DETAILED ACTION
	The instant application having Application No. 16,235,422 filed on 12/28/2018 is presented for examination by the Examiner.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 7-11, 13-14, 16-17 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over CN102737311B (Hereinafter Wu.)


connecting a hardware safe to an external system (at least [0042][0049]-[0050], smart card is inserted/connected to mobile terminal); 
transferring a third-party program with an authorization policy to the hardware safe from the external system, the authorization policy configured to provide the third-party program access to one or more files and/or data fields stored on the hardware safe (at least [0010]-[0011][0027], U-key is a program from a bank (third-party program) that is transplanted/transferred to the smart card from the mobile terminal, to enable data stored in the smart card to be read/accessed); 
executing the third-party program on the hardware safe to obtain a result in a predetermined format (at least [0013][0027], data in the smart card is read/accessed using the U-key); and 
transferring the result in the predetermined format to the external system (at least [0013][0040], the data accessed/read is obviously if not inherently transferred to mobile terminal in a specified format to the mobile device to enable the mobile terminal to carry out verification with bank server.)

Regarding claim 2, Wu discloses the method according to claim 1. Wu also discloses wherein the hardware safe does not have an ability to connect to a resource using Uniform Resource Identifiers (URL) ([0012][0020][0024], the smart card is obviously if not inherently does not have an ability to connect to the internet or URL)
(at least [0012][0020], smart card stores user’s account information.)

Regarding claim 4, Wu discloses the method according to claim 1. Wu also discloses the external system includes a hardware safe tool, the hardware safe tool configured to perform one or more of the following: 
transfer the third-party program to the hardware safe (at least [0027], a tool in the mobile device that transplants the U-key program to the smart card); 

Regarding claim 7, Wu discloses the method according to claim 1. Wu also discloses authenticating a user and the one or more files and/or data fields of the user on the hardware safe, the authenticating of the user and the one or more files and/or data fields of the user on the hardware safe being performed by biometrics and/or a personal identification number (PIN) for the user (at least [0053]-[0054], PIN is used to verify user) and by personal authentication by the user or by authentication of an entity producing the one or more files and/or data fields and validating an integrity of the one or more files and/or data fields ([0013][0020][0040][0064]-[0069], i.e.: private key and digital certificate are verified by server.)

Regarding claim 8, Wu discloses the method according to claim 4. Wu also disclose the external system comprises: 
(at least [0011][0019] [0027], a component of the mobile terminal that stores/hosts the U-key), the external computer and the hardware safe being in communication via a USB connection (at least [0042][0044][0049]-[0050], it’s obvious of not inherent that the smart card is connected to mobile terminal via a USB connection); and 
hosting the third-party program on a third-party computer in communication with the external computer via a communication network ([0036][0048]-[0051], U-key is run/hosted on PC.)

	Claim 9 is rejected for the same rationale as claim 1 above.
Claim 10 is rejected for the same rationale as claim 2 above.
Claim 11 is rejected for the same rationale as claim 4 above.
Claim 13 is rejected for the same rationale as claim 8 above.

Regarding claim 14, Wu discloses a hardware device, the hardware device comprising: 
a memory having personal information of a user (at least [0012][0020], smart card stores user account information); and 
a processor configured to: 
transferring a third-party program with an authorization policy from an external system, the authorization policy configured to provide the third-party program access to the personal information of the user stored on the memory (at least [0010]-[0011][0027], U-key is a program from a bank (third-party program) that is transplanted/transferred to the smart card from the mobile terminal, to enable data stored in the smart card to be read/accessed) ; 
execute the third-party program to obtain a result in a predetermined format (at least [0013][0027], data in the smart card is read/accessed using the U-key); and 
transfer the result in the predetermined format to the external system (at least [0013][0040], the data accessed/read is obviously if not inherently transferred to mobile terminal in a specified format to the mobile device to enable the mobile terminal to carry out verification with bank server.)

	Claim 16 is rejected for the same rationale as claims 4 & 11 above.

	Regarding claim 17, Wu discloses the hardware device according to claim 14.
Wu also discloses the hardware device is smart card, the smart card configured to be connected to the external system via a USB connection (at least [0042][0044][0049]-[0050], it’s obvious of not inherent that the smart card is connected to mobile terminal via a USB connection.) 
	Wu does not explicitly disclose the hardware device is a memory stick.
	However, the hardware device can be of any shape and form, as long as its functionality does not change. As such, it is a purely a design choice to have the hardware device in a form of a memory stick to meet the designer’s desire. 

