Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in reply to papers filed on 12/02/2020. Claims 1-20 are pending. Claims 1, 13, and 20 are independent.
	

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 11-12 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

As per claim 11:
Claim 11 recites: “… enable the local management agent to …”. The term “the local management agent” makes the claims indefinite as it lacks proper antecedent basis.

As per claim 12:
Claim 12 is rejected under 35 U.S.C. 112(b) for failing to particularly point out and distinctly claim the subject matter due to its dependency on claim 11.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.


Claims 1-3, 5, 13-14, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Ochmanski et al., US 2017/0099148 A1 (hereinafter, “Ochmanski ‘148”) in view of Lattin et al., US 2018/0137261 A1 (hereinafter, “Lattin ‘261”).

As per claim 1: Ochmanski ‘148 discloses:
An Information Handling System (IHS) (device 20, [Ochmanski ‘148, ¶24; Fig. 1]), comprising: 
a processor; and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to (memory 26 coupled to a processor 24, where the memory 26 stores instructions executed by the processor 24 to cause the device 20 to perform operations [Ochmanski ‘148, ¶24; Fig. 1]): 
transmit, to a first portal (transmitting data to the authorization server 30 via a request from the device 20 to access a resource [Ochmanski ‘148, ¶29; Fig. 1, Fig. 2]) 
(i) (transmitting a unique client_id, also referred to as client application identifier, of a client application running on the device 20 [Ochmanski ‘148, ¶¶40, 42, 61]), and
(ii) device identification associated with the IHS (transmitting a device identifier (DevID) of the device 20 to the authorization server 30 [Ochmanski ‘148, ¶¶22, 29, 40; Fig. 2, Fig. 4]) by the manufacturer prior to the IHS leaving the manufacturer's factory or control (the DevID is embedded in the device 20 by the manufacturer at build time of the device 20 [Ochmanski ‘148, ¶¶25-26, 29; Fig. 1]), wherein the first portal (authorization server 30 [Ochmanski ‘148, ¶29; Fig. 1, Fig. 2]) is configured to:	
		(a) select a customer of the manufacturer associated with the device identification (based on the received DevID, the authorization server 30 brokers and selects the proper device identity validation server 40(1)-40(N) from a plurality of 40(1)-40(N) servers, where each server may be associated with a particular enterprise where the device 20 is used by a user [Ochmanski ‘148, ¶¶32-34, 43-44; Fig. 1, Fig. 2]); 	
		(b) forward an indication of the (forwarding the DevID to the proper validation server 40(1)-40(N), where the server may belong to a particular enterprise [Ochmanski ‘148, ¶¶43-45, 58; Fig. 2]); and 
		(c) in response to the second portal having successfully authenticated (under the broadest reasonable interpretation, an ‘identity session’ is interpreted as a connection between devices to exchange data, where the data exchanged is used to authenticate certain identities; in response to the device identity validation server 40(1)-40(N) having successfully authenticated the device 20, establishing a connection between the identity validation server 40(1)-40(N) and the authorization server 30 to send responses containing authentication results associated with the identity of a device 20 [Ochmanski ‘148, ¶¶46-50; Fig. 2]);
		transmit, to the first portal, a request to initiate an entitlement sequence, wherein the first portal is configured to verify the request against the identity session; and receive an asset as part of the entitlement sequence (transmit to the authorization server 30, an entitlement validation request, where in response to a verified request based on an authenticated identity, enabling access to resources by the device 20 [Ochmanski ‘148, ¶¶29, 49-51, 58, 64; Fig. 2, Fig. 5]).

As stated above, Ochmanski ‘148 does not explicitly disclose: “transmit, to a first portal managed by a manufacturer of the IHS: (i) user credentials associated with a user of … (b) forward an indication of the user credentials to a second portal managed by the customer; and (c) in response to the second portal having successfully authenticated the user …”.
Lattin ‘261, however, discloses:
transmit, to a first portal managed by a manufacturer of the IHS: (i) user credentials associated with a user of … (transfer identifying information associated with the user 109, such as username and password, to a manufacturer’s user portal 115 [Lattin ‘261, ¶33; Fig. 1])
(b) forward an indication of the user credentials to a second portal … in response to the second portal having successfully authenticated the user … (forwarding the identifying information associated with the user 109 to the provisioning controller 120, where in response to the provisioning controller 120 having successfully authenticated the user 109, performing a provisioning process of the device 106, and where the provisioning controller 120 may be integrated with a user's enterprise identification and authentication system [Lattin ‘261, ¶¶33, 51-52; Fig. 1])

Ochmanski ‘148 and Lattin ‘261 are analogous art because they are from the same field of endeavor, namely that of authenticating devices and provisioning applications on a device. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Ochmanski ‘148 and Lattin ‘261 before them, to modify the method in Ochmanski ‘148 to include the teachings of Lattin ‘261, namely to implement the authorization server 30 of Ochmanski ‘148 such that it is managed the manufacturer, as disclosed in Lattin ‘261; and further to have the client_id of Ochmanski ‘148 to further include identifying information associated with the user device 20 that may be forwarded to the proper identity validation server 40(1)-40(N) where the user may be verified, as disclosed in Lattin ‘261. The motivation for doing so would be to increase the security during the provisioning process for devices, where not only are the devices themselves authenticated but also the users associated with the provisioning process, and where the authentication of the users is performed within multiple layers of secure entities, such as within a manufacturer’s portal and a provisioning controller (see Lattin ‘261, ¶¶7-8, 33). 

As per claim 2: Ochmanski ‘148 and Lattin ‘261 discloses all limitations of claim 1, as stated above, from which claim 2 is dependent upon. Furthermore, Ochmanski ‘148 discloses:	wherein the first portal enables access to an entitlement service (the authorization server 30, enables an entitlement process [Ochmanski ‘148, ¶¶29, 43-44, 49, 51, 64; Fig. 2]) and wherein the second portal enables access to a (the device identity validation server 40(1)-40(N) enables access to device identification service associated with a particular enterprise where the device 20 is used by a user [Ochmanski ‘148, ¶¶43-46; Fig. 1, Fig. 2]).

