DETAILED ACTION
The present application is being examined under the AIA  first to file provisions. This action is responsive to communication filed 5/24/2022, claims 1 – 20 are pending for examination. This action is non-final.
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 5/24/2022 has been entered.
Response to Amendment
Acknowledgment is made claims 1, 10, 11, and 16 are amended and pending examination.
Response to Arguments
Applicant’s arguments, found on pages 6 – 7 of Remarks dated 5/24/2022, wherein Applicant alleges the prior art of record fails to teach amended claim 1 considered as a whole, have been fully considered and found persuasive. Claim 1 has been amended to recite, in part, “providing … access to the remote resource via Single-Sign-On (SSO) during the first-time use of the application”. The prior art of record fails to teach the claimed invention. However, based upon further consideration of the claimed invention as a whole, a new rejection Is presented herein.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1 – 20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 - 16 of U.S. Patent No. 10,924,554 in view of Shetty (US 2015/0095970 A1). 
Although the claims at issue are not identical, they are not patentably distinct from each other because the claimed invention and features of U.S. Patent No. 10,924,554 comprise a narrower version of the claims of the instant application. Claims 1 – 14 of U.S. Patent No. 10,924,554 teach the subject matter of claims 1 – 20 of the instant application as the claimed invention is similar but for a narrower scope in the granted patent. 
The table reproduced herein provides the limitations of the instant application in the left column and the corresponding limitations which teach the same subject matter from U.S. Patent No. 10,924,554 in the right column (and italicized comments explaining how the more narrow claim limitations of the U.S. Patent teach the limitations of the instant application).
Instant Application #17/155,678
U.S. Patent No. 10,924,554
Regarding claim 1. A computer-implemented method comprising: 

1. A method, comprising: … by a computing device …
receiving, by a computing device, an enrollment request from a mobile device to enroll in a mobile device management (MDM) system;
generating, by the computing device, a session cookie after receipt of the enrollment request, 
generating data based on an identifier in response to a request from a mobile device to access a remote resource,
receiving, by a computing device, an enrollment request from a mobile device to enroll in a mobile device management (MDM) system (enrollment in the management system is the request to access the management system and the resources therein);

generating, by the computing device, a session cookie (data) after receipt of the enrollment request, 

the generation of the session cookie including use of a device identifier (“based on an identifier”) of the mobile device 
the data configured to enable an application access to the remote resource and being different from data used by other mobile devices or other applications,
the session cookie being unique to an enrollment session of the mobile device (unique to that particular device and therefore different from other mobile devices) into the MDM system

providing the client agent to the mobile device by transmitting the client agent application comprising the session cookie … permitting, by the computing device, based on the session cookie, the client agent application to automatically access the MDM system (access to the MDM system enabled by the session cookie)
the identifier being indicative of one of the mobile device or the remote resource,
the generation of the session cookie including use of a device identifier of the mobile device and an identifier of the MDM system
and the data comprising one or more policies associated with a first-time use of the application
embedding the session cookie into a client agent application template, wherein the session cookie enables a client agent application to access the MDM system after enrollment and during a first-time use of the client agent … embedding one or more policies into the client agent application template to configure the client agent application template (the embedded session cookie enables the first-time use of the client agent application which is further embedded with policies)
providing an application to the mobile device
providing the client agent to the mobile device by transmitting the client agent application comprising the session cookie
the application including the generated data to enable the mobile device to access to the remote resource via Single Sign-On (SSO) during the first-time use of the application
application comprising the session cookie, the enterprise URLs and the one or more policies to the mobile device … permitting, by the computing device, based on the session cookie, the client agent application to automatically access the MDM system with Single-Sign-On (SSO) during the first-time use of the client agent after the enrollment.
2. The computer-implemented method of claim 1, wherein the request comprises a request to remotely manage the mobile device.  

