Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

Claims 1-20 have been examined.

Drawings
3.	The drawings filed on 09/21/2021 are acceptable for examination proceedings.
Specification
4.	The specification filed on 09/21/2021 is acceptable for examination proceedings.
Priority
5.	Application 17481215, filed 09/21/2021 is a continuation of 16567504, filed 09/11/2019 ,now U.S. Patent #11252198 16567504 is a continuation of 16168273, filed 10/23/2018 ,now U.S. Patent #10511638 16168273 is a continuation of 15051130, filed 02/23/2016 ,now U.S. Patent #10122766 and having 1 RCE-type filing therein15051130 is a continuation of 13729586, filed 12/28/2012 ,now U.S. Patent #9276963 and having 1 RCE-type filing therein. Therefore, the effective filling date for the subject matter defined in the pending claims of this application is 12/28/2012.	

Information Disclosure Statement
6.	The information disclosure statement (IDS) submitted on 06/24/2022. Accordingly, the information disclosure statement is being considered by the examiner.

Internet Communications
7. 	Applicant is encouraged to submit a written authorization for Internet communications (PTO/SB/439,
http://www.uspto.gov/sites/defauit/files/documents/sb0439.pdf) in the instant patent application to authorize the examiner to communicate with the applicant via email. The authorization will allow the examiner to better practice compact prosecution. The written authorization can be submitted via one of the following methods only. (1) Central Fax which can be found in the Conclusion section of this Office action; (2) regular postal mail; (3) EFS WEB; or (4) the service window on the Alexandria campus. EFS web is the recommended way to submit the form since this allows the form to be entered into the file wrapper within the same day (system dependent). Written authorization submitted via other methods, such as direct fax to the examiner or email, will not be accepted. See MPEP § 502.03. 
Claim Objections

8.	Claim 10 objected to because of the following informalities: a punctuation mark (.) needed at the end of a sentence   Appropriate correction is required.
Double Patenting

9.	The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the "right to exclude" granted by a patent and to prevent possible harassment by multiple assignees.  See In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and, In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent is shown to be commonly owned with this application.  See 37 CFR 1.130(b).
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer.  A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).


10.	Claims 1-20 are rejected under the judicially created doctrine of obviousness-type double patenting as being unpatentable over claims 1-20 of U.S. Patent No 10,511,638 B2 (hereinafter refereed as ‘638 US Patent). Although the conflicting claims are not identical, they are not patentably distinct from each other.

The following is referring to the independent claim

[Symbol font/0xB7]  	As per independent claim 1, 
		Independent claim 1 of the instant application and claim 1, of the ‘638 US Patent recite similar limitation. The above independent claims, namely claim 1 of the instant/present application would have been obvious over claim 1, of the ‘638 US Patent because each and every element of the above independent claim 1 of the present application is anticipated by the corresponding independent claim 11 of the ‘638 US Patent.

As per independent claim 10, 
		Independent claim 11 of the instant application and claim 10, of the ‘638 US Patent recite similar limitation. The above independent claims, namely claim 10 of the instant/present application would have been obvious over claim 1, of the ‘638 US Patent because each and every element of the above independent claim 10 of the present application is anticipated by the corresponding independent claim 10 of the ‘638 US Patent.

As per independent claim 15, 
		Independent claim 15 of the instant application and claim 15, of the ‘638 US Patent recite similar limitation. The above independent claims, namely claim 15 of the instant/present application would have been obvious over claim 15, of the ‘638 US Patent because each and every element of the above independent claim 15 of the present application is anticipated by the corresponding independent claim 15 of the ‘638 US Patent.

