DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
This action is in response to the communication filed on February 11, 2021 in response to Final Office Action on the Merits.

Remarks
Pending claims for reconsideration are claims 58-77. 

Terminal Disclaimer
The terminal disclaimer filed on February 11, 2021 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of Patent U.S. 10,395.052 has been reviewed and is accepted.  The terminal disclaimer has been recorded.

Allowable Subject Matter
Claims 58-77 are allowed.
 The following is an examiner’s statement of reasons for allowance: 
Regarding independent claims 58, 65 and 72:
The closest prior art Howard et al. (U.S. 6,353,886 B1 [provided by the applicant]) discloses:
“Thus, each time the user accesses the network, a certified policy is provided to the user, and a security level is determined in some fashion. The security is implemented on both the gateway and the user's system. The resulting flexibility 

The second closest prior art Kounga et al. (U.S. 2013/0227281 A1 [provided by the applicant]) discloses:
“request sensitive data from the data subject 16. Along with a request, the DCDM 8 can provide the conformance certificate that verifies the integrity of the DCDM 8. Upon receiving the request, the data subject 16 and the DCDM 8 can mutually validate each other. The data subject 16 can review the conformance certificate from the DCDM 8 to ensure that the DCDM 8 can securely manage the sensitive data. Additionally, the data subject 16 and the DCDM 8 can exchange messages to verify that the DCDM 8 has not been altered since the issuance of the conformance certificate. If the data subject 16 finds adequate assurance that the DCDM 8 can be trusted to securely manage the sensitive data, the data subject 16 can issue a data certificate. The data certificate can include, for example, encrypted sensitive data, limitations on use of that sensitive data (e.g., expiration date) and a list of authorized third parties (other than the DCDM 8) that are also permitted to receive the sensitive data. The sensitive data can be encrypted for example, with a secret key that is provided to the DCDM 8 encrypted with the public key of the DCDM 8, wherein the corresponding private key is stored at the
DCTPM12” (Para 0010:14-35).

The third closest prior art Duri et al. (U.S. 2004/0054918 A1) discloses: 
“creating a message at a first enterprise, wherein the message includes a request for data concerning a third party and a privacy policy of the first enterprise; signing and certifying the message that the first enterprise has a tamper-proof system with a privacy rules engine and that the privacy policy of the first entity will be enforced by the privacy rules engine of the first enterprise; sending the message to a second enterprise; and running a privacy rules engine at the second enterprise to compare the privacy policy of the first enterprise with a set of privacy rules for the third party” (Abstract).

However the prior arts alone or in combination fails to teach or suggest the claimed limitation of independent claims 58, 65 and 72 “...generating, by the certifying authority, a certified set of policy commitments from the set of policy commitments; 
providing across the network the set of certified policy commitments for the first application for authentication by the second application and for automatically determining whether the set of certified policy commitments including the data handling policies satisfies the set of predetermined policy requirements by the second application” along with other limitations independent claims 58, 65 and 72.
For this reason, the specific claim limitations recited in the independent claims 58, 65 and 72 taken as whole are allowed.
The dependent claims 59-64, 66-71 and 73-77 which are dependent on the above independent claims 58, 65 and 72 being further limiting to the independent claim, definite and enabled by the specification are also allowed.


Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABDULLAH ALMAMUN whose telephone number is         (571) 270-3392.  The examiner can normally be reached on 8 AM - 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ABDULLAH ALMAMUN/Examiner, Art Unit 2431                                                                                                                                                                                                        
/SAMSON B LEMMA/Primary Examiner, Art Unit 2498