(from claim 1) receiving, by a computing device, an enrollment request from a mobile device to enroll in a mobile device management (MDM) system; (the mobile device management system receives the request to manage the device, and since it must receive the request sent it is clearly a remote element to the mobile device)
3. The computer-implemented method of claim 1, wherein the generated data comprises a set of application parameters.
(from claim 6) Identifying the user associated with the enrollment request, and a device associated with the user, wherein the device has been previously enrolled in the MDM system and the device is different from the mobile device;
determining a set of customized application parameters based on the user and the device;
generating the client agent application using the set of customized application parameters and the client agent application template;

(generated session cookie comprised in the generated application comprises the set of customized application parameters)
4. The computer-implemented method of claim 1, wherein the generated data comprises one or more enterprise uniform resource locators (URLs) of the remote resource.  

(from claim 1) embedding the session cookie into a client agent application template, wherein the session cookie enables a client agent application to access the MDM system after enrollment and during a first-time use of the client agent;
embedding enterprise uniform resource locators (URLs) into the client agent application template, wherein the enterprise URLs correspond to enterprise resources of the MDM system;

(the generated session cookie embedded in the generated client agent application template comprises the URLs of the remote resources)

5. The computer-implemented method of claim 1, wherein the generated data permits the application to automatically access the remote resource during a first-time use of the application.
(from claim 1) permitting, by the computing device, based on the session cookie, the client agent application to automatically access the MDM system with Single-Sign-On (SSO) during the first-time use of the client agent after the enrollment.
7. The computer-implemented method of claim 1, wherein providing the application comprises sending the application to the mobile device using a protocol.  
(from claim 2) wherein transmitting the client agent application comprising the session cookie to the mobile device comprises transmitting the session cookie to the mobile device using an MDM protocol.
8. The computer-implemented method of claim 1, wherein the application comprises a line- of-business (LOB) application.  

(from claim 3) embedding the enterprise URLs into at least one of the client agent application or a managed line-of-business (LOB) application to be transmitted to the mobile device.
9. The computer-implemented method of claim 1, wherein the generated data comprises a session cookie and generating the data comprises: 

generating the session cookie based on a plurality of identifiers, one of which being the identifier of the mobile device, the session cookie being unique to a session of the mobile device.  

(from claim 1) generating, by the computing device, a session cookie after receipt of the enrollment request …

the generation of the session cookie including use of a device identifier of the mobile device and an identifier of the MDM system, and the session cookie being unique to an enrollment session of the mobile device into the MDM system
10. The computer-implemented method of claim 1, wherein the generated data comprises a session cookie and the method further comprises: 
after providing the application to the mobile device, retrieving an expiration time from the session cookie; 
determining that the session cookie is valid based on the expiration time; and 
permitting the application to access the remote resource via Single-Sign-On (SSO).
(from claim 1) generating, by the computing device, a session cookie after receipt of the enrollment request, 

(from claim 5)
after providing the session cookie to the mobile device, receiving from the mobile device a communication containing the session cookie; retrieving an expiration time associated with the session cookie; and
determining whether the session cookie is valid based on the expiration time.