As stated above, Ochmanski ‘148 does not explicitly disclose the limitations: “wherein the first portal … managed by the manufacturer and wherein the second portal enables access to a user identification service managed by the customer.”
	Lattin ‘261, however, discloses:
	wherein the first portal … managed by the manufacturer (manufacturer’s user portal 115 [Lattin ‘261, ¶33; Fig. 1]) and 
	wherein the second portal enables access to a user identification service managed by the customer (the provisioning controller 120 performing identification and authentication of the user 109, where the provisioning controller 120 may be integrated with a user's enterprise identification and authentication system [Lattin ‘261, ¶¶33, 51-52; Fig. 1]).

Ochmanski ‘148 and Lattin ‘261 are analogous art because they are from the same field of endeavor, namely that of authenticating devices and provisioning applications on a device. For the reasons stated in claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Ochmanski ‘148 and Lattin ‘261 before them, to modify the method in Ochmanski ‘148 to include the teachings of Lattin ‘261.

	As per claim 3: Ochmanski ‘148 and Lattin ‘261 discloses all limitations of claim 1, as stated above, from which claim 3 is dependent upon. Furthermore, Ochmanski ‘148 discloses:
	(using a device identifier (DevID) to facilitate authentication of the device 20, where the DevID is a digital certificate based on asymmetric encryption, where DevID public/private keys are generated [Ochmanski ‘148, ¶¶22, 25-26, 35, 56]).

As stated above, Ochmanski ‘148 does not explicitly disclose: “wherein the user credentials comprise a username and password, …”.
Lattin ‘261, however, discloses:
wherein the user credentials comprise a username and password, … (transfer identifying information associated with the user 109, such as username and password, to a manufacturer’s user portal 115 [Lattin ‘261, ¶33; Fig. 1])

	Ochmanski ‘148 and Lattin ‘261 are analogous art because they are from the same field of endeavor, namely that of authenticating devices and provisioning applications on a device. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Ochmanski ‘148 and Lattin ‘261 before them, to modify the method in Ochmanski ‘148 to include the teachings of Lattin ‘261, namely to have the client_id of Ochmanski ‘148 to further include identifying information, such as a username and a password, associated with the user device 20 that may be forwarded to the proper identity validation server 40(1)-40(N) where the user may be verified, as disclosed in Lattin ‘261. The motivation for doing so would be to increase the security during the provisioning process for devices, where not only are the devices themselves authenticated but also the users associated with the provisioning process, and where the users may be verified via common methods such as through passwords and usernames (see Lattin ‘261, ¶¶7-8, 33).

	As per claim 5: Ochmanski ‘148 and Lattin ‘261 discloses all limitations of claim 1, as stated above, from which claim 5 is dependent upon. Furthermore, Ochmanski ‘148 discloses:
	wherein the entitlement sequence comprises a list of one or more assets to be delivered to the IHS (the entitlement process comprises a permissions database 210 which lists application licenses and available sub-resources that is to be looked-up received by an authenticated requesting device 20 [Ochmanski ‘148, ¶¶48-49, 51-52, 55, 64]).
	
As per claim 13: Ochmanski ‘148 discloses:
A memory storage device having program instructions stored thereon that, upon execution by an Information Handling System (IHS), cause the IHS to (memory 26 coupled to a processor 24, where the memory 26 stores instructions executed by the processor 24 to cause the device 20 to perform operations [Ochmanski ‘148, ¶24; Fig. 1]): 
	transmit, to a first portal (transmitting data to the authorization server 30 via a request from the device 20 to access a resource [Ochmanski ‘148, ¶29; Fig. 1, Fig. 2]) 
(i) (transmitting a unique client_id, also referred to as client application identifier, of a client application running on the device 20 [Ochmanski ‘148, ¶¶40, 42, 61]), and 
(ii) device identification associated with the IHS (transmitting a device identifier (DevID) of the device 20 to the authorization server 30 [Ochmanski ‘148, ¶¶22, 29, 40; Fig. 2, Fig. 4]) by the manufacturer prior to the IHS having been received by the user (the DevID is embedded in the device 20 by the manufacturer at build time of the device 20 [Ochmanski ‘148, ¶¶25-26, 29; Fig. 1]), wherein the first portal (authorization server 30 [Ochmanski ‘148, ¶29; Fig. 1, Fig. 2]) is configured to:	
		(a) select a customer of the manufacturer associated with the device identification (based on the received DevID, the authorization server 30 brokers and selects the proper device identity validation server 40(1)-40(N) from a plurality of 40(1)-40(N) servers, where each server may be associated with a particular enterprise where the device 20 is used by a user [Ochmanski ‘148, ¶¶32-34, 43-44; Fig. 1, Fig. 2]); 	
		(b) forward an indication of the (forwarding the DevID to the proper validation server 40(1)-40(N), where the server may belong to a particular enterprise [Ochmanski ‘148, ¶¶43-45, 58; Fig. 2]); and 
		(c) in response to the second portal having successfully authenticated the user, establish an identity session with the second portal (under the broadest reasonable interpretation, an ‘identity session’ is interpreted as a connection between devices to exchange data, where the data exchanged is used to authenticate certain identities; in response to the device identity validation server 40(1)-40(N) having successfully authenticated the device 20, establishing a connection between the identity validation server 40(1)-40(N) and the authorization server 30 to send responses containing authentication results associated with the identity of a device 20 [Ochmanski ‘148, ¶¶46-50; Fig. 2]); and
		transmit, to the second portal, a request to initiate an entitlement sequence, wherein the second portal is configured to verify the request against the identity session; and receive an asset as part of the entitlement sequence (transmit to the authorization server 30, an entitlement validation request, where in response to a verified request based on an authenticated identity, enabling access to resources by the device 20 [Ochmanski ‘148, ¶¶29, 49-51, 58, 64; Fig. 2, Fig. 5]).

