Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 21-40 are pending. 

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

3.	Claims 21-24, 26, 28, 29, 30-31, 33, 35, 36-38 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10740109. Although the claims at issue are not identical, they are not patentably distinct from each other because of the claim correspondence given below in the following table. The highlighted (i.e., bold) text in two columns of the table provides the similarities between two sets of claims:

Claim 21/28/35 of pending application 
Claims of the patent 10740109
A computing device that assembles a managed operating system (OS) image during initial boot, comprising: a non-transitory, computer-readable medium containing instructions; and at least one processor that executes the instructions to perform stages comprising: prior to booting an OS, executing firmware that causes the computing device to contact a status server to determine a management status of the computing device; 
A computing device that assembles a managed operating system (OS) image during initial boot, comprising: a non-transitory, computer-readable medium containing instructions; at least one processor that executes the instructions to perform stages comprising: prior to booting an OS, executing firmware that causes the computing device to contact a server to determine a management status of the computing device, (claim 1)
receiving, by a pre-enrollment installer, identification of a first OS image that includes management functionality for communicating with a management server that enforces management policies, wherein the first OS image is identified based on ownership information of the computing device; 
downloading a pre-enrollment installer from a first address specified by the server; receiving, by the pre-enrollment installer, OS image details selected based on ownership information of the computing device; and (claim 1)
wherein the first OS image includes functionality for a least: enforcing the management policies; sending compliance information to a management server (claim 1)
creating a combined OS image by combining the first OS image with a second OS image;
The computing device of claim 1, the stages further comprising: downloading a second OS image from a second address specified by the management server based on the ownership information of the computing device; and  3Application No. 15/466,841 Attorney Docket No. D291.04 combining the first and second OS images, wherein rebooting causes the computing device to load the first OS image in combination with the second OS image (claim 4)
and booting the combined OS image, wherein the management policies are enforced during boot including
wherein the first OS image includes functionality for a least: enforcing the management policies after the computing device has rebooted (claim 1)
wherein rebooting causes the computing device to load the first OS image in combination with the second OS image (claim 4)
sending compliance information  to the management server for determining whether compliance rules of an enterprise mobility management system are met wherein the compliance rules control access to the computing device; receiving a command to disable functionality of the computing device from the management server
 enforcing the management policies after the computing device has rebooted, including: sending compliance information to a management server for determining whether the compliance rules are met; and receiving a command to disable specific functionality of the computing device from the management server (claim 1)
  the management status indicates the computing device is to be enrolled in an enterprise mobility management (“EMM”) system that enforces management policies at the computing device, the management policies including compliance rules that control access to the computing device; (claim 1)


For claims 22, 29 and 36, claim 1 and 4 of patent teach the downloading from first address and combining the OSs to boot. The managed status is also disclosed in claim 1. 

For claims 23, 30 and 37, claim 2 of the patent teach the contact address based on ownership information sent from installer to server to download the OS. Although the patented application does not disclose the plurality of OSs with different management functionality, such is well known in the art. The management server often stores the plurality of OSs with different management capabilities that are device specific.

For claims 24, 31 and 38, claim 3 of the patent teach that the first OS image is downloaded from the management server at a second address. 

For claims 26, 33, claim 4 of the patent teaches the downloading second OS from a second address specified by the management server based on ownership information.  
4.	Claims 21, 28, 35, rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10620965, in view of Weinstroer. Although the claims at issue are not identical, they are not patentably distinct from each other because of the claim correspondence given below in the following table. The highlighted (i.e., bold) text in two columns of the table provides the similarities between two sets of claims:
Claim 21/28/35 of pending application
Claims of the patent 10620965
A computing device that assembles a managed operating system (OS) image during initial boot, comprising: a non-transitory, computer-readable medium containing instructions; and at least one processor that executes the instructions to perform stages comprising: prior to booting an OS, executing firmware that causes the computing device to contact a status server to determine a management status of the computing device;
A computing device that performs Internet recovery, comprising: a non-transitory, computer-readable medium containing instructions; and at least one processor that executes the instructions to perform stages comprising: executing firmware that detects the computing device is unable to load an operating system (OS); contacting a server specified in the firmware, the server indicating that the computing device is a managed device; (claim 1)
receiving, by a pre-enrollment installer, identification of a first OS image that includes management functionality [[for communicating with a management server]] that enforces management policies, wherein the first OS image is identified based on ownership information of the computing device;
downloading a pre-enrollment installer from a management server, the management server being identified to the computing device by the server or the firmware; installing a first OS image selected by the management server based on ownership information of the computing device, wherein the pre-enrollment installer downloads the first OS image and the first OS image includes a management agent; (claim 1)
creating a combined OS image by combining the first OS image with a second OS image; and booting the combined OS image, wherein the management policies are enforced during boot.

