Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 7-13, 15 and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Wyatt et al. (US 20200285752), hereinafter Wyatt in view of Bender et al. (US 20180004936), hereinafter Bender.
	Regarding Claim 1, Wyatt teaches
	A method, comprising: detecting an attempt to perform a security related operation on a computing device (Para [0044] In one embodiment, a system includes: at least one processor; and memory storing instructions configured to instruct the at least one processor to: after installation of software on a first computing device, ... For example, the software may have been previously-installed on a user mobile device after an analysis by an evaluation server that determined the software was within an acceptable risk level. The evaluation server receives new data, and performs a new analysis using the new data (e.g., based on the current context of the same user mobile device). The new analysis detects a security threat associated with the software, which is then quarantined);
	determining a categorization of the security related operation (Para [0102] In one embodiment, a system and method are for reporting security information relating to a mobile device. In one embodiment, the security evaluation performed above (e.g., by the evaluation server 150 of FIG. 1 above) is a security assessment. … A security component identifies security events on the mobile device that are processed on the mobile device or by a server. The security component then determines a security assessment for the mobile device based upon the detected security events. … );
	conditionally performing the security related operation based on the response (Para [0938] FIG. 13 shows a computing system for evaluating software and implementing a quarantine of the software based on a new security threat, according to one embodiment. Evaluation server 1302 analyzes software associated with various computing devices that communicate with evaluation server 1302 over communication network 121. Evaluation server 1302 is an example of evaluation server 150 of FIG. 1).
	Wyatt does not explicitly teach a method that includes in response to the categorization meeting a criterion, generating a first notification requesting approval for the security related operation; transmitting a network message indicating the first notification; and receiving a second network message indicating a response to the notification.
	In the same field of endeavor, Bender teaches
	 in response to the categorization meeting a criterion, generating a first notification requesting approval for the security related operation (Para [0024] FIG. 3 illustrates a system diagram 300 of various processes and communication operations during an attempted application install procedure according to an example embodiment. Referring to FIG. 3, the system diagram 300 includes a user device 310 and an application data source 320 which are communicably coupled to one another, and which is monitored by a user device 330 based on security application settings. … The user device may load the install initiation page 316 which presents the permissions and requests sought by the application source 320 in order to download the application. The specific permissions are identified 318 and separated in, for example, a tabular form and may be listed, parsed and/or separated as parameters requiring a comparison operation by the permissions in the user profile 322 which may be stored locally or on another device.  Any matches between restrictions in the user profile and the permissions sought by the application are noted 324 and used as the basis to create a notification 326 which is sent to the third party user device(s) 330 identified in the user profile);
	transmitting a network message indicating the first notification (Para [0024] … Any matches between restrictions in the user profile and the permissions sought by the application are noted 324 and used as the basis to create a notification 326 which is sent to the third party user device(s) 330 identified in the user profile);
	receiving a second network message indicating a response to the notification (Para [0024] ... The third party device may then load the notification and prompt the user via a user interface to allow or prevent the install. A feedback message 332 is created and sent 334 to the user device 310 so the install can be allowed/blocked 336).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method taught by Wyatt to incorporate teachings of Bender such that the method of Wyatt includes in response to the categorization meeting a criterion, generating a first notification requesting approval for the security related operation; transmitting a network message indicating the first notification; and receiving a second network message indicating a response to the notification.  One would have been motivated to make such combination in order to provide security restriction in the application security profile related to the at least one application action, restricting the at least one application action from occurring based on the at least one application security restriction and notifying a pre-registered device (Bender, Para [0006]).
	Regarding Claim 2, the combination of Wyatt and Bender teaches all the limitations of Claim 1 above,
	The method of claim 1, further comprising receiving input defining a messaging address for the first notification, wherein the first notification is generated to be addressed to the messaging address (Wyatt, Para [0147] In one embodiment, if it is determined that the certain client application is installed on mobile device 149, evaluation server 150 attempts to uniquely identify mobile device 149 based on information that the evaluation server 150 has previously stored and/or information received as part of authenticating mobile device 149. For example, the received information includes information regarding the type of device, the operating system the device is running, an IP address provided by the device, etc. In one embodiment, the foregoing information regarding the device is cross-referenced with a data set stored for a given enterprise. Based on this cross-referencing, evaluation server 150 can send a push notification to the device (e.g., a Google cloud message for an Android device).).
	Regarding Claim 3, the combination of Wyatt and Bender teaches all the limitations of Claim 1 and Claim 2 above,
	wherein the detection of the security related operation is performed by a computing device, and the input defining the messaging address is received by the computing device (Wyatt, Para [0044] … The evaluation server receives new data, and performs a new analysis using the new data (e.g., based on the current context of the same user mobile device). The new analysis detects a security threat associated with the software, which is then quarantined. Para [0147] In one embodiment, if it is determined that the certain client application is installed on mobile device 149, evaluation server 150 attempts to uniquely identify mobile device 149 based on information that the evaluation server 150 has previously stored and/or information received as part of authenticating mobile device 149. For example, the received information includes information regarding the type of device, the operating system the device is running, an IP address provided by the device, etc.).
