DETAILED ACTION

Claims 2-21 are presented for examination. Claim 1 is cancelled.

Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The Information Disclosure Statement(s) submitted by applicant on 03 has/have been considered. The submission is in compliance with the provisions of 37 CFR § 1.97. Form PTO-1449 signed and attached hereto.

	Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 2-21 are rejected under 35 U.S.C. 103 as being unpatentable over Qureshi et al.  (US Publication No. 20140007222) (hereinafter Qureshi) in view of Tingstrom et al. (US Publication No. 20170177892) (hereinafter Tingstrom) in further view of lu et al. (US Publication No. 20180007556) (hereinafter Lu).

As per claims 2, 9, and 15, Qureshi discloses a method for providing access to a controlled network in a controlled environment, a non-transitory computer-readable medium having instructions stored therein, which when executed by a processor in a management server managed by a controlled environment cause the processor to perform operations, and an enterprise management system for providing access to a controlled network in a controlled environment, comprising: 
a memory configured to store a plurality of execution rules (fig 2-3B, application  policies); and
 a processor coupled to the memory, the processor configured to (fig 2-3B, memory storing secure container): 
receive, from a wireless device located physically in the controlled environment (fig 5: para 70, 190, filter mobile devices' access requests based on a set of gateway rules, “ generates a network request for access to an enterprise resource”), a request to access the controlled network (fig 5: para 70, 190, filter mobile devices' access requests based on a set of gateway rules, “ generates a network request for access to an enterprise resource”), 
authenticate a client control subsystem installed on the wireless device (para 393, Enterprise networks authenticate their users at the onset of the users' computer transactions with enterprise resources. In existing systems, authentication commonly involves a login process of receiving a username and password);
responsive to authenticating the client control subsystem, authorize the wireless device to access the controlled network (fig 7, para 393, after authentication, the user is permitted to conduct at least some transactions with the resource), wherein the authorizing comprises: 
Qureshi  does not explicitly disclose wherein the request is transmitted by an application installed in a file container located on the wireless device and wherein the request includes a container identifier associated with the file container;
retrieve an execution rule from the plurality of execution rules based on the container identifier; and 
determine whether to grant or deny the request to access the controlled network based on the execution rule. However, Tingstrom  discloses
wherein the request is transmitted by an application installed in a file container located on the wireless device and wherein the request includes a container identifier associated with the file container (para 20: “Container manager 16 is configured to deploy and maintain application isolation containers 18 and enforce the appropriate policies, such as domain policies 10, in each of containers 18”);
retrieve an execution rule from the plurality of execution rules based on the container identifier (paras 20 & 32: “application policies 6 may specify that a particular application of applications 8 is to execute in a particular domain”, wherein “domain policies of domain policies 10 may restrict other resources provided by or otherwise associated with mobile computing device 12, such as network usage and file system access” ); and 
determine whether to grant or deny the request to access the controlled network based on the execution rule ( paras 20 & 32: “application policies 6 may specify that a particular application of applications 8 is to execute in a particular domain”, wherein “domain policies of domain policies 10 may restrict other resources provided by or otherwise associated with mobile computing device 12, such as network usage and file system access” ). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Qureshi and Tingstrom. The motivation would have been to build the security system  that provide enterprise network security solutions (both hardware and software based). Qureshi in view of Tingstrom does not explicitly container identifies by the identifier, well known in the art. For example , Lu discloses container associated with identifier (para 146, container instance by an ID pair (device_id, container_id)).  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Qureshi and Tingstrom with Lu. The motivation would have been to build the security system  that provide enterprise network security solutions (both hardware and software based). The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims.

As per claims 3, 10, and 16 claims are rejected for the same reasons and motivation as claim 2, above. for the same reasons as claim 2, above. In addition, Tingstrom  discloses wherein the execution rule indicates whether any applications installed in the file container are permitted to access the controlled network ( paras. 0020 & 0032: “application policies 6 may specify that a particular application of applications 8 is to execute in a particular domain”, wherein “domain policies of domain policies 10 may restrict other resources provided by or otherwise associated with mobile computing device 12, such as network usage and file system access” ).