The computing device of claim 1, the stages further comprising downloading a second OS image from the management server that includes a management agent, wherein rebooting is based on the first and second OS images (claim 4)
and rebooting based on at least the first OS image, wherein the management agent enrolls the computing device in a device management system during reboot (claim 1)


For the limitations “management functionality for communicating with a management server”, the patented application mentions “management agent enrolls the device in a device management system during reboot” (claim 1) and “the rebooting causes the computing device to contact the management server to complete the enrollment process” (claim 6). Therefore, the management agent is configured to contact the management server.  

For the limitations “sending compliance information to the management server for determining whether compliance rules of an enterprise mobility management system are met wherein the compliance rules control access to the computing device; receiving a command to disable functionality of the computing device from the management server”, claim 6 and claim 9 mention contacting a management server and enrolling into device management system. However, claims do not explicitly mention compliance rules with the EMM system and disable functionality of the computing device. Wienstroer teaches the following limitations: sending compliance information (Fig 1 shows that 124 is the compliance rules of the management server 120) to the management server ([0042] mentions that the management server can analyze the data object generated by the user device to determine whether a device is compliant; therefore the compliance information is sent to management server from the user device) for determining whether compliance rules of an enterprise mobility management system are met ([0441]-[0042] “if the compliance is broken” and “determination of the user device is compliant”; [0039] mentions about EMM functions), wherein the compliance rules control access to the computing device ([0041]; if compliance is broken management server takes steps to control access of the user device to enterprise email, files and applications); receiving a command to disable functionality of the computing device from the management server ([0044]; user device can be restricted to function within application; [0024]; [0041]; [0044]; [0046]; [0047]; [0051] mention that management policies include permission to perform certain functions, such as access rights/settings enforced on the user device, and the management policies specify when and how the user device is permitted to function; thus the management policy can disable functionality when not permitted by the management policy) . It would have been obvious for one ordinary skill in the art before the effective filing date of the invention t to include compliance rules for EMM enrollment and disable functionality when compliance is broken, since EMM provides robust and customized solution. In Weinstroer, the management agent is part of OS ([0023]). The management policy provides the enforcement of the compliance rules that each device/user must follow. The functionality can be suspended when the compliance rules are broken. That way the management of the EMM can be more effective. 


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

5.	Claims 21-24, 26-31, 33-38, 40 is/are rejected under 35 U.S.C. 103 as being unpatentable over McCarron et al (US Patent Application Publication 2014/0025359), further in view of Azzarello et al (US Patent Application Publication 20070260868), further in view of Wienstroer et al (US Patent Application Publication 2018/0054354)

