DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 13-15 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
In the “receive” step of claim 13, the claim refers back to “the data access request”; however, the claim previously recites two instances of “a data access request” (in the “generate” and “transmit” steps). Therefore, the claim is unclear because it is not clear to which of the two data access requests the phrase “the data access request” is intended to refer.
Claims 14 and 15 are rejected for inheriting the deficiencies of claim 13.

Claim Rejections - 35 USC § 102

A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-4, 6, 8-10, and 13 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Sundararajan (US Pub. No. 2005/0223226).

Regarding claim 1, Sundararajan shows a computing system, comprising: 
a first electronic device (e.g., Computer B: see Fig. 5 and [0035]) to: 
generate a first random number to associate with a data transaction message (e.g., UID2, associated with an email from user A: see steps 702, 704 in Fig. 7; step 508 in Fig. 5; [0036], [0040]); 
transmit the first random number to a second electronic device identified as the sender of the data transaction message (e.g., transmitting UID2 to a known address of the sender: see step 706 in Fig. 7; step 510 in Fig. 5; [0036], [0040]); 
compare a received authentication message to the first random number to authenticate the sender of the data transaction message (e.g., comparing a timely response containing a copy of UID2: see steps 708, 712 in Fig. 7; step 518 in Fig. 5; [0037]-[0038], [0040]); and 
if authenticated, perform a data operation including at least one of: a data access and data update based on the data transaction message (e.g., updating a necessary indicator that the public key of user A should be trusted and performing ongoing data access by using the public key A for subsequent secure communications: see step 520 in Fig. 5; step 714 in Fig. 7; [0005], [0040]-[0041]).

Regarding claim 2, Sundararajan shows the limitations of claim 1 as applied above, and further shows wherein the first electronic device is associated with a data storage provider (e.g., a mail server 208: see Sundararajan, Fig. 2 and [0030]) and wherein performing a data operation comprises updating stored data (e.g., updating a necessary indicator that the public key of user A should be trusted: see Sundararajan, [0005], [0040]-[0041]).

Regarding claim 3, Sundararajan shows the limitations of claim 2 as applied above, and further shows wherein the first electronic device is further to: receive a second random number (e.g., UID1: see Sundararajan, Figs. 5 and 7, steps 505-506 and 702; [0035]-[0036], [0040]); and transmit the second random number to the second electronic device (e.g., transmitting a copy of UID1: see Sundararajan, Figs. 5 and 7, steps 510, 706, [0036], [0040]).

Regarding claim 4, Sundararajan shows the limitations of claim 1 as applied above, and further shows wherein the data transaction message includes a response to a data access request (e.g., a response to a function call requesting data from a random-number generator: see Sundararajan, [0032]) and wherein performing the data operation comprises accessing data retrieved from a data storage (e.g., accessing the public key for further secure communications, where the key was received from a mail server, from local memory, etc.: see Sundararajan, [0030], [0040]-[0041]).

Regarding claim 6, Sundararajan shows the limitations of claim 1 as applied above, and further shows wherein the first electronic device is further to transmit application identification information to the second electronic device (e.g., an email containing a FROM address, a TO address, and associated UIDs: see Sundararajan, Figs 5 and 7, steps 510 and 706; [0030], [0033], [0036], and [0040]).

Regarding claim 8, Sundararajan shows a method comprising: 
receiving, by a first electronic device (e.g., Computer B: see Fig. 5 and [0035]), a data storage update request and application identification information (receiving an electronic message comprising a request to update a public key corresponding to user A, and comprising application identification information such as UID1 and a From address: see step 506 in Fig. 5; step 702 in Fig. 7; [0036], [0040]); 
generating a first random number to associate with the data storage update request (e.g., generating UID2: see step 508 in Fig. 5; step 704 in Fig. 7; [0036], [0040]); 
transmitting the first random number to a second electronic device based on the application identification information (e.g., transmitting UID2 to a known address of the sender: see step 706 in Fig. 7; step 510 in Fig. 5; [0036], [0040]);  
authenticating the second electronic device based on a comparison of the first random number to a received authentication message (e.g., comparing a timely response containing a copy of UID2: see steps 708, 712 in Fig. 7; step 518 in Fig. 5; [0037]-[0038], [0040]); and 
if authenticated, performing a data storage update operation according to the request (e.g., updating a necessary indicator that the public key of user A should be trusted and performing ongoing data access by using the public key A for subsequent secure communications: see step 520 in Fig. 5; step 714 in Fig. 7; [0005], [0040]-[0041]).

