DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims Status
Claims 1–20 are pending in this application.
Claims 1–20 are rejected.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-7, 10-17 and 20 are rejected under 35 U.S.C. § 103 as being unpatentable over Lord et al. (11,184,766) in view of Chen et al. (2019/0279326).
Regarding claims 1 and 11, Lord teaches A method/computer system comprising:
a first electronic device (Fig. 4, desktop 454);
a second electronic device (Fig. 4, mobile device 241);
in response to presenting one or more input elements to be displayed on a first electronic device, receiving, by a server, at least one user attribute and a request for an automatic installation and enrollment of a mobile application on a second electronic device operated by a user (Fig. 4; col. 16 ll. 64-67 to col. 17 ll. 1-60, agent enrollment, where an agent software is installed on a device [which can be a mobile], can be conducted between mobile device 452 and desktop/laptop 454; QR code as disclosed can include "specification of the target server, user and a one-time-use token" [user attribute and a request]; "the system can "automatically enroll and configure the device for use of the authentication service" including "agent installation"; col. 18 ll. 48-67 to col. 19 ll. 1-24, for example, authentication service 458 can generate a QR code to be displayed on the desktop/laptop 454 [first electronic device as claimed] which can be scanned by the mobile device 452 [second electronic device]);
generating, by the server, a token corresponding to an encrypted account identifier associated with the user (Fig. 4; col. 17 ll. 20-25, QR code can include, for example, a token and user information; however, Lord does not explicitly teach that the token corresponds to encrypted version of the user information, for example);
presenting, by the server to be displayed on the first electronic device, an encoded graphical element corresponding to the token (Fig. 4, QR code with token and corresponding information);
receiving, by the server, an indication that the second electronic device has scanned the encoded graphical element, wherein the server receives the token from the second electronic device, wherein the mobile application is installed onto the second electronic device (Fig. 4; col. 17 ll. 35-43, during enrollment, agent can generate a public-private key pair and fingerprint that identifies the device and its configuration which can be presented to the server and associated with a specific user identity after enrollment is completed with the provided QR code; col. 17 lol. 27-34, enrollment includes "agent installation"; see also cols. 18-19 for further details under the heading, "Mobile Device Enrollment Examples"); and
in response to the server decrypting the encrypted account identifier, automatically reconfiguring, by the server, the mobile application to access data associated with the user based on decrypted account identifier (col. 19 ll. 3-23, after receiving from mobile device enrollment validation with a public key and agent information to the authentication service, the authentication service "transmits an enrollment confirmation to the mobile device"; the mobile device is now reconfigured to correctly perform authentication services for verification of a user specifically for accessing cloud application; however, Lord does not explicitly teach that this step is completed "in response to the server decrypting the encrypted account identifier" nor does the server identify the mobile device based on "decrypted account identifier").
However, Lord does not explicitly teach generating, by the server, a token corresponding to an encrypted account identifier associated with the user; and in response to the server decrypting the encrypted account identifier, automatically reconfiguring, by the server, the mobile application to access data associated with the user based on decrypted account identifier.
Chen from the same field of endeavor teaches generating, by the server, a token corresponding to an encrypted account identifier associated with the user (¶56, ability to encode into QR codes encrypted identification information [such as UID, user identity, etc.] for information transmission is disclosed for further purposes such as identity authentication from one terminal to the next);
in response to the server decrypting the encrypted account identifier, automatically reconfiguring, by the server, the mobile application to access data associated with the user based on decrypted account identifier (¶56, ability to encode into QR codes encrypted identification information [such as UID, user identity, etc.] for information transmission is disclosed for further purposes such as identity authentication from one terminal to the next).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to improve upon Lord using Chen to ensure that only the intended recipient of the QR code can in fact receive the QR code to perform further action. By encrypting the QR code, only the mobile device with the proper key for decrypting said QR code would be able to understand the entirety of the encoded QR code as disclosed in Chen, which would prohibit any other device from performing any further action based on the QR code. Lord would have benefited from this additional security.

Regarding claims 2 and 12, Lord and Chen teach the limitations of claims 1 and 11 respectively. Lord further teaches wherein the server determines a timestamp of generation of the token, and wherein the server reconfigures the mobile application to access data associated with the user when the timestamp is within a predetermined time period (col. 19 ll. 26-33, initial enrollment exchange is authorized based on a limited-use token generated by the authentication service [i.e. OTP token], which "has both use-count and time-based restrictions"; since the use of OTP token requires the authentication to occur within a "time-based restriction", [i.e. complete within 24 hours or the token expires], the authentication server must be able to determine the time of creation of the OTP token and the time of expiration of said OTP token in order to perform such functionality).

