DETAILED ACTION
The present application is being examined under the AIA  first to file provisions. This action is responsive to communication filed 1/22/2021, claims 1 – 20 are pending for examination. This action is non-final.
Information Disclosure Statement
The Information Disclosure Statement (IDS) dated 1/22/2021 is herein reviewed by the Examiner.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1 – 20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 - 16 of U.S. Patent No. 10,924,554 in view of Shetty (US 2015/0095970 A1). 
Although the claims at issue are not identical, they are not patentably distinct from each other because the claimed invention and features of U.S. Patent No. 10,924,554 comprise a narrower version of the claims of the instant application. Claims 1 – 14 of U.S. Patent No. 10,924,554 teach the subject matter of claims 1 – 20 of the instant application as the claimed invention is similar but for a narrower scope in the granted patent. 
The table reproduced herein provides the limitations of the instant application in the left column and the corresponding limitations which teach the same subject matter from U.S. Patent No. 10,924,554 in the right column.
Instant Application #17/155,678
U.S. Patent No. 10,924,554
Regarding claim 1. A computer-implemented method comprising: 
generating data based on an identifier in response to a request from a mobile device to access a remote resource,
1. A method, comprising:
receiving, by a computing device, an enrollment request from a mobile device to enroll in a mobile device management (MDM) system;
generating, by the computing device, a session cookie after receipt of the enrollment request, 
the data configured to enable access to the remote resource and being different from data used by other mobile devices to access the same remote resource
and the session cookie being unique to an enrollment session of the mobile device into the MDM system, so that the mobile device receives different session cookies in response to the mobile device requesting enrollment in the MDM system on different occasions …
permitting, by the computing device, based on the session cookie, the client agent application to automatically access the MDM system with Single-Sign-On (SSO) during the first-time use of the client agent after the enrollment.
and the identifier being indicative of one of the mobile device or the remote resource
the generation of the session cookie including use of a device identifier of the mobile device and an identifier of the MDM system
providing an application to the mobile device, the application including the generated data to enable the mobile device to access to the remote resource without retry of credentials to authenticate a user of the mobile device
providing the client agent to the mobile device by transmitting the client agent application comprising the session cookie, the enterprise URLs and the one or more policies to the mobile device; and
permitting, by the computing device, based on the session cookie, the client agent application to automatically access the MDM system with Single-Sign-On (SSO) during the first-time use of the client agent after the enrollment.
2. The computer-implemented method of claim 1, wherein the request comprises a request to remotely manage the mobile device.  

(from claim 1) receiving, by a computing device, an enrollment request from a mobile device to enroll in a mobile device management (MDM) system;
3. The computer-implemented method of claim 1, wherein the generated data comprises a set of application parameters.
6. The method of claim 1, further comprising:
Identifying the user associated with the enrollment request, and a device associated with the user, wherein the device has been previously enrolled in the MDM system and the device is different from the mobile device;
determining a set of customized application parameters based on the user and the device;
generating the client agent application using the set of customized application parameters and the client agent application template; and



(from claim 1) embedding enterprise uniform resource locators (URLs) into the client agent application template, wherein the enterprise URLs correspond to enterprise resources of the MDM system;
5. The computer-implemented method of claim 1, wherein the generated data permits the application to automatically access the remote resource during a first-time use of the application.
(from claim 1) permitting, by the computing device, based on the session cookie, the client agent application to automatically access the MDM system with Single-Sign-On (SSO) during the first-time use of the client agent after the enrollment.
7. The computer-implemented method of claim 1, wherein providing the application comprises sending the application to the mobile device using a protocol.  
(from claim 1) providing the client agent to the mobile device by transmitting the client agent application comprising the session cookie, the enterprise URLs and the one or more policies to the mobile device
2. The method of claim 1, wherein transmitting the client agent application comprising the session cookie to the mobile device comprises transmitting the session cookie to the mobile device using an MDM protocol.
8. The computer-implemented method of claim 1, wherein the application comprises a line- of-business (LOB) application.  

