Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Objection
Claim 13 is objected as it recites “comprising semantically mapping the identified information to requested information from the re application or service”.  As recited there seems to be an typographical error. Appropriate correction is required.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Clams 1-8 are rejected under 35 USC 112b as claim 1 recites “ a system comprising: one or more processors; and one or more computer storage hardware media storing computer- executable instructions that are executed to implement a method comprising:”, as recited claim 1 mixes two different statutory claim categories (system claim and method claim)..
Dependent claims 4 & 5 are also rejected under 112b for the same issue. 
 Dependent claims 2-8 are also rejected due to their dependency on claim 1 and as well as they do not cure deficiencies of claim 1.
Applicant is recommended to fix this issue.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):


The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 

Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: “the information service configured to” in claim 2.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

	Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper time-wise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.  
Claims 1-20 of instant Application US 16/743580 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20  of US patent  US 10,572680. Although the conflicting claims are not identical, they are not patentably distinct from each other because the claims both in the present application and the US patent discloses a method and systems providing security to application (s) is/are remotely executed in the user device.
The table below shows the comparison of claims of the instant application with that of the US application US16/743580. Examiner would have underlined any limitations of independent claims, if any at all, not disclosed by the claims of conflicting US patent US10,572,680.
Claim No.
Limitations of Instant Application       US16/743580
Limitations of the US patent 10,572,680
Claim No.
1
1. A system comprising: one or more processors; and one or more computer storage hardware media storing computer- executable instructions that are executed to implement a method comprising: detecting a triggering event that initiates an exchange of information between an information service and an application or service, wherein the triggering event is selected from the group consisting of installation of the application or service and running the application or service for a first time; determining a trust level of the application or service; determining a domain of information for the information requested by the application or service; based on the trust level and the domain of information, identifying information to share with the application or service; and sharing the information with the application or service.
1.A system comprising: one or more processors; and one or more computer storage hardware media storing computer-executable instructions that are executed to implement a method comprising: detecting a triggering event that initiates an exchange of information between an information service and an application or service; determining a trust level of the application or service and a domain of information, wherein the trust level is modified based on user interaction with the application or service and wherein the domain of information comprises a category of information requested from the information service by the application or service; based on the trust level and the domain of information, identifying information to share with the application or service; semantically mapping the identified information to the requested information; and sharing the semantically mapped information with the application or service. 
1 
9
9. A computer-performed method for automating loading of personalized out-of-the-box and ongoing in-application settings, the method comprising: detecting a triggering event that initiates a request of information between an information service and an application or service; determining a trust level for the application or service and a domain of information, wherein the domain of information comprises a category of information requested from the information service by the application or service;  4843-8750-7120 Page 37 of 40Non-Provisional Patent Application400679-US-CNT/337989 based on the trust level and the domain of information, determining information to share with the application or service; and sharing the information with the application or service.
8. A computer-performed method for automating loading of personalized out-of-the-box and ongoing in-application settings, the method comprising: detecting a triggering event that initiates a request of information between an information service and an application or service; determining a trust level for the application or service and a domain of information, wherein the trust level is modified based on user interaction with the application or service and wherein the domain of information comprises a category of information requested from the information service by the application or service; based on the trust level and the domain of information, determining information to share with the application or service; semantically mapping the determined information to the requested information; and sharing the semantically mapped information with the application or service.
8
16
16. One or more computer storage hardware media storing computer- executable instructions that are executed by a computing device to implement a method comprising: detecting a triggering event that initiates an exchange of information between an information service and an application or service; determining a trust level for the application or service and a domain of information, wherein the domain of information comprises a category of 4843-8750-7120 Page 38 of 40Non-Provisional Patent Application400679-US-CNT/337989 information requested from the information service by the one or more application or service; based on the trust level and the domain of information, determining information to share with the application or service; and sharing the information with the application or service.
