METHODS AND SYSTEMS FOR ENROLLING TARGET DEVICES WITH A SECURITY DEVICE MANAGEMENT SYSTEM

§103 §112

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13. The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer. Double Patenting Claims 1-10, 12, 14-17, 23-26 and 28-30 are rejected on the ground of non statutory double patenting as being unpatentable over claims 1-28 and of U.S. Patent application 19/254,750. Although the claims at issue are not identical, they are not patentably distinct from each other because the limitations in each claim set relate to the same concept. 18/932,936 19/254,750 A method for execution by a user computing apparatus communicatively coupled to a communication network to effect enrollment of a first target device with a security device management system, the method comprising: detecting that the first target device to be enrolled with the security device management system is connected to the communication network; in response to the detecting, causing the user computing apparatus to obtain a first enrollment token corresponding to the first target device, the first enrollment token usable by the user computing apparatus to enroll the first target device with the security device management system, the first enrollment token comprising data uniquely identifying the first target device; and causing transmission, by the user computing apparatus, of the first enrollment token to a first remote system associated with the first target device to effect enrollment of the first target device with the security device management system. A method for execution by a user computing apparatus communicatively coupled to a communication network to effect enrollment of a first target device with a security device management system, the method comprising: detecting that the first target device to be enrolled with the security device management system is connected to the communication network and that the first target device is an unenrolled target device; in response to the detecting, causing the user computing apparatus to obtain a first enrollment token corresponding to the first target device, the first enrollment token usable by the user computing apparatus to enroll the first target device with the security device management system, the first enrollment token comprising data uniquely identifying the first target device; and causing transmission, by the user computing apparatus, of the first enrollment token to a first remote system associated with the first target device to effect enrollment of the first target device with the security device management system. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(d): (d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers. The following is a quotation of pre-AIA 35 U.S.C. 112, fourth paragraph: Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA 35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers. Claims 29-30 are rejected under 35 U.S.C. 112(d) or pre-AIA 35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends. Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-8 and 16-30 are rejected under 35 U.S.C. 103 as being unpatentable over Nissler (US Patent 10,311,240) in view of Freedman (US Patent Pub 20110252240). As per claims 1 and 29: A method for execution by a user computing apparatus communicatively coupled to a communication network to effect enrollment of a first target device with a security device management system, the method comprising: detecting that the first target device to be enrolled with the security device management system is connected to the communication network (Col 3, lines 15-20; enterprise-enrolled devices may remain under control of remote management, even after malicious or accidental state loss on the computing device, based on re-acquiring of the device state through retrieval of the data previously stored by the computing device on the remote storage); in response to the detecting, causing the user computing apparatus to obtain a first enrollment token corresponding to the first target device, the first enrollment token usable by the user computing apparatus to enroll the first target device with the security device management system, the first enrollment token comprising data uniquely identifying the first target device (Col 13, lines 35-45; The retrieved data may allow the computing device 102 to be restored to a state prior to the wipe. For example, the computing device 102 may be an enterprise-enrolled device. The computing device 102 may store its enrollment credentials in the computing system 112). Nissler does not specifically disclose causing transmission, by the user computing apparatus, of the first enrollment token to a first remote system associated with the first target device to effect enrollment of the first target device with the security device management system (See Freedman; Paragraph 34-35; Tokens 121 may include identifiers or tokens of target devices in a push network for push server 119 to forward push messages. For example, device identifiers 107 may include one of tokens 121 associated with mobile device 111 for management server 101 to push a notification to mobile device 111. Separate secure network connections, e.g. HTTPS network sessions, may be established between management server 101 and mobile device 111 via network 109 for enrolling mobile device 111 into the enterprise service and/or managing mobile devices 111 within the enterprise service. In some embodiments, system 100 may include multiple management servers and/or push servers. An enterprise service may be managed by more than one management servers. System 100 may include multiple enterprise services managed by multiple management servers). Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains, having the teachings of Nissler in view of Freedman in it’s entirety, to modify the technique of Nissler for enterprise-enrolled devices remain under control of remote management by adopting Freedman's teaching for networked systems to manage mobile devices for an enterprise. The motivation would have been to enroll target devices with a security device management system. As per claim 2: The method of claim 1, wherein causing transmission of the first enrollment token comprises causing the user computing apparatus to transmit the first enrollment token to the security device management system (See Freedman Paragraph 40; device identifiers 107 may include one of tokens 121 associated with mobile device 111 for management server 101 to push a notification to mobile device 111. Separate secure network connections, e.g. HTTPS network sessions, may be established between management server 101 and mobile device 111 via network 109 for enrolling mobile device 111 into the enterprise service and/or managing mobile devices 111 within the enterprise service. In some embodiments, system 100 may include multiple management servers and/or push servers. An enterprise service may be managed by more than one management servers. System 100 may include multiple enterprise services managed by multiple management servers). As per claim 3: The method of claim 1, wherein causing the user computing apparatus to obtain the first enrollment token comprises the user computing apparatus receiving the first enrollment token from the first target device (See Freedman; Paragraph 34; Tokens 121 may include identifiers or tokens of target devices in a push network for push server 119 to forward push messages. For example, device identifiers 107 may include one of tokens 121 associated with mobile device 111 for management server 101 to push a notification to mobile device 111. Separate secure network connections, e.g. HTTPS network sessions, may be established between management server 101 and mobile device 111 via network 109 for enrolling mobile device 111 into the enterprise service and/or managing mobile devices 111 within the enterprise service). As per claim 4: The method of claim 3, wherein the user computing apparatus receiving the first enrollment token comprises establishing a secure connection between the first target device and the user computing apparatus for the first target device to transmit the first enrollment token to the user computing apparatus (See Freedman; Paragraph 33-34; network 109 may allow network connections (e.g. for sending a push notification) to be established between management server 101 and mobile device 111 via the open Internet, an intranet, firewall protected secure networks, wide area cellular networks (e.g. a 3G network), etc. Networks 109 may be wired, wireless (such as Wi-Fi, Bluetooth etc), or a combination of both). As per claim 5: The method of claim 1, wherein causing the user computing apparatus to obtain the first enrollment token comprises the user computing apparatus receiving the first enrollment token from the first remote system (See Freedman; Paragraph 34; Tokens 121 may include identifiers or tokens of target devices in a push network for push server 119 to forward push messages. For example, device identifiers 107 may include one of tokens 121 associated with mobile device 111 for management server 101 to push a notification to mobile device 111. Separate secure network connections, e.g. HTTPS network sessions, may be established between management server 101 and mobile device 111 via network 109 for enrolling mobile device 111 into the enterprise service and/or managing mobile devices 111 within the enterprise service). As per claim 6: The method of claim 5, wherein the user computing apparatus receiving the first enrollment token comprises establishing a secure connection between the first remote system (See Freedman; Paragraph 35; Separate secure network connections, e.g. HTTPS network sessions, may be established between management server 101 and mobile device 111 via network 109 for enrolling mobile device 111 into the enterprise service and/or managing mobile devices 111 within the enterprise service); (Col 4, lines 40-46; communication between each client (e.g., computing devices 102-106) and server (e.g., computing systems 110-114) can occur via a virtual private network (VPN). Secure Shell (SSH) tunnel, or other secure network connection. In some aspects, network 130 may further include a corporate network (e.g., intranet) and one or more wireless access points). As per claim 7: The method of claim 1, further comprising in response to obtaining the first enrollment token, causing the user computing apparatus to verify the first enrollment token (See Freedman, Paragraph 35; Device identifiers 107 may include entities received from mobile device 111 during enrollment (or check in) operations, such as a UDID (unique device identifier) uniquely identifying mobile device 111, a push token for a push notification to reach mobile device 111, and/or a magic string for verifying a trust of the push notification). As per claim 8: The method of claim 7, wherein causing the user computing apparatus to verify the first enrollment token comprises at least partially comparing the data of the first enrollment token against expected data of the first enrollment token (See Freedman; Paragraph 51; The push token may be an identifier verified in a push network, such as network 109 of FIG. 1, to deliver a push message to mobile device 305. The magic string may be generated in mobile device 305 with unique characteristics (e.g. a string with certain length to ensure its uniqueness) for mobile device 305 to verify a trust of received push messages for preventing malicious attack from un-trusted hosts via the push network. The topic string may indicate which topic mobile device 305 listens to for incoming push messages via the push network). As per claim 16: The method of claim 