4. The method of claim 1, further comprising:
in response to the enrollment request, embedding one or more first-time use policies into a managed line-of-business (LOB) application;
building the managed LOB application comprising the embedded first-time use policies; and
transmitting the managed LOB application comprising the embedded first-time use policies to the mobile device.
9. The computer-implemented method of claim 1, wherein the generated data comprises a session cookie and generating the data comprises: 
generating the session cookie based on a plurality of identifiers, one of which being the identifier of the mobile device, the session cookie being unique to a session of the mobile device.  

(from claim 1) generating, by the computing device, a session cookie after receipt of the enrollment request, the generation of the session cookie including use of a device identifier of the mobile device and an identifier of the MDM system, and the session cookie being unique to an enrollment session of the mobile device into the MDM system, so that the mobile device receives different session cookies in response to the mobile device requesting enrollment in the MDM system on different occasions;
10. The computer-implemented method of claim 1, wherein the generated data comprises a 
after providing the application to the mobile device, retrieving an expiration time from the session cookie; 
determining that the session cookie is valid based on the expiration time; and 
permitting the application to access the remote resource via Single-Sign-On (SSO).


retrieving an expiration time associated with the session cookie; and
determining whether the session cookie is valid based on the expiration time.
(from claim 1) permitting, by the computing device, based on the session cookie, the client agent application to automatically access the MDM system with Single-Sign-On (SSO) during the first-time use of the client agent after the enrollment.

U.S. Patent No. 10,924,554 fails to teach the subject matter of claims 6, specifically wherein the generated data comprises user interface and user experience preferences from the other mobile devices.  
However, in analogous art, Shetty teaches wherein generated data comprises user interface and user experience preferences from the other mobile devices (different policies are applied to users of different groups (e.g., ‘engineering group’, ‘sales group’, ‘administrative group’) (Shetty Paragraph [0030]) policy governs features usable by a group (settings/preferences) (Shetty Paragraph [0027]) policy governs available features for a group (interface) (Shetty Paragraph [0025])). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to take the teachings of Shetty related to distributing different enterprise policies to users of different groups and apply them to the teachings of Madsen for the purpose of enforcing policies and ensuring mobile devices abide by the policies (Shetty Paragraph [0005]). One would be motivated as such as different groups, either demographically or by employee duties, may need different policies to govern how software components and hardware components should operate (Shetty Paragraphs [0026] and [0030]).
.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1 – 3, 5, 7 – 9, 11, 12, 14 – 18, and 20 are rejected under 35 U.S.C. §102(a)(1) as being anticipated by Madsen et al. (US 8,473,749 B1), hereinafter “Madsen”.
Regarding claim 1, Madsen teaches a computer-implemented method comprising: 
generating data (token) based on an identifier in response to a request from a mobile device to access a remote resource (generating, by an enterprise server, a unique application token for each unique user of an application requested (Madsen Col. 5 Line 65 – Col. 6 Line 10) application token includes received information in a user request including user identification and/or device identification (Madsen Col. 8 Lines 48 – 63) providing a user with authorized access to enterprise resources (Madsen Col. 1 Lines 27 – 52)), the data configured to enable access to the remote resource and being different from data used by other mobile devices to access the same remote resource (installation of the client application including the application token allows access to enterprise data for the particular device and user authorized (Madsen Col. 9 Lines 49 – 55 and Col. 1 Lines 27 – 31) each token is different for each client application used by a single user (Madsen Col. 6 Line 5 – 10)), and the identifier being indicative of token includes specific client credentials and is used to authorize the client with the enterprise system (Madsen Col. 8 Line 48 – Col. 9 Line 4)); and 
providing an application to the mobile device, the application including the generated data to enable the mobile device to access to the remote resource without retry of credentials to authenticate a user of the mobile device (sending the installation file to the user, comprising the token, and installing the client application on the user device that allows authorization to the enterprise resources (Madsen Col. 8 Line 48 – Col. 9 Line 55)).  

Regarding claim 2, Madsen teaches the computer-implemented method of claim 1, wherein the request comprises a request to remotely manage the mobile device (client requests installation of a client application associated with a token on the client device from the enterprise server (Madsen Col. 2 Line 57 – Col. 3 Line 16)).  

Regarding claim 3, Madsen teaches the computer-implemented method of claim 1, wherein the generated data comprises a set of application parameters (using the authorization token to determine which applications are approved for the user by the enterprise and including list of applications in the installation sent to the client (Madsen Col. 8 Lines 1 – 36)).  

