DETAILED ACTION
1. 	This office action is in response to an amendment filed on 12/10/2020. Claims 1-20 are pending and claims 1, 8 and 15 are independent. Each independent claim is amended. 
Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments

3.	Applicant’s arguments filed on December 10, 2020, with respect to the non-statutory obviousness type of double patent rejections have been fully considered and are persuasive. The amendment made to at least the independent claims 1, 8 and 15 overcomes this rejection. Thus, this particular double patent rejection has been withdrawn. 
	Furthermore, the amendment made to the drawings overcomes the objection set forth in the previous office action. Thus, this particular objection has been withdrawn too. 
	
However applicant’s arguments regarding the 35 U.S.C. 103 rejection with respect to claims 1, 8 and 15 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

4.	Applicant’s representative in particular argued that the following amended claim limitations (bolded and underlined) recited in independent claims 1 and the similar references/prior arts of the record namely by the combination of Boukai and Dagorn:

“receiving, at a client device, a first request for access to specified data residing on the client device; in response to the first request for access to the specified data, displaying a user interface notification of the first request for access; receiving a user indication of a type, content, or level of data to be shared; receiving at a user-configurable API data endpoint on the client device, a second request to perform a data-pull of specific data residing on the client device;”

Examiner would like to point out that, the newly founded prior art US Publication No. 2016/0219438 A1 to Ward discloses the amended claim limitation.
In particular Ward discloses:
“receiving, at a client device, a first request for access to specified data residing on the client device [See for instance paragraph 0070  and figure 2A, ref. 201 where the device is requested by the App at installation for access to specified data residing on the client device, “certain App, at installation, asks for multiple permissions including: access to call history, read/write permission to contacts, read/write permission to external storage, permission to manage your account credentials, permission to record audio, permission to read test messages, permission to place a phone call, permission for location, permission for camera”];
in response to the first request for access to the specified data, displaying a user interface notification of the first request for access [See paragraph 0079, See figure 2A, ref. 204, The program executes at step 203, providing access security to personal information and device-based services. At some time during execution, a controlled event occurs, the program then uses the UI 105 to notify the user at step 204 and provide event logs at step 205]
receiving a user indication of a type, content, or level of data to be shared [See at least paragraphs 0056, 0079 and figure 2A, ref. 206; how the users set a type, content or level of data to be shared. “The user responds to the notification at step 206 and selects an action (e.g. always block this application from the camera during working hours and never notify). The program executes, at step 203, by writing the user selection, at step 205, and the resulting access control to the logfile at step 205. The program executes, at step 203, and updates the profile and rules databases, at step 207, with the user selected actions” [0079] and “application access may be limited by area (geophysical, arbitrary polygon, geopolitical/legal boundary), it may be limited by time-of-day, it may be limited by the identity of the requesting application, it may be limited by source of request or type (periodic/scheduled/triggered/immediate)) of request” [0056]]
receiving at a user-configurable API data endpoint on the client device, a second request to perform a data-pull of specific data residing on the client device; [See for instance paragraph 0073, where the user sets a default setting or rule for a particular app at the installation to be blocked from accessing data residing on the device. However subsequent attempt/second request by the app could be notified to the user and the user could override the default rule so that access by the app is allowed.
“An App has been blocked from access using the default, denied, or spoofed access. The app will be blocked from access for each and every subsequent attempt unless overridden by the user. Once the access has been allowed, a rule will be written, prompting the user duration of the access grant. If not a permanent election, the system 100 will query the user each time the App requests access in the future.”]




Claim Rejections - 35 USC § 103
6.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
7.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

8.	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.


	Examiner’s note: text in bold corresponds to the claimed limitations; text in italics underlined or not underlined correspond to the cited prior art reference (i.e., verbatim, and/or examiner’s clarification. Meaning, text after a limitation in brackets [ ] corresponds to examiner’s mapping (including further explanation and/or comments) and/or prior art reference citations. Furthermore text in brackets [ ] points out explanation how the claim limitation is taught or explicitly taught by the reference being cited for that particular limitation or part of the limitation]


9.	Claims 1-20 are rejected under AIA  35 U.S.C. 103 as being unpatentable over Haim Boukai (herein after referred as Boukai) (US Publication No. 2011/0111743 A1) (May 12, 2011) in view of Anne-Sophie Dagorn (hereinafter referred as Dagorn) (US Publication No. 2010/0151823) (Jun 17, 2010) and further in view of Matthew L. Ward (herein after referred as Ward) (US Pub. No. 2016/0219438 A1)

