Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Specification 
The specification filed on January 22, 2019 is accepted. 
Drawings
The drawings filed on January 22, 2019 are accepted.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 01/22/2019 was filed after the mailing date of the application 16253545 on 01/22/2019.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Objections
Claims 1-2, 4-5 and 15 are objected to because of the following informalities:  The term “executable” is suggested to be changed to “when executed” appropriate correction is required.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 8, 10-11, 14-15 and 17-18 is/are rejected under 35 U.S.C. 102 (a) (1) as being anticipated by Yang et al (hereinafter Yang) (US 20140136704).
8 Yang teaches A method that includes one or more processing devices performing operations comprising (Yang on [0007-0008] teaches method and system for registration performed by server devices);
 receiving an indication of a selection of a user interface control on a third-party user interface hosted by a third-party web server (Yang para [0081-0083] teaches A server of a source website (i.e. third party website in the instant case) provides a registration page having a verification link of a third-party website, a plurality of verification links of the third-party websites may be set on the registration page for the user to select a third-party website to facilitate the registration, for example in a manner of button (i.e. selection of user interface). See on [0087] teaches after the user triggers the verification link, different interfaces are output);
outputting a user interface that is displayable simultaneously with at least part of the third-party user interface (Yang on [0083 and 0086--0087] teaches Upon receiving a trigger of the verification link of the third-party website from a user, a server of the third-party website outputs a login page of the third-party website. Further teaches displaying a verification link on the source party website in form of button after the user triggers the verification link, different interfaces are output (i.e. simultaneously displayable web page));
 receiving, via the user interface, sign-in data and consent to share, with the third-party web server, data about a user (Yang on [0087-0089] teaches Upon receiving the trigger of the verification link of the third-party website from the user, the server of the third-party website outputs a login page of the third-party website. 103: The server of the third-party website receives the login information input (i.e. sign in data) by the user on the third-party website, verifies the login information, and returns the personal information of the user to the server of the source website after the login information is successfully verified by the server of the third-party website. See also Fig 3 and para [0092] teaches after the login information of the user is successfully verified by the server of the third-party website, personal information of users stored locally may be displayed for the user to select to whether to authorize (i.e. consent to share) the same data to the source website);
and  19US2008 12021120 2Attorney Docket No. 096923/1119644PATENT APPLICATIONoutputting a command to unlock or unfreeze data about the user and to share the data about the user with the third-party web server (Yang Fig 3 and para [0092] teaches after the login information of the user is successfully verified by the server of the third-party website, personal information of users stored locally may be displayed for the user to select to whether to authorize the same to the source website (i.e. command to unlock stored user information). When the user authorizes the source website to use part of the personal information on the third-party website, the third-party website returns the corresponding verification information to the source website).