	Regarding Claim 4, the combination of Wyatt and Bender teaches all the limitations of Claim 1 and Claim 2 above,
	wherein the detection of the attempt to perform the security related operation is performed by a computing device, and the input defining the messaging address is received from the computing device by a second device (Wyatt, Para [0255] In one embodiment, the computer-readable instructions further cause the first computing device to, in response to the first source identifier not matching the black list, set a first application state for the first application to unknown, and send the at least one message to the second computing device, the at least one message further comprising the first application state).
	Regarding Claim 7, the combination of Wyatt and Bender teaches all the limitations of Claim 1 above,
	wherein receiving the second network message includes receiving an email or a text message including the response (Bender,  Para [0024] ... The third party device may then load the notification and prompt the user via a user interface to allow or prevent the install. A feedback message 332 is created and sent 334 to the user device 310 so the install can be allowed/blocked 336), and
	parsing the received email or text message to determine whether the response approves performance of the security related operation, wherein the conditional performance of the security related operation is responsive to the determination (Bender,  Para [0024] FIG. 3 illustrates a system diagram 300 of various processes and communication operations during an attempted application install procedure according to an example embodiment. ... The specific permissions are identified 318 and separated in, for example, a tabular form and may be listed, parsed and/or separated as parameters requiring a comparison operation by the permissions in the user profile 322 which may be stored locally or on another device).
	The motivation/rationale to combine the references is similar to claim 1 above.
	Regarding Claim 8, the combination of Wyatt and Bender teaches all the limitations of Claim 1 above,
	The method of claim 1, further comprising rejecting the attempt to perform the security related operation in response to a predetermined period of time elapsing without a response being received (Bender, Para [0020] … These action can include examples such as `gain permission from a secondary party` or `pop up to warn before installing` or `deny the installation of the app after presenting a pop up on why the app is being denied`, etc. If any of the actions require permission from the third party, the interested parties 220 and/or 230 identified in the profile by name, number, status (i.e., parent, guardian), are then notified. The notifications 234 and/or 236 are sent accordingly to notify and request permission to proceed. The third parties may have certain statuses, such as senior or junior where one party can grant permission at a junior status but the senior party can override that decision within a predetermined period of time, for example.  Para [0023] ... The installation completes upon approval via an SMS message from the approver or is rejected depending on the contents of the message received back at the device).
	The motivation/rationale to combine the references is similar to claim 1 above.
Regarding Claim 9,
Claim 9 is rejected for similar reasons as in claim 1.
Regarding Claim 10,
Claim 10 is rejected for similar reasons as in claim 2.
Regarding Claim 11,
Claim 11 is rejected for similar reasons as in claim 4.
	Regarding Claim 12, the combination of Wyatt and Bender teaches all the limitations of Claim 9 above,
	wherein the transmitting of the network message comprises one or more of transmitting an email, or a text message, or accessing a web hook indicating the first notification (Wyatt, Para [0477] In another example, an app's install channel is detected on the device, or is detected in a piece of code that operates somewhere in the network path from the install/download network source to the device (e.g., in a network appliance/router/firewall/etc.). For example, by observing that an application is being downloaded to the device from a particular network location, a channel ID can be determined for that application as being an identifier for the source of the download, e.g., a network IP address, or domain name, or URL, or other network identifier).
	Regarding Claim 13, the combination of Wyatt and Bender teaches all the limitations of Claim 9 above,
	The system of claim 9, the operations further comprising parsing the response to determine whether the response indicates an approval of the security related operation (Bender, Para [0024] FIG. 3 illustrates a system diagram 300 of various processes and communication operations during an attempted application install procedure according to an example embodiment. ... The specific permissions are identified 318 and separated in, for example, a tabular form and may be listed, parsed and/or separated as parameters requiring a comparison operation by the permissions in the user profile 322 which may be stored locally or on another device), and
	performing the security related operation in response to an indicated approval (Wyatt, Para [0938] FIG. 13 shows a computing system for evaluating software and implementing a quarantine of the software based on a new security threat, according to one embodiment. Evaluation server 1302 analyzes software associated with various computing devices that communicate with evaluation server 1302 over communication network 121. Evaluation server 1302 is an example of evaluation server 150 of FIG. 1).
	The motivation/rationale to combine the references is similar to claim 9 above.
	Regarding Claim 15, the combination of Wyatt and Bender teaches all the limitations of Claim 9 and Claim 14 above,
	wherein the second notification is generated to a different messaging address than the first notification (Bender, Para [0024] FIG. 3 illustrates a system diagram 300 of various processes and communication operations during an attempted application install procedure according to an example embodiment. … Any matches between restrictions in the user profile and the permissions sought by the application are noted 324 and used as the basis to create a notification 326 which is sent to the third party user device(s) 330 identified in the user profile. The third party device may then load the notification and prompt the user via a user interface to allow or prevent the install).
	The motivation/rationale to combine the references is similar to claim 9 above.
