DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
The amendment filed 03/30/2021 has been entered. Claims 1, 4, 6, 9, 12, 15 are currently amended. Clam 11 is originally cancelled claim. Claims 1-10, 12-16 are pending in the application.
The objection of claims 1, 6, 12 due to informalities has been withdrawn in light of applicant’s amendment to the claims.
Response to Arguments
Applicant’s argument, see pages 12-14 of the Remark filed 3/30/2021 regarding rejection of claims 1-10 and 12-16 under 35 USC 103 over the prior arts of record have been fully considered and is moot since the argument does not apply to the newly applied prior arts 
Masushio and Tuch in combination with previously identified prior arts. 
	Examiner acknowledges applicant amended independent claims 1 (similarly claim 4, 6, 9, 12 and 15) by specifying “wherein the local application tool is executed without having direct interaction with the browser”, and “wherein the local information is a verification result acquired by verifying a local digital certificate of the terminal through the local application tool”. Applicant’s argument mainly concerns that 1) reference Steele’s client-side application 105 is specific to the browser session only and not the client device 104 and therefore cannot be the claimed “local application tool” that is executed without having direct interaction with the browser, and 2) Steele’s resulting information is not the amended local information that is a 
Claim Objections
Claims 4, 9, 15 are objected to because of the following informalities:  
Claim 4 lines 12-13, claim 9 lines 16-17, claim 15 line 13-14, “… wherein, in response to receiving …” may read as “… wherein, in response to the receiving …” to be consistent in claim language.  
Appropriate correction is required.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention 

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 3-4, 6, 8-9, 12, 14-15 are rejected under 35 U.S.C. 103 as being unpatentable over Steele et al (US20060179003A1, hereinafter, "Steele"), in view of Zhang et al (US20060173981A1, hereinafter, "Zhang"), further in view of Masushio et al (US20100049984A1, hereinafter, "Masushio") and Tuch et al (US20140289510A1, hereinafter, "Tuch").
Regarding claim 1, Steele teaches: 
A method for acquiring local information in a terminal (Steele, [Abstract] Consumer authentication information is associated with an information account stored in a central database, such that access to the information account by the consumer is conditioned upon receipt and verification of the consumer authentication information), the method comprising: 
sending, by a browser of the terminal, a first request for information acquisition to a network apparatus through a script in the browser (Steele, see Fig. 5 steps 501, [0077] where the consumer operates a browser 112 to retrieve a web page file 116 from the vendor server 114 via the network 106, using a consumer browser.  The web page file 116 retrieved from the vendor server 114 may be enabled for interaction with the consumer's information account 110. And [0113] The web page file 116 may include an instruction (e.g., a "call") (i.e. script in the browser) that causes the browser 112 to download and execute one or more client-side applications 105, which may be used to manage, among other things, the general request/response process involved in accessing and retrieving information (i.e. first request for information acquisition) from an information account 110 for the client device 104);
acquiring, through the local application tool, local information of the terminal corresponding to the first request for information acquisition (Steele, [0048] the client-side application 105 (i.e. local application tool) may transmit the consumer information directly to the vendor server 114 without populating the consumer information into the displayed web page file 116. And [0080] at step 520, the resulting information (i.e. local information of the terminal) elements are transmitted (i.e. acquiring) to the client-side application 105, for example in the form of an XML data stream), wherein, in response to the receiving the first request for information acquisition the local application tool is instructed to acquire the local information (Steele, [0048] The client-side application 105 may also be responsible for parsing the data elements included in the search result and auto-populating the parsed data into the input fields of the displayed web page file 116); [and wherein the local information is a verification result acquired by verifying a local digital certificate of the terminal through the local application tool] (limitation(s) in bracket taught by Tuch as shown below); 
(Steele, [0043] One responsibility of the client-side application 105 is to provide (i.e. sending) authentication information associated with the consumer and the vendor to the host server 108 (i.e. network apparatus). And referring to Fig. 5, and [0083] At step 536 the client-side application submits the consumer's XML data (possibly only the edited data) and the update request to the DBMS 109.  Then at step 538 the update request is submitted to the data repository for authentication).
		While Steele teaches acquiring consumer authentication information using client-side application but does not teach using random number to associate with the first request for information acquisition, however in the same field of endeavor, Zhang teaches: 
		receiving, through the browser, a random number corresponding to the first request for information acquisition from the network apparatus (Zhang, [0007] a method for improving security during a remote administration exchange between a client device using a browser and an access point of a network… Generally, when a request for administration management file, such as a web page, is received, the access point (i.e. “network apparatus”) of the network also generates and transmits (i.e. “send”) to the client terminal a first parameter, for example, a random number. The first parameter may be generated in response to a challenge following the request (i.e. “the first request for information acquisition”) for the administration management file. And [0010] Upon receiving the form information, the remote system generates a random number and stores the number for future reference);
(Zhang, [0023] The administrator 140.sub.1-n security function (i.e. local application tool) concatenates 260 the random number, an administrator password…), [wherein the local application tool is executed without having direct interaction with the browser] (See Masushio below for limitation(s) in bracket); 
		sending, through the local application tool, a second request for information acquisition carrying the monitored random number to the network apparatus (Zhang, [0023] The administrator 140.sub.1-n security function concatenates 260 the random number, ... Thereafter, a digest, such as a Message 5 digest (MDS), is generated 270 for the concatenated result. Also see Fig. 2, step 275, [0023] and sends 275 the form to remote computer 150, thereby completing the submission); 
		acquiring from the network apparatus, through the local application tool, the first request for information acquisition corresponding to the random number carried in the second request for information acquisition, the correspondence between the random number and the first request for information acquisition being established and stored by the network apparatus (Zhang, [0023] the remote system 150 generates a random number 330 and stores the number 335 for future reference… The remote computer utilizes the stored random number, the password and the received data to generate 350 a MD5 digest. If the digest matches 355 the received digest (i.e. carried in the second request for information acquisition) then the requested administration is granted 360 and the system is appropriately updated). 
		Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Zhang in the 
		The combination of Steele-Zhang does not explicitly teach wherein the local application tool is executed without having direct interaction with the browser but in the same field of endeavor Masushio teaches:
		wherein the local application tool is executed without having direct interaction with the browser (Masushio, [Abstract] discloses techniques of using application to access user ID information as acquisition of content as authentication information. In particular, Fig. 11 shows a conventional information processing apparatus where the application 14 (i.e. local application) directly interact with information providing server for authentication information without interaction with browser).
The Supreme Court inKSRint'l Co. v. Teleflex Inc., 550 U.S. 398, 415-421, 82 USPQ2d
1385, 1395-97 (2007) identified a number of rationales to support a conclusion of obviousness which are consistent with the proper "functional approach" to the determination of obviousness as laid down in Graham. One or more of the rationales given by the Supreme Court are applicable and the examiner relies upon the following rationale(s) to support the conclusion of obviousness: "([u]se of known technique to improve similar devices (methods, or products) in the same way" (see MPEP 2143).