15. One or more computer storage hardware media storing computer-executable instructions that are executed by a computing device to implement a method comprising: detecting a triggering event that initiates an exchange of information between an information service and an application or service; determining a trust level for the application or service and a domain of information, wherein the trust level is modified based on user interaction with the application or service and wherein the domain of information comprises a category of information requested from the information service by the application or service; based on the trust level and the domain of information, determining information to share with the application or service; semantically mapping the determined information to the requested information; sharing the semantically mapped information with the application or service. 
   
15


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claims 1, 3-7, 9, 11, 16 & 19 are rejected under 35 USC 103 as being unpatentable over Goldfeder (US20040230835) in view of Ukil (US20150269391) 
Regarding claim 1, Goldfeder teaches a system comprising: one or more processors; and one or more computer storage hardware media storing computer- executable instructions that are executed to implement a method comprising: detecting a triggering event that initiates an exchange of information between an information service and an application or service, [0027] Each time the application 201 is launched or executed ( detection of triggering event), it's hosting environment 220 could invoke the Trust Manager 210 to retrieve the security assessment of the application 201. In the case where the grant set 262 has already been created, the Trust Manager 210 may return that grant set 262 to the hosting environment 220.] Alternatively, the hosting environment 220 could cache the security assessment information for subsequent use without involving the Trust Manager 210. The hosting environment 220 will then apply any access permissions identified in the grant set 262 to the application 201. More specifically, the hosting environment 220 may apply the access permissions to each individual component, such as assembly A 202, of the application 201. It is equally feasible that the hosting environment 220 or some other application may present a component to the Trust Manager 210 for a security assessment without the specific intent of then executing the component.]
wherein the triggering event is selected from the group consisting of installation of the application or service and running the application or service for a first time; [para 0005:there are currently no mechanisms that can protect a user from multiple disparate security risks presented by a particular software program when it is being downloaded, installed, or executed. (could be excited for first time)]

 determining a trust level of the application or service; [0022] The Trust Manager 210 may be a trusted component of an operating system resident on the computing device 100. In this particular embodiment, the Trust Manager 210 exposes an interface that is called by the hosting environment 220 to initiate the security evaluation of the application 201. The Trust Manager 210 receives the ADO 221 from the hosting environment 220 via the interface. The Trust Manager 201 is further configured to invoke a series of trust evaluation engines to assess the security risk associated with the application 201. Each evaluation engine is configured to evaluate a particular class of threat based on information in the ADO 221 or on the components of the application 201 itself For instance, evaluation engine 240 may be a scoring engine that evaluates evidence about the application, as may be contained in the ADO 221 or elsewhere, to determine the ability of the application to perform malicious acts on the computing device 100. Evaluation engine 241 may be a virus checker and evaluation engine 242 may be configured to evaluate privacy concerns about the application 201. Each of the evaluation engines may derive from a base class, or may be implemented as an interface.]
based on the trust level, identifying information to share with the application or service; [0039] At block 515, the Trust Manager passes the prioritized score collection and aggregate impact information to the User Interface for final evaluation if required from the user. If so, the aggregate security impact is presented to the user. The presentation may be in the form of a dialog box that summarizes or details specifically the security risks associated with loading the application. For instance, a scoring engine may have determined that the application has requested sufficient permissions to read and modify files on the computer, and to transmit data over a network connection. Based on that information, together with perhaps other evidence, a privacy evaluator may have determined that the application is likely to share the user's information over the network
sharing the information with the application or service.  [0041] At block 519, the application is being loaded by the host. As part of a security policy that applies to applications being loaded, the host queries the Trust Manager for the Trust Object associated with the application. As each component of the application is loaded, the permission grant set associated with that component is applied. In this way, applications that have been loaded in accordance with the invention are only allowed those permissions (information sharing permission) which the user has, in an informed way, directly and comprehensively established. If sufficient privileges to execute have not been granted to the application, the Trust Manager may block the execution of the application.]