The following is referring to the dependent claims

[Symbol font/0xB7]  	Referring to dependent claims 2-9, 11-114 and 16-20.
Claims 2-9, 11-114 and 16-20 of the instant application is also anticipated by claims 2-9, 11-114 and 16-20 of the ‘638 US Patent since the corresponding claims further recite similar/same limitation of the same subject matter.
US Patent No. ‘638
Instant No. 17/481,215
1. A distributed network node to determine enterprise security policies for a client computing device, the distributed network node comprising: trust calculation circuitry to (i) receive, from the client computing device, device attribute information that identifies attributes of the client computing device, wherein the device attribute information is indicative of a hardware component of the client computing device or a software environment of the client computing device, and wherein the distributed network node is communicatively coupled to the client computing device via a radio access network, and (ii) determine a device trust level for the client computing device based on the device attribute information indicative of the hardware component of the client computing device or the software environment of the client computing device, wherein the device trust level is indexed by the device attribute information; and policy determination circuitry to (i) receive a request for an enterprise application from the client computing device, (ii) determine a data sensitivity level based on the enterprise application, (iii) determine a security policy based on the device trust level and the data sensitivity level, and (iv) send the security policy to the client computing device.
1. A distributed network node to determine enterprise security policies for a client computing device, the distributed network node comprising: trust calculation circuitry to (i) receive, from the client computing device, device attribute information that identifies attributes of the client computing device, wherein the device attribute information is indicative of a hardware component of the client computing device or a software environment of the client computing device, and wherein the distributed network node is communicatively coupled to the client computing device via a radio access network, and (ii) determine a device trust level for the client computing device based on the device attribute information indicative of the hardware component of the client computing device or the software environment of the client computing device, wherein the device trust level is indexed by the device attribute information; and policy determination circuitry to (i) receive a request for an enterprise application from the client computing device, (ii) determine a data sensitivity level based on the enterprise application, and (iii) determine a security policy based on the device trust level and the data sensitivity level.  
2. The distributed network node of claim 1, wherein the policy determination circuitry is further to select the data sensitivity level from a plurality of predefined data sensitivity levels associated with enterprise data that can be accessed by the enterprise application.
2. The distributed network node of claim 1, wherein the policy determination circuitry is further to select the data sensitivity level from a plurality of predefined data sensitivity levels associated with enterprise data that can be accessed by the enterprise application.  
3. The distributed network node of claim 1, wherein the policy determination circuitry is further to send the enterprise application to the client computing device.
3. The distributed network node of claim 1, wherein the policy determination circuitry is further to send the enterprise application to the client computing device.  
4. The distributed network node of claim 1, wherein the security policy comprises a security policy to: allow the enterprise application to securely communicate with other enterprise applications associated with the security policy; and prevent the enterprise application from communicating with applications not associated with the security policy.
4. The distributed network node of claim 1, wherein the security policy comprises a security policy to: allow the enterprise application to securely communicate with other enterprise applications associated with the security policy; and prevent the enterprise application from communicating with applications not associated with the security policy.  
5. The distributed network node of claim 1, wherein the security policy comprises a security policy to require a user of the client computing device to authenticate prior to execution of the enterprise application.
5. The distributed network node of claim 1, wherein the security policy comprises a security policy to require a user of the client computing device to authenticate prior to execution of the enterprise application.  
6. The distributed network node of claim 1, wherein the security policy comprises a security policy to require the client computing device to (i) encrypt data accessed or stored by the enterprise application; or (ii) remove data created by the enterprise application when the enterprise application terminates.

6. The distributed network node of claim 1, wherein the security policy comprises a security policy to require the client computing device to (i) encrypt data accessed or stored by the enterprise application; or (ii) remove data created by the enterprise application when the enterprise application terminates.  
7. The distributed network node of claim 1, wherein the security policy comprises a security policy to require the client computing device to log activities of the enterprise application.
7. The distributed network node of claim 1, wherein the security policy comprises a security policy to require the client computing device to log activities of the enterprise application.  
8. The distributed network node of claim 1, wherein to determine the device trust level comprises to determine the device trust level using a trust level table, the trust level table being indexed by the device attribute information, and wherein to determine the device trust level includes to identify the device trust level stored in the trust level table in association with the hardware component or the software component of the client computing device.