Regarding claims 3 and 13, Lord and Chen teach the limitations of claims 1 and 11 respectively. Lord further teaches wherein the server only reconfigures the mobile application when the server determines that the mobile application has not been previously configured to any other users (col. 19 ll. 1-67 to col. 20 ll. 1-36, the usage of OTP token in conjunction with a specific user coded into the QR code, linked to the said specific user within the authentication server, guarantees each and every installation in the mobile application to be not associated with any other user other than the specific user coded into the QR code).

Regarding claims 4 and 14, Lord and Chen teach the limitations of claims 1 and 11 respectively. Lord further teaches wherein the server only reconfigures the mobile application to access data associated with the user when the server receives the indication within a predetermined time period (col. 19 ll. 26-33, initial enrollment exchange is authorized based on a limited-use token generated by the authentication service [i.e. OTP token], which "has both use-count adn time-based restrictions").

Regarding claims 5 and 15, Lord and Chen teach the limitations of claims 1 and 11 respectively. Lord further teaches wherein the server only reconfigures the mobile application to access data associated with the user when the server determines that an identifier of the second electronic device matches an identifier associated with the user (Fig. 4; col. 17 ll. 36-43, only when public key and device fingerprint is presented and associated with a specific user identity, only then the private key can be maintained and be used to authenticate in the future).

Regarding claims 6 and 16, Lord and Chen teach the limitations of claims 5 and 15 respectively. Lord further teaches wherein the identifier of the second electronic device is at least one of a telephone number, media access control address, international mobile equipment identity, and a unique electronic identifier (col. 18 ll. 64-67, UUID).

Regarding claims 7 and 17, Lord and Chen teach the limitations of claims 1 and 11 respectively. Lord further teaches wherein the encoded graphical element is a QR code (Fig. 4).

Regarding claims 10 and 20, Lord and Chen teach the limitations of claims 1 and 11 respectively. Lord further teaches wherein the first electronic device and the second electronic device are both operated by the user (Fig. 4, devices 452, 454 both operated by end user 450).

Claims 8 and 18 are rejected under 35 U.S.C. § 103 as being unpatentable over Lord et al. (11,184,766) in view of Chen et al. (2019/0279326), and further in view of Khalil et al. (2015/0334108).
Regarding claims 8 and 18, Lord and Chen teach the limitations of claims 1 and 11 respectively. However, the teachings do not explicitly teach wherein the encoded graphical element is a deep link.
Khalil from the same field of endeavor teaches wherein the encoded graphical element is a deep link (¶78, mobile device may obtain a deep link for further installation of authentication application on a mobile device).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to improve upon Lord using Khalil to enable even more options for mobile devices for user authentication options. By having the ability to provide information transmission from a device to a mobile application using a deep link, Lord would have benefitted by being able to transfer information to mobile devices that do not have the ability to decode QR code information, such as devices without cameras.

Claims 9 and 19 are rejected under 35 U.S.C. § 103 as being unpatentable over Lord et al. (11,184,766) in view of Chen et al. (2019/0279326), and further in view of Lamb et al. (2021/0234849).
Regarding claims 9 and 19, Lord and Chen teach the limitations of claims 1 and 11 respectively. However, the teachings do not explicitly teach wherein the first electronic device is operated by an administrator of an entity and the second electronic device is operated by the user.
Lamb from the same field of endeavor teaches wherein the first electronic device is operated by an administrator of an entity and the second electronic device is operated by the user (¶70, for a client attempting to perform user authentication, an administrator client or admin client can be the device that initiates the user authentication via a device-mapping process, serving as a proxy that acts as a trust delegator).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to improve upon Lord using Lamb to ensure that the the mobile application authentication process can be performed in a different way that includes further advantages for Lord reference. By having an actual administrator perform the duties of initiating a trust delegation process for mobile application authentication platform, a device under control of a human entity would have absolute control over who to delegate to. By enabling this functionality, ability to manually control the process of trust delegation for further purposes of mobile application authentication platform would be added to the option for Lord, which would have benefitted Lord with flexibility.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Bhimanaik (2016/0036809);
Choi (2015/0278454);
Raina (2014/0367461);
Sabin et al. (2013/0111208); and
IP.com Disclosure ("Easy First Activation in an Enterprise Environment", December 21, 2016).

Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAE KIM whose telephone number is (571)270-0621. The examiner can normally be reached Monday-Friday 8AM-5PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kevin Bates can be reached on (571) 272-3980. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/DAE KIM/
Examiner, Art Unit 2458                                                                                                    
/KEVIN T BATES/Supervisory Patent Examiner, Art Unit 2458