Regarding Claim 17,
Claim 17 is rejected for similar reasons as in claim 7.
	Regarding Claim 18, the combination of Wyatt and Bender teaches all the limitations of Claim 9 above,
	The system of claim 9, the operations further comprising deferring the performance of the security related operation until a response is received or a predetermined amount of time elapses after the attempt to perform the security related operation (Bender, Para [0020] … The notifications 234 and/or 236 are sent accordingly to notify and request permission to proceed. The third parties may have certain statuses, such as senior or junior where one party can grant permission at a junior status but the senior party can override that decision within a predetermined period of time, for example. Otherwise the junior party's permission may be enacted and the application may be installed thereafter without requiring communication from the senior party).
	The motivation/rationale to combine the references is similar to claim 9 above.
Regarding Claim 19,
Claim 19 is rejected for similar reasons as in claim 8.
Regarding Claim 20,
	Claim 20 is rejected for similar reasons as in claim 1, and for the reasoning set forth for the following limitations not explicitly disclosed in claim 1.  Bender discloses conditionally launching or installing the program based on the response (Para [0023] … The installation completes upon approval via an SMS message from the approver or is rejected depending on the contents of the message received back at the device). 
Claims 5 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Wyatt et al. (US 20200285752), hereinafter Wyatt in view of Bender et al. (US 20180004936), hereinafter Bender in view of Yien et al. (US 10867291), hereinafter Yien.
	Regarding Claim 5, the combination of Wyatt and Bender teaches all the limitations of Claim 1 above,
	The combination of Wyatt and Bender does not explicitly teach a method further comprising generating a second notification requesting approval for the security related operation in response to a predetermined amount of time elapsing after the generation of the first notification before the response is received.
	In the same field of endeavor, Yien teaches
	The method of claim 1, further comprising generating a second notification requesting approval for the security related operation in response to a predetermined amount of time elapsing after the generation of the first notification before the response is received (Col. 24, line 67; Col. 25, lines 1-10,  Alternatively, in another example, manager application 424 of payment processing service server device(s) 408 can determine that a manager did not respond to the request for manager approval associated with request data packet 402 within a threshold period of time and can send a reminder to the manager mobile device 404, can send another request to a different manager (wherein the different manager can be determined at payment processing service server device(s) 408 by manager tracking module 426 according to manager assignment rules 428), or send an indication to worker mobile device 404 that the request is denied).  
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method taught by the combination of Wyatt and Bender to incorporate teachings of Yien such that the method of the combination of Wyatt and Bender is further comprising generating a second notification requesting approval for the security 
Regarding Claim 14,
Claim 14 is rejected for similar reasons as in claim 5.
Claims 6 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Wyatt et al. (US 20200285752), hereinafter Wyatt in view of Bender et al. (US 20180004936), hereinafter Bender in view of Jakobsson (US 20210058395), hereinafter Jakobsson.
	Regarding Claim 6, the combination of Wyatt and Bender teaches all the limitations of Claim 1 above,  
	[wherein] the request indicating whether the request is approved as a parameter to the access request (Bender, Para [0022] In the event that there is a match and the action is a secondary approval then a notification or message (such as an SMS) can be sent to the secondary phone(s) and the user either approves the install or does not approve the install. The information is then sent back to the original application install phone 210. The phone application (or an off-board process communicably coupled to the phone) inspects what is received from the message contents. If the secondary control says to not install, an alert is received (optionally) and no install is permitted. If an install is permitted, then the application is installed).  Examiner notes that although Bender does not disclose “receiving the second network message includes receiving a request to access a web hook URL”, it does teach approval of the request in general.
	The combination of Wyatt and Bender does not explicitly teach a method wherein receiving the second network message includes receiving a request to access a web hook URL.
	In the same field of endeavor, Jakobsson teaches
Para [0066] … The system may send a hyperlink by SMS to a phone number associated with the user, and request that the user clicks on the hyperlink to confirm the use of the new device. Para [0208] In an alternative embodiment, the security system does not act as a proxy, but instead responds with a rerouting HTML message, such as responding to the request with an HTML 307 message and the URL of the source of the data. This automatically, but only temporarily, redirects the browser of the requesting party to the URL indicated by the security system, and the browser automatically downloads the content, which is the content associated with the requested modified artifact. This HTML 307 response is only issued if the request is permitted by the security system).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method taught by the combination of Wyatt and Bender to incorporate teachings of Jakobsson such that the method of the combination of Wyatt and Bender so that receiving the second network message includes receiving a request to access a web hook URL.  One would have been motivated to make such combination in order to provide techniques for protection against phishing of two-factor authentication ("2FA") credentials (Jakobsson, Para [0017]).
Regarding Claim 16,
Claim 16 is rejected for similar reasons as in claim 6.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HAMID TALAMINAEI whose telephone number is (571)270-3283.  The examiner can normally be reached on Flexible, M-F 7:30 -5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/HAMID TALAMINAEI/Examiner, Art Unit 2436                                                                                                                                                                                                        
/Kevin Bechtel/Primary Examiner, Art Unit 2491