/AUSTIN J MOREAU/Primary Examiner, Art Unit 2446