As stated above, Ochmanski ‘148 does not explicitly disclose: “transmit, to a first portal managed by a manufacturer of the IHS: (i) user credentials associated with a user of … (b) forward an indication of the user credentials to a second portal managed by the customer; and (c) in response to the second portal having successfully authenticated the user …”.
Lattin ‘261, however, discloses:
transmit, to a first portal managed by a manufacturer of the IHS: (i) user credentials associated with a user of … (transfer identifying information associated with the user 109, such as username and password, to a manufacturer’s user portal 115 [Lattin ‘261, ¶33; Fig. 1])
(b) forward an indication of the user credentials to a second portal … in response to the second portal having successfully authenticated the user … (forwarding the identifying information associated with the user 109 to the provisioning controller 120, where in response to the provisioning controller 120 having successfully authenticated the user 109, performing a provisioning process of the device 106, and where the provisioning controller 120 may be integrated with a user's enterprise identification and authentication system [Lattin ‘261, ¶¶33, 51-52; Fig. 1])

	Ochmanski ‘148 and Lattin ‘261 are analogous art because they are from the same field of endeavor, namely that of authenticating devices and provisioning applications on a device. For the reasons stated in claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Ochmanski ‘148 and Lattin ‘261 before them, to modify the method in Ochmanski ‘148 to include the teachings of Lattin ‘261.

	As per claim 14: Ochmanski ‘148 and Lattin ‘261 discloses all limitations of claim 13, as stated above, from which claim 14 is dependent upon. Furthermore, Ochmanski ‘148 discloses:
	(using a device identifier (DevID) to facilitate authentication of the device 20, where the DevID is a digital certificate based on asymmetric encryption, where DevID public/private keys are generated [Ochmanski ‘148, ¶¶22, 25-26, 35, 56]).

As stated above, Ochmanski ‘148 does not explicitly disclose: “wherein the user credentials comprise a username and password, …”.
Lattin ‘261, however, discloses:
wherein the user credentials comprise a username and password, … (transfer identifying information associated with the user 109, such as username and password, to a manufacturer’s user portal 115 [Lattin ‘261, ¶33; Fig. 1])

	Ochmanski ‘148 and Lattin ‘261 are analogous art because they are from the same field of endeavor, namely that of authenticating devices and provisioning applications on a device. For the reasons stated in claim 3, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Ochmanski ‘148 and Lattin ‘261 before them, to modify the method in Ochmanski ‘148 to include the teachings of Lattin ‘261. 

As per claim 20: Ochmanski ‘148 discloses:
A method, comprising: 
receiving, at a first portal (transmitting data to the authorization server 30 via a request from the device 20 to access a resource, where the data comprises a unique client_id, also referred to as client application identifier, of a client application running on the device 20 [Ochmanski ‘148, ¶¶29, 40, 42, 61; Fig. 1, Fig. 2]), and (ii) device identification associated with the IHS (transmitting a device identifier (DevID) of the device 20 to the authorization server 30 [Ochmanski ‘148, ¶¶22, 29, 40; Fig. 2, Fig. 4]) before the IHS is shipped to the user (the DevID is embedded in the device 20 by the manufacturer at build time of the device 20 [Ochmanski ‘148, ¶¶25-26, 29; Fig. 1]); 
selecting a customer of the manufacturer associated with the device identification (based on the received DevID, the authorization server 30 brokers and selects the proper device identity validation server 40(1)-40(N) from a plurality of 40(1)-40(N) servers, where each server may be associated with a particular enterprise where the device 20 is used by a user [Ochmanski ‘148, ¶¶32-34, 43-44; Fig. 1, Fig. 2]); 
forwarding an indication of the (forwarding the DevID to the proper validation server 40(1)-40(N), where the server may belong to a particular enterprise [Ochmanski ‘148, ¶¶43-45, 58; Fig. 2]); 
in response to the second portal having successfully authenticated (under the broadest reasonable interpretation, an ‘identity session’ is interpreted as a connection between devices to exchange data, where the data exchanged is used to authenticate certain identities; in response to the device identity validation server 40(1)-40(N) having successfully authenticated the device 20, establishing a connection between the identity validation server 40(1)-40(N) and the authorization server 30 to send responses containing authentication results associated with the identity of a device 20 [Ochmanski ‘148, ¶¶46-50; Fig. 2]); 
receiving, from the IHS, a request to initiate an entitlement sequence, wherein the first portal is configured to verify the request against the identity session; and at least one of: (i) providing an asset to the IHS as part of the entitlement sequence (transmit to the authorization server 30, an entitlement validation request, where in response to a verified request based on an authenticated identity, enabling access to resources by the device 20 [Ochmanski ‘148, ¶¶29, 49-51, 58, 64; Fig. 2, Fig. 5]); or (ii) redirecting the IHS to a workspace orchestration service configured to provide a workspace definition to the IHS.

As stated above, Ochmanski ‘148 does not explicitly disclose: “receiving, at a first portal managed by a manufacturer of an Information Handling System (IHS): (i) user credentials associated with a user of … forwarding an indication of the user credentials to a second portal managed by the customer; in response to the second portal having successfully authenticated the user …”.
Lattin ‘261, however, discloses:
receiving, at a first portal managed by a manufacturer of an Information Handling System (IHS): (i) user credentials associated with a user of … (transfer identifying information associated with the user 109, such as username and password, to a manufacturer’s user portal 115 [Lattin ‘261, ¶33; Fig. 1])
forwarding an indication of the user credentials to a second portal managed by the customer; in response to the second portal having successfully authenticated the user … (forwarding the identifying information associated with the user 109 to the provisioning controller 120, where in response to the provisioning controller 120 having successfully authenticated the user 109, performing a provisioning process of the device 106, and where the provisioning controller 120 may be integrated with a user's enterprise identification and authentication system [Lattin ‘261, ¶¶33, 51-52; Fig. 1])

Ochmanski ‘148 and Lattin ‘261 are analogous art because they are from the same field of endeavor, namely that of authenticating devices and provisioning applications on a device. For the reasons stated in claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Ochmanski ‘148 and Lattin ‘261 before them, to modify the method in Ochmanski ‘148 to include the teachings of Lattin ‘261.


