DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Applicant cancelled claims 2, 9 and 16.
Applicant amended claims 1, 8 and 15.
Status of claims:
Claims 1, 3-8, 10-15 and 17-20 are pending in this office action.
Response to Arguments
Applicant’s arguments with respect to claim(s) 1, 3-8, 10-15 and 17-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
7.	Claims 1, 3-8, 10-15 and 17-20 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10, 877, 733. Although the claims at issue are not identical, they are not patentably distinct from each other because the claimed limitations recited in the present application are found in U.S. Patent No. 10, 877, 733 with obvious wording variations. Take an example of comparing 1 of pending application and claim 1 and 2 of the U.S. Patent No. 10, 877, 733:
Pending Application 17133751
U.S. Patent No. 10, 877, 733
Claim 1, A method for providing access to an application on a client device, comprising: receiving, from the client device, a request to access an application; determining an enrollment level associated with the application, wherein the enrollment level indicates a level of administrative control over the client device for access to the application, wherein the level of administrative control comprises one of a plurality of levels by a management service that remotely manages the client device; determining that multi-factor authentication is required for access to the application on the client device based on the enrollment level associated with the application; and initiating multi-factor authentication on the client device
Claim 1, A method for providing access to an
application on a client device, comprising:
receiving, from the client device, a request to
access the application; determining an enrollment
level associated with the application, the
enrollment level indicating a level of administrative
control over the client device for access to the
application; determining that the client device
requires installation of a management component
for access to the application based on the
enrollment level associated with the application;
transmitting the management component to the
client device; installing the management
component on the client device for enrollment of
the client device as a managed device with a
management service; and providing access to the
application on the client device after installation of
the management component.
 Claim 2, The method of claim 1, wherein the enrollment level requires at least one of a plurality of levels of administrative control over the client device by a management service executed remotely from the client device.


Claim Rejections - 35 USC § 103
8.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
9.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

10.	The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
11.	Claim(s) 1, 3-8, 10-15 and 17-20  is/are rejected under 35 U.S.C. 103 as being unpatentable over Tomilson et al. (US 8, 613, 055) (hereinafter Tomilson) in view of Barton et al (US20140032758) (hereinafter Barton).
Per claim 1, Tomilson discloses a method for providing access to an application on a client
device, comprising: receiving, from the client device, a request to access an application(col.3 lines 5-10,
i.e. The device 110 can be configured to generate scope identifiers associated with one or more
applications [e.g., application 114], and request and receive access tokens from the authorization server
130. The device 110 can also be configured to request application data from the resource server 150);
determining an enrollment level associated with the application (col.3 lines 45-49, i.e. the request signal
can include a scope identifier associated with a level of access to the resource module 156 such that the
authorization module 140 can select at least one authentication mode from a set of predefined
authentication modes based on the scope identifier); determining that multi-factor authentication is
required for access to the application on the client device based on the enrollment level associated with
the application (col.6 lines 38-43, i.e. the authorization module 140 determines an authentication mode
such as a first authentication mode from a group [or a plurality] of authentication modes. The
authorization module 140 is configured to select the first authentication mode when the scope ID is
associated with a first level of access); and initiating multi-factor authentication on the client device (col.7 lines 40-42, i.e. the authorization module 140 can generate and/or define an access token with the
appropriate scope for the application 114 on the device 110) but fails to explicitly disclose  wherein the enrollment level indicates a level of administrative control over the client device for access to the application, wherein the level of administrative control comprises one of a plurality of levels by a management service that remotely manages the client device.
	In an analogous field of endeavor, Barton discloses wherein the enrollment level indicates a level of administrative control over the client device for access to the application (paragraph 0233 and 0235,  i.e. devices enrolled in MRM may be subject to different policies than those devices not enrolled in MRM. For example, a policy file may allow or disallow use of one or more resources provided by or to a mobile device based on whether or not the device (or an app) is enrolled in enterprise MRM and if the device is enrolled in MRM, then in step 4605 the policy manager applies a second policy file [or files], where when enrolled in MRM, the MRM server stores information regarding whether or not a device has a device level PIN enabled, device level encryption, security certificate information, and any other information that the MRM server has access to through enterprise level management of the device) , wherein the level of administrative control comprises one of a plurality of levels by a management service that remotely manages the client device (paragraph 0235, the second policy file, in one embodiment, may base a policy decision on whether or not the mobile device has a device level PIN enabled or device level encryption or required certificate to access a particular enterprise resource).
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing
date of the claimed invention to have incorporated the teachings of Barton into the invention of Tomilson,
where Tomilson provides the authorization module can receive from an application a request for an
access token associated with the application that includes a scope identifier associated with a level of
access to a resource module and Barton provides each enterprise mobile application running on the mobile device has an associated policy through which it interacts with its environment. The policy selectively blocks or allows activities involving the enterprise application in accordance with rules established by the enterprise in order to prevent inherent security risk when using user’s own mobile device instead of employee enterprise issued mobile devices, see Barton paragraphs 0003, 0233 and 0235.
Per claim 3, the combination discloses the method of claim 1, further Tomilson discloses comprising: transmitting a request to the client device for an acceptance of an enrollment notice, wherein: the enrollment notice is displayed on the client device(col. 7 lines 1-10 and col. 5 lines 13-16 i.e. the authorization module sends a signal to the device 110 requesting user credentials. The device 110 uses a user interface to obtain user credentials from a user of the device 110. The user can be, for example, any employee of an enterprise or an individual user. Such a user credential request signal can, for example, redirect the application or a browser within the operating system of the device 110 to an OAuth authorization server login page where the user of the device 110 can enter the user credential information required for authentication of the user and OAuth 2.0 typically includes a step in which a user of a device [e.g., an employee of an enterprise] provides consent or authorization for a given application 114 to access a given set of resources from the resource module 156); and the enrollment notice specifies that authorization to access the application is based on enrolling the client device as a managed device with a management service (same rationale as explained above, where it’s interpreted that user device is managed by OAuth2.0 or API type function).