Goldfeder although teaches “trust level of application or service” as illustrated above, Goldfeder does not teach explicitly, however, Ukil teaches:
determining a domain of information for the information requested by the application or service; “[0028] In yet another implementation of the present subject matter, privacy settings (private (domain or category of information) information for a user to share private data to a particular application are determined. In said implementation, the determination of the privacy settings is based on risk appetite of applications for which the private data is to be shared. It would be understood that different applications have different risk appetite where risk appetite of an application is determined based on the implication of the application. For example, applications such as disaster management or other emergency type services are considered to be not sharing the private data of users and therefore, can be shared with private data with least amount of perturbation to maximize utility. Such applications are generally identified to have high risk appetite. Similarly, certain applications such as financial applications are generally categorized as applications with less risk appetite as they frequently share the private data of users for different purposes, thereby making perturbation of private data almost a necessity. Therefore, based on the end application utilizing the private data of the user, private settings are determined.
 domain of information, [0028] In yet another implementation of the present subject matter, privacy settings (private (domain or category of information) information for a user to share private data to a particular application are determined. In said implementation, the determination of the privacy settings is based on risk appetite of applications for which the private data is to be shared. It would be understood that different applications have different risk appetite where risk appetite of an application is determined based on the implication of the application. For example, applications such as disaster management or other emergency type services are considered to be not sharing the private data of users and therefore, can be shared with private data with least amount of perturbation to maximize utility. Such applications are generally identified to have high risk appetite. Similarly, certain applications such as financial applications are generally categorized as applications with less risk appetite as they frequently share the private data of users for different purposes, thereby making perturbation of private data almost a necessity. Therefore, based on the end application utilizing the private data of the user, private settings are determined.] 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Goldfeder with the disclosure of Ukil. The motivation or suggestion would have been to implement a system that will provide a efferent techniques for multiple types of biometric identification. (para 0450 & 0676, Ukil)  
Regarding claim 3, Goldfeder teaches wherein the group additionally consists of accessing a particular feature of the application or service, updating the application or service, and uninstalling the application or service.  [0027] Each time the application 201 is launched or executed, it's hosting environment 220 could invoke the Trust Manager 210 to retrieve the security assessment of the application 201. In the case where the grant set 262 has already been created, the Trust Manager 210 may return that grant set 262 to the hosting environment 220. Alternatively, the hosting environment 220 could cache the security assessment information for subsequent use without involving the Trust Manager 210. The hosting environment 220 will then apply any access permissions identified in the grant set 262 to the application 201. More specifically, the hosting environment 220 may apply the access permissions to each individual component (accessing particular feature), such as assembly A 202, of the application 201. It is equally feasible that the hosting environment 220 or some other application may present a component to the Trust Manager 210 for a security assessment without the specific intent of then executing the component. ]
 Regarding claim 4, Goldfeder teaches indicating to a user that the application or service is not trusted when the trust level is below a threshold; and preventing sharing of the identified information with the application or service.  [0023] Each evaluation engine is configured to assess the application 201 against its particular rules or criteria to determine a score 245. Examples of the score include a numerical value between a minimum and maximum, or a discrete value from a set of alternative security levels. These are only examples and not an exhaustive list. The score 245 may then be returned to the Trust Manager 210 by each evaluation engine at the conclusion of its assessment. The Trust Manager 210 is configured to aggregate the individual scores into a score collection 250, which represents the collective security assessment of the application in each of the areas for which an evaluation engine exists. Any priorities that may exist, such as priorities associated with the particular type of hosting environment 220, may be applied to the score collection 250 to further refine the collective security assessment. Based on the collective security assessment, the Trust Manager 210 may have sufficient information to make a loading decision without involving the user. For instance, pre-determined thresholds (either set by default or perhaps provided by the user) may govern what programs are loaded without seeking user acceptance, or what programs are blocked without prompting the user. If the collective security assessment for the particular application being loaded falls between those two thresholds, the user may be prompted for a loading decision.]
Regarding claim 5, Goldfeder teaches modifying the trust level of the application or service based on interactions of a group of users with the application or service.  [ 0040] At block 517, with any input from the User Interface, the Trust Manager modifies the Trust Object to describe the security environment in which the application may be executed. In one embodiment, the Trust Object includes data that associates the application, or components of the application, with a permission grant set. The permission grant set describes the level of security that will be applied to the application when executed. In one specific environment, a permission grant set is associated with each component of the application. In that way, a component that is shared among different applications may be executed with different permissions depending on the application context in which it is executing. The process may idle at block 517 until the application is actually executed, thereby causing the host to begin loading components of the evocation. At that point, the process continues to block 519.]