8. The distributed network node of claim 1, wherein to determine the device trust level comprises to determine the device trust level using a trust level table, the trust level table being indexed by the device attribute information, and wherein to determine the device trust level includes to identify the device trust level stored in the trust level table in association with the hardware component or the software component of the client computing device.  
9. The distributed network node of claim 1, wherein the distributed network node is communicatively coupled to a second distributed network node via a centralized core network.
9. The distributed network node of claim 1, wherein the distributed network node is communicatively coupled to a second distributed network node via a centralized core network. 
10. A method to determine enterprise security policies for a client computing device, the method comprising: receiving, by a distributed network node from the client computing device, device attribute information that identifies attributes of the client computing device, wherein the device attribute information is indicative of a hardware component of the client computing device or a software environment of the client computing device, and wherein the distributed network node is communicatively coupled to the client computing device via a radio access network; determining, by the distributed network node, a device trust level for the client computing device based on the device attribute information indicative of the hardware component of the client computing device or the software environment of the client computing device, wherein the device trust level is indexed by the device attribute information; receiving, by the distributed network node, a request for access to an enterprise application from the client computing device; determining, by the distributed network node, a data sensitivity level based on the requested enterprise application; determining, by the distributed network node, a security policy based on the device trust level and the data sensitivity level; and sending the security policy from the distributed network node to the client computing device.
10. A method to determine enterprise security policies for a client computing device, the method comprising: receiving, by a distributed network node from the client computing device, device attribute information that identifies attributes of the client computing device, wherein the device attribute information is indicative of a hardware component of the client computing device or a software environment of the client computing device, and wherein the distributed network node is communicatively coupled to the client computing device via a radio access network; determining, by the distributed network node, a device trust level for the client computing device based on the device attribute information indicative of the hardware component of the client computing device or the software environment of the client computing device, wherein the device trust level is indexed by the device attribute information; receiving, by the distributed network node, a request for access to an enterprise application from the client computing device; determining, by the distributed network node, a data sensitivity level based on the requested enterprise application; and determining, by the distributed network node, a security policy based on the device trust level and the data sensitivity level.
11. The method of claim 10, wherein determining the security policy comprises determining a security policy that: allows the enterprise application to securely communicate with other enterprise applications associated with the security policy; and prevents the enterprise application from communicating with applications not associated with the security policy.
11. The method of claim 10, wherein determining the security policy comprises determining a security policy that: allows the enterprise application to securely communicate with other enterprise applications associated with the security policy; and prevents the enterprise application from communicating with applications not associated with the security policy.  
12. The method of claim 10, wherein determining the security policy comprises determining a security policy that requires a user of the client computing device to authenticate prior to execution of the enterprise application.
12. The method of claim 10, wherein determining the security policy comprises determining a security policy that requires a user of the client computing device to authenticate prior to execution of the enterprise application.  
13. The method of claim 10, wherein determining the security policy comprises determining a security policy that requires the client computing device to (i) encrypt data accessed or stored by the enterprise application, or (ii) remove data created by the enterprise application when the enterprise application terminates.
13. The method of claim 10, wherein determining the security policy comprises determining a security policy that requires the client computing device to (i) encrypt data accessed or stored by the enterprise application, or (ii) remove data created by the enterprise application when the enterprise application terminates.  
14. The method of claim 10, wherein determining the device trust level comprises determining the device trust level using a trust level table, the trust level table being indexed by the device attribute information, and wherein determining the device trust level includes identifying the device trust level stored in the trust level table in association with the hardware component or the software component of the client computing device.
14. The method of claim 10, wherein determining the device trust level comprises determining the device trust level using a trust level table, the trust level table being indexed by the device attribute information, and wherein determining the device trust level includes identifying the device trust level stored in the trust level table in association with the hardware component or the software component of the client computing device.  
15. One or more non-transitory, computer-readable storage media comprising a plurality of instructions that in response to being executed cause an distributed network node to: receive, from a client computing device, device attribute information that identifies attributes of the client computing device, wherein the device attribute information is indicative of a hardware component of the client computing device or a software environment of the client computing device, and wherein the distributed network node is communicatively coupled to the client computing device via a radio access network; determine a device trust level for the client computing device based on the device attribute information indicative of the hardware component of the client computing device or the software environment of the client computing device, wherein the device trust level is indexed by the device attribute information; receive a request for access to an enterprise application from the client computing device; determine a data sensitivity level based on the requested enterprise application; determine a security policy based on the device trust level and the data sensitivity level; and send the security policy from the distributed network node to the client computing device.
15. One or more non-transitory, computer-readable storage media comprising a plurality of instructions that in response to being executed cause an distributed network node to: receive, from a client computing device, device attribute information that identifies attributes of the client computing device, wherein the device attribute information is indicative of a hardware component of the client computing device or a software environment of the client computing device, and wherein the distributed network node is communicatively coupled to the client computing device via a radio access network; determine a device trust level for the client computing device based on the device attribute information indicative of the hardware component of the client computing device or the software environment of the client computing device, wherein the device trust level is indexed by the device attribute information; receive a request for access to an enterprise application from the client computing device; determine a data sensitivity level based on the requested enterprise application; and determine a security policy based on the device trust level and the data sensitivity level.  
16. The one or more non-transitory, computer-readable storage media of claim 15, wherein to determine the security policy comprises to determine a security policy that: allows the enterprise application to securely communicate with other enterprise applications associated with the security policy; and prevents the enterprise application from communicating with applications not associated with the security policy.
16. The one or more non-transitory, computer-readable storage media of claim 15, wherein to determine the security policy comprises to determine a security policy that: allows the enterprise application to securely communicate with other enterprise applications associated with the security policy; and prevents the enterprise application from communicating with applications not associated with the security policy.  
17. The one or more non-transitory, computer-readable storage media of claim 15, wherein to determine the security policy comprises to determine a security policy that requires a user of the client computing device to authenticate prior to execution of the enterprise application.
17. The one or more non-transitory, computer-readable storage media of claim 15, wherein to determine the security policy comprises to determine a security policy that requires a user of the client computing device to authenticate prior to execution of the enterprise application.  
18. The one or more non-transitory, computer-readable storage media of claim 15, wherein to determine the security policy comprises to determine a security policy that requires the client computing device to (i) encrypt data accessed or stored by the enterprise application, or (ii) remove data created by the enterprise application when the enterprise application terminates.
18. The one or more non-transitory, computer-readable storage media of claim 15, wherein to determine the security policy comprises to determine a security policy that requires the client computing device to (i) encrypt data accessed or stored by the enterprise application, or (ii) remove data created by the enterprise application when the enterprise application terminates. 
19. The one or more non-transitory, computer-readable storage media of claim 15, wherein to determine the security policy comprises to determine a security policy that requires the client computing device to log activities of the enterprise application.
19. The one or more non-transitory, computer-readable storage media of claim 15, wherein to determine the security policy comprises to determine a security policy that requires the client computing device to log activities of the enterprise application.  
20. The one or more non-transitory, computer-readable storage media of claim 15, wherein to determine the device trust level comprises to determine the device trust level using a trust level table, the trust level table being indexed by the device attribute information, and wherein to determine the device trust level includes to identify the device trust level stored in the trust level table in association with the hardware component or the software component of the client computing device.
20. The one or more non-transitory, computer-readable storage media of claim 15, wherein to determine the device trust level comprises to determine the device trust level using a trust level table, the trust level table being indexed by the device attribute information, and wherein to determine the device trust level includes to identify the device trust level stored in the trust level table in association with the hardware component or the software component of the client computing device.  