Regarding claim 5, Madsen teaches the computer-implemented method of claim 1, wherein the generated data permits the application to automatically access the remote resource during a first-time installing the client application provisioned with the application token wherein the application token (OAuth token) grants the application access to enterprise data (Madsen Col. 8 Line 48 – Col. 9 Line 55)).  

Regarding claim 7, Madsen teaches the computer-implemented method of claim 1, wherein providing the application comprises sending the application to the mobile device using a protocol (Open Authorization (OAuth) is an open standard protocol for authorization which allows enterprise users to access enterprise resources (Madsen Col. 1 Lines 27 – 45) token provided to the user may be an OAuth token (Madsen Col. 8 Lines 1 – 36 and 48 – 63)).  

Regarding claim 8, Madsen teaches the computer-implemented method of claim 1, wherein the application comprises a line-of-business (LOB) application (applications may be associated with particular functions in an enterprise wherein each client is approved for only accessing certain applications based upon their client application (Madsen Col. 5 Lines 1 – 64)).  

Regarding claim 9, Madsen teaches the computer-implemented method of claim 1, wherein the generated data comprises a session cookie and generating the data comprises: 
generating the session cookie based on a plurality of identifiers, one of which being the identifier of the mobile device, the session cookie being unique to a session of the mobile device (generating, by an enterprise server, a unique application token for each unique user of an application requested (Madsen Col. 5 Line 65 – Col. 6 Line 10) application token includes received information in a user request including user identification and/or device identification (Madsen Col. 8 Lines 48 – 63) providing a user with authorized access to enterprise resources (Madsen Col. 1 Lines 27 – 52) each token is different for each client application used by a single user (Madsen Col. 6 Line 5 – 10)).  

Regarding claim 11, Madsen teaches a computer-implemented method comprising: 
generating data based on an identifier in response to a request from a mobile device to access a remote resource (generating, by an enterprise server, a unique application token for each unique user of an application requested (Madsen Col. 5 Line 65 – Col. 6 Line 10) application token includes received information in a user request including user identification and/or device identification (Madsen Col. 8 Lines 48 – 63) providing a user with authorized access to enterprise resources (Madsen Col. 1 Lines 27 – 52)), the data configured to enable access to the remote resource and being different from data used by other mobile devices to access the same remote resource (installation of the client application including the application token allows access to enterprise data for the particular device and user authorized (Madsen Col. 9 Lines 49 – 55 and Col. 1 Lines 27 – 31) each token is different for each client application used by a single user (Madsen Col. 6 Line 5 – 10)), and the identifier being indicative of one of the mobile device or the remote resource (token includes specific client credentials and is used to authorize the client with the enterprise system (Madsen Col. 8 Line 48 – Col. 9 Line 4)); 
determining a set of application parameters associate with at least one of the other mobile devices (using the authorization token to determine which applications are approved for the user by the enterprise and including list of applications in the installation sent to the client (Madsen Col. 8 Lines 1 – 36)); and
sending the installation file to the user, comprising the token, and installing the client application on the user device that allows authorization to the enterprise resources (Madsen Col. 8 Line 48 – Col. 9 Line 55)).  

Regarding claim 12, Madsen teaches the computer-implemented method of claim 11, wherein the request comprises a request to remotely manage the mobile device (client requests installation of a client application associated with a token on the client device from the enterprise server (Madsen Col. 2 Line 57 – Col. 3 Line 16)).  

Regarding claim 14, Madsen teaches the computer-implemented method of claim 11, wherein the generated data permits the application to automatically access the remote resource during a first-time use of the application without retry of credentials to authenticate a user of the mobile device (installing the client application provisioned with the application token wherein the application token (OAuth token) grants the application access to enterprise data (Madsen Col. 8 Line 48 – Col. 9 Line 55)).  

Regarding claim 15, Madsen teaches the computer-implemented method of claim 11, wherein providing the application comprises sending the application to the mobile device using a protocol (Open Authorization (OAuth) is an open standard protocol for authorization which allows enterprise users to access enterprise resources (Madsen Col. 1 Lines 27 – 45) token provided to the user may be an OAuth token (Madsen Col. 8 Lines 1 – 36 and 48 – 63)).  