For claim 21, McCarron et al teach the following limitations: A computing device (device 104 in Fig 1; device 202 in Fig 2) that assembles a managed operating system (OS) image during initial boot (Fig 3 and [0087] mention that network boot server authenticate the device and serve bootable instructions and operating system), comprising: a non-transitory, computer-readable medium containing instructions ([0016]-[0020]); and at least one processor that executes the instructions to perform stages ([0020] mentions that the instructions are executed by computers) comprising: prior to booting an OS, executing firmware ([0084]-[0085] mention that firmware may ask for an NBP; thus firmware is executed to cause the device to initiate the steps of Fig 3) that causes the computing device to contact a status server ([0065] mention that device transmits the request to distribution server/boot server and  [0073] mentions that 214 contacts a configuration server 218 to receive key from configuration database 220; [0075] mentions that configuration server 218 manages the statuses of the devices; [0049]-[0050] mention that configuration server 218 manages a configuration database including ownership and hardware/software configurations descriptions; therefore the ownership information is queried in step 310 of Fig 3 via configuration server; the status server is the configuration server) to determine a management status of the computing device (the management status is fully determined in step 318 of Fig 3 including device record in step 306 and ownership in 318; whether the device is in record and owned by the server); receiving, by a pre-enrollment installer (NBP and other pre-boot software mentioned in [0084]-[0086]), identification of a first OS image ([0084]-[0086] mention that NBP directs the device to communicate with the provisioning server 238 to download OS 236; [0045]; [0052]) that includes management functionality ([0075] mentions that configuration database defines how the device is to be configured including OS; [0076] mentions policies may determine how OS may perform on the device; thus the OS includes the functionality corresponds to management policy) for communicating with a management server (network resource server 128 is the management server; [0051] and [0076] mention that network resource server define policies that are distributed across groups on a network to control the behavior of the devices) that enforces management policies ([0051]; [0076]-[0077]), wherein the first OS image is identified based on ownership information of the computing device (Fig 3; [0077]; [0080]-[0083]; [0095] the ownership information set to receive the OS ); and booting the OS image ([0083]), wherein the management policies are enforced during boot ([0075]-[0076] how the device is to be configured; how an OS may perform; thus the management policies are enforced during boot of OS because the OS enforces the policies).

McCarron et al do not explicitly mention the following limitations:
creating a combined OS image by combining the first OS image with a second OS image
Azzarello et al teach the following limitations: 
creating a combined OS image by combining the first OS image with a second OS image ([0003]; [0013]; [0029]; [0036] mentioned that multiple OS images are chained to boot the system)

It would have obvious for one ordinary skill in the art before the effective filing date of the invention to combine the teachings of McCarron et al and Azzarello et al to download the multiple OS images and combine them together to boot the system. The loading of discrete OS images allows the device to download images from multiple sources, which further enhances the flexibility. The OS images can be stored separately and a richer platform functionality can be obtained by downloading multiple OS images. The device can boot to different functionality-based OSs each time the device boots. 

McCarron et al, in view of Azzarello et al does not explicitly mention about compliance rules of an EMM system to be met by the computing device. 
 
Wienstroer teaches the following limitations:
sending compliance information (Fig 1 shows that 124 is the compliance rules of the management server 120) to the management server ([0042] mentions that the management server can analyze the data object generated by the user device to determine whether a device is compliant; therefore the compliance information is sent to management server from the user device) for determining whether compliance rules of an enterprise mobility management system are met ([0441]-[0042] “if the compliance is broken” and “determination of the user device is compliant”; [0039] mentions about EMM functions), wherein the compliance rules control access to the computing device ([0041]; if compliance is broken management server takes steps to control access of the user device to enterprise email, files and applications); receiving a command to disable functionality of the computing device from the management server ([0044]; user device can be restricted to function within application; [0024]; [0041]; [0044]; [0046]; [0047]; [0051] mention that management policies include permission to perform certain functions, such as access rights/settings enforced on the user device, and the management policies specify when and how the user device is permitted to function; thus the management policy can disable functionality when not permitted by the management policy) . 
It would have been obvious for one ordinary skill in the art before the effective filing date of the invention to combine the teachings of McCarron et al, Azzarello et al and Weinstroer to include compliance rules for EMM enrollment and disable functionality when compliance is broken, since EMM provides robust and customized solution. In Weinstroer, the management agent is part of OS ([0023]). The management policy provides the enforcement of the compliance rules that each device/user must follow. The functionality can be suspended when the compliance rules are broken. That way the management of the EMM can be more effective. The inclusion of management policy including the compliance rules can be performed in McCarron et al, Azzarello et al, because McCarron provisions for management of the device with various policies ([0076]-[0077]). 