 	As per independent claim 1 Boukai, discloses a method comprising: 
Receiving, a first request for access to specified data residing on a client device [See figure 3, step 420 and paragraph 0055, STEP 420: Application 100 inquires user 10 to extract the callees having international phone numbers from the address book of user 10”. The application 100 requests or inquire a client device/user’s mobile phone shown on figure 1, ref. 10 for accessing the international phone numbers that corresponds to the specified data that resides in side the client device/user’s mobile phone shown on figure 1, ref. 10].; 
in response to the request for access to the specified data, displaying a user interface notification of the  request for access [See at least figures 3, steps 420, 425 and 430 and paragraph 0056-0057, that indicates the fact that the user’s mobile phone displays a user interface notification as shown on figure 3, 420 requesting to access the international phone numbers where the users of the mobile phone could either denies the request 425 or accepts and agrees to the request as shown on figure 420 OK, that allows application 100 to extract the callees having international phone numbers from the address book residing on the user’s mobile phone number. In particular the following has been disclosed on paragraphs 0056-0057, STEP 425: If user 10 denies the request, exit. STEP 430: If user 10 agrees, application 100 extracts the callees having international phone numbers from the address book]; 
receiving a user indication of the type, content, or level of data to be shared [See figure 3, ref. 420 OK and paragraph 0057. The user as shown on figure 4, ref. 420 by choosing OK would indicate the type or the content of data which is international numbers to be shared. The user by selecting OK indicates the type and or the content of the data to be shared which is the international numbers residing in its phone book. This international numbers also meets the level of the data to be shared. Because the user okays sharing only the international numbers out of all the other phone numbers residing on the mobile phone. See also paragraph 0061 that indicates the other type, content or level of data that can be shared…”It is further within provision of the present invention to provide a method and system to allow all Internet-enabled mobile service users (2.4 billion currently) to utilize certain mobile applications which contain everything the end-user needs in order to use and operate a set of services including, but not limited to, opening an account, inviting/receiving, and sending mobile applications, making mobile payments (via credit card, calling card PIN or prepaid card code & transfer money), checking costs and balances, setting various options, and the like.]. 
; receiving at to perform a data-pull of specific data residing on the client device [As shown on figure 3, 440 once the server 200 receives the list of the international phone number, the server as shown on figure 3, 450 invites the new users on the list to install application 100 and if the new user agrees to install the application as shown on figure 3, step 460, YES, then, the new user would be receiving a second request at a user-configurable API data endpoint to perform a data-pull of specific data residing on the client device as shown on figure 3, ref. 420. See figure 3, step 420 and paragraph 0055, STEP 420: Application 100 inquires the new user 10 to extract the callees having international phone numbers from the address book of the new user 10. The application 100 requests or inquire a client device/user’s mobile phone shown on figure 1, ref. 10 for accessing or performing a data-pull of the international phone numbers that corresponds to the specified data that resides in side the client device/user’s mobile phone shown on figure 1, ref. 50 a-c].; 
receiving a user confirmation that the specific data conforms to the user indication of the type, content, or level of information to be shared and [[See figure 3, ref. 420 OK and paragraph 0057. The user as shown on figure 4, ref. 420 by choosing OK indicates the type or the content of data which is international numbers to be shared. The user by selecting OK indicates the type and or the content of the data to be shared which is the international numbers residing in its phone book. This international numbers also meets the level of the data to be shared. Because the users okays sharing only the international numbers out of all the other phone numbers residing on the mobile phone. See also paragraph 0061 that indicates the other type, content or level of data that can be shared…”It is further within provision of the present invention to provide a method and system to allow all Internet-enabled mobile service users (2.4 billion currently) to utilize certain mobile applications which contain everything the end-user needs in order to use and operate a set of services including, but not limited to, opening an account, inviting/receiving, and sending mobile applications, making mobile payments (via credit card, calling card PIN or prepaid card code & transfer money), checking costs and balances, setting various options, and the like.]; in response to receiving the user confirmation that the specific data conforms [See figure 3, ref. 420 OK], transmitting the requested specified data [See figure 3, ref. 440 and paragraph 0058, application 100 transmits the extracted list to server 200] 