Claims 4 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Ochmanski ‘148, in view of Lattin ‘261, and further in view of Geusz et al., US 10,855,674 B1 (hereinafter, “Geusz ‘674”).

	As per claim 4: Ochmanski ‘148 in view of Lattin ‘261 discloses all limitations of claim 1, as stated above, from which claim 4 is dependent upon. Ochmanski ‘148 in view of Lattin ‘261 does not explicitly disclose the limitations of claim 4. Geusz ‘674, however, discloses:
	wherein the identity session is configured by the customer to stay open for a selected amount of time (an authenticated session is initiated based on the verification of valid certificate 102/authentication data, where the certificate 102 may be time-dependable and have an expiration date, and where certificates 102 are generated and configured by the employer-managed server 120 [Geusz ‘674, Col. 6 lines 63-Col. 7 line 19, Col. 10 lines 17-23, Col. 12 lines 15-35, Col. 19 line 52-Col. 20 line 2, Col. 20 lines 11-31]).

Ochmanski ‘148 (modified by Lattin ‘261) and Geusz ‘674 are analogous art because they are from the same field of endeavor, namely that of authenticating devices and provisioning applications on a device. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Ochmanski ‘148 (modified by Lattin ‘261) and Geusz ‘674 before them, to modify the method in Ochmanski ‘148 (modified by Lattin ‘261) to include the teachings of Geusz ‘674, namely to implement the connection between the identity validation server 40(1)-40(N) and the authorization server 30 that sends responses containing authentication results associated with the identity of a device 20, as disclosed in Ochmanski ‘148, such that the connection only stays open for a certain time based on data, such as a certificate, issued by the enterprise that controls the corresponding identity validation server 40(1)-40(N), as disclosed in Geusz ‘674. The motivation for doing so would be to increase the security during the provisioning process for devices by preventing unauthorized access to resources by malicious actors that may be using expired credentials and certificates (see Geusz ‘674, Col. 19 line 52-Col. 20 line 2, Col. 20 lines 11-31).

	As per claim 15: Ochmanski ‘148 in view of Lattin ‘261 discloses all limitations of claim 13, as stated above, from which claim 15 is dependent upon. Ochmanski ‘148 in view of Lattin ‘261 does not explicitly disclose the limitations of claim 15. Geusz ‘674, however, discloses:
	wherein the identity session is configured by the customer to stay open for a selected amount of time (an authenticated session is initiated based on the verification of valid certificate 102/authentication data, where the certificate 102 may be time-dependable and have an expiration date, and where certificates 102 are generated and configured by the employer-managed server 120 [Geusz ‘674, Col. 6 lines 63-Col. 7 line 19, Col. 10 lines 17-23, Col. 12 lines 15-35, Col. 19 line 52-Col. 20 line 2, Col. 20 lines 11-31]).

Ochmanski ‘148 (modified by Lattin ‘261) and Geusz ‘674 are analogous art because they are from the same field of endeavor, namely that of authenticating devices and provisioning applications on a device. For the reasons stated in claim 4, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Ochmanski ‘148 (modified by Lattin ‘261) and Geusz ‘674 before them, to modify the method in Ochmanski ‘148 (modified by Lattin ‘261) to include the teachings of Geusz ‘674.


Claims 6-7 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Ochmanski ‘148, in view of Lattin ‘261, and further in view of Mueller et al., US 10,425,229 B2 (hereinafter, “Mueller ‘229”).

As per claim 6: Ochmanski ‘148 and Lattin ‘261 discloses all limitations of claims 1 and 5, as stated above, from which claim 6 is dependent upon. Furthermore, Ochmanski ‘148 discloses:
wherein to receive the asset as part of the entitlement sequence (transmit to the authorization server 30, an entitlement validation request, where in response to a verified request, enabling access to resources by the device 20 [Ochmanski ‘148, ¶¶44, 49-50, 58, 64; Fig. 2, Fig. 5]), the program instructions, upon execution, further cause the IHS to receive the asset through (the authorization server 30 receives a request by device 20 to access resources within one or more resource servers 50(1)-50(K); in response to an authenticated request, the authorization server 30 provides the device 20 with access tokens that directs the device 20 to communicate with the corresponding resource servers 50(1)-50(K), where the resource servers 50(1)-50(K) may provide resources in the form of hosted services or data [Ochmanski ‘148, ¶¶23, 29, 44, 50, 64]) 

	As stated above, Ochmanski ‘148 in view of Lattin ‘261 does not explicitly disclose: “… receive the asset as part of the entitlement sequence … to receive the asset through the first portal.”
	Mueller ‘229, however, discloses:
	receive the asset as part of the entitlement sequence … to receive the asset through the first portal (a process of provisioning an operating system (OS) to a server 104, where the server 104 transmits a provisioning/authentication request to services provided by the secure facility 114, and where the server 104 subsequently receives the OS through the services provided by the secure facility 114 [Mueller ‘229, Col. 6 lines 14-49, Col. 7 lines 10-24, Col. 9 lines 31-37; Fig. 1]).

	Ochmanski ‘148 (modified by Lattin ‘261) and Mueller ‘229 are analogous art because they are from the same field of endeavor, namely that of authenticating devices and maintaining the integrity of a computing system. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Ochmanski ‘148 (modified by Lattin ‘261) and Mueller ‘229 before them, to modify the method in Ochmanski ‘148 (modified by Lattin ‘261) to include the teachings of Mueller ‘229, namely to configure the authorization server 30, as disclosed in Ochmanski ‘148, to not only be an intermediary that receives/forwards authentication information, but also to host/provide requested data, such as a requested OS, to the requesting device during an entitlement process, as disclosed in Mueller ‘229. The motivation for doing so would be to increase the security of a provisioning process for a computing system by providing a secure facility to host provisioning services that not only facilitates authentication, but also hosts/provides the requested OS data, where the secure facility is under control of the operator of the computing system (see Mueller ‘229, Col. 6 line 14-Col. 7 line 9, Col. 8 lines 38-62).