For claim 22, the pre-boot communication engine may generate NBP (i.e., pre-enrollment installer)  using encryption mechanism 224 and command sequence 222 (McCarron). [0073] mention that encrypted command is based on public key. [0077] mention that the database has device record and corresponding key. Fig 3, step 304 and 306 Therefore, the status is managed (i.e., the database has corresponding device records) and NBP is generated based on the records. The NBP provides the booting operations ([0085]). With the teachings of Azzarello, the combination of OS can be performed ([0029]; [0036]). 

For claim 23, McCarron [0050] mention that configuration database includes the ownership information and [0076] mention that network resource server 216 provide the authentication/authorization of the device and based on ownership, the provisioning server provides the appropriate OS as mentioned in [0045] and [0085]. Therefore, the management server 216 has the ownership information to identify the appropriate OS from the provisioning server that maintains a repository of the plurality of OSs. The OSs are device specific and it is understood that device specific OSs have different functionality ([0075] –[0076]; how the device configured with OS and various policies determining how OS may perform on the device). 

For claim 24, McCarron et al mention that NBP directs device to download OS from provisioning server 238 ([0085]). The resource server provides various device records ([0077] and [0051]) to download appropriate OS from provisioning server. McCarron does not explicitly mention that address is received from the management server. Examiner takes official notice that receiving address from management server is known in the art. It would have been obvious for one ordinary skill in the art before the effective filing date of the invention to receive address from management server, since the server provides various records corresponding to the device. McCarron [0053] mention that servers can be combined into one or several servers. Therefore, when configuration and resource server are combined, the device can obtain the address of the provisioning server from the management server. 

For claim 26, Azzarello teaches downloading the second OS ([0035]). Azzarello [0029] mention that device identity and state information are applied; thus based on ownership information. The second OS must be associated with a second address. McCarron, in view of Azzarello does not explicitly mention that address is received from the management server. Examiner takes official notice that receiving address from management server is known in the art. It would have been obvious for one ordinary skill in the art before the effective filing date of the invention to receive address from management server, since the server provides various records corresponding to the device. McCarron [0053] mention that servers can be combined into one or several servers. Therefore, when configuration and resource server are combined, the device can obtain the address of the provisioning server from the management server. 

For claim 27, McCarron [0099] mention that operating system can be stored locally and Azzarello mention that primary boot OS is stored on disk ([0003] and [0033]). Although not mention the hidden partition, Examiner takes official notice that storing OS in hidden partition is well known in the art. It would have been obvious for one ordinary skill in the art before the effective filing date of the invention to include a hidden partition and save a second OS for further added functionalities, since saving/retrieving OS on/from local disk provides the quick access to the OS.  

For claim 28, McCarron et al teach the following limitations: A method assembling a managed operating system (OS) image during initial boot (Fig 3 and [0087] mention that network boot server authenticate the device and serve bootable instructions and operating system), comprising: prior to booting an OS, executing firmware ([0084]-[0085] mention that firmware may ask for an NBP; thus firmware is executed to cause the device to initiate the steps of Fig 3) that causes the computing device to contact a status server ([0065] mention that device transmits the request to distribution server/boot server and  [0073] mentions that 214 contacts a configuration server 218 to receive key from configuration database 220; [0075] mentions that configuration server 218 manages the statuses of the devices; [0049]-[0050] mention that configuration server 218 manages a configuration database including ownership and hardware/software configurations descriptions; therefore the ownership information is queried in step 310 of Fig 3 via configuration server; the status server is the configuration server) to determine a management status of the computing device (the management status is fully determined in step 318 of Fig 3 including device record in step 306 and ownership in 318; whether the device is in record and owned by the server); receiving, by a pre-enrollment installer (NBP and other pre-boot software mentioned in [0084]-[0086]), identification of a first OS image ([0084]-[0086] mention that NBP directs the device to communicate with the provisioning server 238 to download OS 236; [0045]; [0052]) that includes management functionality ([0075] mentions that configuration database defines how the device is to be configured including OS; [0076] mentions policies may determine how OS may perform on the device; thus the OS includes the functionality corresponds to management policy) for communicating with a management server (network resource server 128 is the management server; [0051] and [0076] mention that network resource server define policies that are distributed across groups on a network to control the behavior of the devices) that enforces management policies ([0051]; [0076]-[0077]), wherein the first OS image is identified based on ownership information of the computing device (Fig 3; [0077]; [0080]-[0083]; [0095] the ownership information set to receive the OS ); and booting the OS image ([0083]), wherein the management policies are enforced during boot ([0075]-[0076] how the device is to be configured; how an OS may perform; thus the management policies are enforced during boot of OS because the OS enforces the policies).