U.S. Patent No. 10,924,554 fails to teach the subject matter of claims 6, specifically wherein the generated data comprises user interface and user experience preferences from the other mobile devices and how single sign-on (SSO) allows access without retry of credentials to authenticate a user of the mobile device.  
However, in analogous art, Shetty teaches wherein generated data comprises user interface and user experience preferences from the other mobile devices (different policies are applied to users of different groups (e.g., ‘engineering group’, ‘sales group’, ‘administrative group’) (Shetty Paragraph [0030]) policy governs features usable by a group (settings/preferences) (Shetty Paragraph [0027]) policy governs available features for a group (interface) (Shetty Paragraph [0025])). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to take the teachings of Shetty related to distributing different enterprise policies to users of different groups and apply them to the teachings of Madsen for the purpose of enforcing policies and ensuring mobile devices abide by the policies (Shetty Paragraph [0005]). One would be motivated as such as different groups, either demographically or by employee duties, may need different policies to govern how software components and hardware components should operate (Shetty Paragraphs [0026] and [0030]).
U.S. Patent No. 10,924,554 and Shetty fail to teach single sign-on (SSO) allowing access without retry of credentials to authenticate a user of the mobile device.
However, in analogous art, Sanin teaches single sign-on (SSO) allowing access without retry of credentials to authenticate a user of the mobile device (receiving user authentication credentials only if a previous authentication session is not available, and authorizing the user using the authentication credentials for the first time or by using an application token provided during an initial use (Sanin Col. 5 Line 61 – Col. 6 Line 15)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to take the teachings of Sanin related to leveraging authentication sessions to permit a user access to multiple applications and apply them to the teachings of U.S. Patent No. 10,924,554 and Shetty for the purpose of authorizing users to access the resources only a first time (Sanin Col. 1 Line 65 – Col. 2 Line 4). One would be motivated as providing a single sign-on experience allows for a user to be authenticated for subsequent sign-on with various resources without delays associated with entering credentials more than once (Sanin Col. 2 Lines 5 – 34).
	Independent claims 11 and 16 and dependent claims 12 – 15 and 17 – 20 recite similar subject matter to claims 1 – 10 above and are rejected under the same rationale.
	Examiner further acknowledges Applicant requests the Double Patenting rejection be held in abeyance until the other rejections on the claims are resolved. The Double Patenting rejection is presented herein for the purpose of compact prosecution and for clarification of the record.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1 – 3, 5, 7 – 12, 14 – 18, and 20 are rejected under 35 U.S.C. §103 as being unpatentable over Madsen et al. (US 8,473,749 B1), hereinafter “Madsen”, in view of Sanin et al. (US 7,500,262 B2), hereinafter “Sanin”.
Regarding claim 1, Madsen teaches a computer-implemented method comprising: 
generating data (token) based on an identifier in response to a request from a mobile device to access a remote resource (generating, by an enterprise server, a unique application token for each unique user of an application requested (Madsen Col. 5 Line 65 – Col. 6 Line 10) application token includes received information in a user request including user identification and/or device identification (Madsen Col. 8 Lines 48 – 63) providing a user with authorized access to enterprise resources (Madsen Col. 1 Lines 27 – 52)), the data configured to enable an application to access to the remote resource and being different from data used by other mobile devices or applications (installation of the client application including the application token allows access to enterprise data for the particular device and user authorized (Madsen Col. 9 Lines 49 – 55 and Col. 1 Lines 27 – 31) each token is different for each client application used by a single user (Madsen Col. 6 Line 5 – 10)), and the identifier being indicative of one of the mobile device or the remote resource (token includes specific client credentials and is used to authorize the client with the enterprise system (Madsen Col. 8 Line 48 – Col. 9 Line 4)), the data comprising one or more policies associated with a first-time use of the application (matching user authentication information in the received token to a database entry to determine user access level to resources after installation of the client application (and therefore during a first-use) (Madsen Col. 6 Line 64 – Col. 7 Line 38) generating an authentication acknowledgement in response to matching in the database (Madsen Col. 7 Lines 19 – 53)); and 
providing the application to the mobile device, the application including the generated data to enable the mobile device to access to the remote resource without retry of credentials to authenticate a user of the mobile device (sending the installation file to the user, comprising the token, and installing the client application on the user device that allows authorization to the enterprise resources (Madsen Col. 8 Line 48 – Col. 9 Line 55)).   
Where Madsen teaches providing a cookie for repeated access to enterprise resources (Madsen Col. 2 Lines 23 – 34 and Claim 1), fails to specifically teach accessing resources via Single-Sign-On (SSO) during a first-time user of the application.
However, in analogous art, Sanin teaches accessing resources via Single-Sign-On (SSO) during a first-time user of the application (receiving user authentication credentials only if a previous authentication session is not available, and authorizing the user using the authentication credentials for the first time or by using an application token provided during an initial use (Sanin Col. 5 Line 61 – Col. 6 Line 15)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to take the teachings of Sanin related to leveraging authentication sessions to permit a user access to multiple applications and apply them to the teachings of Madsen for the purpose of authorizing users to access the resources only a first time (Sanin Col. 1 Line 65 – Col. 2 Line 4). One would be motivated as providing a single sign-on experience allows for a user to be authenticated for subsequent sign-on with various resources without delays associated with entering credentials more than once (Sanin Col. 2 Lines 5 – 34).

Regarding claim 2, Madsen and Sanin teach the computer-implemented method of claim 1, wherein the request comprises a request to remotely manage the mobile device (client requests installation of a client application associated with a token on the client device from the enterprise server (Madsen Col. 2 Line 57 – Col. 3 Line 16)).  