Regarding claim 15 Yang teaches A non-transitory computer-readable storage medium having program code that is executable by a processor device to cause a computing device to perform operations, the operations comprising (Yang on [0162] teaches a computer readable storage for storing instruction executed by hardware device);
receiving an indication of a selection of a user interface control on a third-party user interface hosted by a third-party web server (Yang para [0081-0083] teaches A server of a source website (i.e. third party website in the instant case) provides a registration page having a verification link of a third-party website, a plurality of verification links of the third-party websites may be set on the registration page for the user to select a third-party website to facilitate the registration, for example in a manner of button, (i.e. selection of user interface));
outputting a user interface that is displayable simultaneously with at least part of the third-party user interface (Yang on [0083 and 0086--0087] teaches Upon receiving a trigger of the verification link of the third-party website from a user, a server of the third-party website outputs a login page of the third-party website. Further teaches displaying a verification link on the source party website in form of button after the user triggers the verification link, different interfaces are output (i.e. simultaneously displayable web page));
 receiving, via the user interface, signing-in data and consent to share, with the third- party web server, data about a user (Yang on [0087-0089] teaches Upon receiving the trigger of the verification link of the third-party website from the user, the server of the third-party website outputs a login page of the third-party website. 103: The server of the third-party website receives the login information input by the user on the third-party website, verifies the login information, and returns the personal information of the user to the server of the source website after the login information is successfully verified by the server of the third-party website. See also Fig 3 and para [0092] teaches after the login information of the user is successfully verified by the server of the third-party website, personal information of users stored locally may be displayed for the user to select to whether to authorize (i.e. consent to share) the same data to the source website);
and outputting a command to unlock or unfreeze data about the user and to share the data about the user with the third-party web server (Yang Fig 3 and para [0092] teaches after the login information of the user is successfully verified by the server of the third-party website, personal information of users stored locally may be displayed for the user to select to whether to authorize the same to the source website (i.e. command to unlock stored user information). When the user authorizes the source website to use part of the personal information on the third-party website, the third-party website returns the corresponding verification information to the source website).
Regarding claim 10 and 17 Yang teaches all the limitations of claim 8 and 15 respectively, Yang further teaches wherein the command to unlock or unfreeze data about the user stored in the network-attached system and to share the data about the user with the third-party web server causes a transaction to be completed at the third-party website (Yang on [0058] teaches if the user is a registered user of the source website, generate a session key, display login status, and complete login. See on [0102] teaches the server of the source website stores the registration information of the user and completes the registration (i.e. transaction is completed at source website, which is third party web site in instant case)).
Regarding claim 11 and 18 Yang teaches all the limitations of claim 8 and 15 respectively, Yang further teaches wherein the non-transitory computer-readable storage device comprises further instructions that are executable by the processor to: fill an application using the unlocked or unfrozen data about the user; and output the filled application to the third-party website (Yang on [0105] teaches during registration on a website, by using an interface provided by a third-party website, authorized personal information of a user is acquired from the third-party website, and the acquired personal information is filled into registration information on a registration page. See on [0012, 0019, 0036 and 0096-0097] teaches acquiring, by the server of the source website, the personal information of the user, and correspondingly filling the personal information into registration information on the registration page of the source website).
Regarding claim 14 Yang and teaches all the limitations of claim 8 above, Yang further teaches wherein the sign-in data comprise at least one of log-in credentials or a freeze PIN (Yang on [0020 and 0036] teaches password as log in credential).


                                               Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

s 1, 3-6, 12-13 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Yang et al (hereinafter Yang) (US 20140136704) in view of Pitroda (US 20030115126).

Regarding claim 1 Yang teaches a gateway server device comprising: (Yang on [0008] teaches a server device);
and a non-transitory computer-readable storage device comprising instructions that are executable by the processor to (Yang on [0162] teaches program executed by computer stored in computer readable storage);
receive, (Yang para [0081-0083] teaches A server of a source website (i.e. third party website in the instant case) provides a registration page having a verification link of a third-party website, a plurality of verification links of the third-party websites may be set on the registration page for the user to select a third-party website to facilitate the registration, for example in a manner of button, (i.e. electronic icon on the website));
output, (Yang on [0083 and 0086--087] teaches Upon receiving a trigger of the verification link of the third-party website from a user, a server of the third-party website outputs a login page of the third-party website);
receive, via (Yang on [0087-0089] teaches Upon receiving the trigger of the verification link of the third-party website from the user, the server of the third-party website outputs a login page of the third-party website. 103: The server of the third-party website receives the login information input by the user on the third-party website, verifies the login information, and returns the personal information of the user to the server of the source website after the login information is successfully verified by the server of the third-party website);
 and output, (Yang Fig 3 and para [0092] teaches after the login information of the user is successfully verified by the server of the third-party website, personal information of users stored locally may be displayed for the user to select to whether to authorize the same to the source website (i.e. command to unlock stored information)).
	Although Yang teaches a computer device and a plurality of server hosting different website communicate with each other, However Yang fails to explicitly if the communication between the server is done via network communication port, But Pitroda from analogous art teaches   
a processor; a network communications port configured for being controlled by the processor (Pitroda on [0015-0016 and 0049-0050] teaches a computer, having a processor, a data storage medium, and a network port. The processor may be further configured to establish communication with a vendor via the network port).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Pitroda into the teaching of Yang by having a network communication port controlled by a processor for establishing communication. One would be motivated to do so in order to maintain confidentiality of transactions between client and vendor through secure communication channel (Pitroda on [0013-0015]).

