DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-14 of U.S. Patent No. 11,038,892. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the copending application is anticipated by the claims of the patent.
Application No. 17/346,550
US Patent No. 10,382,892
1. A system for dynamically generating restriction profiles for an updated software platform, the system comprising: at least one computing device; and at least one application executable in the at least one computing device, wherein the at least one application, when executed, causes the at least one computing device to:
1. A system for dynamically generating restriction profiles for an updated software platform, the system comprising: at least one computing device; and at least one application executable in the at least one computing device, wherein the at least one application, when executed, causes the at least one computing device to: 
identify a current version of a restriction definition file associated with the updated software platform; 
 identify a current version of a restriction definition file associated with the updated software platform; identify an updated restriction setting in the current version of the restriction definition file;
determine that the current version of the restriction definition file differs from an applied version of the restriction definition file;
determine that the current version of the restriction definition file differs from an applied version of the restriction definition file; 
determine that a plurality of client devices require an updated restriction profile of the restriction definition file based at least in part on a restriction setting level associated with an enterprise group corresponding to the plurality of client devices;
determine that a plurality of client devices require an updated restriction profile of the restriction definition file based at least in part on a restriction setting level associated with an enterprise group corresponding to the plurality of client devices; determine a risk level associated with the updated restriction setting for the enterprise group;
and cause the updated restriction profile to be distributed to the plurality of client devices.
 and cause the updated restriction profile to be distributed to the plurality of client devices.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 6-9, 13-16 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Reynolds (US Pub No. 2018/0181387) in view of Lahiri et al. (US Pub No. 2020/0028879).
Regarding independent claim 1, Reynolds teaches a system for dynamically generating restriction profiles for an updated software platform (Reynolds, page 3, paragraph 0017; threat management facility to protect corporate assets; update policies of all computing assets), the system comprising: at least one computing device; and at least one application executable in the at least one computing device, wherein the at least one application, when executed, causes the at least one computing device to (Reynolds, page 13, paragraphs 0076-0077): identify a current version of a restriction definition file associated with the updated software platform (Reynolds, page 11, paragraphs 0060 and 0062; software update with descriptor file and sub files); determine that the current version of the restriction definition file differs from an applied version of the restriction definition file (Reynolds, page 12, paragraph 0063; first entry of the descriptor file is not located in the cache); determine that a plurality of client devices require an updated restriction profile of the restriction definition file associated with an enterprise group corresponding to the plurality of client devices (Reynolds, page 11, paragraphs 0059-0060 and page 12, paragraph 0063; when the first entry of the descriptor file is not stored in the cache, download the section (sub file) from the software facility to be sent to other clients); and cause the updated restriction profile to be distributed to the plurality of client devices (Reynolds, page 11, paragraph 0060 and page 12, paragraph 0063; broadcast packets containing sub files that are updated). 
	Reynolds does not explicitly teach an updated restriction profile of the restriction definition file based at least in part on a restriction setting level. 
	Lahiri teaches an updated restriction profile of the restriction definition file based at least in part on a restriction setting level (Lahiri, page 5, paragraphs 0042-0043; provide update configuration setting based on the security baseline). 
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Reynolds with the teaching of Lahiri to update configuration setting for enterprise devices based on security baseline to provide the advantage of managing device compliance for devices connected to an enterprise network by controlling and protecting data and configuration settings (Lahiri, page 1, paragraphs 0001 and 0003).
	Regarding claim 2, Reynolds in view of Lahiri teaches the system wherein, when executed, the at least one application further causes the at least one computing device to at least identify an updated restriction setting in the current version of the restriction definition file (Reynolds, page 12, paragraph 0063; section of the file descriptor not stored).
	Regarding claim 6, Reynolds in view of Lahiri teaches each and every claim limitation of claim 1, however, Lahiri teaches the system wherein, when executed the at least one application further causes the at least one computing device to at least receive information from an original equipment manufacturer (OEM) of the updated software platform (Lahiri, page 5, paragraphs 0043-0044; OEM changes configuration settings and update enterprise), wherein determining that the plurality of client devices require the updated restriction profile of the restriction definition file is further based on the information received from the OEM (Lahiri, page 5, paragraphs 0043-0044; OEM changes configuration settings and update enterprise).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Reynolds with the teaching of Lahiri to update configuration setting for enterprise devices based on security baseline to provide the advantage of managing device compliance for devices connected to an enterprise network by controlling and protecting data and configuration settings (Lahiri, page 1, paragraphs 0001 and 0003).
Regarding claim 7, Reynolds in view of Lahiri teaches the system wherein, when executed the at least one application further causes the at least one computing device to at least receive a request to subscribe to a service that automatically generates the updated restriction profile (Reynolds, page 4, paragraph 0027 and page 5, paragraph 0033).