		While the combination of Steele-Zhang-Masushio teaches acquiring local information but does not expressly teach wherein the local information is a verification result acquired by verifying a local digital certificate of the terminal through the local application tool, however in the same field of endeavor, Tuch teaches: 
[acquiring, through the local application tool, local information of the terminal corresponding to the first request for information acquisition, wherein, in response to the receiving the first request for information acquisition the local application tool is instructed to acquire the local information] (see Steele’s teachings above) and wherein the local information is a verification result acquired by verifying a local digital certificate of the terminal through the local application tool (Tuch, [Abstract] discloses validation of root certificate to confirm presence of the configuration profile from policy server by application tool local to mobile device. Referring to Fig. 2, and [0017] Since the validation certificate was signed by the root certificate which was previously loaded into the trusted certificate chain of mobile OS 160 in step 250, in step 270, mobile OS 160 can verify that the validation certificate is signed by a trusted authority (the root CA) (i.e. verifying a local digital certificate).  In step 275, mobile OS 160 can then confirm to application management agent 150 that the validation certificate is indeed trusted (i.e. verification result). Confirmation of trust in the validation certificate by mobile OS 160 to application management agent 150 implicitly indicates to application management agent 150 that configuration profile 170 has been successfully installed and therefore the security measures reflected in configuration profile 170 have been implemented by mobile OS 160. Also see Fig. 1 where Application management Agent and Mobil OS are local application tool);
The Supreme Court in KSRInt’l Co. v. Teleflex Inc., 550 U.S. 398, 415-421, 82 USPQ2d 1385, 1395-97 (2007) identified a number of rationales to support a conclusion of obviousness which are consistent with the proper “functional approach” to the determination of obviousness as laid down in Graham. One or more of the rationales given by the Supreme Court are applicable and the examiner relies upon the following rationale(s) to support the conclusion of obviousness: “simple substitution of one known element for another to obtain predictable results”.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Tuch in the method and system for access to consumer authentication information of Steele-Zhang-Masushio to substitute Steele’s search result with Tuch’s teachings of trusted validation certificate. This would have been obvious because the person having ordinary skill in the art would have been motivated to have local application tool/agent to validate device certificate to 

		As per claim 6, the combination of Steele-Zhang-Masushio-Tuch discloses: 
		An apparatus (Steele, see Fig. 1 Host server 108 and Database Management System 109) for acquiring local information, the apparatus comprising: a memory storing a set of instructions; and one or more processors configured to execute the set of instructions to cause the apparatus (Steele, [0035] a processor for processing data and executing computer-executable instructions) to perform: the method steps substantially similar to the method of claim 1, therefore is rejected with the same reason set forth as rejection of claim 1 above.

		As per claim 12, the combination of Steele-Zhang-Masushio-Tuch discloses: 
		A non-transitory computer readable medium that stores a set of instructions that is executable by at least one processor of an apparatus to cause the apparatus to perform a method for storing data (Steele, [0035] a processor for processing data and executing computer-executable instructions), the method comprising: to performs the method steps substantially similar to the method of claim 1, therefore is rejected with the same reason set forth as rejection of claim 1 above.