Regarding claim 6, Goldfeder does note teach explicitly, however, Ukil teaches
wherein the domain of information comprises a sensitivity of the information. [0028] In yet another implementation of the present subject matter, privacy settings for a user to share private data (sensitive information) to a particular application are determined. In said implementation, the determination of the privacy settings is based on risk appetite of applications for which the private data is to be shared. It would be understood that different applications have different risk appetite where risk appetite of an application is determined based on the implication of the application. For example, applications such as disaster management or other emergency type services are considered to be not sharing the private data of users and therefore, can be shared with private data with least amount of perturbation to maximize utility. Such applications are generally identified to have high risk appetite. Similarly, certain applications such as financial applications are generally categorized as applications with less risk appetite as they frequently share the private data of users for different purposes, thereby making perturbation of private data almost a necessity. Therefore, based on the end application utilizing the private data of the user, private settings are determined.] 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Goldfeder with the disclosure of Ukil. The motivation or suggestion would have been to implement a system that will provide a efferent techniques for multiple types of biometric identification. (para 0450 & 0676, Ukil) 
Regarding claim 7,  although Goldfeder teaches sensitive information, he does not explicitly teach, however, Ukil teaches wherein the domain of information comprises at least one of location data or calendar information. [0026] For example, envision that for enabling smart home energy management systems, micro granular energy data from individual smart meter requires to be shared or demanded by third parties like smart appliance manufacturers. Without sharing the private data of smart meter, it is not possible to enable smart home energy management, but the granularity of this private data is function of the amount of activity monitoring, which is a kind of privacy breach. So, a trade-off between privacy (activity monitoring) and utility (enablement of smart home energy management) is to be made by reducing the granularity that satisfies both the parties. In another example, to offer a location-based service, such as finding the nearest gas station, restaurant, traffic congestion analysis, pot hole detection, and similar applications, certain granular level location data (private data) of an individual is required.] 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Goldfeder with the disclosure of Ukil. The motivation or suggestion would have been to implement a system that will provide a efferent techniques for multiple types of biometric identification. (para 0450 & 0676, Ukil) 
Regarding claim 9, this claim is interpreted to be same as claim 1 and rejected for the same reasons as set forth for claim 1.
Regarding claim 11,Goldfeder teaches wherein determining the trust level comprises determining a rating of the application or service.  [0020] The application 201 may be first loaded onto the computing device 100 in one of many ways. ….. In this particular embodiment, the hosting environment 220 may include a priority rating based on the type of host it is. For instance, it may be determined that a hosting environment associated with an optical disk drive may pose a lower security risk than a hosting environment associated with a network session, such as the Internet. The priority rating may be used later when assigning a security score (that may imply trust level) to the application 201.]
Regarding claim 16, this claim is interpreted to be same as claim 1 and rejected for the same reasons as set forth for claim 1.
Regarding claim 19, Goldfeder teaches wherein the method further comprises preventing the exchange of information between the information service and the application or service when the trust level is below a threshold. [0023] Each evaluation engine is configured to assess the application 201 against its particular rules or criteria to determine a score 245. Examples of the score include a numerical value between a minimum and maximum, or a discrete value from a set of alternative security levels. These are only examples and not an exhaustive list. The score 245 may then be returned to the Trust Manager 210 by each evaluation engine at the conclusion of its assessment. The Trust Manager 210 is configured to aggregate the individual scores into a score collection 250, which represents the collective security assessment of the application in each of the areas for which an evaluation engine exists. Any priorities that may exist, such as priorities associated with the particular type of hosting environment 220, may be applied to the score collection 250 to further refine the collective security assessment. Based on the collective security assessment, the Trust Manager 210 may have sufficient information to make a loading decision without involving the user. For instance, pre-determined thresholds (either set by default or perhaps provided by the user) may govern what programs are loaded without seeking user acceptance, or what programs are blocked without prompting the user. If the collective security assessment for the particular application being loaded falls between those two thresholds, the user may be prompted for a loading decision.] 