As per claims 4, 11, and 17, claims are rejected for the same reasons and motivation as claim 2, above. for the same reasons as claim 2, above. In addition, Qureshi discloses wherein in authorizing the wireless device, the processor is further configured to: 
identify a user based on a user identifier in the request to access the controlled network, wherein the user is physically located within the controlled environment (para 53, enable the enterprise to specify and implement policies for controlling mobile device accesses to particular enterprise resources); 
retrieve a user profile associated with the user (para 398, degerming user information) ; and 
determine whether to grant the request to access the controlled network based on the execution rule and the user profile (fig 7, para 103, grant or deny access to the resources based on the user information and access policies for the device/user). Lu discloses profile to the user (para 121).

As per claims 5, 12, and 18, claims are rejected for the same reasons and motivation as claim 2, above. for the same reasons as claim 2, above. In addition, Qureshi discloses wherein the user profile includes an access condition associated with the user and wherein the access condition is configured to indicate at least one of: the user is restricted from accessing the network or the application is restricted from accessing the network (para 120, Access policies (e.g., policies of the device management system ) can be created to regulate or restrict access based on such information).

As per claims 6, 13, and 19, claims are rejected for the same reasons and motivation as claim 2, above. for the same reasons as claim 2, above. In addition, Qureshi discloses wherein the user profile includes an administrative restriction provided by the controlled environment (fig 7, para 103, grant or deny access to the resources based on the user information and access policies for the device/user). Lu discloses profile to the user (para 121).
.
As per claims 7, 14, and 20,  claims are rejected for the same reasons and motivation as claim 2, above. for the same reasons as claim 2, above. In addition, Tingstrom  discloses wherein in retrieving the execution rule from the plurality of execution rules based on the container identifier, the processor is further configured to:
 examine the file container identifier in the request (para 20: “Container manager 16 is configured to deploy and maintain application isolation containers 18 and enforce the appropriate policies, such as domain policies 10, in each of containers 18”); 
identify the file container installed on the wireless device that transmitted the request ( paras 20 & 32: “application policies 6 may specify that a particular application of applications 8 is to execute in a particular domain”, wherein “domain policies of domain policies 10 may restrict other resources provided by or otherwise associated with mobile computing device 12, such as network usage and file system access” ); and 
identify the execution rule associated with the file container ( paras 20 & 32: “application policies 6 may specify that a particular application of applications 8 is to execute in a particular domain”, wherein “domain policies of domain policies 10 may restrict other resources provided by or otherwise associated with mobile computing device 12, such as network usage and file system access” ). Lu discloses container associated with identifier (para 146, container instance by an ID pair (device_id, container_id)).

As per claims 8 and 21, claims are rejected for the same reasons and motivation as claim 2, above. for the same reasons as claim 2, above. In addition, Tingstrom  discloses the processor further configured to: 
responsive to granting the request to access the controlled network based on the execution rule, send an allow signal to the client control subsystem to allow execution of the application installed in the container ( paras 20 & 32: “application policies 6 may specify that a particular application of applications 8 is to execute in a particular domain”, wherein “domain policies of domain policies 10 may restrict other resources provided by or otherwise associated with mobile computing device 12, such as network usage and file system access” ); and 
responsive to denying the request to access the controlled network based on the execution rule, send a prevent signal to the client control subsystem to prevent execution of the application installed in the container ( paras 20 & 32: “application policies 6 may specify that a particular application of applications 8 is to execute in a particular domain”, wherein “domain policies of domain policies 10 may restrict other resources provided by or otherwise associated with mobile computing device 12, such as network usage and file system access” ).

Conclusion

Please see the attached PTO-892 for the prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD A SIDDIQI whose telephone number is (571)272-3976. The examiner can normally be reached Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl G Colin can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MOHAMMAD A SIDDIQI/Primary Examiner, Art Unit 2493