Regarding claim 16, Madsen teaches a server device, comprising: 
at least one processor (Madsen Col. 13 Lines 21 – 59); 
a communication interface (Madsen Col. 13 Lines 21 – 59); 
memory storing instructions (Madsen Col. 13 Lines 21 – 59) that, when executed by the at least one processor, cause the server device to:
generate data based on an identifier in response to a request from a mobile device to access a remote resource (generating, by an enterprise server, a unique application token for each unique user of an application requested (Madsen Col. 5 Line 65 – Col. 6 Line 10) application token includes received information in a user request including user identification and/or device identification (Madsen Col. 8 Lines 48 – 63) providing a user with authorized access to enterprise resources (Madsen Col. 1 Lines 27 – 52)), the data configured to enable access to the remote resource and being different from data used by other mobile devices to access the same remote resource (installation of the client application including the application token allows access to enterprise data for the particular device and user authorized (Madsen Col. 9 Lines 49 – 55 and Col. 1 Lines 27 – 31) each token is different for each client application used by a single user (Madsen Col. 6 Line 5 – 10)), and the identifier being indicative of one of the mobile device or the remote resource (token includes specific client credentials and is used to authorize the client with the enterprise system (Madsen Col. 8 Line 48 – Col. 9 Line 4)); and 
sending the installation file to the user, comprising the token, and installing the client application on the user device that allows authorization to the enterprise resources (Madsen Col. 8 Line 48 – Col. 9 Line 55)).  

Regarding claim 17, Madsen teaches a server device of claim 16, wherein the request comprises a request to remotely manage the mobile device (client requests installation of a client application associated with a token on the client device from the enterprise server (Madsen Col. 2 Line 57 – Col. 3 Line 16)).  

Regarding claim 18, Madsen teaches a server device of claim 16, wherein the data permits the application to automatically access the remote resource during a first-time use of the application (installing the client application provisioned with the application token wherein the application token (OAuth token) grants the application access to enterprise data (Madsen Col. 8 Line 48 – Col. 9 Line 55)).  

Regarding claim 20, Madsen teaches a server device of claim 16, wherein the data comprises a session cookie, and wherein the memory stores additional instructions that, when executed by the at least one processor, cause the server device to: - 53 -B&W Ref.: 007737.01350 Client Ref.: CTX-1099USCN 
generating, by an enterprise server, a unique application token for each unique user of an application requested (Madsen Col. 5 Line 65 – Col. 6 Line 10) application token includes received information in a user request including user identification and/or device identification (Madsen Col. 8 Lines 48 – 63) providing a user with authorized access to enterprise resources (Madsen Col. 1 Lines 27 – 52) each token is different for each client application used by a single user (Madsen Col. 6 Line 5 – 10)).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 4, 10, 13, and 19 are rejected under 35 U.S.C. §103 as being unpatentable over Madsen in view of Narayanaswamy et al. (US 2014/0259093 A1), hereinafter “Narayanaswamy”.
Regarding claim 4, where Madsen teaches the computer-implemented method of claim 1 and generating the data to access a remote resource (Madsen Col. 5 Line 65 – Col. 6 Line 10), Madsen fails to teach wherein the generated data comprises one or more enterprise uniform resource locators (URLs) of the remote resource.  
However, in analogous art, Narayanaswamy teaches wherein generated data comprises one or more enterprise uniform resource locators (URLs) of the remote resource (a policy is embedded into the download client, which may be an application wrapper, and the policy further includes enterprise URLs to enterprise network resources (Narayanaswamy Paragraphs [0035 – 0037])).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to take the teachings of Narayanaswamy related to providing enterprise URLs to a client device and apply them to the teachings of Madsen for the purpose of providing locators to enterprise resources. One would be motivated as such as some enterprise network services may require authentication and the secure URL requests may already include user identifying information using the downloaded client (Narayanaswamy Paragraphs [0036 – 0037]).