Claim 19 is rejected for the same rationale as claim 7 above.
.

Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Wu and in view of Diamant et al. (US 2006/0101310 A1-hereinafter Diamant.)
Regarding claim 5, Wu discloses the method according to claim 4. 
Wu does not explicitly disclose verifying an integrity of the third-party program with the hardware safe tool before the execution of the third-party program on the hardware safe.
	However, Diamant discloses a program or software stored is checked to make sure it has not been corrupted or compromised before it is allowed to be executed or loaded (at least abstract and [0019].)
	Therefore, it is obvious to one of ordinary-skilled in the art before the effective filing date of the claimed invention to include the feature discloses by Diamant into the method of Wu to prevent user’s date from being comprised by corrupted program. 

Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Wu, Diamant and further in view of Ko (US 2016/0026827 A1-hereinafter Ko.)
Regarding claim 12, Wu discloses the non-transitory computer readable medium according to claim 11. Wu also discloses authenticating a user and the one or more files and/or data fields of the user on the hardware safe, the authenticating of the user and the one or more files and/or data fields of the user on the hardware safe being performed by biometrics and/or a personal identification number (PIN) for the user (at least [0053]-[0054], PIN is used to verify user)  and by personal authentication by the ([0013][0020 ][0040][0064]-[0069], i.e.: private key and digital certificate are verified by server,)  and encrypting the one or more files and/or data fields in communication process (at least [0017][0041][0072], data accessed/read is encrypted in communication process.)
Wu does not explicitly disclose verifying an integrity of the third-party program with the hardware safe tool before the execution of the third-party program on the hardware safe; and the one or more files and/or data files on the hardware is encrypted.
However, Diamant discloses a program or software stored is checked to make sure it has not been corrupted or compromised before it is allowed to be executed or loaded (at least abstract and [0019].)
	Therefore, it is obvious to one of ordinary-skilled in the art before the effective filing date of the claimed invention to include the feature discloses by Diamant into the non-transitory computer readable medium of Wu to prevent user’s data from being comprised by corrupted program. 
Wu and Diamant do not explicitly disclose the one or more files and/or data files on the hardware is encrypted.
However, Ko discloses personal data is stored in encrypted form (at least [0010].)
Therefore, it is obvious to one of ordinary-skilled in the art before the effective filing date of the claimed invention to include the feature discloses by Ko into the non-.

Claims 6 & 15 are rejected under 35 U.S.C. 103 as being unpatentable over Wu and in view of Ko (US 2016/0026827 A1-hereinafter Ko.)
Regarding claim 6, Wu discloses the method according to claim 1. Wu also discloses encrypting the one or more files and/or data fields in communication process (at least [0017][0041][0072], data accessed/read is encrypted in communication process.)
Wu does not explicitly disclose the one or more files and or data fields on the hardware safe is encrypted.
However, Ko discloses personal data is stored in encrypted form (at least [0010].)
Therefore, it is obvious to one of ordinary-skilled in the art before the effective filing date of the claimed invention to include the feature discloses by Ko into the method of Wu to enhance the security level of the data stored in the hardware device.

Regarding claim 15, Wu discloses the hardware device according to claim 14. 
	Wu does not explicitly disclose the personal information of the user is encrypted in the memory of the hardware device.
	However, Ko discloses personal data is stored in encrypted form (at least [0010].)
.

Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Wu and in view of Gaeta et al. (US Patent 10,455,571 B1-hereinafter Gaeta.)
Regarding claim 18, Wu discloses the hardware device according to claim 14,. Wu also discloses the personal information of the user is stored in the memory of the hardware device (at least [0012][0020], user account information.) 
Wu does not explicitly disclose the personal information is in Portable Document Format (PDF) with predefined fields.
However, Gaeta discloses information is in PDF with predefined fields (column 14, lines 4-25.) 
Therefore, it is obvious to one of ordinary-skilled in the art before the effective filing date of the claimed invention to include the feature discloses by Gaeta into the hardware device of Wu to ensure only particular data is divulged to a particular entity, while protecting other sensitive data from being seen by the particular entity.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PHY ANH TRAN VU whose telephone number is (571)270-7317.  The examiner can normally be reached on Monday-Friday 7 am-1 pm.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on (571) 272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/PHY ANH T VU/Primary Examiner, Art Unit 2438