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

11.	Claims 1-20 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Szeto (US Publication 2005020430 A1, Pub. Date: Sep. 15, 2005) in view of Subramani et al. (US Publication 20180198742 A1, Pub. Date: Jul. 12, 2018).

Regarding claims 1 and 14, Szeto discloses a   distributed network node to determine enterprise security policies for a client computing device, the distributed network node comprising  (fig. 1 discloses an enterprise policy server computer, the enterprise server computer, elements 114,116 respectively): trust calculation circuitry to (i) receive, from the client computing device, device attribute information that identifies attributes of the client computing device (fig. 1, illustrate the enterprise policy server computer 114 includes a policy management application 124, and policies 126 (policies 126, i.e. “a trust calculation module”); para. 0054 discloses the enterprise server computer 116 receives the policy from the enterprise policy server computer 114), wherein the device attribute information is indicative of a hardware component of the client computing device or a software environment of the client computing device (fig. 8 is a computer architecture diagram illustrating an exemplary computer hardware and software architecture for a computing system), and wherein the distributed network node is communicatively coupled to the client computing device via a radio access network (fig. 1 illustrate sending and receiving data between enterprise server computer 116 and enterprise policy server computer 114; para 0025 discloses  an enterprise intranet 112, which in turn is in communication with an enterprise policy server computer 114, an enterprise server computer 116), and (i) receive a request for an enterprise application from the client computing device (fig. 1 illustrate sending and receiving data between enterprise server computer 116 and enterprise policy server computer 114; para 0025 discloses  an enterprise intranet 112, which in turn is in communication with an enterprise policy server computer 114, an enterprise server computer 116).

Brennan fails to explicitly disclose (ii) determine a device trust level for the client computing device based on the device attribute information indicative of the hardware component of the client computing device or the software environment of the client computing device.

However, Gittler disclose (ii) determine a device trust level for the client computing device based on the device attribute information indicative of the hardware component of the client computing device or the software environment of the client computing device (para. 0009,0021 discloses a trust engine for determining a trust level associated with a computer node and a policy engine for setting access requirements to data attributes, from the computer node, based upon a sensitivity level associated with the respective data attributes and the determined trust level of the computer node; furthermore, see claims 1 and 22) (ii) determine a data sensitivity level based on the enterprise application, and (iii) determine a security policy based on the device trust level and the data sensitivity level (para. 0021 discloses trust engine for determining a trust level associated with a computer node and a policy engine for setting access requirements to data attributes, from the computer node, based upon a sensitivity level associated with the respective data attributes and the determined trust level of the computer node).