As it shown above, Boukai, discloses all the limitation recited in the claim.  However even if for the sake of argument, if it is assumed that it does not explicitly disclose the limitation, “user-configurable API data endpoints”  or the following underlined claim limitation: “receiving a…request at a user-configurable API data endpoint to perform a data-pull of specific data residing on the client device”
Dagorn, at least on paragraph 0060 discloses this limitation:
"In the case where the Web browser 12 is Internet Explorer, the software interface 31 is implemented in COM (Component Object Model) object form and declared as a .Browser Helper Object.. In this way, it is launched automatically by the Internet Explorer browser. When the browser is started up, the interface 31 instantiates an object of the class named .IWebBrowser2. representing an interface with the Web browser 12 and used to parse and process the Web pages loaded by the latter. For each Web page, the interface 31 searches for a form of type comprising an   element of .text. type followed by a single   element of .password. type. If the Web page corresponds to these criteria, the software interface 31 interrogates the means 210 of managing the card 21 to ascertain if the address corresponding to the Web page being processed is referenced. If it is, the interface 31 asks the management means 210 to return to it the authentication data corresponding to said Web page, which are then automatically injected into the Web page after prompting the user for a PIN code, normally the PIN code of the mobile terminal or even a PIN code dedicated to the authentication application. Otherwise, the user is prompted to enter his identifiers and passwords, which are then captured by the software interface 31 and sent to the management means 210 accompanied by the address of the website. Then, these three data elements are stored in the card 21 in a file protected by PIN code. Depending on the implementations, particularly according to the choice of communication interface 32, the PIN code may be requested on the mobile terminal 20 or on the computer 11."

Boukai and Dagorn are analogous art and are in the same field of endeavor as they both pertain for providing API for requesting and controlling access to user contents residing on the client device. 

It would have been obvious to one having ordinary skill in the art, before the effective filing of the claimed invention, to implement in the system of Boukai,, a mechanism to use the feature such as “user-configurable API data endpoints” as taught by Dagorn,  because this would enhance the security of the system by prompting the users via application programming interface so that the client device validates the request by providing credentials before transmitting the requested data. [See Dagorn at least paragraph 0060]
The combination of Boukai and Dagorn doesn’t explicitly disclose the following amended and underlined claim limitation:
at a client device, a first request for access to specified data residing on the client device; in response to the first request for access to the specified data, displaying a user interface notification of the first request for access; receiving a user indication of a type, content, or level of data to be shared; receiving at a user-configurable API data endpoint on the client device, a second request to perform a data-pull of specific data residing on the client device;” but Ward discloses the above underlined claim limitation. 
In particular Ward discloses:
“receiving, at a client device, a first request for access to specified data residing on the client device [See for instance paragraph 0070  and figure 2A, ref. 201 where the device is requested by the App at installation for access to specified data residing on the client device, “certain App, at installation, asks for multiple permissions including: access to call history, read/write permission to contacts, read/write permission to external storage, permission to manage your account credentials, permission to record audio, permission to read test messages, permission to place a phone call, permission for location, permission for camera”];
in response to the first request for access to the specified data, displaying a user interface notification of the first request for access [See paragraph 0079, See figure 2A, ref. 204, The program executes at step 203, providing access security to personal information and device-based services. At some time during execution, a controlled event occurs, the program then uses the UI 105 to notify the user at step 204 and provide event logs at step 205]
receiving a user indication of a type, content, or level of data to be shared [See at least paragraphs 0056, 0079 and figure 2A, ref. 206; how the users set a type, content or level of data to be shared. “The user responds to the notification at step 206 and selects an action (e.g. always block this application from the camera during working hours and never notify). The program executes, at step 203, by writing the user selection, at step 205, and the resulting access control to the logfile at step 205. The program executes, at step 203, and updates the profile and rules databases, at step 207, with the user selected actions” [0079] and “application access may be limited by area (geophysical, arbitrary polygon, geopolitical/legal boundary), it may be limited by time-of-day, it may be limited by the identity of the requesting application, it may be limited by source of request or type (periodic/scheduled/triggered/immediate)) of request” [0056]]
receiving at a user-configurable API data endpoint on the client device, a second request to perform a data-pull of specific data residing on the client device; [See for instance paragraph 0073, where the user sets a default setting or rule for a particular app at the installation to be blocked from accessing data residing on the device. However subsequent attempt/second request by the app could be notified to the user and the user could override the default rule so that access by the app is allowed.
“An App has been blocked from access using the default, denied, or spoofed access. The app will be blocked from access for each and every subsequent attempt unless overridden by the user. Once the access has been allowed, a rule will be written, prompting the user duration of the access grant. If not a permanent election, the system 100 will query the user each time the App requests access in the future.”]