As per claim 7: Ochmanski ‘148 and Lattin ‘261 discloses all limitations of claims 1 and 5-6, as stated above, from which claim 7 is dependent upon. Ochmanski ‘148 and Lattin ‘261 does not explicitly disclose the limitations of claim 7. Mueller ‘229, however, discloses:
	wherein the asset comprises an Operating System (OS) (a process of provisioning an operating system (OS) to a server 104, where the server 104 transmits a provisioning/authentication request to services provided by the secure facility 114, and where the server 104 subsequently receives the OS through the services provided by the secure facility 114 [Mueller ‘229, Col. 6 lines 14-49, Col. 7 lines 10-24, Col. 9 lines 31-37; Fig. 1]).
	
	Ochmanski ‘148 (modified by Lattin ‘261) and Mueller ‘229 are analogous art because they are from the same field of endeavor, namely that of authenticating devices and maintaining the integrity of a computing system. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Ochmanski ‘148 (modified by Lattin ‘261) and Mueller ‘229 before them, to modify the method in Ochmanski ‘148 (modified by Lattin ‘261) to include the teachings of Mueller ‘229, namely to implement the resource accessing processes in Ochmanski ‘148 to accessing and receiving operating systems for devices, as disclosed in Mueller ‘229. The motivation for doing so would be to provide a secure method of provisioning and installing critical components of a device, such as an operating system, for a device which may be in an unsecure location (see Mueller ‘229, Col. 2 line 64-Col. 3 line 39).

As per claim 16: Ochmanski ‘148 and Lattin ‘261 discloses all limitations of claim 13, as stated above, from which claim 16 is dependent upon. Ochmanski ‘148 and Lattin ‘261 does not explicitly disclose the limitations of claim 16. Mueller ‘229, however, discloses:
	wherein the asset comprises an Operating System (OS) (a process of provisioning an operating system (OS) to a server 104, where the server 104 transmits a provisioning/authentication request to services provided by the secure facility 114, and where the server 104 subsequently receives the OS through the services provided by the secure facility 114 [Mueller ‘229, Col. 6 lines 14-49, Col. 7 lines 10-24, Col. 9 lines 31-37; Fig. 1]).
	
	Ochmanski ‘148 (modified by Lattin ‘261) and Mueller ‘229 are analogous art because they are from the same field of endeavor, namely that of authenticating devices and maintaining the integrity of a computing system. For the reasons stated in claim 7, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Ochmanski ‘148 (modified by Lattin ‘261) and Mueller ‘229 before them, to modify the method in Ochmanski ‘148 (modified by Lattin ‘261) to include the teachings of Mueller ‘229.


Claims 8-10 and 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Ochmanski ‘148, in view of Lattin ‘261, and further in view of Hollis et al., US 8,874,685 (hereinafter, “Hollis ‘685”).
	
As per claim 8: Ochmanski ‘148 and Lattin ‘261 discloses all limitations of claims 1 and 5, as stated above, from which claim 8 is dependent upon. Furthermore, Ochmanski ‘148 discloses:
wherein to receive the asset as part of the entitlement sequence, the program instructions, upon execution, further cause the IHS to (receiving resources, by the device 20, as part of an entitlement process [Ochmanski ‘148, ¶¶48-51, 64]): 
receive, from the first portal, a redirection instruction to connect to a (the authorization server 30 receives a request by device 20 to access resources within one or more resource servers 50(1)-50(K); in response to an authenticated request, the authorization server 30 provides the device 20 with access tokens that directs the device 20 to communicate with the corresponding resource servers 50(1)-50(K), where the resource servers 50(1)-50(K) may provide resources in the form of hosted services or data [Ochmanski ‘148, ¶¶23, 29, 44, 50, 64]); and 
in response to following the redirection instruction, receive the asset from the (in response to receiving access tokens that directs the device 20 to communicate with the corresponding resource servers 50(1)-50(K), receiving resources from the corresponding resource servers 50(1)-50(K) [Ochmanski ‘148, ¶¶29, 50-51,58, 64]).

As stated above, Ochmanski ‘148 in view of Lattin ‘261 does not explicitly disclose: “… connect to a workspace orchestration service; and … receive the asset from the workspace orchestration service.”
Hollis ‘685, however, discloses:
… connect to a workspace orchestration service (connect to a Security Content Automation Protocol (SCAP) service, where the SCAP service is administered by a network administrator 1310 through [Hollis ‘685, Col. 4 line 27-Col. 5 line 3]); and 
… receive the asset from the workspace orchestration service (receiving data from the SCAP service, where the data may comprise a SCAP compliance profile that provides security/vulnerability benchmarks, also referred to as standardized compliance profiles, for the system of devices, and indicates deviations from the desired state for the system [Hollis ‘685, Col. 4 lines 4-46, Col. 5 lines 35-54]).

Ochmanski ‘148 (modified by Lattin ‘261) and Hollis ‘685 are analogous art because they are from the same field of endeavor, namely that of authenticating devices and maintaining the integrity of a computing system. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Ochmanski ‘148 (modified by Lattin ‘261) and Hollis ‘685 before them, to modify the method in Ochmanski ‘148 (modified by Lattin ‘261) to include the teachings of Hollis ‘685, namely to implement an intermediary authorization server 30, as disclosed in Ochmanski ‘148, to provide the device 20 with access tokens that directs the device 20 to communicate with the corresponding resource servers 50(1)-50(K), and where the resource servers 50(1)-50(K) may be hosting a SCAP service, as disclosed in Hollis ‘685, that provides a SCAP compliance profile that indicates security/vulnerability benchmarks and indicates deviations from the desired state for the system. The motivation for doing so would be to have an efficient method of detecting and providing information regarding the status of a computing system, such that corrective/protective actions for the system may be performed based on the provided information (see Hollis ‘685, Col. 4 lines 4-46, Col. 8 lines 54-62).