McCarron et al do not explicitly mention the following limitations:
creating a combined OS image by combining the first OS image with a second OS image
Azzarello et al teach the following limitations: 
creating a combined OS image by combining the first OS image with a second OS image ([0003]; [0013]; [0029]; [0036] mentioned that multiple OS images are chained to boot the system)

It would have obvious for one ordinary skill in the art before the effective filing date of the invention to combine the teachings of McCarron et al and Azzarello et al to download the multiple OS images and combine them together to boot the system. The loading of discrete OS images allows the device to download images from multiple sources, which further enhances the flexibility. The OS images can be stored separately and a richer platform functionality can be obtained by downloading multiple OS images. The device can boot to different functionality-based OSs each time the device boots. 

McCarron et al, in view of Azzarello et al does not explicitly mention about compliance rules of an EMM system to be met by the computing device. 
 
Wienstroer teaches the following limitations:
sending compliance information (Fig 1 shows that 124 is the compliance rules of the management server 120) to the management server ([0042] mentions that the management server can analyze the data object generated by the user device to determine whether a device is compliant; therefore the compliance information is sent to management server from the user device) for determining whether compliance rules of an enterprise mobility management system are met ([0441]-[0042] “if the compliance is broken” and “determination of the user device is compliant”; [0039] mentions about EMM functions), wherein the compliance rules control access to the computing device ([0041]; if compliance is broken management server takes steps to control access of the user device to enterprise email, files and applications); receiving a command to disable functionality of the computing device from the management server ([0044]; user device can be restricted to function within application; [0024]; [0041]; [0044]; [0046]; [0047]; [0051] mention that management policies include permission to perform certain functions, such as access rights/settings enforced on the user device, and the management policies specify when and how the user device is permitted to function; thus the management policy can disable functionality when not permitted by the management policy) . 

It would have been obvious for one ordinary skill in the art before the effective filing date of the invention to combine the teachings of McCarron et al, Azzarello et al and Weinstroer to include compliance rules for EMM enrollment and disable functionality when compliance is broken, since EMM provides robust and customized solution. In Weinstroer, the management agent is part of OS ([0023]). The management policy provides the enforcement of the compliance rules that each device/user must follow. The functionality can be suspended when the compliance rules are broken. That way the management of the EMM can be more effective. The inclusion of management policy including the compliance rules can be performed in McCarron et al, Azzarello et al, because McCarron provisions for management of the device with various policies ([0076]-[0077]). 

For claim 29, the pre-boot communication engine may generate NBP (i.e., pre-enrollment installer)  using encryption mechanism 224 and command sequence 222 (McCarron). [0073] mention that encrypted command is based on public key. [0077] mention that the database has device record and corresponding key. Fig 3, step 304 and 306 Therefore, the status is managed (i.e., the database has corresponding device records) and NBP is generated based on the records. The NBP provides the booting operations ([0085]). With the teachings of Azzarello, the combination of OS can be performed ([0029]; [0036]). 

For claim 30, McCarron [0050] mention that configuration database includes the ownership information and [0076] mention that network resource server 216 provide the authentication/authorization of the device and based on ownership, the provisioning server provides the appropriate OS as mentioned in [0045] and [0085]. Therefore, the management server 216 has the ownership information to identify the appropriate OS from the provisioning server that maintains a repository of the plurality of OSs. The OSs are device specific and it is understood that device specific OSs have different functionality ([0075] –[0076]; how the device configured with OS and various policies determining how OS may perform on the device). 