Regarding claim 3, Madsen and Sanin teach the computer-implemented method of claim 1, wherein the generated data comprises a set of application parameters (using the authorization token to determine which applications are approved for the user by the enterprise and including list of applications in the installation sent to the client (Madsen Col. 8 Lines 1 – 36)).  

Regarding claim 5, Madsen and Sanin teach the computer-implemented method of claim 1, wherein the generated data permits the application to automatically access the remote resource during the first-time use of the application (installing the client application provisioned with the application token wherein the application token (OAuth token) grants the application access to enterprise data (Madsen Col. 8 Line 48 – Col. 9 Line 55)).  

Regarding claim 7, Madsen and Sanin teach the computer-implemented method of claim 1, wherein providing the application comprises sending the application to the mobile device using a protocol (Open Authorization (OAuth) is an open standard protocol for authorization which allows enterprise users to access enterprise resources (Madsen Col. 1 Lines 27 – 45) token provided to the user may be an OAuth token (Madsen Col. 8 Lines 1 – 36 and 48 – 63)).  

Regarding claim 8, Madsen and Sanin teach the computer-implemented method of claim 1, wherein the application comprises a line-of-business (LOB) application (applications may be associated with particular functions in an enterprise wherein each client is approved for only accessing certain applications based upon their client application (Madsen Col. 5 Lines 1 – 64)).  

Regarding claim 9, Madsen and Sanin teach the computer-implemented method of claim 1, wherein the generated data comprises a session cookie and generating the data comprises: 
generating the session cookie based on a plurality of identifiers, one of which being the identifier of the mobile device, the session cookie being unique to a session of the mobile device (generating, by an enterprise server, a unique application token for each unique user of an application requested (Madsen Col. 5 Line 65 – Col. 6 Line 10) application token includes received information in a user request including user identification and/or device identification (Madsen Col. 8 Lines 48 – 63) providing a user with authorized access to enterprise resources (Madsen Col. 1 Lines 27 – 52) each token is different for each client application used by a single user (Madsen Col. 6 Line 5 – 10)).  

Regarding claim 10, Madsen and Sanin teach the computer-implemented method of claim 1, wherein the generated data comprises a session cookie and the method further comprises: 
after providing the application to the mobile device, retrieving an expiration time from the session cookie (authentication using an application token comprises checking if a timestamp of the application token is valid (Madsen Col. 12 Lines 15 – 33)); 
determining that the session cookie is valid based on the expiration time (referencing a time frame using the time stamp to determine if the access is still valid (Madsen Col. 7 Lines 54 – 67)); and 
permitting the application to access the remote resource via Single-Sign-On (SSO) (determining if the time stamp is valid (Madsen Col. 12 Lines 15 – 33) referencing a time frame using the time stamp to determine if the access is still valid and permitting authentication (Madsen Col. 7 Lines 54 – 67) receiving user authentication credentials only if a previous authentication session is not available, and authorizing the user using the authentication credentials for the first time or by using an application token provided during an initial use (Sanin Col. 5 Line 61 – Col. 15) inherits motivation to combine from respective parent claim.).