As per claim 9: Ochmanski ‘148 in view of Lattin ‘261, and further in view of Hollis ‘685 discloses all limitations of claims 1, 5, and 8, as stated above, from which claim 9 is dependent upon. Ochmanski ‘148 in view of Lattin ‘261 does not explicitly disclose the limitations of claim 9. Hollis ‘685, however, discloses:
wherein the asset comprises a workspace definition (the data comprises a SCAP compliance profile that provides security/vulnerability benchmarks, also referred to as standardized compliance profiles, for the system of devices, and indicates deviations from the desired state for the system [Hollis ‘685, Col. 4 lines 4-46, Col. 5 lines 35-54]).

Ochmanski ‘148 (modified by Lattin ‘261) and Hollis ‘685 are analogous art because they are from the same field of endeavor, namely that of authenticating devices and maintaining the integrity of a computing system. For the reasons stated in claim 8, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Ochmanski ‘148 (modified by Lattin ‘261) and Hollis ‘685 before them, to modify the method in Ochmanski ‘148 (modified by Lattin ‘261) to include the teachings of Hollis ‘685.

As per claim 10: Ochmanski ‘148 in view of Lattin ‘261, and further in view of Hollis ‘685 discloses all limitations of claims 1, 5, and 8-9, as stated above, from which claim 10 is dependent upon. Ochmanski ‘148 in view of Lattin ‘261 does not explicitly disclose the limitations of claim 10. Hollis ‘685, however, discloses:
wherein the workspace definition (SCAP compliance profile that provides security/vulnerability benchmarks, also referred to as standardized compliance profiles, for the system of devices, and indicates deviations from the desired state for the system [Hollis ‘685, Col. 4 lines 4-46, Col. 5 lines 35-54]) comprises at least one of: 
a threat monitoring level, a threat detection level, a threat analytics level, a threat response level, a storage confidentiality level, a network confidentiality level, a memory confidentiality level, a display confidentiality level, a user authentication level, an Information Technology (IT) administration level, a regulatory compliance level, a local storage control level, a Central Processing Unit (CPU) access level, a graphics access level, an application usage level, or an application installation level (the SCAP profile comprises compliance scores, patch scores, vulnerability scores, security scores, security metrics, tolerance levels, warning levels, failing levels, and various benchmarks, standardized profiles, and thresholds that measured data from the system is compared to [Hollis ‘685, Col. 5 line 4-Col. 5 line 54, Col. 6 lines 17-42, Col. 8 line 63-Col. 9 line 27, Col. 10 line 58-Col. 11 line 8]).

Ochmanski ‘148 (modified by Lattin ‘261) and Hollis ‘685 are analogous art because they are from the same field of endeavor, namely that of authenticating devices and maintaining the integrity of a computing system. For the reasons stated in claim 8, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Ochmanski ‘148 (modified by Lattin ‘261) and Hollis ‘685 before them, to modify the method in Ochmanski ‘148 (modified by Lattin ‘261) to include the teachings of Hollis ‘685.

As per claim 17: Ochmanski ‘148 and Lattin ‘261 discloses all limitations of claim 13, as stated above, from which claim 17 is dependent upon. Furthermore, Ochmanski ‘148 discloses:
wherein to receive the asset as part of the entitlement sequence, the program instructions, upon execution, further cause the IHS to (receiving resources, by the device 20, as part of an entitlement process [Ochmanski ‘148, ¶¶48-51, 64]): 
receive, from (the authorization server 30 receives a request by device 20 to access resources within one or more resource servers 50(1)-50(K); in response to an authenticated request, the authorization server 30 provides the device 20 with access tokens that directs the device 20 to communicate with the corresponding resource servers 50(1)-50(K), where the resource servers 50(1)-50(K) may provide resources in the form of hosted services or data [Ochmanski ‘148, ¶¶23, 29, 44, 50, 64]); and 
in response to following the redirection instruction, receive the asset from the (in response to receiving access tokens that directs the device 20 to communicate with the corresponding resource servers 50(1)-50(K), receiving resources from the corresponding resource servers 50(1)-50(K) [Ochmanski ‘148, ¶¶29, 50-51,58, 64]).

As stated above, Ochmanski ‘148 in view of Lattin ‘261 does not explicitly disclose: “receive, from the second portal … instruction to connect to a workspace orchestration service; and … receive the asset from the workspace orchestration service.”
Hollis ‘685, however, discloses:
receive, from the second portal … instruction to connect to a workspace orchestration service (receive instruction from a configuration server to connect to and utilize a Security Content Automation Protocol (SCAP) service, where the SCAP service is administered by a network administrator 1310 through [Hollis ‘685, Col. 4 line 27-Col. 5 line 3, Col. 8 lines 1-16; Fig. 13]); and 
… receive the asset from the workspace orchestration service (receiving data from the SCAP service, where the data may comprise a SCAP compliance profile that provides security/vulnerability benchmarks, also referred to as standardized compliance profiles, for the system of devices, and indicates deviations from the desired state for the system [Hollis ‘685, Col. 4 lines 4-46, Col. 5 lines 35-54]).

Ochmanski ‘148 (modified by Lattin ‘261) and Hollis ‘685 are analogous art because they are from the same field of endeavor, namely that of authenticating devices and maintaining the integrity of a computing system. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Ochmanski ‘148 (modified by Lattin ‘261) and Hollis ‘685 before them, to modify the method in Ochmanski ‘148 (modified by Lattin ‘261) to include the teachings of Hollis ‘685, namely to implement the identity validation server 40(1)-40(N), as disclosed in Ochmanski ‘148, as a configuration server, as disclosed in Hollis ‘685, where the identity validation server 40(1)-40(N) would facilitate the device to connect to and utilize a SCAP service that may be hosted on resource servers 50(1)-50(K), and where a SCAP compliance profile indicates security/vulnerability benchmarks and deviations from the desired state for the system. The motivation for doing so would be to have an efficient method of detecting and providing information regarding the status of a computing system, such that corrective/protective actions for the system may be performed based on the provided information (see Hollis ‘685, Col. 4 lines 4-46, Col. 8 lines 54-62).