For claim 31, McCarron et al mention that NBP directs device to download OS from provisioning server 238 ([0085]). The resource server provides various device records ([0077] and [0051]) to download appropriate OS from provisioning server. McCarron does not explicitly mention that address is received from the management server. Examiner takes official notice that receiving address from management server is known in the art. It would have been obvious for one ordinary skill in the art before the effective filing date of the invention to receive address from management server, since the server provides various records corresponding to the device. McCarron [0053] mention that servers can be combined into one or several servers. Therefore, when configuration and resource server are combined, the device can obtain the address of the provisioning server from the management server. 

For claim 33, Azzarello teaches downloading the second OS ([0035]). Azzarello [0029] mention that device identity and state information are applied; thus based on ownership information. The second OS must be associated with a second address. McCarron, in view of Azzarello does not explicitly mention that address is received from the management server. Examiner takes official notice that receiving address from management server is known in the art. It would have been obvious for one ordinary skill in the art before the effective filing date of the invention to receive address from management server, since the server provides various records corresponding to the device. McCarron [0053] mention that servers can be combined into one or several servers. Therefore, when configuration and resource server are combined, the device can obtain the address of the provisioning server from the management server. 

For claim 34, McCarron [0099] mention that operating system can be stored locally and Azzarello mention that primary boot OS is stored on disk ([0003] and [0033]). Although not mention the hidden partition, Examiner takes official notice that storing OS in hidden partition is well known in the art. It would have been obvious for one ordinary skill in the art before the effective filing date of the invention to include a hidden partition and save a second OS for further added functionalities, since saving/retrieving OS on/from local disk provides the quick access to the OS.  

For claim 35, McCarron et al teach the following limitations: A non-transitory, computer-readable medium containing instructions ([0016]-[0020]) for assembling a managed operating system (OS) image during initial boot (Fig 3 and [0087] mention that network boot server authenticate the device and serve bootable instructions and operating system) the instructions being executed by a processor of a computing device to perform stages ([0020] mentions that the instructions are executed by computers) comprising: prior to booting an OS, executing firmware ([0084]-[0085] mention that firmware may ask for an NBP; thus firmware is executed to cause the device to initiate the steps of Fig 3) that causes the computing device to contact a status server ([0065] mention that device transmits the request to distribution server/boot server and  [0073] mentions that 214 contacts a configuration server 218 to receive key from configuration database 220; [0075] mentions that configuration server 218 manages the statuses of the devices; [0049]-[0050] mention that configuration server 218 manages a configuration database including ownership and hardware/software configurations descriptions; therefore the ownership information is queried in step 310 of Fig 3 via configuration server; the status server is the configuration server) to determine a management status of the computing device (the management status is fully determined in step 318 of Fig 3 including device record in step 306 and ownership in 318; whether the device is in record and owned by the server); receiving, by a pre-enrollment installer (NBP and other pre-boot software mentioned in [0084]-[0086]), identification of a first OS image ([0084]-[0086] mention that NBP directs the device to communicate with the provisioning server 238 to download OS 236; [0045]; [0052]) that includes management functionality ([0075] mentions that configuration database defines how the device is to be configured including OS; [0076] mentions policies may determine how OS may perform on the device; thus the OS includes the functionality corresponds to management policy) for communicating with a management server (network resource server 128 is the management server; [0051] and [0076] mention that network resource server define policies that are distributed across groups on a network to control the behavior of the devices) that enforces management policies ([0051]; [0076]-[0077]), wherein the first OS image is identified based on ownership information of the computing device (Fig 3; [0077]; [0080]-[0083]; [0095] the ownership information set to receive the OS ); and booting the OS image ([0083]), wherein the management policies are enforced during boot ([0075]-[0076] how the device is to be configured; how an OS may perform; thus the management policies are enforced during boot of OS because the OS enforces the policies).

McCarron et al do not explicitly mention the following limitations:
creating a combined OS image by combining the first OS image with a second OS image
Azzarello et al teach the following limitations: 
creating a combined OS image by combining the first OS image with a second OS image ([0003]; [0013]; [0029]; [0036] mentioned that multiple OS images are chained to boot the system)

It would have obvious for one ordinary skill in the art before the effective filing date of the invention to combine the teachings of McCarron et al and Azzarello et al to download the multiple OS images and combine them together to boot the system. The loading of discrete OS images allows the device to download images from multiple sources, which further enhances the flexibility. The OS images can be stored separately and a richer platform functionality can be obtained by downloading multiple OS images. The device can boot to different functionality-based OSs each time the device boots. 