Regarding claim 11, Madsen teaches a computer-implemented method comprising: 
generating data based on an identifier in response to a request from a mobile device to access a remote resource (generating, by an enterprise server, a unique application token for each unique user of an application requested (Madsen Col. 5 Line 65 – Col. 6 Line 10) application token includes received information in a user request including user identification and/or device identification (Madsen Col. 8 Lines 48 – 63) providing a user with authorized access to enterprise resources (Madsen Col. 1 Lines 27 – 52)), the data configured to enable an application to access to the remote resource and being different from data used by other mobile devices or applications (installation of the client application including the application token allows access to enterprise data for the particular device and user authorized (Madsen Col. 9 Lines 49 – 55 and Col. 1 Lines 27 – 31) each token is different for each client application used by a single user (Madsen Col. 6 Line 5 – 10)), and the identifier being indicative of one of the mobile device or the remote resource (token includes specific client credentials and is used to authorize the client with the enterprise system (Madsen Col. 8 Line 48 – Col. 9 Line 4)), the data comprising one or more policies associated with a first-time use of the application (matching user authentication information in the received token to a database entry to determine user access level to resources after installation of the client application (and therefore during a first-use) (Madsen Col. 6 Line 64 – Col. 7 Line 38) generating an authentication acknowledgement in response to matching in the database (Madsen Col. 7 Lines 19 – 53)); 
determining a set of application parameters associate with at least one of the other mobile devices (using the authorization token to determine which applications are approved for the user by the enterprise and including list of applications in the installation sent to the client (Madsen Col. 8 Lines 1 – 36)); and
providing an application to the mobile device, the application including the generated data and the set of application parameters, to modify access by the mobile device to the remote resource based on the set of application parameters (sending the installation file to the user, comprising the token, and installing the client application on the user device that allows authorization to the enterprise resources (Madsen Col. 8 Line 48 – Col. 9 Line 55)).  
Madsen fails to teach accessing resources via Single-Sign-On (SSO) during a first-time user of the application.
However, in analogous art, Sanin teaches accessing resources via Single-Sign-On (SSO) during a first-time user of the application (receiving user authentication credentials only if a previous authentication session is not available, and authorizing the user using the authentication credentials for the first time or by using an application token provided during an initial use (Sanin Col. 5 Line 61 – Col. 6 Line 15)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to take the teachings of Sanin related to leveraging authentication sessions to permit a user access to multiple applications and apply them to the teachings of Madsen for the purpose of authorizing users to access the resources only a first time (Sanin Col. 1 Line 65 – Col. 2 Line 4). One would be motivated as providing a single sign-on experience allows for a user to be authenticated for subsequent sign-on with various resources without delays associated with entering credentials more than once (Sanin Col. 2 Lines 5 – 34).

Regarding claim 12, Madsen and Sanin teach the computer-implemented method of claim 11, wherein the request comprises a request to remotely manage the mobile device (client requests installation of a client application associated with a token on the client device from the enterprise server (Madsen Col. 2 Line 57 – Col. 3 Line 16)).  

Regarding claim 14, Madsen and Sanin teach the computer-implemented method of claim 11, wherein the generated data permits the application to automatically access the remote resource during the first-time use of the application without retry of credentials to authenticate a user of the mobile device (installing the client application provisioned with the application token wherein the application token (OAuth token) grants the application access to enterprise data (Madsen Col. 8 Line 48 – Col. 9 Line 55)).  

Regarding claim 15, Madsen and Sanin teach the computer-implemented method of claim 11, wherein providing the application comprises sending the application to the mobile device using a protocol (Open Authorization (OAuth) is an open standard protocol for authorization which allows enterprise users to access enterprise resources (Madsen Col. 1 Lines 27 – 45) token provided to the user may be an OAuth token (Madsen Col. 8 Lines 1 – 36 and 48 – 63)).  

Regarding claim 16, Madsen teaches a server device, comprising: 
at least one processor (Madsen Col. 13 Lines 21 – 59); 
a communication interface (Madsen Col. 13 Lines 21 – 59); 
memory storing instructions (Madsen Col. 13 Lines 21 – 59) that, when executed by the at least one processor, cause the server device to:
generate data based on an identifier in response to a request from a mobile device to access a remote resource (generating, by an enterprise server, a unique application token for each unique user of an application requested (Madsen Col. 5 Line 65 – Col. 6 Line 10) application token includes received information in a user request including user identification and/or device identification (Madsen Col. 8 Lines 48 – 63) providing a user with authorized access to enterprise resources (Madsen Col. 1 Lines 27 – 52)), the data configured to enable an application to access to the remote resource and being different from data used by other mobile devices or applications (installation of the client application including the application token allows access to enterprise data for the particular device and user authorized (Madsen Col. 9 Lines 49 – 55 and Col. 1 Lines 27 – 31) each token is different for each client application used by a single user (Madsen Col. 6 Line 5 – 10)), and the identifier being indicative of one of the mobile device or the remote resource (token includes specific client credentials and is used to authorize the client with the enterprise system (Madsen Col. 8 Line 48 – Col. 9 Line 4)), the data comprising one or more policies associated with a first-time use of the application (matching user authentication information in the received token to a database entry to determine user access level to resources after installation of the client application (and therefore during a first-use) (Madsen Col. 6 Line 64 – Col. 7 Line 38) generating an authentication acknowledgement in response to matching in the database (Madsen Col. 7 Lines 19 – 53)); and 
provide an application to the mobile device, the application including the generated data to enable the mobile device to access to the remote resource without retry of credentials to authenticate a user of the mobile device (sending the installation file to the user, comprising the token, and installing the client application on the user device that allows authorization to the enterprise resources (Madsen Col. 8 Line 48 – Col. 9 Line 55)).  
Madsen fails to teach accessing resources via Single-Sign-On (SSO) during a first-time user of the application.
However, in analogous art, Sanin teaches accessing resources via Single-Sign-On (SSO) during a first-time user of the application (receiving user authentication credentials only if a previous authentication session is not available, and authorizing the user using the authentication credentials for the first time or by using an application token provided during an initial use (Sanin Col. 5 Line 61 – Col. 6 Line 15)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to take the teachings of Sanin related to leveraging authentication sessions to permit a user access to multiple applications and apply them to the teachings of Madsen for the purpose of authorizing users to access the resources only a first time (Sanin Col. 1 Line 65 – Col. 2 Line 4). One would be motivated as providing a single sign-on experience allows for a user to be authenticated for subsequent sign-on with various resources without delays associated with entering credentials more than once (Sanin Col. 2 Lines 5 – 34).

