DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Allowable Subject Matter
Claims 1-20 are allowed.

Reasons for Allowance
Examiner’s statement of reasons for allowance for claims 1-20 are stated below.
Regarding independent Claims 1, 8 and 15, the Examiner found neither prior art cited in its entirety, nor based on the prior art, found any motivation to combine any of said prior art that teaches “complete enrollment of a client device as a managed device with the management service, the management service configured to communicate with a management component installed on the client device; in response to a request to access a service that is redirected to an identity provider service, receive a request for a user-and-device token from the management component, the request identifying a user account; generate the user-and-device token in response to the request; and transmit the user-and-device token to the management component, wherein the management component provides the user-and-device token to an application on the client device, the application obtaining an authentication token for the service from the identity provider using the user-and-device token” in combination with all the elements of the claims respectively. 
The dependent claims 2-7, 9-14 and 16-20 are allowable due to its dependence on independent claims 1, 8 and 15 respectively.

The closest prior art made of record are:
Li et al. (US2016/0285858) teaches method and system for authentication and single sign-on using device security associations.  An identity provider sends an authentication challenge to a client.  A capability proxy of the client intercepts an authentication challenge response and retrieves one or more security assertions from a secure environment of the client computing device.  The client sends a 
Akula et al. (US2012/0210413) teaches method and system for facilitating single sign-on across multiple browser instances such that user authentication at one browser instance is used as a basis to permit access to protected resources from other browser instances.  The different browser instances are executing on different client systems.  An authentication server may maintain a registration data indicating the different client systems/browser instances registered by a user for SSO feature.  After a user is authenticated for a first session from one browser instance, the authentication server enables the user to access any protected resource from registered client systems/browser instances without requiring further authentication (based on the presence of the authenticated first session).
Metke et al. (US2014/0189840) teaches method and system for single sign-on collaboration among a plurality of mobile devices. A server issuing a first identity token to subsequently authenticate a user of a first of the mobile devices to a service provider, and for generating and sending a collaboration credential to the first device based on the first identity token or user authentication.  The first device sends the collaboration credential generated by the server to a second device paired with the first device.  The server also issues a second identity token to subsequently authenticate to the service provider the user of the second device based on the collaboration credential received from the first device, to support single sign-on collaboration for the user across the plurality of mobile devices. 

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HENRY TSANG whose telephone number is (571)270-7959.  The examiner can normally be reached on M-F 8am - 5pm EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/HENRY TSANG/
Primary Examiner, Art Unit 2495