DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
This office action is in response to the arguments/remarks filed on 10/15/2021 (hereafter Remarks). Claims 1 – 20 are presently pending in the application and have been examined below, of which claims 1, 8, and 15 are presented in independent form.  Claims 1 – 20 are pending for consideration.

Response to Arguments
Applicant’s arguments with respect to claims 1 – 20 have been considered but they are moot in view of new grounds of rejection.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1 – 20 are rejected under 35 USC 103 as being unpatentable over Qureshi et al. (US 2014/0006347) (hereafter Qureshi), in view of Gulkis (US 2017/0003938) (hereafter Guklis), and in view of Evans (US 2017/0250853) (hereafter Evans),

Regarding claim 1 Qureshi teaches: A system for web application security through containerization, the system comprising: a client device; and instructions executable in the client device (Qureshi, in Para. [0092] discloses “secure container component 350D may also be installed on the mobile device 120, preferably as a separate mobile application or as part of the enterprise agent 320. This component 350D is responsible for creating a secure container on the mobile device for the enterprise applications to store documents and other information.”),
wherein the instructions, when executed, cause the client device to: execute a container application, the container application comprising a management software development kit (SDK) associated with a management service (Qureshi, in Para. [0428] discloses “Another aspect of certain embodiments involves a software development kit (SDK) that enables an application developer to embed one or more of the functionalities described herein into a mobile device software application, such as a software application 318.”); 
provide, by the container application, a single sign-on functionality to a plurality of web applications (Qureshi, in Para. [0104] discloses “a single access policy 218 can apply to mobile devices 120 of different makes, models, operating systems, or any combination thereof. Policies 218 can depend on user roles 206, mobile device properties 208, the specific enterprise resources 130 requested to be accessed by the mobile devices 120, or any combination thereof.” Qureshi, in Para. [0417] discloses “The enterprise system 110 (which can be partially or entirely within the cloud 156) can transmit documents to the devices 120, which can be stored (e.g., by the enterprise agent 320) within the container 336. The container 336 can prevent unauthorized applications 318 and other components of the device 120 from accessing information within the container 336”); by applying the management SDK of the container application to the web applications that are launched from the container application, wherein user credentials are entered through the container application and stored on the client device using the management SDK (Qureshi, in Para. [0434] discloses “the SDK 2404 includes a development tool 2408 that allows an application developer to embed, within an application 2406, functionality for finding, providing credentials to, reading from, and/or writing to a secure document container 336 as described above”);
Qureshi fails to explicitly teach: load a web application within the container application, wherein the container application utilizes the user credentials stored on the client device to provide the single sign- on functionality to the web application using a function defined by the management SDK of the container application without a user re-entering the user credentials;
Gulkis, from the analogous technical field teaches: load a web application within the container application, wherein the container application utilizes the user credentials stored on the client device (Gulkis, in Para. [0056] discloses “The secure applications may access data stored in a secure data container 328 in the managed partition 310 of the mobile device. The data secured in the secure data container may be accessed by the secure wrapped applications 314, applications executed by a secure application launcher 322, virtualization applications 326 executed by a secure application launcher 322, and the like”) to provide the single sign- on functionality to the web application using a function defined by the management SDK of the container application (Gulkis, in Para. [0062] discloses “A software development kit 384 may provide a user the capability to secure applications selected by the user by wrapping the application as described previously in this description. An application that has been wrapped using the software development kit 384 may then be made available to the mobile device 302 by populating it in the application store 378 using the application controller 374”) without a user re-entering the user credentials (Gulkis, in Para. [0057] discloses “The single-sign-on processes may allow a user to provide a single set of authentication credentials, which are then verified by an authentication service 358. The authentication service 358 may then grant to the user access to multiple enterprise resources 304, without requiring the user to provide authentication credentials to each individual enterprise resource 304”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Qureshi, in view of the teaching of Gulkis, which discloses application access management and its availability through the application controller in order to achieve higher security of the  web application management (Gulkis, [0056, 0057, 0062]).  
Qureshi, as modified, fails to explicitly teach: and implement, by the web application, a web application functionality specified within a push notification received from the management 2service, wherein the container application delivers the push notification to the web application.
Evans from the analogous technical field teaches: and implement, by the web application, a web application functionality specified within a push notification received from the management 2service, wherein the container application delivers the push notification to the web application (Examiner note: web application functionality is met by the functionality of the properly set application gateway server) (Evans, in Para. [0103] discloses “web application archive (WAR) files may be used to package/install services 617 on application gateway server computer 611” Evans, in Para. [0104] discloses “application gateway server computer 11 (via notification service 674) may send out a notification to managed container 621 using a notification listener or a push notification channel already established on client device 625”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Qureshi, as modified by Gulkis, in view of the teaching of Evans which discloses installation/setting of the application gateway server using the pushed notification in order to further improve Gulkis web application management of the system (Evans, [0103, 0104]).  