Regarding claim 9, Sundararajan shows the limitations of claim 8 as applied above, and further shows receiving a second authentication message including a second random number (e.g., UID1: see Sundararajan, Figs. 5 and 7, steps 505-506 and 702; [0035]-[0036], [0040]); and transmitting the second authentication message including the second random number to the second electronic device based on the application identification information (e.g., transmitting a copy of UID1 to computer A: see Sundararajan, Figs. 5 and 7, steps 510, 706, [0036], [0040]).

Regarding claim 10, Sundararajan shows the limitations of claim 9 as applied above, and further shows wherein the second electronic device: receives the second authentication message (e.g., receiving the copy of UID1: see Sundararajan, Figs. 5 and 6, steps 505-506 and 606; [0035]-[0036], [0039]); compares the second authentication message to the second random number (e.g,. whether the copy of UID1 matches: see Sundararajan, step 512 in Fig. 5, step 608 in Fig. 6; [0037], [0039]); and determines whether to transmit the first authentication message based on the comparison (e.g., determining to send the message with the copy of UID2: see Sundararajan, steps 512-516 in Fig. 5, steps 608-610 in Fig. 6; [0037]-[0039]).

Regarding claim 13, Sundararajan shows a machine-readable non-transitory storage medium comprising instructions executable by a processor of a first electronic device to: 
generate a random number to associate with a data access request (e.g., UID2: see steps 702, 704 in Fig. 7, [0040]; and step 508 in Fig. 5, [0035]); 
transmit to a second electronic device the random number, a data access request, and application identification information (e.g., transmitting UID2, a request to update public key B, and application identification in the form of the From and To addresses of an email: see step 510 in Fig. 5, step 706 in Fig. 7, [0036], [0040]; 
receive an authentication message and data associated with the data access request (e.g., receiving a timely response containing a copy of UID2, along with public key A: see steps 702, 708, 712; [0037], [0040]); 
authenticate the sender of the received data by comparing the received authentication message to the transmitted random number (e.g., comparing the copy of UID2: see [0037], [0040]); and 
if authenticated, access the received data associated with the data access request (e.g., accessing public key A as a trusted key to encrypt further exchanges of data: see [0005], [0040]-[0041]).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 5, 12, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Sundararajan (US Pub. No. 2005/0223226) in view of Hencke (US Pub. No. 2014/0013441).

Regarding claim 5, Sundararajan shows the limitations of claim 1 as applied above, and further shows wherein receiving an authentication message comprises accessing a messaging mailbox associated with the first electronic device (e.g., an email mailbox corresponding to the user’s email address: see Sunararajan, [0030]), but does not explicitly describe the mailbox as anonymous.
Hencke shows an anonymous messaging mailbox (e.g., an email mailbox corresponding to a user whose email address is an alias or pseudonym: see [0006]).
It would have been obvious to one of ordinary skill in the art at the time the invention was effectively filed to modify the system of Sundararajan with the teachings of Hencke in order to allow the users to engage in communications without revealing their real-world identities. 