As per claim 18: Ochmanski ‘148 in view of Lattin ‘261, and further in view of Hollis ‘685 discloses all limitations of claims 13 and 17, as stated above, from which claim 18 is dependent upon. Ochmanski ‘148 in view of Lattin ‘261 does not explicitly disclose the limitations of claim 18. Hollis ‘685, however, discloses:
wherein the asset comprises a workspace definition (the data comprises a SCAP compliance profile that provides security/vulnerability benchmarks, also referred to as standardized compliance profiles, for the system of devices, and indicates deviations from the desired state for the system [Hollis ‘685, Col. 4 lines 4-46, Col. 5 lines 35-54]).

Ochmanski ‘148 (modified by Lattin ‘261) and Hollis ‘685 are analogous art because they are from the same field of endeavor, namely that of authenticating devices and maintaining the integrity of a computing system. For the reasons stated in claim 17, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Ochmanski ‘148 (modified by Lattin ‘261) and Hollis ‘685 before them, to modify the method in Ochmanski ‘148 (modified by Lattin ‘261) to include the teachings of Hollis ‘685.

As per claim 19: Ochmanski ‘148, in view of Lattin ‘261, and further in view of Hollis ‘685 discloses all limitations of claims 13 and 17-18, as stated above, from which claim 19 is dependent upon. Ochmanski ‘148, in view of Lattin ‘261 does not explicitly disclose the limitations of claim 19. Hollis ‘685, however, discloses:
wherein the workspace definition (SCAP compliance profile that provides security/vulnerability benchmarks, also referred to as standardized compliance profiles, for the system of devices, and indicates deviations from the desired state for the system [Hollis ‘685, Col. 4 lines 4-46, Col. 5 lines 35-54]) comprises at least one of: 
a threat monitoring level, a threat detection level, a threat analytics level, a threat response level, a storage confidentiality level, a network confidentiality level, a memory confidentiality level, a display confidentiality level, a user authentication level, an Information Technology (IT) administration level, a regulatory compliance level, a local storage control level, a Central Processing Unit (CPU) access level, a graphics access level, an application usage level, or an application installation level (the SCAP profile comprises compliance scores, patch scores, vulnerability scores, security scores, security metrics, tolerance levels, warning levels, failing levels, and various benchmarks, standardized profiles, and thresholds that measured data from the system is compared to [Hollis ‘685, Col. 5 line 4-Col. 5 line 54, Col. 6 lines 17-42, Col. 8 line 63-Col. 9 line 27, Col. 10 line 58-Col. 11 line 8]).

Ochmanski ‘148 (modified by Lattin ‘261) and Hollis ‘685 are analogous art because they are from the same field of endeavor, namely that of authenticating devices and maintaining the integrity of a computing system. For the reasons stated in claim 17, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Ochmanski ‘148 (modified by Lattin ‘261) and Hollis ‘685 before them, to modify the method in Ochmanski ‘148 (modified by Lattin ‘261) to include the teachings of Hollis ‘685.


Claims 11-12 are rejected under 35 U.S.C. 103 as being unpatentable over Ochmanski ‘148, in view of Lattin ‘261, and further in view of Hollis ‘685, and further in view of Coppinger et al., US 2014/0344009 A1 (hereinafter, “Coppinger ‘009”).

As per claim 11: Ochmanski ‘148, in view of Lattin ‘261, and further in view of Hollis ‘685 discloses all limitations of claims 1, 5, and 8-9, as stated above, from which claim 11 is dependent upon. Ochmanski ‘148, in view of Lattin ‘261 does not explicitly disclose the limitations of claim 11. Hollis ‘685, however, discloses:
wherein the program instructions, upon execution, further cause the IHS to: transmit, to the workspace orchestration service, context information (transmit to the SCAP service, SCAP configuration information [Hollis ‘685, Col. 4 lines 27-46, Col. 8 lines 1-16]); 
receive, from the workspace orchestration service, one or more files or policies (receive, from the SCAP service, assessment results based on a SCAP survey on the system of devices, where the assessment results may comprise indicate policies and desired states for the system [Hollis ‘685, Col. 4 line 27-Col. 5 line 3, Col. 5 line 55- Col. 6 line 16, Col. 7 lines 5-15]) configured to enable the local management agent to instantiate a workspace based upon the workspace definition (enabling the network administrator 1310 to establish a state for the system of devices based on information within the created compliance profile, where the state for the system may be established and maintained by performing corrective actions by the network administrator 1310 [Hollis ‘685, Col. 4 line 27-Col. 5 line 3, Col. 5 line 35-Col. 6 line 16]), wherein the workspace orchestration service is configured to: 
(i) calculate a security target (calculating a desired security compliance score, threshold, benchmark, or standardized profile for the system based on the initial SCAP configuration and certain actions that a corresponding device may perform, such as access to the system by a user application [Hollis ‘685, Col. 4 line 27-Col. 5 line 3, Col. 8 line 54- Col. 9 line 39]), and 
(ii) create the workspace definition based upon the security target (establish a compliance profile based on the desired security compliance score, threshold, benchmark, or standardized profile for the system [Hollis ‘685, Col. 4 line 4-Col. 5 line 3, Col. 9 lines 10-39]).

Ochmanski ‘148 (modified by Lattin ‘261) and Hollis ‘685 are analogous art because they are from the same field of endeavor, namely that of authenticating devices and maintaining the integrity of a computing system. For the reasons stated in claim 8, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Ochmanski ‘148 (modified by Lattin ‘261) and Hollis ‘685 before them, to modify the method in Ochmanski ‘148 (modified by Lattin ‘261) to include the teachings of Hollis ‘685.

As stated above, Ochmanski ‘148, in view of Lattin ‘261, and further in view of Hollis ‘685 does not explicitly disclose: “… calculate … and a productivity target … create the workspace definition based upon … and the productivity target …”.
Coppinger ‘009, however, discloses:
… calculate … and a productivity target … create the workspace definition based upon … and the productivity target … (adjust and determine a productivity parameter within GRAPE (Governance, Risk, Audit, Productivity, Elasticity) parameters to meet a desired future state of an end user computing (EUC) system, where an EUC plan for the system is created based on the determined productivity parameter [Coppinger ‘009, ¶¶7-8, 45, 55; Fig. 5]).