Claims 2, 13 & 18 are rejected under 35 USC 103 as being unpatentable over Goldfeder in view of Ukil and Button (US20120102050)
Regarding claims 2 & 13, although Goldfeder and Ukil teach determining information to be shared with the one or more application or service; as illustrated above, in claim 1, they do not explicitly teach, however, Button teaches semantically map the identified information to requested information from the application or service.  [0129] Local information sources can be indexed so that information and/or content within these local stores 307, 308 is passed to the Semantic Knowledge Information system 106 for semantic metadata extraction with the generated concepts stored into the Database/Storage system 107 utilising predetermined system ontologies. This function allows local information of a user that could be residing on their PC, laptop, mobile telephone, MID etc. to be semantically mapped into the system and used within their use of the system such that this information can be reasoned with and/or retained for future use within contextual state containers. [0130] Semantic representation of information from within the Online Systems 301 and/or 302 are used within the relevance engine 104 to derive the Personalised Relevancy Interface 108 based on a user's current contextual state. The information within the Personalised Relevancy Interface 108 is specific to the information relevant for An End User 303, or a plurality of End Users 303, 304, 304, 306, whereby it is personalised for each End User. Various information objects from within the contextual states can be mapped into containers with the containers providing specific information and/or functionality within the contextual state.]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Goldfeder Nad Ukil with the disclosure of Button. The motivation or suggestion would have been to implement a system that will provide efficient & robustly management of user privacy  while interacting social networks or applications. (para 0001-0007 & 00035, Button) 
Regarding claim 18, although Goldfeder and Ukil teach determining information to be shared with the one or more application or service; as illustrated above, in claim 1, they do not explicitly teach, however, Button teaches wherein the information service is further configured to semantically map the identified information to requested information from the application or service, and wherein the semantically mapping comprises at least one of mapping the determined information, cropping the determined information, or reducing a level of detail of the determined information. [0129] Local information sources can be indexed so that information and/or content within these local stores 307, 308 is passed to the Semantic Knowledge Information system 106 for semantic metadata extraction with the generated concepts stored into the Database/Storage system 107 utilising predetermined system ontologies. This function allows local information of a user that could be residing on their PC, laptop, mobile telephone, MID etc. to be semantically mapped into the system and used within their use of the system such that this information can be reasoned with and/or retained for future use within contextual state containers. [0130] Semantic representation of information from within the Online Systems 301 and/or 302 are used within the relevance engine 104 to derive the Personalised Relevancy Interface 108 based on a user's current contextual state. The information within the Personalised Relevancy Interface 108 is specific to the information relevant for An End User 303, or a plurality of End Users 303, 304, 304, 306, whereby it is personalised for each End User. Various information objects from within the contextual states can be mapped into containers with the containers providing specific information and/or functionality within the contextual state.]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Goldfeder and Ukil with the disclosure of Button. The motivation or suggestion would have been to implement a system that will provide efficient & robustly management of user privacy  while interacting social networks or applications. (para 0001-0007 & 00035, Button) 

Claim 8 is rejected under 35 USC 103 as being unpatentable over Goldfeder in view of Ukil and Chan (US20110282941) 
Regarding claim 8, Goldfeder and Ukil do not teach explicitly, however, Chan teaches wherein the identifying information to share comprises matching with a high level of confidence stored profile and context information with requested fields of the one or more application or service. Chan (US20110282941) [0045] Now turning to FIG. 4, FIG. 4 illustrates a block diagram of a graphical user interface (GUI) and shows an example of a field 400 in accordance with exemplary embodiments. One skilled in the art understands a GUI. The field 400 may be one of many fields of a form in which the user is filling in, and the form may be any electronic form hosted by (or downloaded from), e.g., various websites 80 on host servers 85. The field 400 is displayed to the user on the display 45. In accordance with exemplary embodiments, the application 105 is configured to fill in the field 400 by scanning and recognizing a label 402 for an empty box 404. The application 105 identifies the label 402 and searches in the mapping table 145 for a match to the label 402 which corresponds to a predefined tag 140. The application 105 may find the match to the label 402 to be the tag 3 (which is one of the predefined tags 140) as shown in the mapping table 145 in FIG. 2. Once the match to the label 402 is found, the application 105 utilizes the tag 3 to search in the user profile 130 to find the corresponding value which is value 3 (of the values 1-N). Accordingly, the application 105 is configured to automatically fill in the empty box 404 with the value 3 (e.g., "Smith").]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Goldfeder and Ukil with the disclosure of Chan. The motivation or suggestion would have been to implement a system that will automatically and efficiently fill-up the forms with user  profile data (para 0001-0006, Chan)