Regarding claim 12, Sundararajan shows the limitations of claim 8 as applied above, and further shows wherein receiving a data storage update request comprises accessing a mailbox (e.g., an email mailbox corresponding to the user’s email address: see Sunararajan, [0030]), but does not explicitly describe the mailbox as anonymous.
Hencke shows an anonymous messaging mailbox (e.g., an email mailbox corresponding to a user whose email address is an alias or pseudonym: see [0006]).
It would have been obvious to one of ordinary skill in the art at the time the invention was effectively filed to modify the system of Sundararajan with the teachings of Hencke in order to allow the users to engage in communications without revealing their real-world identities.

Regarding claim 15, Sundararajan shows the limitations of claim 13 as applied above, and further shows wherein instructions to transmit to a first electronic device comprise instructions to transmit using a messaging system (e.g., an email mailbox system corresponding to the user’s email address: see Sunararajan, [0030]), but does not explicitly describe the mailbox as anonymous.
Hencke shows an anonymous messaging mailbox (e.g., an email mailbox corresponding to a user whose email address is an alias or pseudonym: see [0006]).
It would have been obvious to one of ordinary skill in the art at the time the invention was effectively filed to modify the system of Sundararajan with the teachings of Hencke in order to allow the users to engage in communications without revealing their real-world identities.

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Sundararajan (US Pub. No. 2005/0223226) in view of Kim (US Pat. No. 9,641,344).

Regarding claim 7, Sundararajan shows the limitations of claim 1 as applied above, and further shows wherein the first electronic device is further to create the application identification information based on an aggregation of information (e.g., a FROM address, a TO address, and associated UIDs: see Sundararajan, Figs 5 and 7, steps 510 and 706; [0030], [0033], [0036], and [0040]), but does not explicitly show that the aggregation is of a device identifier associated with the first electronic device and an application identifier.
Kim shows generating application information based on an aggregation of a device identifier associated with a first electronic device and an application identifier (e.g., at least a MAC address and an “application universally unique identifier”: see col. 3, lines 14-34).
It would have been obvious to one of ordinary skill in the art at the time the invention was effectively filed to modify the system of Sundararajan with the teachings of Kim in order to provide multiple factors to validate and/or authenticate the identity of the entities attempting to communicate (see Kim, col. 2, lines 37-48). 

Claims 11 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Sundararajan (US Pub. No. 2005/0223226) in view of Vysogorets (US Pub. No. 2012/0066757).

Regarding claim 11, Sundararajan shows the limitations of claim 8 as applied above, but does not explicitly show determining permissions information associated with the data storage update compared to the application identification information.
Vysogorets shows determining permissions information associated with a data storage update compared to application identification information (see [0075], [0091])
It would have been obvious to one of ordinary skill in the art at the time the invention was effectively filed to modify the system of Sundararajan with the teachings of Vysogorets in order to ensure that both parties involved in the data update consent to the operation. 

Regarding claim 14, Sundararajan shows the limitations of claim 13 as applied above, but does not explicitly show wherein authenticating the sender comprises authenticating a data storage provider with an account associated with the first electronic device.
Vysogorets shows wherein authenticating a sender comprises authenticating a data storage provider with an account associated with the first electronic device (e.g., mutually authenticating a user and service provider using a user account with a third-party authenticator: see [0075], [0091], [0250]-[0253]).
It would have been obvious to one of ordinary skill in the art at the time the invention was effectively filed to modify the system of Sundararajan with the teachings of Vysogorets in order to allow users to authenticate transactions with multiple service providers without exposing data to them (see Vysogorets, [0055]). 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
US Pub. No. 2003/0120924 to Immonen describes a method for checking the integrity of a message transmitted between a sender and a recipient.
US Patent No. 8,769,284 to Ginzboorg describes a method for securing communications between parties using encryption.
US Patent No. 7,234,059 to Beaver describes a method for providing communications that are both authenticated and anonymous.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Christopher D. Biagini whose telephone number is (571)272-9743.  The examiner can normally be reached on weekdays from 9 AM - 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar Louie can be reached on (571) 270-1684.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/Christopher Biagini/Primary Examiner, Art Unit 2445