Regarding independent claim 8, Reynolds teaches a computer-implemented method for dynamically generating restriction profiles for an updated software platform (Reynolds, page 3, paragraph 0017; threat management facility to protect corporate assets; update policies of all computing assets), the method comprising: identifying a current version of a restriction definition file associated with the updated software platform (Reynolds, page 11, paragraphs 0060 and 0062; software update with descriptor file and sub files); determining that the current version of the restriction definition file differs from an applied version of the restriction definition file (Reynolds, page 12, paragraph 0063; first entry of the descriptor file is not located in the cache); determining that a plurality of client devices require an updated restriction profile of the restriction definition file associated with an enterprise group corresponding to the plurality of client devices (Reynolds, page 11, paragraphs 0059-0060 and page 12, paragraph 0063; when the first entry of the descriptor file is not stored in the cache, download the section (sub file) from the software facility to be sent to other clients); and causing the updated restriction profile to be distributed to the plurality of client devices (Reynolds, page 11, paragraph 0060 and page 12, paragraph 0063; broadcast packets containing sub files that are updated). 
	Reynolds does not explicitly teach an updated restriction profile of the restriction definition file based at least in part on a restriction setting level. 
	Lahiri teaches an updated restriction profile of the restriction definition file based at least in part on a restriction setting level (Lahiri, page 5, paragraphs 0042-0043; provide update configuration setting based on the security baseline). 
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Reynolds with the teaching of Lahiri to update configuration setting for enterprise devices based on security baseline to provide the advantage of managing device compliance for devices connected to an enterprise network by controlling and protecting data and configuration settings (Lahiri, page 1, paragraphs 0001 and 0003).
	Regarding claim 9, Reynolds in view of Lahiri teaches the computer-implemented method further comprising identifying an updated restriction setting in the current version of the restriction definition file (Reynolds, page 12, paragraph 0063; section of the file descriptor not stored).
	Regarding claim 13, Reynolds in view of Lahiri teaches each and every claim limitation of claim 8, however, Lahiri teaches the computer-implemented method further comprising: receiving information from an original equipment manufacturer (OEM) of the updated software platform (Lahiri, page 5, paragraphs 0043-0044; OEM changes configuration settings and update enterprise), wherein determining that the plurality of client devices require the updated restriction profile of the restriction definition file is further based on the information received from the OEM (Lahiri, page 5, paragraphs 0043-0044; OEM changes configuration settings and update enterprise).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Reynolds with the teaching of Lahiri to update configuration setting for enterprise devices based on security baseline to provide the advantage of managing device compliance for devices connected to an enterprise network by controlling and protecting data and configuration settings (Lahiri, page 1, paragraphs 0001 and 0003).
Regarding claim 14, Reynolds in view of Lahiri teaches the computer-implemented method further comprising receiving a request to subscribe to a service that automatically generates the updated restriction profile (Reynolds, page 4, paragraph 0027 and page 5, paragraph 0033).
Regarding independent claim 15, Reynolds teaches a non-transitory computer-readable medium embodying executable instructions, which, when executed by a processor, cause at least one computing device to at least (Reynolds, page 13, paragraphs 0076-0077 and page 15, paragraph 0086): identify a current version of a restriction definition file associated with the updated software platform (Reynolds, page 11, paragraphs 0060 and 0062; software update with descriptor file and sub files); determine that the current version of the restriction definition file differs from an applied version of the restriction definition file (Reynolds, page 12, paragraph 0063; first entry of the descriptor file is not located in the cache); determine that a plurality of client devices require an updated restriction profile of the restriction definition file associated with an enterprise group corresponding to the plurality of client devices (Reynolds, page 11, paragraphs 0059-0060 and page 12, paragraph 0063; when the first entry of the descriptor file is not stored in the cache, download the section (sub file) from the software facility to be sent to other clients); and cause the updated restriction profile to be distributed to the plurality of client devices (Reynolds, page 11, paragraph 0060 and page 12, paragraph 0063; broadcast packets containing sub files that are updated). 
	Reynolds does not explicitly teach an updated restriction profile of the restriction definition file based at least in part on a restriction setting level. 
	Lahiri teaches an updated restriction profile of the restriction definition file based at least in part on a restriction setting level (Lahiri, page 5, paragraphs 0042-0043; provide update configuration setting based on the security baseline). 
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Reynolds with the teaching of Lahiri to update configuration setting for enterprise devices based on security baseline to provide the advantage of managing device compliance for devices connected to an enterprise network by controlling and protecting data and configuration settings (Lahiri, page 1, paragraphs 0001 and 0003).
	Regarding claim 16, Reynolds in view of Lahiri teaches the non-transitory computer-readable medium wherein, when executed, the executable instructions further cause the at least one computing device to at least identify an updated restriction setting in the current version of the restriction definition file (Reynolds, page 12, paragraph 0063; section of the file descriptor not stored).
	Regarding claim 20, Reynolds in view of Lahiri teaches each and every claim limitation of claim 15, however, Lahiri teaches the non-transitory computer-readable medium wherein, when executed, the executable instructions further cause the at least one computing device to at least receive information from an original equipment manufacturer (OEM) of the updated software platform (Lahiri, page 5, paragraphs 0043-0044; OEM changes configuration settings and update enterprise), wherein determining that the plurality of client devices require the updated restriction profile of the restriction definition file is further based on the information received from the OEM (Lahiri, page 5, paragraphs 0043-0044; OEM changes configuration settings and update enterprise).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Reynolds with the teaching of Lahiri to update configuration setting for enterprise devices based on security baseline to provide the advantage of managing device compliance for devices connected to an enterprise network by controlling and protecting data and configuration settings (Lahiri, page 1, paragraphs 0001 and 0003).