Claims 10 & 20 are rejected under 35 USC 103 as being unpatentable over Goldfeder in view of Ukil, and Futty (US20120109999)
Regarding claims 10 & 20, although Goldfeder and Ukil teach trust level of application or service as illustrated in claim 9 (please mapping for claim 9) they do not teach explicitly, however, Futty teaches wherein determining the trust level comprises determining an identity of a publisher of the application or service. [0046] The amount of trust may be ascertained, without limitation, using a two-fold determination. First, the amount of trust may be determined by an extent to which the user 106 has used the application concierge service 110. The more the user 106 uses the application concierge service, the more trust develops between the user and the service. Second, the application concierge service 110 may also have determined a level of trust with particular applications. For example, a level of trust may be established when an application is repeatedly utilized by the user 106 or the user consistently chooses applications by a particular publisher, creating a level of trust with that particular publisher. The higher level of trust instilled in the application concierge service 110, may enable the service to release the sensitive information without further authorization from the user 106. 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Goldfeder and Ukil with the disclosure of Futty. The motivation or suggestion would have been to implement a system that will provide input to applications, efficiently and user friendly manner. (para 0001-0005, Futty)

Claim 12 & 17 are rejected under 35 USC 103 as being unpatentable over Goldfeder in view of Ukil, and Nachenberg (US20120117650)
Regarding claims 12 & 17, although Goldfeder and Ukil teach trust level of application or service, they do not teach explicitly, however, Nachenberg teaches wherein determining the trust level comprises determining a number of downloads and uninstalls of the application or service. [0041] In some embodiments, the security information database 402 also stores additional information. For example, the database 402 can store reputation information for files, clients 110, websites, and/or other entities. The reputation information can include information provided by the clients 110, by the entity that operates the security server 130, and/or by other sources. The reputation information can describe characteristics of files and include, for example, information indicating a number of clients 110 on which a file is downloaded, frequencies at which a file is installed and uninstalled on clients 110, information regarding any known degradations to system performance associated with a file, the dates on which file was downloaded on the clients 110, and the parties associated with the manufacture or development of the files. Other embodiments of the security information database 402 store different and/or additional information, such as reputation scores computed from the reputation information. ]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Goldfeder and Ukil  with the disclosure of Nachenberg. The motivation or suggestion would have been to implement a system that will efficiently prevent unsuspecting user interacting with a fake antivirus application. (para 0001-0006, Nachenberg)

Claims 14 -15 are rejected under 35 USC 103 as being unpatentable over Goldfeder in view of Ukil  and Blom (US20130340086)
Regarding claim 14, Goldfeder and Ukil do not teach explicitly, however, Blom teaches gathering context data from the application or service.  [ 0025] In various embodiments, the system 100 can address the challenge of protecting privacy of sensitive and confidential user data by introducing methods for determining the vulnerabilities of any given user, with respect to data collected by various sensors of a user device. Since different user data (e.g., via physical and/or virtual sensors, applications, etc.) may expose different information about each user, the system 100 can determine data richness and/or contextual vulnerability for a given user and provide privacy protection by monitoring and identifying sensor and/or application data and then determine/apply a sampling and/or a filtering process that can effectuate the protection. Further, the system 100 can determine contextual vulnerability based on the data richness and/or if the composite score exceeds a predetermined level (as determined empirically, based on the distribution of the composite scores in the general population of the service users) for a given user. Furthermore, knowledge of contextual vulnerability may be utilized to personalize application, content, and/or service offerings to the user in order to assist the user to avoid revealing the user's vulnerabilities to various entities of the system 100 (e.g., application developers, content providers, third party service providers, etc.) For instance, if a user "X" is deemed to be exposing sensitive, private, and/or confidential information through location data, then the user may be advised to and/or may choose to avoid services and applications requiring the collection and/or sharing of the location data. In one embodiment, the system 100 may dynamically adjust/filter sampling along modalities (e.g., sensors, applications, etc.), which have been deemed as potentially providing contextually vulnerable data, by decreasing the sampling rate of sensors utilized in the modalities.]