Brennan and Gittler are analogous art because they both are directed to data processing systems, apparatus, and methods as well as protection of information and services and one of ordinary skill in the art would have had a reasonable expectation of success to modify Brennan with the specified features of Gittler because they are from the same field of endeavor.

It would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate the teachings of Gittler with the teachings of Brennan in order for setting access requirements to data attributes based upon a sensitivity level associated with the respective data attributes and the determined trust level of the computer apparatus [para. 0009 of Gittler]. 

 	Brennan as modified Gittler fails to explicitly disclose wherein the device trust level is indexed by the device attribute information; and policy determination circuitry.

However, Amaudruz disclose wherein the device trust level is indexed by the device attribute information; and policy determination circuitry (paragraph 0078 discloses where the key comprises a series of ordered values or a series of indexed values. A method as in any above, where a frequency of the plurality of communications is indicative of a level of trust between the first apparatus and the second apparatus. A method as in any above, where a frequency of the plurality of communications is indicative of a level of trust between a (first) user of the first apparatus and a (second) user of the second apparatus) and (iv) send the security policy to the client computing device(fig. 1, illustrate the enterprise policy server computer 114 includes a policy management application 124, and policies 126 (policies 126, i.e. “a trust calculation module”); para. 0054 discloses the enterprise server computer 116 receives the policy from the enterprise policy server computer 114).

Amaudruz, Brennan and Gittler are analogous art because they both are directed to communication systems, apparatus, methods and computer program products and, more specifically, relate to key-based security techniques and one of ordinary skill in the art would have had a reasonable expectation of success to modify Brennan and Gittler with the specified features of Amaudruz because they are from the same field of endeavor.

It would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate the teachings of Amaudruz with the teachings of Brennan as modeled by Gittler in order for determining a value for a probability of error or a probability of correctness and comparing the determined value to a threshold [Amaudruz paragraph 0078].  

As per claim 2, Brennan as modified by Gittler further modified by Amaudruz discloses wherein the policy determination circuitry is further to select the data sensitivity level from a plurality of predefined data sensitivity levels associated with enterprise data that can be accessed by the enterprise application (para. 0021 of Gittler discloses trust engine for determining a trust level associated with a computer node and a policy engine for setting access requirements to data attributes, from the computer node, based upon a sensitivity level associated with the respective data attributes and the determined trust level of the computer node).
The same motivational statement applies as set forth above in claim 1.
As per claim 3, Brennan as modified by Gittler further modified by Amaudruz discloses wherein the policy determination circuitry is further to send the enterprise application to the client computing device (para. 0038 of Brennan discloses the policies 126 are sent to the enterprise server computer 116, the server computer 108, and/or the mobile computing device 102. The enterprise server computer 116 is configured to store an instance of the received policies as enterprise server policies 128 for application to enterprise server data 130; para. 0052 discloses the enterprise policy server computer 114 to send the policy to the enterprise server computer 116).   

As per claim 4, Brennan as modified by Gittler further modified by Amaudruz discloses wherein the security policy comprises a security policy to: allow the enterprise application to securely communicate with other enterprise applications associated with the security policy; and prevent the enterprise application from communicating with applications not associated with the security policy (fig1 & 5 of Brennan furthermore paragraph 0054 discloses in response to receiving the request, at operation 508, the enterprise server computer 116 allows or denies the mobile computing device 102 access to the specific data in accordance with the policy; para. 0029 of Brennan discloses a storage control policy includes instructions indicating one or more conditions under which certain data is to be erased or rendered inaccessible). 

As per claim 5, Brennan as modified by Gittler further modified by Amaudruz discloses wherein the security policy comprises a security policy to require a user of the client computing device to authenticate prior to execution of the enterprise application (para. 0028 of Brennan discloses authentication may be required at each lock level or a certain number of lock levels prior to unlocking all lock levels). 

As per claims 6 and 13, Brennan as modified by Gittler further modified by Amaudruz discloses wherein the security policy comprises a security policy to require the client computing device to (i) encrypt data accessed or stored by the enterprise application; or (ii) remove data created by the enterprise application when the enterprise application terminates (fig. 4, of Brennan show operation 404; para. 0052 discloses the enterprise policy server computer 114 stores the policy in association with the specific data as one of the policies 126, i.e. “a security policy to log activities of the enterprise application”).