1, further comprising in response to the detecting, causing the user computing apparatus to verify that the first target device is to be enrolled with the security device management system prior to obtaining the first enrollment token (See Freedman, Paragraph 35; Device identifiers 107 may include entities received from mobile device 111 during enrollment (or check in) operations, such as a UDID (unique device identifier) uniquely identifying mobile device 111, a push token for a push notification to reach mobile device 111, and/or a magic string for verifying a trust of the push notification). As per claim 17: The method of claim 1, further comprising in response to obtaining the first enrollment token corresponding to the first target device, causing the user computing apparatus to obtain a second enrollment token corresponding to a second target device to be enrolled with the security device management system and to cause transmission of the second enrollment token to a second remote system associated with the second target device to effect enrollment of the second target device (Col 13, lines 35-45; the computing device 102 may retrieve the credentials and re-establish enterprise enrollment. In such cases, the computing device 102 may remain under control of remote management even after a malicious, accidental, or intentional state loss on the computing device 102). As per claim 18: The method of claim 17, further comprising in response to obtaining the second enrollment token, causing the user computing apparatus to verify the second enrollment token (See Freedman; Paragraph 34-35; Tokens 121 may include identifiers or tokens of target devices in a push network for push server 119 to forward push messages. For example, device identifiers 107 may include one of tokens 121 associated with mobile device 111 for management server 101 to push a notification to mobile device 111. Separate secure network connections, e.g. HTTPS network sessions, may be established between management server 101 and mobile device 111 via network 109 for enrolling mobile device 111 into the enterprise service and/or managing mobile devices 111 within the enterprise service. In some embodiments, system 100 may include multiple management servers and/or push servers. An enterprise service may be managed by more than one management servers. System 100 may include multiple enterprise services managed by multiple management servers). As per claim 19: The method of claim 17, wherein the first remote system and the second remote system are the same (Col 13, lines 65-67; Privacy CA and the storage server may be operated by or otherwise provided by a same provider). As per claim 20: The method of claim 17, further comprising upon effecting enrollment of the second target device with the security device management system, causing the user computing apparatus to determine whether a third target device is to be enrolled with the security device management system (See Freedman; Paragraph 34; system 100 may include multiple management servers and/or push servers. An enterprise service may be managed by more than one management servers. System 100 may include multiple enterprise services managed by multiple management servers). As per claim 21: The method of claim 1, wherein the first target device is a surveillance image capture device, an intercom device or an access control device (See Freedman; Paragraph 26-27; The portable media player may include a media selection device, such as a touch screen input device, pushbutton device, movable pointing input device or other input device). As per claim 22: The method of claim 1, wherein the first target device is initially communicatively coupled to the first remote system by the communication network (See Freedman; Paragraph 34; An enterprise service may be managed by more than one management servers. System may include multiple enterprise services managed by multiple management servers). As per claim 23: The method of claim 1, wherein causing the user computing apparatus to obtain the first enrollment token corresponding to the first target device comprises causing the user computing apparatus to transmit a unique identifier of the first target device in exchange for the first enrollment token (See Freedman, Paragraph 35; Device identifiers 107 may include entities received from mobile device 111 during enrollment (or check in) operations, such as a UDID (unique device identifier) uniquely identifying mobile device 111, a push token for a push notification to reach mobile device 111, and/or a magic string for verifying a trust of the push notification). As per claims 24 and 30: A method for execution by a user computing apparatus communicatively coupled to a communication network to effect enrollment of a plurality of target devices with a security device management system, the method comprising: detecting that the plurality of target devices are connected to the communication network (Col 3, lines 15-20; enterprise-enrolled devices may remain under control of remote management, even after malicious or accidental state loss on the computing device, based on re-acquiring of the device state through retrieval of the data previously stored by the computing device on the remote storage); causing the user computing apparatus to obtain a plurality of enrollment tokens, each of the enrollment tokens corresponding to a corresponding target device of the plurality of the target devices, each of the enrollment tokens usable by the user computing apparatus to enroll the corresponding target device with the security device management system, each of the enrollment tokens comprising data uniquely identifying the corresponding target device (Col 13, lines 35-45; The retrieved data may allow the computing device 102 to be restored to a state prior to the wipe. For example, the computing device 102 may be