Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claims Status
This office action is in response to claims filed on 06/14/2021; the parent patent filing date 06/27/2016 is considered.
Claims 1-20 are rejected and Claims 1, 8 and 15 are independent claims

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 are rejected on the ground of nonstatutory double patenting over claims 1-20 of U.S. Patent No. 11,038,924 B2 since the claims, if allowed, would improperly extend the “right to exclude” already granted in the patent.
The subject matter claimed in the instant application is fully disclosed in the patent and is covered by the patent since the patent and the application are claiming common subject matter, as follows: 
Instant application (17/346,565)
Copending patent (US 11,038,924 B2)
1. A system for generating a device posture token, comprising: 
at least one computing device comprising a processor and a memory; and 
a device token generator executable by the at least one computing device, the device token generator causing the at least one computing device to at least: obtain a request for a device posture token associated with a client device; determine a device compliance status associated with the client device, the device compliance status indicating compliance with a plurality of compliance rules specified by a management service executed remotely from the client device; generate the device posture token, wherein the device compliance status is embedded within the device posture token; 
encrypt the device posture token using a private key that is withheld from the client device; 
cause the encrypted device posture token to be accessible to the client device.

1. A system for generating a device posture token, comprising: 
at least one computing device comprising a processor and a memory; and 
a device token generator executable by the at least one computing device, the device token generator causing the at least one computing device to at least: 
obtain a request for a device posture token associated with a client device; 
determine a device compliance status associated with the client device, the device compliance status indicating compliance with a plurality of compliance rules enforced by a management service executed remotely from the client device with which the client device is enrolled as a managed device, wherein the client device is enrolled as a managed device with the management service and a management component is installed on the client device with administrative privileges on the client device; 
generate the device posture token, wherein the device compliance status is embedded within the device posture token; 
encrypt the device posture token using a public key corresponding to the management service, wherein a private key corresponding to the public key is withheld from the client device; 
cause the encrypted device posture token to be accessible to the client device.





generate the device posture token, wherein the device compliance status is embedded within the device posture token; 
encrypt the device posture token; and 
cause the encrypted device posture token to be accessible to the client device.


Furthermore, there is no apparent reason why applicant was prevented from presenting claims corresponding to those of the instant application during prosecution of the application which matured into a patent. See In re Schneller, 397 F.2d 350, 158 USPQ 210 (CCPA 1968). See also MPEP § 804.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Angal US Pub. No. 2014/0020070 A1 (hereinafter Angal) in view of Li et al. US Pub. No.: 2016/0285858 A1 (hereinafter Li).

Angal teaches:

As to claim 1, a system for generating a device posture token, comprising: 
at least one computing device comprising a processor and a memory (see Angal ¶17 memory and processor); and 
a device token generator executable by the at least one computing device (see Angal  Fig. 1D¶38) , the device token generator causing the at least one computing device to at least: 
determine a device compliance status associated with the client device, the device compliance status indicating compliance with a plurality of compliance rules specified by a management service executed remotely from the client device (see Angal ¶44, during or after the activation, the user device security manager 151 may check whether the activation information received from a corresponding resource includes a (optional) token (e.g., AuthN Token) associated with (e.g., registered for) the user. The (optional) token may represent that the user is authenticated on the client machine 150, and hence the user may not need to be prompted for authentication as long as the token remains valid (e.g., until the token expires or is revoked); ¶56, the service provider 190 may utilize a policy (i.e. rules) regarding resource access control to issue the application token (e.g., AppScoped Token), for example, to determine whether the requested scope to the requested resource is in violation of the policy, and, if determines so, decline the access or modify the scope (e.g., upgrade or downgrade).); 
generate the device posture token, wherein the device compliance status is embedded within the device posture token (see Angal ¶¶44 119, an application token may be generated and transmitted, for example, by the security management server module 325, to the user device (e.g., via the communication module 240)); 
encrypt the device posture token using a private key that is withheld from the client device (see Angal ¶57, the user device security manager 151 may encrypt the application token with the nonce received from the application );
cause the encrypted device posture token to be accessible to the client device (see Angal ¶106. the encrypted token may be decrypted by the application. For example, in one embodiment, the application may decrypt the encrypted token using the nonce transmitted along with the encrypted token)
Angal does not explicitly teach but the related art Li teaches:
obtain a request for a device posture token associated with a client device (see L8  ¶¶27 47 72 93, transmit an authentication challenge to the client computing device in response to receipt of the authentication request; and receive an authentication challenge response from the client computing device in response to transmission of the authentication challenge, wherein the authentication challenge response includes a resource access token indicative of a security assertion of the client computing device;); 
Therefore, it would have been obvious for a person of ordinary skill in the art before the effective filing date of the claimed invention to obtain a request for device token as taught by Li to the managed client computer/device of Angal.  A person of ordinary skill would have been motivated to do so, with a reasonable expectation of success, because a need exists for device authentication for providing device-specific server, among others (see Li ¶2).

As to claim 2, the combination of Angal and Li teaches the system of claim 1, wherein the device posture token comprises an alphanumeric value embedded in a quick-response code displayed by the client device (see Angal ¶38, the SMID may be generated in the form of QR Code (Quick Response Code) 153. In some embodiments, in addition to the SMID, a token (e.g., AuthN Token) may be optionally assigned to the user device security manager 151 (e.g., mSM)).

As to claim 3, the combination of Angal and Li teaches the system of claim 1, wherein the device posture token comprises a representation of the device compliance status of the client device, the representation of the device compliance status identifying whether the client device complies with a plurality of compliance rules associated with the client device (see Angal ¶56, the service provider 190 may utilize a policy regarding resource access control to issue the application token (e.g., AppScoped Token)).

As to claim 4, the combination of Angal and Li teaches the system of claim 1, wherein the device posture token comprises an identity of applications installed on the client device or an indication of whether a hardware feature or software feature has been enabled or disabled on the client device (see Angal ¶83, the security manager client module 225 (e.g., the verification module 250) may prevent the apparatus from prompting the user with one or more user authentication pages based on identifying a valid user token associated with the user from the SMID).

As to claim 5, the combination of Angal and Li teaches the system of claim 1, wherein the device posture token is encrypted with a private key associated with the device token generator (see Angal ¶58, upon receiving the encrypted application token, the (e.g., Bookstore) application may retrieve the application token (e.g., AppScoped Token) from the received encrypted token by decrypting it using the nonce as a private key).

As to claim 6, the combination of Angal and Li teaches the system of claim 5, wherein a trust relationship is established between a verification computing device and the at least one computing device by causing a public key corresponding to the private key to be accessible to the verification computing device (see Angal ¶41, to verify authenticity of its identification, the user device security manager 151 running in the background of the client machine 150 in an inactive state (to the user)).

As to claim 7, the combination of Angal and Li teaches the system of claim 6, wherein a verification computing device is configured to decrypt the device posture token using the public key corresponding to the private key (see Angal ¶106, the encrypted token may be decrypted by the application. For example, in one embodiment, the application may decrypt the encrypted token using the nonce transmitted along with the encrypted). 
As to independent claim 8, this claim is directed to a meted executed by the system of claim 1; therefore it is rejected along similar rationale.
As to independent claim 15, this claim is directed to a non-transitory computer-readable medium comprising machine-readable instructions executed by the system of claim 1; therefore it is rejected along similar rationale).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NEGA WOLDEMARIAM whose telephone number is (571)270-7478. The examiner can normally be reached Monday to Friday, 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 5712726798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/NEGA WOLDEMARIAM/             Examiner, Art Unit 2433          

/JEFFREY C PWU/             Supervisory Patent Examiner, Art Unit 2433