Claims 5, 12 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Reynolds (US Pub No. 2018/0181387) in view of Lahiri et al. (US Pub No. 2020/0028879) as applied to claims 1-2, 6-9, 13-16 and 20 above, and further in view of Spears et al. (US Patent No. 10,715,507).
Regarding claim 5, Reynolds in view of Lahiri teaches each and every claim limitation of claim 1. 
Reynolds in view of Lahiri does not explicitly teach the method wherein, when executed, the at least one application further causes the at least one computing device to at least: receive feedback from at least a subset of the plurality of client devices with respect to a restriction setting of the updated restriction profile; and modify the updated restriction profile based at least in part on the feedback.
Spears teaches receive feedback from at least a subset of the plurality of client devices with respect to a restriction setting of the updated restriction profile (Spears, column 8, lines 2-24; privilege manifest/desire manifest corresponding to groups of users/devices is generated based on trigger event (changes to user privileges)); and modify the updated restriction profile based at least in part on the feedback (Spears, column 8, line 50- column 9, line 39; approved privilege manifest).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Reynolds in view of Lahiri with the teachings of Spears to analyze desire privileges on client devices connected to a provider network to provide the advantage of preventing undesired privileges from being granted and automatically detecting undesired privileges implemented on client devices (Spears, column 3, lines 1-22).
Regarding claim 12, Reynolds in view of Lahiri teaches each and every claim limitation of claim 8. 
Reynolds in view of Lahiri does not explicitly teach the computer-implemented method further comprising receiving feedback from at least a subset of the plurality of client devices with respect to a restriction setting of the updated restriction profile; and modifying the updated restriction profile based at least in part on the feedback.
Spears teaches receiving feedback from at least a subset of the plurality of client devices with respect to a restriction setting of the updated restriction profile (Spears, column 8, lines 2-24; privilege manifest/desire manifest corresponding to groups of users/devices is generated based on trigger event (changes to user privileges)); and modifying the updated restriction profile based at least in part on the feedback (Spears, column 8, line 50- column 9, line 39; approved privilege manifest).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Reynolds in view of Lahiri with the teachings of Spears to analyze desire privileges on client devices connected to a provider network to provide the advantage of preventing undesired privileges from being granted and automatically detecting undesired privileges implemented on client devices (Spears, column 3, lines 1-22).
Regarding claim 19, Reynolds in view of Lahiri teaches each and every claim limitation of claim 15. 
Reynolds in view of Lahiri does not explicitly teach the non-transitory computer-readable medium wherein, when executed, the executable instructions further cause the at least one computing device to at least: receive feedback from at least a subset of the plurality of client devices with respect to a restriction setting of the updated restriction profile; and modify the updated restriction profile based at least in part on the feedback.
Spears teaches receive feedback from at least a subset of the plurality of client devices with respect to a restriction setting of the updated restriction profile (Spears, column 8, lines 2-24; privilege manifest/desire manifest corresponding to groups of users/devices is generated based on trigger event (changes to user privileges)); and modify the updated restriction profile based at least in part on the feedback (Spears, column 8, line 50- column 9, line 39; approved privilege manifest).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Reynolds in view of Lahiri with the teachings of Spears to analyze desire privileges on client devices connected to a provider network to provide the advantage of preventing undesired privileges from being granted and automatically detecting undesired privileges implemented on client devices (Spears, column 3, lines 1-22).

Allowable Subject Matter
Claims 3-4, 10-11 and 17-18 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Examiner’s Statement for Indicating Allowable Subject Matter
The following is a statement of reasons for the indication of allowable subject matter: The prior art Lahiri et al. (US Pub No. 2020/0028879) discloses a compliance engine 212 may look up the configuration setting(s) utilized by each user-device pair using reference 230 and compare the configuration setting(s) to security baseline(s) 224 to determine whether they comply.  If the configuration setting(s) do not comply with security baseline(s) 224, compliance engine 212 determines that the user-device pair is not compliant.  In response, compliance engine 212 may designate the user-device pair as being non-compliant, prevent access to enterprise resource(s), and/or provide updated configuration setting(s) to the associated computing device (Lahiri, page 5, paragraphs 0042-0043), however, the prior art taken alone or in combination fails to teach or suggest “determine a risk level associated with the updated restriction setting for the enterprise group” (as recited in claims 3, 10 and 17), in combination with the rest of the claim limitations. 

Prior Art
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Shantharam et al. (US Pub No. 2020/0125357) and Rylowski et al. (US Pub No. 2019/0215380).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAQUEAL D WADE whose telephone number is (571)270-0357.  The examiner can normally be reached on M-F 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/SHAQUEAL D WADE-WRIGHT/             Primary Examiner, Art Unit 2437