Regarding claim 2 Qureshi as modified fails to explicitly teach: The system of claim 1, wherein the web application is loaded based on the push notification comprising an identifier of the web application.
Evans from the analogous technical field teaches: The system of claim 1, wherein the web application is loaded based on the push notification comprising an identifier of the web application (Evans, in Para. [0104] discloses “application gateway server computer 11 (via notification service 674) may send out a notification to managed container 621 using a notification listener or a push notification channel already established on client device 625” Evans, in Para. [0097] discloses “the setting identifier or key can be created using the name provided for the app via the service artifact”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Qureshi, as modified by Gulkis, in view of the teaching of Evans which discloses application management using push notification comprising apps identifiers in order to improve web application management in the system (Evans, [0097, 0104]).

Regarding claim 3 Qureshi teaches: The system of claim 2, wherein the user credentials are associated with a user account with the management service (Qureshi, in Para. [0102] discloses “the mobile device management system 126 includes mobile device information or attributes 204 stored in computer-readable or machine-readable storage.” Qureshi, in Para. [0102] discloses “The mobile device information 204 can also include user-device assignment records 210 that identify which users 115 or user accounts are assigned to the enrolled mobile devices 120, as well as roles 206 of the users 115 within the enterprise.”).

Regarding claim 4 Qureshi teaches: The system of claim 1, wherein a security policy comprises a data loss prevention setting (Qureshi, in Para. [0282] discloses “the enterprise may be prevented from deleting the data from the device 120”) that is applied to the web application using another function defined by the management SDK of the container application (Qureshi, in Para. [0429] discloses “The SDK 2404 can comprise a library of development tools 2408 providing different functionalities.”), the data loss prevention setting comprising at least one of. a copy and paste into setting, a copy and paste out setting, a printing setting, a camera setting, an email setting, a Bluetooth setting, or a screenshot setting (Qureshi, in Para. [0389] discloses “the remote control module 1202 can be configured to allow the controller 1204 to capture images of the emulated user interface, print the images onto a hardcopy printout, to record video of a remote control session, and the like.”).

Regarding claim 5 Qureshi teaches: The system of claim 1, wherein a security policy enables usage of the web application based on a location of the client device relative to a geographical area (Qureshi, in Para. [0389] discloses “each mobile device management system 126 can be responsible for managing mobile devices 120 in a different geographical area, wherein such mobile device management can comprise sending rule packages to the mobile devices 120 (as described below) and/or regulating access to enterprise resources 130.”).

Regarding claim 6 Qureshi teaches: The system of claim 1, wherein the instructions, when executed, further cause the client device to: display the push notification in a notification interface (Qureshi, in Para. [0242] discloses “The notification manager 830 can be configured to send notifications to administrators about information detected or computed by the meta-application” Qureshi, in Para. [0242] discloses “the agent 320 can subscribe to a notification callback mechanism of the mobile device 120, so that the mobile device 120 notifies the enterprise agent 320 about certain events that occur on the mobile device 120.”); 
Qureshi as modified fails to explicitly teach: and load the web application based on a user selection of the push notification.
Evans from the analogous technical field teaches: and load the web application based on a user selection of the push notification (Evans, in Para. [0059] discloses “Via notification service 350, user-specific notifications can be pushed out to a managed container or managed containers via administrative user interface 310 or a trusted server.” Evans, in Para. [0025] discloses “Native push notification handling, passed from the native runtime wrapper direct to an app.” Evans, in Para. [0077] discloses “when the particular application is called (i.e., invoked by a user selecting application icon 505 from within a managed container running on a client device), the managed container may obtain, via its secure shell, any data, document(s), and/or file(s) that the particular application may need from a backend system through an application gateway server computer.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Qureshi, as modified by Gulkis, in view of the teaching of Evans which discloses management and display user selected applications based on the push notifications in order to improve efficiency of the user selected web application management in the system (Evans, [0025, 0059, 0077]).