an enterprise-enrolled device. The computing device 102 may store its enrollment credentials in the computing system 112); and Nissler does not specifically disclose causing transmission, by the user computing apparatus, of each enrollment token of the plurality of enrollment tokens to a remote system associated with the corresponding target device to effect enrollment of the corresponding target device with the security device management system (See Freedman; Paragraph 34-35; Tokens 121 may include identifiers or tokens of target devices in a push network for push server 119 to forward push messages. For example, device identifiers 107 may include one of tokens 121 associated with mobile device 111 for management server 101 to push a notification to mobile device 111. Separate secure network connections, e.g. HTTPS network sessions, may be established between management server 101 and mobile device 111 via network 109 for enrolling mobile device 111 into the enterprise service and/or managing mobile devices 111 within the enterprise service. In some embodiments, system 100 may include multiple management servers and/or push servers. An enterprise service may be managed by more than one management servers. System 100 may include multiple enterprise services managed by multiple management servers). Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains, having the teachings of Nissler in view of Freedman in it’s entirety, to modify the technique of Nissler for enterprise-enrolled devices remain under control of remote management by adopting Freedman's teaching for networked systems to manage mobile devices for an enterprise. The motivation would have been to enroll target devices with a security device management system. As per claim 25: The method of claim 24, wherein causing the user computing apparatus to obtain a plurality of enrollment tokens comprises causing the user computing apparatus to generate the plurality of enrollment tokens (Col 13, lines 35-45; The retrieved data may allow the computing device 102 to be restored to a state prior to the wipe. For example, the computing device 102 may be an enterprise-enrolled device. The computing device 102 may store its enrollment credentials in the computing system 112). As per claim 26: The method of claim 25, wherein each of the plurality of enrollment tokens is generated from data received by the user computing apparatus from the remote system associated with the corresponding target device (Col 13, lines 35-45; the computing device 102 may retrieve the credentials and re-establish enterprise enrollment. In such cases, the computing device 102 may remain under control of remote management even after a malicious, accidental, or intentional state loss on the computing device 102). As per claim 27: The method of claim 24, wherein each target device of the plurality of target devices is a surveillance image capture device, an intercom device or an access control device (See Freedman; Paragraph 26-27; The portable media player may include a media selection device, such as a touch screen input device, pushbutton device, movable pointing input device or other input device). As per claim 28: The method of claim 24, wherein the detecting that the plurality of target devices are connected to the communication network is performed subsequent to the causing transmission of each of the enrollment tokens (See Freedman; Paragraph 34-35; Tokens 121 may include identifiers or tokens of target devices in a push network for push server 119 to forward push messages. For example, device identifiers 107 may include one of tokens 121 associated with mobile device 111 for management server 101 to push a notification to mobile device 111. Separate secure network connections, e.g. HTTPS network sessions, may be established between management server 101 and mobile device 111 via network 109 for enrolling mobile device 111 into the enterprise service and/or managing mobile devices 111 within the enterprise service. In some embodiments, system 100 may include multiple management servers and/or push servers. An enterprise service may be managed by more than one management servers. System 100 may include multiple enterprise services managed by multiple management servers). Claim(s) 9 are rejected under 35 U.S.C. 103 as being unpatentable over Nissler (US Patent 10,311,240) in view of Freedman (US Patent Pub 20110252240) and in view of Griffin (US Patent 11,139,964). As per claim 9: The method of claim 7, in response to obtaining the first enrollment token, causing the user computing apparatus to verify the first enrollment token (Paragraph 66; the registration authority 118 may validate the transmission enrollment certificate received at 214 by decrypting the certificate using the public key associated with the certificate authority 116. The registration authority 118 may verify that the identifier of the certificate authority 116 is included in the certificate. If the registration authority 118 is not able to verify the certificate was provided by the certificate authority 116, the registration authority 118 may discard the data provided at 214). However, Nissler does not specifically disclose wherein the first enrollment token comprises a signature and causing the user computing apparatus to verify the first enrollment token comprises causing the user computing apparatus to authenticate the signature of the first enrollment token (See Griffin, See Col 5, lines 43-47; This includes a response to the user challenge message needed to achieve mutual authentication, user biometric enrollment attempt status, and useful enrollment tokens that can be used for subsequent biometric matching) ( Col 12, lines 59-66; the biometric-based electronic signature may be on a document or record. The signing party provides a biometric sample for authentication. The biometric sample contains, and is parsed into, secret knowledge data, such as a “something-you-know” weak secret (e.g., a password), and biometric matching data, such as a “something-you-are” strong secret (e.g., a voice profile, fingerprint, etc.)). Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains, having the teachings of Nissler and Griffin in it’s entirety, to modify the technique of Nissler for enterprise-enrolled devices under control of remote security management by adopting Griffin's teaching for enrollment tokens that can be used for subsequent biometric matching. The motivation would have been to enroll target devices with a security device management system. Claim(s) 10-15 are rejected under 35 U.S.C. 103 as being unpatentable over Nissler (US Patent 10,311,240) in view of Freedman (US Patent Pub 20110252240) and in view of Kushwahn (US Patent Pub. 2023/0299979). As per claim 10: The method of claim 1, detecting that the first target device to be enrolled with the security device management system is connected to the communication network (Col 3, lines 15-20; enterprise-enrolled devices may remain under control of remote management, even after malicious or accidental state loss on the computing device, based on re-acquiring of the device state through retrieval of the data previously stored by the computing device on the remote storage). However, Nissler does not specifically disclose wherein detecting that the first target device to be enrolled with the security device management system is connected to the communication network comprises causing the user computing apparatus to perform network discovery detecting one or more devices connected to the communication network (Paragraph 60; the network control platform 222 can include tools and workflows for discovering switches, routers, wireless controllers, and other network infrastructure devices (e.g., the network discovery tool)) (Paragraph 74; RA 304 is a function for certificate enrollment used in PKIs). Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains, having the teachings of Nissler and Kushwahn in it’s entirety, to modify the technique of Nissler for enterprise-enrolled devices under control of remote security management by adopting Kushwahn's teaching for signing device certificates of devices deployed in an enterprise network using ZTD. The motivation would have been to enroll target devices with a security device management system. As per claim 11: The method of claim 10, wherein the network discovery is performed periodically (See Kushwahn; Paragraph 97; different components of an example device or system that implements the method 600 may perform functions at substantially the same time or in a specific sequence (periodically)). As per claim 12: The method of claim 10, wherein the network discovery is initiated by a user of the user computing apparatus (See Kushwahn; Paragraph 60; the network control platform 222 can include tools and workflows for discovering switches, routers, wireless controllers, and other network infrastructure devices (e.g., the network discovery tool)) (Paragraph 74; RA 304 is a function for certificate enrollment used in PKIs). As per claim 13: The method of claim 10, wherein the network discovery is initiated by the first target device being communicatively coupled to the communication network (See Kushwahn; Paragraph 60; the network control platform 222 can include tools and workflows for discovering switches, routers, wireless controllers, and other network infrastructure devices (e.g., the network discovery tool)) (Paragraph 74; RA 304 is a function for certificate enrollment used in PKIs). As per claim 14: The method of claim 10, wherein the network discovery comprises causing the user computing apparatus to compare a newly detected network device identifier against one or more known network device identifiers associated with one or more devices already enrolled with the security device management system (See Kushwahn; Paragraph 60; the network control platform 222 can include tools and workflows for discovering switches, routers, wireless controllers, and other network infrastructure devices (e.g., the network discovery tool)) (Paragraph 74; RA 304 is a function for certificate enrollment used in PKIs). As per claim 15: The method of claim 10, wherein the network discovery comprises causing the user computing apparatus to detect one or more devices comprising at least one flag set to indicate the corresponding device is newly connected to the communication network (See Kushwahn; Paragraph 60; the network control platform 222 can include tools and workflows for discovering switches, routers, wireless controllers, and other network infrastructure devices (e.g., the network discovery tool)) (Paragraph 74; RA 304 is a function for certificate enrollment used in PKIs). Relevant Prior Art References The following prior art is cited as being of interest to the claimed invention but has not been applied in any of the current rejections. Preiss et al.- US Patent 8,285,197- the prior art teaches techniques for pushing information from a server to a mobile device. Touboul et al.- US Patent 8,869,270 - the prior art teaches techniques for implementing content and network security inside a chip. Guccione et al.- US Patent Pub. 2013/0212637 - the prior art teaches techniques for initiating migration of a credential from one domain to another domain. Vasishth et al.- US Patent Pub. 7,607,164 - the prior art teaches techniques for managing changes to policies in an enterprise. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANTHONY D BROWN whose telephone number is (571)270-1472. The examiner can normally be reached 730-330pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Linglan Edwards can be reached at 5712705440. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /ANTHONY D BROWN/Primary Examiner, Art Unit 2408