As per claim 7, Brennan as modified by Gittler further modified by Amaudruz discloses wherein the security policy comprises a security policy to require the client computing device to log activities of the enterprise application (para. 0028 of Brennan discloses authentication may be required at each lock level or a certain number of lock levels prior to unlocking all lock levels).  

As per claim 8, Brennan as modified by Gittler further modified by Amaudruz discloses wherein to determine the device trust level comprises to determine the device trust level using a trust level table, the trust level table being indexed by the device attribute information (fig. 1, of Brennan illustrate the enterprise policy server computer 114 includes a policy management application 124, and policies 126 (policies 126, i.e. “a trust calculation module”); para. 0054 of Brennan discloses the enterprise server computer 116 receives the policy from the enterprise policy server computer 114), and wherein to determine the device trust level includes to identify the device trust level stored in the trust level table in association with the hardware component or the software component of the client computing device (fig. 1 of Brennan illustrate the enterprise policy server computer 114 includes an operating system 120, a policy creation application 122, a policy management application 124, and policies 126; para. 0052 discloses the enterprise policy server computer 114 to send the policy to the enterprise server computer 116).
  
As per claim 9, Brennan as modified by Gittler further modified by Amaudruz discloses wherein the distributed network node is communicatively coupled to a second distributed network node via a centralized core network (Para. 0009,0021 of Gittler discloses a trust engine for determining a trust level associated with a computer node and a policy engine for setting access requirements to data attributes, from the computer node, based upon a sensitivity level associated with the respective data attributes and the determined trust level of the computer node; furthermore, see claims 1 and 22).  

As per claim 10, Brennan discloses a method to determine enterprise security policies for a client computing device, the method comprising (fig. 1 discloses an enterprise policy server computer, the enterprise server computer, elements 114,116 respectively): receiving, by a distributed network node from the client computing device, device attribute information that identifies attributes of the client computing device (0054 discloses the enterprise server computer 116 receives the policy from the enterprise policy server computer 114), wherein the device attribute information is indicative of a hardware component of the client computing device or a software environment of the client computing device (fig. 1, illustrate the enterprise policy server computer 114 includes a policy management application 124, and policies 126 (policies 126, i.e. “a trust calculation module”); para. 0054 discloses the enterprise server computer 116 receives the policy from the enterprise policy server computer 114), and wherein the distributed network node is communicatively coupled to the client computing device via a radio access network; determining, by the distributed network node, a device trust level for the client computing device based on the device attribute information indicative of the hardware component of the client computing device or the software environment of the client computing device (Para. 0009,0021 discloses a trust engine for determining a trust level associated with a computer node and a policy engine for setting access requirements to data attributes, from the computer node, based upon a sensitivity level associated with the respective data attributes and the determined trust level of the computer node; furthermore, see claims 1 and 22),  receiving, by the distributed network node, a request for access to an enterprise application from the client computing device (Para. 0009,0021 discloses a trust engine for determining a trust level associated with a computer node and a policy engine for setting access requirements to data attributes, from the computer node, based upon a sensitivity level associated with the respective data attributes and the determined trust level of the computer node; furthermore see claims 1 and 22);  determining, by the distributed network node, a data sensitivity level based on the requested enterprise application (Fig. 1 illustrate the enterprise policy server computer 114 includes an operating system 120, a policy creation application 122, a policy management application 124, and policies 126; para. 0052 discloses the enterprise policy server computer 114 to send the policy to the enterprise server computer 116). 

Brennan fails to explicitly disclose determining, by the distributed network node, a security policy based on the device trust level and the data sensitivity level.

Gittler disclose determining, by the distributed network node, a security policy based on the device trust level and the data sensitivity level (Para. 0009,0021 discloses a trust engine for determining a trust level associated with a computer node and a policy engine for setting access requirements to data attributes, from the computer node, based upon a sensitivity level associated with the respective data attributes and the determined trust level of the computer node; furthermore, see claims 1 and 22).
Brennan and Gittler are analogous art because they both are directed to data processing systems, apparatus, and methods as well as protection of information and services and one of ordinary skill in the art would have had a reasonable expectation of success to modify Brennan with the specified features of Gittler because they are from the same field of endeavor.

It would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate the teachings of Gittler with the teachings of Brennan in order for setting access requirements to data attributes based upon a sensitivity level associated with the respective data attributes and the determined trust level of the computer apparatus [para. 0009 of Gittler]. 