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Goldfeder, and Ukil with the disclosure of Blom. The motivation or suggestion would have been to implement a system that will to allow users to make informed decisions regarding their individual data sharing, while also presenting them with the benefits to be gained from increased data sharing.(para 0001-0005, Blom)
Regarding claim 15, Goldfeder and Ukil do not teach explicitly, however, Blom teaches gathering context data from the application or service for different users of the application or service; and wherein the determined information comprises the gathered context data.  [ 0025] In various embodiments, the system 100 can address the challenge of protecting privacy of sensitive and confidential user data by introducing methods for determining the vulnerabilities of any given user, with respect to data collected by various sensors of a user device. Since different user data (e.g., via physical and/or virtual sensors, applications, etc.) may expose different information about each user, the system 100 can determine data richness and/or contextual vulnerability for a given user and provide privacy protection by monitoring and identifying sensor and/or application data and then determine/apply a sampling and/or a filtering process that can effectuate the protection. Further, the system 100 can determine contextual vulnerability based on the data richness and/or if the composite score exceeds a predetermined level (as determined empirically, based on the distribution of the composite scores in the general population of the service users) for a given user. Furthermore, knowledge of contextual vulnerability may be utilized to personalize application, content, and/or service offerings to the user in order to assist the user to avoid revealing the user's vulnerabilities to various entities of the system 100 (e.g., application developers, content providers, third party service providers, etc.) For instance, if a user "X" is deemed to be exposing sensitive, private, and/or confidential information through location data, then the user may be advised to and/or may choose to avoid services and applications requiring the collection and/or sharing of the location data. In one embodiment, the system 100 may dynamically adjust/filter sampling along modalities (e.g., sensors, applications, etc.), which have been deemed as potentially providing contextually vulnerable data, by decreasing the sampling rate of sensors utilized in the modalities.]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Goldfeder, and Ukil with the disclosure of Blom. The motivation or suggestion would have been to implement a system that will to allow users to make informed decisions regarding their individual data sharing, while also presenting them with the benefits to be gained from increased data sharing.(para 0001-0005, Blom)
Examiner’s Special Note
Following are the list of relevant references cited but not used in the Office Action:
1. Abuelsaad (US20150261951) that teaches a system and method for sharing data and a risk assessment of the data comprises receiving data in a first application and obtaining a risk level of the data, performing an action in the first application necessitating passing a message comprising at least the data and the risk level to a second application, passing the message from the first application to the second application, receiving, at the second application, the message, determining by said second application whether the risk level exceeds a predetermined threshold, when the risk level exceed the predetermined threshold, implementing a protocol to perform actions in the second application using the data in accordance with the protocol, and when the risk level does not exceed the predetermined threshold, running the second application using the data. 
2. Agarwal (US20140380058) discloses  techniques and systems described herein present various implementations of a model for authenticating processes for execution and specifying and enforcing permission restrictions on system resources for processes and users. In some implementations, a binary file for an application, program, or process may be augmented to include a digital signature encrypted with a key such that an operating system may subsequently authenticate the digital signature. Once the binary file has been authenticated, the operating system may create a process and tag the process with metadata indicating the type of permissions that are allowed for the process. The metadata may correspond to a particular access level for specifying resource permissions. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHER KHAN whose telephone number is (571)272-8574.  The examiner can normally be reached on Monday-Friday-8:00am - 5:00pm (EST).If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on 571-272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SHER A KHAN/           Examiner, Art Unit 2497