Boukai, Dagorn and Ward are analogous art which in the same field of endeavor as they pertain to providing API and access control for requesting and accessing user contents residing on the client device. 

It would have been obvious to one having ordinary skill in the art, before the effective filing of the claimed invention, to implement in the system of Boukai and Dagorn, a mechanism to use the feature such as “receiving, at a client device, a first request for first request for access to the specified data, displaying a user interface notification of the first request for access; receiving a user indication of a type, content, or level of data to be shared; receiving at a user-configurable API data endpoint on the client device, a second request to perform a data-pull of specific data residing on the client device” as taught by Ward because this would enhance the security of the system by preventing unauthorized access to the resources either by denying or limiting access according to pre-set rules or user intervention. [See Ward at least the abstract and paragraph 0056]

As per independent claim 8, independent claim 8 is rejected for the same reason or rationale as that of the above independent claim 1 as they both recites the same/similar limitations having the same/similar scope. 

As per independent claim 15, independent claim 15 is rejected for the same reason or rationale as that of the above independent claim 1 as they both recites the same/similar limitations having the same/similar scope. 

As per dependent claim 2, the combination of Boukai, Dagorn and Ward discloses the method/system as applied to claims above. Furthermore Boukai discloses the method/system further comprising receiving the first request for access to data residing on the client device is included in an SMS message issued to the client device. [See at least claim 26, sending an SMS message; sending an SMS message containing a link to a location of said application allowing subsequent download of said application; sending an SMS message containing said application; sending an MMS message; sending an MMS message containing a link to a location of said application allowing subsequent download of said application” and see Dagorn para [0076], "The communication interface 32 can be implemented by AT commands of the modem in which the SIM card is housed. In practice, it is possible to use said AT commands for writing and reading short messages (SMS) in the SIM card to trigger the management means 210 hosted in the card. "].
	
As per dependent claim 9, dependent claim 9 is rejected for the same reason or rationale as that of the above dependent claim 2 as they both recites the same/similar limitations having the same/similar scope. 

As per dependent claim 16, dependent claim 16 is rejected for the same reason or rationale as that of the above dependent claim 2 as they both recites the same/similar limitations having the same/similar scope. 

	As per dependent claim 3, the combination of Boukai, Dagorn and Ward discloses the method/system as applied to claims above. Furthermore Boukai discloses the method/system, wherein the first request for access to the specified data residing on the client device is received in response to an instruction, sent from the client device, to access the specified data residing on the client device [See figure 3, ref. 420 OK and paragraph 0057. The user as shown on figure 4, ref. 420 by choosing OK would indicate the type or the content of data which is international numbers to be shared. The user’s by selecting OK indicates the type and or the content of the data to be shared. These type and or content of the data are the international numbers residing in its phone book. And see also Dagorn Pararagraphs [0055], [0059], [0060]]

As per dependent claim 10, dependent claim 10 is rejected for the same reason or rationale as that of the above dependent claim 3 as they both recites the same/similar limitations having the same/similar scope. 

 	As per dependent claim 17, dependent claim 17 is rejected for the same reason or rationale as that of the above dependent claim 3 as they both recites the same/similar limitations having the same/similar scope. 

As per dependent claim 4, the combination of Boukai, Dagorn and Ward discloses the method/system as applied to claims above. Furthermore Dagorn discloses the method/system, further comprising receiving a user indication of a recipient of the specified data. [Paragraphs. [0055], [0059], [0060], specific website detection is used].

As per dependent claim 11, dependent claim 11 is rejected for the same reason or rationale as that of the above dependent claim 4 as they both recites the same/similar limitations having the same/similar scope. 

As per dependent claim 18, dependent claim 18 is rejected for the same reason or rationale as that of the above dependent claim 4 as they both recites the same/similar limitations having the same/similar scope. 