Brennan as modeled by Gittler failed to explicitly discloses wherein the device trust level is indexed by the device attribute information However, Amaudruz discloses wherein the device trust level is indexed by the device attribute information (paragraph 0078 discloses where the key comprises a series of ordered values or a series of indexed values. A method as in any above, where a frequency of the plurality of communications is indicative of a level of trust between the first apparatus and the second apparatus. A method as in any above, where a frequency of the plurality of communications is indicative of a level of trust between a (first) user of the first apparatus and a (second) user of the second apparatus).

Amaudruz, Brennan and Gittler are analogous art because they both are directed to communication systems, apparatus, methods and computer program products and, more specifically, relate to key-based security techniques and one of ordinary skill in the art would have had a reasonable expectation of success to modify Brennan and Gittler with the specified features of Amaudruz because they are from the same field of endeavor.

It would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate the teachings of Amaudruz with the teachings of Brennan as modeled by Gittler in order for determining a value for a probability of error or a probability of correctness and comparing the determined value to a threshold [paragraph 0078].  

As per claim 11, Brennan as modified by Gittler further modified by Amaudruz discloses wherein determining the security policy comprises determining a security policy that: allows the enterprise application to securely communicate with other enterprise applications associated with the security policy; and prevents the enterprise application from communicating with applications not associated with the security policy (fig1 & 5; of Brennan para. 0054 of Brennan discloses in response to receiving the request, at operation 508, the enterprise server computer 116 allows or denies the mobile computing device 102 access to the specific data in accordance with the policy; para. 0029 of Brennan discloses a storage control policy includes instructions indicating one or more conditions under which certain data is to be erased or rendered inaccessible). 

As per claim 15, Brennan discloses computer-readable storage media (para. 0061-0063) comprising a plurality of instructions that in response to being executed cause an distributed network node to: receive, from a client computing device (0054 discloses the enterprise server computer 116 receives the policy from the enterprise policy server computer 114), device attribute information that identifies attributes of the client computing device, wherein the device attribute information is indicative of a hardware component of the client computing device or a software environment of the client computing device (fig. 1, illustrate the enterprise policy server computer 114 includes a policy management application 124, and policies 126 (policies 126, i.e. “a trust calculation module”); para. 0054 discloses the enterprise server computer 116 receives the policy from the enterprise policy server computer 114);  and wherein the distributed network node is communicatively coupled to the client computing device via a radio access network; determine a device trust level for the client computing device based on the device attribute information indicative of the hardware component of the client computing device or the software environment of the client computing device (Fig. 1 illustrate the enterprise policy server computer 114 includes an operating system 120, a policy creation application 122, a policy management application 124, and policies 126; para. 0052 discloses the enterprise policy server computer 114 to send the policy to the enterprise server computer 116).

Brennan fails to explicitly disclose receive a request for access to an enterprise application from the client computing device, determine a data sensitivity level based on the requested enterprise application; and determine a security policy based on the device trust level and the data sensitivity level.  

However, Gittler discloses receive a request for access to an enterprise application from the client computing device (Para. 0009,0021 discloses a trust engine for determining a trust level associated with a computer node and a policy engine for setting access requirements to data attributes, from the computer node, based upon a sensitivity level associated with the respective data attributes and the determined trust level of the computer node; furthermore, see claims 1 and 22), determine a data sensitivity level based on the requested enterprise application; and determine a security policy based on the device trust level and the data sensitivity level (para. 0021 discloses trust engine for determining a trust level associated with a computer node and a policy engine for setting access requirements to data attributes, from the computer node, based upon a sensitivity level associated with the respective data attributes and the determined trust level of the computer node). 

Brennan and Gittler are analogous art because they both are directed to data processing systems, apparatus, and methods as well as protection of information and services and one of ordinary skill in the art would have had a reasonable expectation of success to modify Brennan with the specified features of Gittler because they are from the same field of endeavor.

It would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate the teachings of Gittler with the teachings of Brennan in order for setting access requirements to data attributes based upon a sensitivity level associated with the respective data attributes and the determined trust level of the computer apparatus [para. 0009 of Gittler]. 

Brennan as modified Gittler fails to explicitly disclose wherein the device trust level is indexed by the device attribute information.

However, Amaudruz disclose wherein the device trust level is indexed by the device attribute information(paragraph 0078 discloses where the key comprises a series of ordered values or a series of indexed values. A method as in any above, where a frequency of the plurality of communications is indicative of a level of trust between the first apparatus and the second apparatus. A method as in any above, where a frequency of the plurality of communications is indicative of a level of trust between a (first) user of the first apparatus and a (second) user of the second apparatus).
Amaudruz, Brennan and Gittler are analogous art because they both are directed to communication systems, apparatus, methods and computer program products and, more specifically, relate to key-based security techniques and one of ordinary skill in the art would have had a reasonable expectation of success to modify Brennan and Gittler with the specified features of Amaudruz because they are from the same field of endeavor.