Ochmanski ‘148 (modified by Lattin ‘261 & Hollis ‘685) and Coppinger ‘009 are analogous art because they are from the same field of endeavor, namely that of managing devices and maintaining the integrity of a computing system. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Ochmanski ‘148 (modified by Lattin ‘261 & Hollis ‘685) and Coppinger ‘009 before them, to modify the method in Ochmanski ‘148 (modified by Lattin ‘261 & Hollis ‘685) to include the teachings of Coppinger ‘009, namely to implement an intermediary authorization server 30, as disclosed in Ochmanski ‘148, to provide the device 20 with access tokens that directs the device 20 to communicate with the corresponding resource servers 50(1)-50(K), and where the resource servers 50(1)-50(K) may be hosting a SCAP service, as disclosed in Hollis ‘685, that provides a SCAP compliance profile that is not only based on desired security/vulnerability benchmarks, but also a productivity score that should be met based on an EUC plan for the system, as disclosed in Coppinger ‘009. The motivation for doing so would be to provide a platform that assists in integrating devices into a system, where the platform identifies requirements, such as a level of productivity, that need to be met by the integration, as well as produces plans on how certain parameters may be adjusted to achieve a desired level (see Coppinger ‘009, ¶¶3-5).

As per claim 12: Ochmanski ‘148, in view of Lattin ‘261, and further in view of Hollis ‘685, and further in view of Coppinger ‘009 discloses all limitations of claims 1, 5, 8-9, and 11 as stated above, from which claim 12 is dependent upon. Ochmanski ‘148, in view of Lattin ‘261 does not explicitely disclose the limitations of claim 12. Hollis ‘685, however, discloses:
wherein the security target is calculated by the workspace orchestration service (the SCAP service calculating a desired security compliance score, threshold, benchmark, or standardized profile for the system based on the initial SCAP configuration and certain actions that a corresponding device may perform, such as access to the system by a user application [Hollis ‘685, Col. 4 line 27-Col. 5 line 3, Col. 8 line 54- Col. 9 line 39]) based upon at least one of: 
a risk metric associated with a locale of the client IHS, a risk metric associated with a user of the client IHS, a risk metric associated with a network of the client IHS, a risk metric associated with hardware of the client IHS, a risk metric associated with a requested datafile, or a regulatory risk metric associated with the user, the locale, and the requested datafile (the desired security compliance score, threshold, benchmark, or standardized profile is may be calculated based on a vulnerability score indicating an extent to which a system is at risk for malicious and/or undesirable activity, a degree of risk presented by the client access operations, measured deviations of the devices, IP addresses, device identifiers, and threats identified by third-party organizations [Hollis ‘685, Col. 4 lines 4-26, Col. 4 line 47-Col. 5 line 3, Col. 5 lines 10-25, Col. 8 lines 1-39, Col. 10 lines 22-27])



Ochmanski ‘148 (modified by Lattin ‘261) and Hollis ‘685 are analogous art because they are from the same field of endeavor, namely that of authenticating devices and maintaining the integrity of a computing system. For the reasons stated in claim 8, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Ochmanski ‘148 (modified by Lattin ‘261) and Hollis ‘685 before them, to modify the method in Ochmanski ‘148 (modified by Lattin ‘261) to include the teachings of Hollis ‘685.

As stated above, Ochmanski ‘148, in view of Lattin ‘261, and further in view of Hollis ‘685 does not explicitly disclose: “… and wherein the productivity target is calculated by the workspace orchestration service based upon at least one of: a resource metric associated with a locale of the client IHS, a resource metric associated with a user of the client IHS, a resource metric associated with a network of the client IHS, a resource metric associated with hardware of the client IHS, or a resource metric associated with a storage system of a requested datafile.”
Coppinger ‘009, however, discloses:
… and wherein the productivity target is calculated by the workspace orchestration service (determine a productivity parameter within GRAPE (Governance, Risk, Audit, Productivity, Elasticity) parameters by end user computing (EUC) application 130 to meet a desired future state of an end user computing (EUC) system, where an EUC plan for the system is created based on the determined productivity parameter [Coppinger ‘009, ¶¶7-8, 30, 45, 55; Fig. 5]) based upon at least one of: 
a resource metric associated with a locale of the client IHS, a resource metric associated with a user of the client IHS, a resource metric associated with a network of the client IHS, a resource metric associated with hardware of the client IHS, or a resource metric associated with a storage system of a requested datafile (the desired productivity parameter may be determined based on scores associated with users of devices with the EUC system, how well technology supports the system, and the tools used within the system, [Coppinger ‘009, ¶¶45, 58 107]).

Ochmanski ‘148 (modified by Lattin ‘261 & Hollis ‘685) and Coppinger ‘009 are analogous art because they are from the same field of endeavor, namely that of managing devices and maintaining the integrity of a computing system. For the reasons stated in claim 11, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Ochmanski ‘148 (modified by Lattin ‘261 & Hollis ‘685) and Coppinger ‘009 before them, to modify the method in Ochmanski ‘148 (modified by Lattin ‘261 & Hollis ‘685) to include the teachings of Coppinger ‘009.








Conclusion
The prior art made of record and not relied upon is considered pertinent to the Applicant’s disclosure:
Bilal et al., US 2020/0034155 A1: bare metal management of computing devices, where the computing device can be configured to contact a network location as part of an HTTP boot and download a boot agent that can be prioritized to execute before a primary OS boot loader.
Jain et al., US 2021/0389959 A1: during a boot process, verify the persistent enrollment status of the user device, where a deployment agent can retrieve and install a software package for a management agent and enroll the user device with an enterprise under a user profile. 
McCarron et al., US 2009/0276620 A1: performing a network boot sequence and provisioning a remote device by verifying the authenticity of the remote device.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALAN LINGQIAN KONG whose telephone number is (571)272-2646. The examiner can normally be reached Monday-Thursday 9:00am-7:00pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG (JAY) KIM can be reached on (571)272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ALAN LINGQIAN KONG/Examiner, Art Unit 2494

/THEODORE C PARSONS/Primary Examiner, Art Unit 2494