Regarding claim 3 the combination of Yang and Pitroda teaches all the limitations of claim 1 above Yang further teaches wherein the command to unlock or unfreeze data about the user stored in the network-attached system and to share the data about the user with the third-party web server  (Yang on [0058] teaches if the user is a registered user of the source website, generate a session key, display login status, and complete login. See on [0102] teaches the server of the source website stores the registration information of the user and completes the registration (i.e. transaction is completed at source website, which is third party web site in instant case)).
Regarding claim 4 the combination of Yang and Pitroda teaches all the limitations of claim 1 above, Yang further teaches wherein the non-transitory computer-readable storage device comprises further instructions that are executable by the processor to: fill an application using the unlocked or unfrozen data about the user; and output the filled application to the third-party website (Yang on [0105] teaches during registration on a website, by using an interface provided by a third-party website, authorized personal information of a user is acquired from the third-party website, and the acquired personal information is filled into registration information on a registration page. See on [0012, 0019, 0036 and 0096-0097] teaches acquiring, by the server of the source website, the personal information of the user, and correspondingly filling the personal information into registration information on the registration page of the source website).
Regarding claim 5 the combination of Yang and Pitroda teaches all the limitations of claim 4 above, the combination of Yang and the cited portion of Pitroda fails to explicitly teach generate an approval decision on the application based on the unlocked or unfrozen data about the user; and output the approval decision to the third-party web server, However Pitroda on different portion teaches wherein the non-transitory computer-readable storage device comprises further instructions that are executable by the processor to: generate an approval decision on the application based on the unlocked or unfrozen data about the user; and output the approval decision to the third-party web server (Pitroda on [0090, 0097] teaches the client would then send the new application, or request for renewal, to the transaction service provider 10, which would then contact the corresponding service institution 18. Once the application or renewal is approved, the transaction service provider 10 would notify the client. See on [0137] teaches client completes credit card application, in this example, the application is for a MasterCard, which is issued by Citibank. When client application is approved by Citibank, transaction service provider notifies client).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Pitroda cited on different portion into the teaching of Yang by notifying the client of an approval of credit application. One would be motivated to do so in order to maintain confidentiality of transactions between client and vendor through secure communication channel (Pitroda on [0013-0015]).
Regarding claim 6 the combination of Yang and Pitroda teaches all the limitations of claim 1 above, the combination of Yang and the cited portion of Pitroda fails to explicitly teach wherein the data about a user are hosted by a plurality of data sources, and wherein the command to unlock or unfreeze data about the user can cause the data about the user on one or more of the plurality of data sources to be unlocked or unfrozen, however Pitroda on different portion teaches wherein the data about a user are hosted by a plurality of data sources, and wherein the command to unlock or unfreeze data about the user can cause the data about the user on one or more of the plurality of data sources to be unlocked or unfrozen (Pitroda on [0015-0016, 0049] teaches plurality of database such as client database and vendor database used for sharing personal information).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Pitroda cited on different portion into the teaching of Yang by having plurality of database used for locking and unlocking stored data. One would be motivated to do so in order to maintain confidentiality of transactions between client and vendor through secure communication channel (Pitroda on [0013-0015]).

12 and 19 Yang teaches all the limitations of claim 8 and 15 respectively, Yang fails to explicitly teach generate an approval decision on the application based on the unlocked or unfrozen data about the user; and output the approval decision to the third-party web server, However Pitroda from analogous art teaches wherein the non-transitory computer-readable storage device comprises further instructions that are executable by the processor to: generate an approval decision on the application based on the unlocked or unfrozen data about the user; and output the approval decision to the third-party web server (Pitroda on [0090, 0097] teaches the client would then send the new application, or request for renewal, to the transaction service provider 10, which would then contact the corresponding service institution 18. Once the application or renewal is approved, the transaction service provider 10 would notify the client. See on [0137] teaches client completes credit card application, in this example, the application is for a MasterCard, which is issued by Citibank. When client application is approved by Citibank, transaction service provider notifies client).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Pitroda the teaching of Yang by notifying the client of an approval of credit application. One would be motivated to do so in order to maintain confidentiality of transactions between client and vendor through secure communication channel (Pitroda on [0013-0015]).