It would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate the teachings of Amaudruz with the teachings of Brennan as modeled by Gittler in order for determining a value for a probability of error or a probability of correctness and comparing the determined value to a threshold [Amaudruz paragraph 0078].  

11.	Claims12, 17 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Brennan et al. (U.S. Patent Application Publication No.: US 2013/0074142 A1 / or “Brennan” hereinafter) in view of Gittler et al. (US Patent Application Publication No.: US 2003/0145222 A1 / or “Gittler” hereinafter) further in view of Uhrhane et al. (U.S. Patent Application Publication No.: US 2010/0121893 A1 / or “Uhrhane” hereinafter). 

As per claims 12 and 17, Brennan as modified by Gittler further modified by Amaudruz discloses claimed invention except for wherein determining the security policy comprises determining a security policy that requires a user of the client computing device to authenticate prior to execution of the enterprise application.  

However, Uhrhane discloses wherein determining the security policy comprises determining a security policy that requires a user of the client computing device to authenticate prior to execution of the enterprise application (para. 0045 discloses removing data after terminating web Application, i.e. “enterprise application”).

Brennan as modified by Gittler and Uhrhane are analogous art because they both are directed to means or steps for managing the storage, organization and accessing of files on a media and one of ordinary skill in the art would have had a reasonable expectation of success to modify Brennan as modified by Gittler with the specified features of Uhrhane because they are from the same field of endeavor.

It would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate the teachings of Uhrhane with the teachings of Brennan as modified by Gittler in order for providing file system access to web applications and native code modules [para. 0003 of Uhrhane]. 

11.	Claim 14 is rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Brennan et al. (U.S. Patent Application Publication No.: US 2013/0074142 A1 / or “Brennan” hereinafter) in view of Gittler et al. (U.S. Patent Application Publication No.: US 2003/0145222 A1 / or “Gittler” hereinafter) and further in view of Rodriguez et al. (U.S. Patent Application Publication No.: US 2010/0262706 A1 / or “Rodriguez” hereinafter).

As per claim 14, Brennan as modified by Gittler further modified by Amaudruz discloses wherein determining the device trust level comprises determining the device trust level using a trust level table, the trust level table being indexed by the device attribute information, and wherein determining the device trust level includes identifying the device trust level stored in the trust level table in association with the hardware component or the software component of the client computing device However, Rodriguez discloses wherein determining the device trust level comprises determining the device trust level using a trust level table, the trust level table being indexed by the device attribute information, and wherein determining the device trust level includes identifying the device trust level stored in the trust level table in association with the hardware component or the software component of the client computing device (paragraph 0019 discloses  Nodes 102 may each include a trust table 110. Trust tables 110 may be stored in memory module 108 or at any other suitable location within a node 102. The trust table 110 of a particular node 102 (e.g., primary node 102a) may store a trust level value for the particular node 102 (e.g., primary node 102a) as well as trust level values associated with each other node in system 100 (e.g., nodes 102b-102d). A stored trust level value associated with a particular node 102 may include any value indicative of the trustworthiness of the particular node 102. Additionally, the trust level value associated with a particular node 102 stored in a trust table 110 may be periodically updated, such as in response to the detection of a malicious attack on the particular node 102 (e.g., determined by a trust determination tool 112 of the particular node 102, as described below) or in response to the receipt of validated trust level associated with the particular node 102 (e.g., determined by a trust validation tool 114 of another node 102, as described in detail below)).

Brennan as modified by Gittler and Rodriguez are analogous art because they both are directed to network security and more particularly to network security using trust validation and one of ordinary skill in the art would have had a reasonable expectation of success to modify Brennan as modified by Gittler with the specified features of Rodriguez because they are from the same field of endeavor.

It would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate the teachings of Rodriguez with the teachings of Brennan as modified by Gittler in order to allow the communication session request received from the requesting node [Abstract]. 

Conclusion
12.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABIY GETACHEW whose telephone number is (571)272-6932.  The examiner can normally be reached on Mon.-Fri. 9:00 AM - 5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571) 272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




A.G.
November 16, 2022
/ABIY GETACHEW/Primary Examiner, Art Unit 2434