Regarding claim 17, Madsen and Sanin teach the server device of claim 16, wherein the request comprises a request to remotely manage the mobile device (client requests installation of a client application associated with a token on the client device from the enterprise server (Madsen Col. 2 Line 57 – Col. 3 Line 16)).  

Regarding claim 18, Madsen and Sanin teach the server device of claim 16, wherein the data permits the application to automatically access the remote resource during the first-time use of the application (installing the client application provisioned with the application token wherein the application token (OAuth token) grants the application access to enterprise data (Madsen Col. 8 Line 48 – Col. 9 Line 55)).  

Regarding claim 20, Madsen and Sanin teach the server device of claim 16, wherein the data comprises a session cookie, and wherein the memory stores additional instructions that, when executed by the at least one processor, cause the server device to: - 53 -B&W Ref.: 007737.01350 Client Ref.: CTX-1099USCN 
generate the session cookie based on a plurality of identifiers, one of which being the identifier of the mobile device, the session cookie being unique to a session of the mobile device (generating, by an enterprise server, a unique application token for each unique user of an application requested (Madsen Col. 5 Line 65 – Col. 6 Line 10) application token includes received information in a user request including user identification and/or device identification (Madsen Col. 8 Lines 48 – 63) providing a user with authorized access to enterprise resources (Madsen Col. 1 Lines 27 – 52) each token is different for each client application used by a single user (Madsen Col. 6 Line 5 – 10)).

Claims 4, 13, and 19 are rejected under 35 U.S.C. §103 as being unpatentable over Madsen in view Sanin and further in view of Narayanaswamy et al. (US 2014/0259093 A1), hereinafter “Narayanaswamy”.
Regarding claim 4, where Madsen and Sanin teach the computer-implemented method of claim 1 and generating the data to access a remote resource (Madsen Col. 5 Line 65 – Col. 6 Line 10) and using single sign-on to access multiple resources with a single providing of credentials (Sanin Col. 1 Line 65 – Col. 2 Line 34), Madsen and Sanin fail to teach wherein the generated data comprises one or more enterprise uniform resource locators (URLs) of the remote resource.  
However, in analogous art, Narayanaswamy teaches wherein generated data comprises one or more enterprise uniform resource locators (URLs) of the remote resource (a policy is embedded into the download client, which may be an application wrapper, and the policy further includes enterprise URLs to enterprise network resources (Narayanaswamy Paragraphs [0035 – 0037])).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to take the teachings of Narayanaswamy related to providing enterprise URLs to a client device and apply them to the teachings of Madsen and Sanin for the purpose of providing locators to enterprise resources which an application on the client side may use to access remote enterprise resources. One would be motivated as such as the combination of Madsen and Sanin may be further modified to include the locators of enterprise resources, wherein these locators, embedded into an application on the client device, may be used to direct client requests for web resources to the appropriate enterprise network or to an external network when the request is not for an enterprise resource (Narayanaswamy Paragraphs [0036 – 0037]).