McCarron et al, in view of Azzarello et al does not explicitly mention about compliance rules of an EMM system to be met by the computing device. 
 
Wienstroer teaches the following limitations:
sending compliance information (Fig 1 shows that 124 is the compliance rules of the management server 120) to the management server ([0042] mentions that the management server can analyze the data object generated by the user device to determine whether a device is compliant; therefore the compliance information is sent to management server from the user device) for determining whether compliance rules of an enterprise mobility management system are met ([0441]-[0042] “if the compliance is broken” and “determination of the user device is compliant”; [0039] mentions about EMM functions), wherein the compliance rules control access to the computing device ([0041]; if compliance is broken management server takes steps to control access of the user device to enterprise email, files and applications); receiving a command to disable functionality of the computing device from the management server ([0044]; user device can be restricted to function within application; [0024]; [0041]; [0044]; [0046]; [0047]; [0051] mention that management policies include permission to perform certain functions, such as access rights/settings enforced on the user device, and the management policies specify when and how the user device is permitted to function; thus the management policy can disable functionality when not permitted by the management policy) . 
It would have been obvious for one ordinary skill in the art before the effective filing date of the invention to combine the teachings of McCarron et al, Azzarello et al and Weinstroer to include compliance rules for EMM enrollment and disable functionality when compliance is broken, since EMM provides robust and customized solution. In Weinstroer, the management agent is part of OS ([0023]). The management policy provides the enforcement of the compliance rules that each device/user must follow. The functionality can be suspended when the compliance rules are broken. That way the management of the EMM can be more effective. The inclusion of management policy including the compliance rules can be performed in McCarron et al, Azzarello et al, because McCarron provisions for management of the device with various policies ([0076]-[0077]). 

For claim 36, the pre-boot communication engine may generate NBP (i.e., pre-enrollment installer)  using encryption mechanism 224 and command sequence 222 (McCarron). [0073] mention that encrypted command is based on public key. [0077] mention that the database has device record and corresponding key. Fig 3, step 304 and 306 Therefore, the status is managed (i.e., the database has corresponding device records) and NBP is generated based on the records. The NBP provides the booting operations ([0085]). With the teachings of Azzarello, the combination of OS can be performed ([0029]; [0036]). 

For claim 37, McCarron [0050] mention that configuration database includes the ownership information and [0076] mention that network resource server 216 provide the authentication/authorization of the device and based on ownership, the provisioning server provides the appropriate OS as mentioned in [0045] and [0085]. Therefore, the management server 216 has the ownership information to identify the appropriate OS from the provisioning server that maintains a repository of the plurality of OSs. The OSs are device specific and it is understood that device specific OSs have different functionality ([0075] –[0076]; how the device configured with OS and various policies determining how OS may perform on the device). 

For claim 38, McCarron et al mention that NBP directs device to download OS from provisioning server 238 ([0085]). The resource server provides various device records ([0077] and [0051]) to download appropriate OS from provisioning server. McCarron does not explicitly mention that address is received from the management server. Examiner takes official notice that receiving address from management server is known in the art. It would have been obvious for one ordinary skill in the art before the effective filing date of the invention to receive address from management server, since the server provides various records corresponding to the device. McCarron [0053] mention that servers can be combined into one or several servers. Therefore, when configuration and resource server are combined, the device can obtain the address of the provisioning server from the management server. 

For claim 40, McCarron [0099] mention that operating system can be stored locally and Azzarello mention that primary boot OS is stored on disk ([0003] and [0033]). Although not mention the hidden partition, Examiner takes official notice that storing OS in hidden partition is well known in the art. It would have been obvious for one ordinary skill in the art before the effective filing date of the invention to include a hidden partition and save a second OS for further added functionalities, since saving/retrieving OS on/from local disk provides the quick access to the OS.  