As per dependent claim 5, the combination of Boukai, Dagorn and Ward discloses the method/system as applied to claims above. Furthermore Boukai discloses the method/system, further comprising receiving a user restriction on a type, content, or level of information to be shared [See at least figure 3, ref. 425, NO ] 

As per dependent claim 12, dependent claim 12 is rejected for the same reason or rationale as that of the above dependent claim 5 as they both recites the same/similar limitations having the same/similar scope. 

As per dependent claim 19, dependent claim 19 is rejected for the same reason or rationale as that of the above dependent claim 5 as they both recites the same/similar limitations having the same/similar scope. 

As per dependent claim 6, the combination of Boukai, Dagorn and Ward discloses the method/system as applied to claims above. Furthermore Boukai discloses the method/system, further comprising receiving a specified data characteristic to establish a data compatibility for a successful transmission of at least some of the specified data [See paragraph 0001, Finally methods are provided to unify code over a set of mobile platforms thus enabling compatibility with many hardware models reducing development time required for writing mobile applications, allowing easier implementation of the aforementioned techniques. See also paragraph 0044, Server then 200 analyzes the received information to determine the type of application 100 that is compatible with the device of user 50 a. For example, server 200 can use the IP Address of the device of user 50 a to send application 100 in the right language according to the location of the mobile operator (for example: sending application in the French language to users with IP address of Orange France). Another example, server 200 can use the browser identification to send a compatible application to an iPhone, which does not run Java. And see also Dagorn Paragraphs. [0055], [0059], [0060] 

As per dependent claim 13, dependent claim 13 is rejected for the same reason or rationale as that of the above dependent claim 6 as they both recites the same/similar limitations having the same/similar scope. 

As per dependent claim 20, dependent claim 20 is rejected for the same reason or rationale as that of the above dependent claim 6 as they both recites the same/similar limitations having the same/similar scope. 

	As per dependent claim 7, the combination of Boukai, Dagorn and Ward discloses the method/system as applied to claims above. Furthermore Boukai discloses the method/system, wherein the first request further includes a request for access to specified data residing at a remote database. [See also paragraph 0061 that providing API to access payment for making mobile payments (via credit card) meets this limitation since the payment is accessed from the remote credit card or bank database…”It is further within provision of the present invention to provide a method and system to allow all Internet-enabled mobile service users (2.4 billion currently) to utilize certain mobile applications which contain everything the end-user needs in order to use and operate a set of services including, but not limited to, opening an account, inviting/receiving, and sending mobile applications, making mobile payments (via credit card, calling card PIN or prepaid card code & transfer money), checking costs and balances, setting various options, and the like.]

As per dependent claim 14, dependent claim 14 is rejected for the same reason or rationale as that of the above dependent claim 7 as they both recites the same/similar limitations having the same/similar scope.
Conclusion


10.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
	A.	US Publication No. 2017/0140174 A1 to Lacey discloses a method of obtaining authorization to release personal information associated with a user includes, at a server system, receiving a request for personal information associated with a user from a third party. The method further includes generating, in a system agnostic widget, a consent request for requesting authorization to release the personal information associated with the user to the third party and transmitting the consent request to a client device of the user via the widget. In response to receiving authorization to release the personal information from the client device via the widget: (1) facilitating provision of the personal information to the third party, and (2) storing the authorization in association with an account of the user.

	B.	US Patent No. 9,923,904 B1 to Saylor discloses method wherein receiving, from a first client device associated with a user account of a first user, a request for sharing a document. The document is associated with a credential of the first user, and the credential is associated with the user account of the first user. The operations include transmitting, in response to the request, a code associated with the document, and receiving, from a second client device, a request to access the document. The request to access the document includes the code associated with the document. The operations include determining, based on the request to access the document, that the second client device is authorized to access the document, and communicating, to the second client device, a message including information about the document.

C.	US Publication No. 2008/0034437 A1 to Patterson discloses the method of controlling access to electronic content includes receiving electronic content and producing a file that includes the electronic content and instructions for collecting and transmitting payment information. The method further includes receiving a reply to the transmitted message and selectively providing access to the electronic content based on the reply.
D. See the other cited prior arts
11.	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMSON B LEMMA whose telephone number is 571-272-3806.  The examiner can normally be reached on M-F 8am-10pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor Yin-Chen Shaw can be reached on 571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status 

/SAMSON B LEMMA/Primary Examiner, Art Unit 2498