Regarding claim 13, where Madsen and Sanin teach the computer-implemented method of claim 11 and generating the data to access a remote resource (Madsen Col. 5 Line 65 – Col. 6 Line 10), Madsen and Sanin fail to teach wherein the generated data comprises one or more enterprise uniform resource locators (URLs) of the remote resource.  
However, in analogous art, Narayanaswamy teaches wherein generated data comprises one or more enterprise uniform resource locators (URLs) of the remote resource (a policy is embedded into the download client, which may be an application wrapper, and the policy further includes enterprise URLs to enterprise network resources (Narayanaswamy Paragraphs [0035 – 0037])).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to take the teachings of Narayanaswamy related to providing enterprise URLs to a client device and apply them to the teachings of Madsen and Sanin for the purpose of providing locators to enterprise resources which an application on the client side may use to access remote enterprise resources. One would be motivated as such as the combination of Madsen and Sanin may be further modified to include the locators of enterprise resources, wherein these locators, embedded into an application on the client device, may be used to direct client requests for web resources to the appropriate enterprise network or to an external network when the request is not for an enterprise resource (Narayanaswamy Paragraphs [0036 – 0037]).

Regarding claim 19, where Madsen and Sanin teach the server device of claim 16 and generating the data to access a remote resource (Madsen Col. 5 Line 65 – Col. 6 Line 10), Madsen and Sani fail to teach wherein the generated data comprises one or more enterprise uniform resource locators (URLs) of the remote resource.  
However, in analogous art, Narayanaswamy teaches wherein generated data comprises one or more enterprise uniform resource locators (URLs) of the remote resource (a policy is embedded into the download client, which may be an application wrapper, and the policy further includes enterprise URLs to enterprise network resources (Narayanaswamy Paragraphs [0035 – 0037])).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to take the teachings of Narayanaswamy related to providing enterprise URLs to a client device and apply them to the teachings of Madsen and Sanin for the purpose of providing locators to enterprise resources which an application on the client side may use to access remote enterprise resources. One would be motivated as such as the combination of Madsen and Sanin may be further modified to include the locators of enterprise resources, wherein these locators, embedded into an application on the client device, may be used to direct client requests for web resources to the appropriate enterprise network or to an external network when the request is not for an enterprise resource (Narayanaswamy Paragraphs [0036 – 0037]).

Claim 6 is rejected under 35 U.S.C. §103 as being unpatentable over Madsen in view of Sanin and further in view of Shetty (US 2015/0095970 A1).
Regarding claim 6, where Madsen and Sanin teach the computer-implemented method of claim 1, Madsen and Sanin fail to teach wherein the generated data comprises user interface and user experience preferences from the other mobile devices.  
However, in analogous art, Shetty teaches wherein generated data comprises user interface and user experience preferences from the other mobile devices (different policies are applied to users of different groups (e.g., ‘engineering group’, ‘sales group’, ‘administrative group’) (Shetty Paragraph [0030]) policy governs features usable by a group (settings/preferences) (Shetty Paragraph [0027]) policy governs available features for a group (interface) (Shetty Paragraph [0025])). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to take the teachings of Shetty related to distributing different enterprise policies to users of different groups and apply them to the teachings of Madsen and Sanin for the purpose of enforcing policies and ensuring mobile devices abide by the policies (Shetty Paragraph [0005]). One would be motivated as such as different groups, either demographically or by employee duties, may need different policies to govern how software components and hardware components should operate (Shetty Paragraphs [0026] and [0030]).
Conclusion
The following prior art references were found to be pertinent to Applicant’s claimed invention but were not used in making the rejections presented herein.
Dotan et al. (US 9,455,972 B1) which teaches providing initial access to a client device at an enterprise gateway based upon installed mobile security applications.
Hyndman et al. (US 2014/0068702 A1) which teaches authentication users in a computing environment through a policy server using SSO.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JIHAD KAMAL BOUSTANY whose telephone number is (571)270-0251. The examiner can normally be reached M-F: 8:30 AM - 5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on 5712703631. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/J.K.B/Examiner, Art Unit 2454          

/GLENTON B BURGESS/Supervisory Patent Examiner, Art Unit 2454