4.	Claims 25, 32 and 39 is/are rejected under 35 U.S.C. 103 as being unpatentable over McCarron et al (US Patent Application Publication 2014/0025359), further in view of Azzarello et al (US Patent Application Publication 20070260868), in view of Wienstroer et al (US Patent Application Publication 2018/0054354), further in view of Reagan et al (US Patent Application Publication 20160188307)

For claim 25, McCarron, [0075]-[0076] how the device is to be configured and how an OS may perform. Thus the management policies are enforced during boot of OS because the OS enforces the policies.  Azzarello mentions that the recently obtained second OS image is chained to the previous image by stages ([0012]). Thus, the first OS image with the management functionality can be implemented with a management agent within the first OS from the provisioning server mentioned in McCarron, which will provide enforcing of the policies subsequent to booting of the OSs. Wienstroer et al  mentions that management agent is part of OS ([0023]). The cited art does not mention enforcing the policies prior to user login during the boot. Reagan teaches that the downloaded agent application can complete the enrollment process and operates as part of the OS (Fig 2B, Fig 4 and [0032]). It would have been obvious for one ordinary skill in the art before the effective filing date of the invention to combine the teachings of McCarron, Azzarello, Wienstroer et al and Reagan to enforce the management functionalities prior to user login during boot. With the teaching of Reagan mentioned in [0031]-[0032] (without user intervention), the system of McCarron, in view of Azzarello, in view of Wienstroer can complete the enrollment during boot, which ensures that the management agent enforces policies prior to user login.  

For claim 32, McCarron, [0075]-[0076] how the device is to be configured and how an OS may perform. Thus the management policies are enforced during boot of OS because the OS enforces the policies.  Azzarello mentions that the recently obtained second OS image is chained to the previous image by stages ([0012]). Thus, the first OS image with the management functionality can be implemented with a management agent within the first OS from the provisioning server mentioned in McCarron, which will provide enforcing of the policies subsequent to booting of the OSs. Wienstroer et al  mentions that management agent is part of OS ([0023]). The cited art does not mention enforcing the policies prior to user login during the boot. Reagan teaches that the downloaded agent application can complete the enrollment process and operates as part of the OS (Fig 2B, Fig 4 and [0032]). It would have been obvious for one ordinary skill in the art before the effective filing date of the invention to combine the teachings of McCarron, Azzarello, Wienstroer et al and Reagan to enforce the management functionalities prior to user login during boot. With the teaching of Reagan mentioned in [0031]-[0032] (without user intervention), the system of McCarron, in view of Azzarello, in view of Wienstroer can complete the enrollment during boot, which ensures that the management agent enforces policies prior to user login.  

For claim 39, McCarron, [0075]-[0076] how the device is to be configured and how an OS may perform. Thus, the management policies are enforced during boot of OS because the OS enforces the policies.  Azzarello mentions that the recently obtained second OS image is chained to the previous image by stages ([0012]). Thus, the first OS image with the management functionality can be implemented with a management agent within the first OS from the provisioning server mentioned in McCarron, which will provide enforcing of the policies subsequent to booting of the OSs. Wienstroer et al  mentions that management agent is part of OS ([0023]).The cited art does not mention enforcing the policies prior to user login during the boot. Reagan teaches that the downloaded agent application can complete the enrollment process and operates as part of the OS (Fig 2B, Fig 4 and [0032]). It would have been obvious for one ordinary skill in the art before the effective filing date of the invention to combine the teachings of McCarron, Azzarello, Wienstroer et al and Reagan to enforce the management functionalities prior to user login during boot. With the teaching of Reagan mentioned in [0031]-[0032] (without user intervention), the system of McCarron, in view of Azzarello, in view of Wienstroer can complete the enrollment during boot, which ensures that the management agent enforces policies prior to user login.  

Response to Arguments
Applicant’s arguments have been considered but are moot because the new ground of rejection does not rely on reference applied in the prior rejection of record for any teaching or matter challenged in the argument.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to FAHMIDA RAHMAN whose telephone number is (571)272-8159. The examiner can normally be reached Monday - Friday 10 AM - 7 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kim Huynh can be reached on 571-272-4147. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/FAHMIDA RAHMAN/Primary Examiner, Art Unit 2186