Regarding claim 7 Qureshi teaches:  The system of claim 1, wherein the container application [reduces storage redundancy by utilizing a single copy of the management SDK] for the plurality of web applications (Qureshi, in Para. [0440] discloses “the web browser 332 is preferably configured to act as a container for at least some other software applications 318 installed on the mobile device 120” Qureshi, in Para. [0428] discloses “Another aspect of certain embodiments involves a software development kit (SDK) that enables an application developer to embed one or more of the functionalities described herein into a mobile device software application, such as a software application 318.”).
Qureshi fails to explicitly teach: reduces storage redundancy by utilizing a single copy of the management SDK;
that are accessed through the container application 
Gulkis, from the analogous technical field teaches: reduces storage redundancy by utilizing a single copy of the management SDK (Examiner note, the storage redundancy is reduced by utilizing the single-sign-on process by Gulkis) (Gulkis, in Para. [0057] discloses “The single-sign-on processes may allow a user to provide a single set of authentication credentials, which are then verified by an authentication service 358. The authentication service 358 may then grant to the user access to multiple enterprise resources 304, without requiring the user to provide authentication credentials to each individual enterprise resource 304”);
that are accessed through the container application (Gulkis, in Para. [0056] discloses “The secure applications may access data stored in a secure data container 328 in the managed partition 310 of the mobile device. The data secured in the secure data container may be accessed by the secure wrapped applications 314, applications executed by a secure application launcher 322, virtualization applications 326 executed by a secure application launcher 322, and the like”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Qureshi, in view of the teaching of Gulkis, which discloses application access management and its availability through the application controller in order to achieve higher security and better management of the  web applications (Gulkis, [0056, 0057]).

Regarding claim 8, claim 8 discloses a method that is substantially equivalent to the system of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 8 and rejected for the same reasons.

Regarding claim 9, claim 9 dependent on claim 8 discloses a method that is substantially equivalent to the system of claim 2 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 2 are equally applicable to claim 9 and rejected for the same reasons.

Regarding claim 10, claim 10 dependent on claim 9 dependent on claim 8 discloses a method that is substantially equivalent to the system of claim 3 dependent on claim 2 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 3 are equally applicable to claim 10 and rejected for the same reasons.

Regarding claim 11, claim 11 dependent on claim 8 discloses a method that is substantially equivalent to the system of claim 4 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 4 are equally applicable to claim 11 and rejected for the same reasons.

Regarding claim 12, claim 12 dependent on claim 8 discloses a method that is substantially equivalent to the system of claim 5 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 5 are equally applicable to claim 12 and rejected for the same reasons.

Regarding claim 13, claim 13 dependent on claim 8 discloses a method that is substantially equivalent to the system of claim 6 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 6 are equally applicable to claim 13 and rejected for the same reasons.

Regarding claim 14, claim 14 dependent on claim 8 discloses a method that is substantially equivalent to the system of claim 7 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 7 are equally applicable to claim 14 and rejected for the same reasons.

Regarding claim 15, claim 15 discloses a medium that is substantially equivalent to the system of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 15 and rejected for the same reasons.

Regarding claim 16, claim 16 dependent on claim 15 discloses a medium that is substantially equivalent to the system of claim 2 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 2 are equally applicable to claim 16 and rejected for the same reasons.

Regarding claim 17, claim 17 dependent on claim 16 dependent on claim 15 discloses a medium that is substantially equivalent to the system of claim 3 dependent on claim 2 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 3 are equally applicable to claim 17 and rejected for the same reasons.

Regarding claim 18, claim 18 dependent on claim 15 discloses a medium that is substantially equivalent to the system of claim 4 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 4 are equally applicable to claim 18 and rejected for the same reasons.

Regarding claim 19, claim 19 dependent on claim 15 discloses a medium that is substantially equivalent to the system of claim 5 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 5 are equally applicable to claim 19 and rejected for the same reasons.

Regarding claim 20, claim 20 dependent on claim 15 discloses a medium that is substantially equivalent to the system of claim 6 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 6 are equally applicable to claim 20 and rejected for the same reasons.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed on the enclosed PTO-892 form.

this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE
MONTHS from the mailing date of this action. In the event a first reply is filed within
TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VLADIMIR IVANOVICH GAVRILENKO whose telephone number is (313) 446-6530.  The examiner can normally be reached on Monday-Friday 7:30-4:30 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


/V.I.G./Examiner, Art Unit 2431 

/MICHAEL R VAUGHAN/           Primary Examiner, Art Unit 2431