Regarding claim 10, where Madsen teaches the computer-implemented method of claim 1, wherein the generated data comprises a session cookie and the method further comprises after providing the application to the mobile device, retrieving an expiration time from the session cookie (authentication using an application token comprises checking if a timestamp of the application token is valid (Madsen Col. 12 Lines 15 – 33)), determining that the session cookie is valid based on the expiration time (determining if the time stamp is valid (Madsen Col. 12 Lines 15 – 33)), and permitting the application to access the remote resource, Madsen fails to teach permitting access via Single-Sign-On (SSO).
However, in analogous art, Narayanaswamy teaches permitting access via Single-Sign-On (SSO) (Narayanaswamy Paragraph [0104]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to take the teachings of Narayanaswamy related to using SSO and apply them to the teachings of Madsen for the purpose of using an established function to support sign-on of (Narayanaswamy Paragraph [0104]).

Regarding claim 13, where Madsen teaches the computer-implemented method of claim 11 and generating the data to access a remote resource (Madsen Col. 5 Line 65 – Col. 6 Line 10), Madsen fails to teach wherein the generated data comprises one or more enterprise uniform resource locators (URLs) of the remote resource.  
However, in analogous art, Narayanaswamy teaches wherein generated data comprises one or more enterprise uniform resource locators (URLs) of the remote resource (a policy is embedded into the download client, which may be an application wrapper, and the policy further includes enterprise URLs to enterprise network resources (Narayanaswamy Paragraphs [0035 – 0037])).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to take the teachings of Narayanaswamy related to providing enterprise URLs to a client device and apply them to the teachings of Madsen for the purpose of providing locators to enterprise resources. One would be motivated as such as some enterprise network services may require authentication and the secure URL requests may already include user identifying information using the downloaded client (Narayanaswamy Paragraphs [0036 – 0037]).

Regarding claim 19, where Madsen teaches the server device of claim 16 and generating the data to access a remote resource (Madsen Col. 5 Line 65 – Col. 6 Line 10), Madsen fails to teach 
However, in analogous art, Narayanaswamy teaches wherein generated data comprises one or more enterprise uniform resource locators (URLs) of the remote resource (a policy is embedded into the download client, which may be an application wrapper, and the policy further includes enterprise URLs to enterprise network resources (Narayanaswamy Paragraphs [0035 – 0037])).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to take the teachings of Narayanaswamy related to providing enterprise URLs to a client device and apply them to the teachings of Madsen for the purpose of providing locators to enterprise resources. One would be motivated as such as some enterprise network services may require authentication and the secure URL requests may already include user identifying information using the downloaded client (Narayanaswamy Paragraphs [0036 – 0037]).

Claim 6 is rejected under 35 U.S.C. §103 as being unpatentable over Madsen in view of Shetty (US 2015/0095970 A1).
Regarding claim 6, where Madsen teaches the computer-implemented method of claim 1, Madsen fails to teach wherein the generated data comprises user interface and user experience preferences from the other mobile devices.  
However, in analogous art, Shetty teaches wherein generated data comprises user interface and user experience preferences from the other mobile devices (different policies are applied to users of different groups (e.g., ‘engineering group’, ‘sales group’, ‘administrative group’) (Shetty Paragraph [0030]) policy governs features usable by a group (settings/preferences) (Shetty Paragraph [0027]) policy governs available features for a group (interface) (Shetty Paragraph [0025])). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to take the teachings of Shetty related to distributing different enterprise policies to users of different groups and apply them to the teachings of Madsen for the purpose of enforcing policies and ensuring mobile devices abide by the policies (Shetty Paragraph [0005]). One would be motivated as such as different groups, either demographically or by employee duties, may need different policies to govern how software components and hardware components should operate (Shetty Paragraphs [0026] and [0030]).


Conclusion
The following prior art was found pertinent to Applicant’s claimed invention but was not used in making the rejections herein:
Choe et al. (US 2015/0288702 A1) which teaches an IT system which provides an online portal for users to interface with resources, wherein the online portal determines which resources and requests comply with which policies.
Ford et al. (US 2015/0310188 A1) which teaches maintaining digital rights to online media based upon access policies applied to users across a plurality of organizations.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JIHAD KAMAL BOUSTANY whose telephone number is (571)270-0251.  The examiner can normally be reached on M-F: 8:30 AM - 5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Tonia Dollinger can be reached on (571) 272-4170.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 






/J.K.B/Examiner, Art Unit 2459                                                                                                                                                                                                        /TONIA L DOLLINGER/Supervisory Patent Examiner, Art Unit 2459