Regarding claim 13 and 20 Yang teaches all the limitations of claim 8 and 15 respectively, Yang fails to explicitly teach wherein the data about a user are hosted by a plurality of data sources, and wherein the command to unlock or unfreeze data about the user can cause the data about the user on one or more of the plurality of data sources to be unlocked or unfrozen, however Pitroda from analogous art teaches wherein the data about a user are hosted by a plurality of data sources, and wherein the command to unlock or unfreeze data about the user can cause the data about the user on one or more of the plurality of data sources to be unlocked or unfrozen (Pitroda on [0015-0016, 0049] teaches plurality of database such as client database and vendor database used for sharing personal information).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Pitroda into the teaching of Yang by having plurality of database used for locking and unlocking stored data. One would be motivated to do so in order to maintain confidentiality of transactions between client and vendor through secure communication channel (Pitroda on [0013-0015]).

Claims 2 and 7 are rejected under 35 U.S.C. 103 as being unpatentable over Yang et al (hereinafter Yang) (US 20140136704) in view of Pitroda (US 20030115126) and further in view of Haller et al (hereinafter Haller) (US 20160155196) (provided in IDS).

Regarding claim 2 the combination of Yang and Pitroda teaches all the limitations of claim 1 above, the combination fails to explicitly teach output, via the network communications port, a command to lock or freeze data about the user stored in a network-attached system after sharing the data with the third-party web server. However Haller from analogous art teaches  wherein the non-transitory computer-readable storage device comprises further instructions that are executable by the processor to: output, via the network communications port, a command to lock or freeze data about the user stored in a network-attached system after sharing the data with the third-party web server (Haller on [0027, 0036, 0039 and 0063-0065] teaches locking or freezing credit card file  after sharing with third party).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Haller into the combined teaching of Yang and Pitroda by locking or (Haller on [0005]).

Regarding claim 7 the combination of Yang and Pitroda teaches all the limitations of claim 1 above, the combination fails to explicitly teach wherein the command to unlock or unfreeze data about the user comprises an approval token, and wherein the approval token is useable by the third-party web server to request unlocking or unfreezing and sharing data about the user at the network-attached system, However Haller from analogous art teaches wherein the command to unlock or unfreeze data about the user comprises an approval token, and wherein the approval token is useable by the third-party web server to request unlocking or unfreezing and sharing data about the user at the network-attached system (Haller on [0008 and 0029] teaches to lock or unlock credit files at a plurality of credit bureaus over a network).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Haller into the combined teaching of Yang and Pitroda by unlocking ot unfreezing the information based on a token. One would be motivated to do so in order to prevent the information from being accessed by unauthorized entity (Haller on [0005]).

Claims 9 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Yang et al (hereinafter Yang) (US 20140136704) in view of Haller et al (hereinafter Haller) (US 20160155196) (provided in IDS).

Regarding claim 9 and 16 Yang teaches all the limitations of claim 8 and 15 above, Yang fails to explicitly teach output, via the network communications port, a command to lock or freeze data about the user stored in a network-attached system after sharing the data with the third-party web server, However Haller from analogous art teaches  wherein the non-transitory computer-readable storage (Haller on [0027, 0036, 0039 and 0063-0065] teaches locking or freezing credit card file  after sharing with third party).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Haller into the teaching of Yang and Pitroda by locking or freezing the information. One would be motivated to do so in order to prevent the information from being accessed by unauthorized entity (Haller on [0005]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Mok et al (US 20130160144) an entity verification system for accessing data associated with first website using a third-party authentication system. As an example, a search engine website may utilize an authentication system of a social networking website to authenticate an entity for the search engine website (e.g., log the entity into the search engine website). The third-party authentication system may also be utilized (e.g., by the first website) to grant the entity access to various types of data stored in association with the first website. By way of example, when an entity is initially logged into the search engine website via an authentication system of the social networking website, for example, the search engine website may associate low-level access permissions with the entity, which may grant the entity access to some (e.g., but not all) data associated with the entity.
Hattersley et al (US 20050055296) the invention relates to financial transactions. More specifically, the present invention relates to unique validation features for secure online 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOEEN KHAN whose telephone number is (571)272-3522.  The examiner can normally be reached on 7AM-5PM EST M-TH Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 






/MOEEN KHAN/               Examiner, Art Unit 2436                                                                                                                                                                                         /SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436