Per claim 4, the combination discloses the method of claim 1, further Tomilson discloses  comprising: determining that multi-factor authentication is successful on the client device; transmitting a management component to the client device (col.9 lines 67, 68 and col. 10 lines 1-4, i.e. the access token is sent to the application in response to authenticating the user by, for example, the authorization module. Upon successfully authenticating the user, the authorization module can generate and/or define an access token with the appropriate scope for the application installed on the device); and installing the management component on the client device for enrollment of the client device as a managed device with a management service (col.3 lines 31-33, 39-41 and 63-66, the application 114 can be any native mobile application installed on the device 110 or a web-browser-based application, application 114 can be any enterprise or third-party application configured to be run and/or executed at the device 110 and OAuth 2.0 defines a standardized messaging protocol by which an application installed on a mobile communication device can obtain security tokens such as, for example, access tokens from an authorization server).
Per claim 5, the combination discloses the method of claim 4, further Tomilson discloses  comprising providing access to the application on the client device after installation of the management component (col. 3 lines 63-66 and col. 4 lines 2-6, i.e. OAuth 2.0 defines a standardized messaging protocol by which an application installed on a mobile communication device can obtain security tokens such as, for example, access tokens from an authorization server and These security tokens can then be included by the application 114 on its application programming interface (API) calls to a resource server, such as resource server 150, to authenticate at the resource server 150 before obtaining application data).
Per claim 6, the combination discloses the method of claim 4, further Tomilson discloses  comprising: receiving a user credential upon installation of the management component; authenticating the user credential; and completing enrollment of the client device with a management service (col. 3 lines 63-6 and col. 4 lines 34-40, i.e. OAuth 2.0 defines a standardized messaging protocol by which an application installed on a mobile communication device can obtain security tokens such as, for example, access tokens from an authorization server and the authorization module 140 can define or generate an access token associated with the application 114 and send the access token with the appropriate scope to the application 114 in response to authenticating a user of the application based on at least one credential. The access token can be, for example, an Open Authorization (OAuth) access token).
Per claim 7, the combination discloses the method of claim 1, further comprising transmitting a request to enroll the client device with a volume licensing program associated with an application repository (paragraph 0069 and 0105, i.e. client computers 211-214 may connect to management server 210 via the Internet or other communication network, and may request access to one or more of the computing resources managed by management server 210 and client certificates may be provided by an EMM/MRM server [e.g., at the device level], and/or by an app controller that provisions certificates based on application-level policies , examiner interprets that volume licensing is similar to client certificates).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing
date of the claimed invention to have incorporated the teachings of Barton into the invention of Tomilson in order to order to prevent inherent security risk when using user’s own mobile device instead of employee enterprise issued mobile devices as well as providing certificates based application level policies per client, see Barton, paragraphs 0003 and  0105.
Per claim 8, refer to the same rationale as explained in claim 1(see Tomilson, col. 1 lines 50-52, processor and memory).
	Per claim 10, refer to the same rationale as explained in claim 3(see Tomilson, col. 1 lines 50-52, processor and memory).
	Per claim 11, refer to the same rationale as explained in claim 4 (see Tomilson, col. 1 lines 50-52, processor)
Per claim 12, refer to the same rationale as explained in claim 5 (see Tomilson, col. 1 lines 50-52, processor)
Per claim 13, refer to the same rationale as explained in claim 6(see Tomilson, col. 1 lines 50-52,
processor).
Per claim 14, refer to the same rationale as explained in claim 7 (see Tomilson, col. 1 lines 50-52,
processor).
Per claim 15, refer to the same rationale as explained in claim 1(see Tomilson, col. 10 lines 41-46, computer readable medium).
Per claim 17, refer to the same rationale as explained in claim 3(see Tomilson, col. 10 lines 41-46, computer readable medium).
Per claim 18, refer to the same rationale as explained in claim 4(see Tomilson, col. 10 lines 41-46, computer readable medium).
Per claim 19, refer to the same rationale as explained in claim 6(see Tomilson, col. 10 lines 41-46, computer readable medium).
Per claim 20, refer to the same rationale as explained in claim 7(see Tomilson, col. 10 lines 41-46, computer readable medium).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSEPH E DEAN, JR whose telephone number is (571)270-7116. The examiner can normally be reached Mon-Fri 7:30-3:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Srilakshmi Kumar   can be reached on 571-272-7769. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JOSEPH E DEAN, JR/             Primary Examiner, Art Unit 2647