		Regarding claim 4, Steele teaches: 
		A method for acquiring local information from a remote terminal (Steele, [Abstract] Consumer authentication information is associated with an information account stored in a central database, such that access to the information account by the consumer is conditioned upon receipt and verification of the consumer authentication information. See Fig. 1 Client device and Host server) the method comprising: receiving a first request for information acquisition sent by a browser of the terminal through a script in the browser (Steele, see Fig. 5 steps 501, [0077] where the consumer operates a browser 112 to retrieve a web page file 116 from the vendor server 114 via the network 106, using a consumer browser.  The web page file 116 retrieved from the vendor server 114 may be enabled for interaction with the consumer's information account 110. And [0113] The web page file 116 may include an instruction (e.g., a "call") (i.e. script in the browser) that causes the browser 112 to download and execute one or more client-side applications 105, which may be used to manage, among other things, the general request/response process involved in accessing and retrieving information (i.e. first request for information acquisition) from an information account 110 for the client device 104); 
sending, to the terminal, the first request for information acquisition [corresponding to the random number carried in the second request for information acquisition] (See Zhang below for limitation in bracket), wherein, in response to receiving the first request for3Attorney Docket No. 13295.0096-00000Alibaba Ref. No. PCT2704US information acquisition the local application tool is instructed to acquire local information of the terminal (Steele, [0048] the client-side application 105 (i.e. local application tool) may transmit the consumer information directly to the vendor server 114 without populating the consumer information into the displayed web page file 116. And [0080] at step 520, the resulting information (i.e. local information of the terminal) elements are transmitted (i.e. sending) to the client-side application 105, for example in the form of an XML data stream) [and wherein the local information is a verification result acquired by verifying a local digital certificate of the terminal through the local application tool] (limitation(s) in bracket taught by Tuch as shown below);
and receiving the local information corresponding to the received first request for information acquisition and acquired by the terminal through the local application tool (Steele, [0043] One responsibility of the client-side application 105 is to provide authentication information associated with the consumer and the vendor to the host server 108 (i.e. network apparatus). And referring to Fig. 5, and [0083] At step 536 the client-side application submits the consumer's XML data (possibly only the edited data) and the update request to the DBMS 109.  Then at step 538 the update request is submitted to the data repository for authentication).
		While Steele teaches acquiring consumer authentication information using client-side application but does not teach using random number to associate with the first request for information acquisition, however in the same field of endeavor, Zhang teaches:
		determining and storing, a random number corresponding to the first request for information acquisition (Zhang, [0007] Generally, when a request for administration management file, such as a web page, is received, the access point (i.e. “network apparatus”) of the network also generates and transmits to the client terminal a first parameter, for example, a random number. The first parameter may be generated in response to a challenge following the request (i.e. “the first request for information acquisition”) for the administration management file. And [0023] Upon receiving 320 the form information, the remote system 150 generates a random number 330 and stores the number 335 for future reference); 
		sending the random number to the terminal (Zhang, [0007] Generally, when a request for administration management file, such as a web page, is received, the access point (i.e. “network apparatus”) of the network also generates and transmits (i.e. “sends”) to the client terminal a first parameter, for example, a random number. See Fig. 2 step 340); 
		receiving a second request for information acquisition carrying the random number sent by the terminal through a local application tool (Zhang, [0023] The administrator 140.sub.1-n security function (i.e. local application tool) concatenates 260 the random number, ... Thereafter, a digest, such as a Message 5 digest (MDS), is generated 270 for the concatenated result. Also see Fig. 2, step 275), [wherein the local application tool is executed without having direct interaction with the browser] (limitation(s) in bracket taught by Masushio as shown below);
		Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Zhang in the method and system for access to consumer authentication information of Steele by using the random number as correspondence and associate with the information acquisition request. This would have been obvious because the person having ordinary skill in the art would have been motivated to use a random number that is known to be unique to the acquisition request in response to a challenge from administration management file to ensure that received administration information is from an appropriate client terminal (Zhang, [Abstract], [0007]).

		wherein the local application tool is executed without having direct interaction with the browser (Masushio, [Abstract] discloses techniques of using application to access user ID information as acquisition of content as authentication information. In particular, Fig. 11 shows a conventional information processing apparatus which shows the application 14 directly interact with information providing server for authentication information without interaction with browser).
The Supreme Court inKSRint'l Co. v. Teleflex Inc., 550 U.S. 398, 415-421, 82 USPQ2d
1385, 1395-97 (2007) identified a number of rationales to support a conclusion of obviousness which are consistent with the proper "functional approach" to the determination of obviousness as laid down in Graham. One or more of the rationales given by the Supreme Court are applicable and the examiner relies upon the following rationale(s) to support the conclusion of obviousness: "([u]se of known technique to improve similar devices (methods, or products) in the same way" (see MPEP 2143).
		Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Masushio in the method and system for access to consumer authentication information of Steele-Zhang by having application to access local IC chip and directly interact with information providing server for authentication information. This would have been obvious because the person having ordinary skill in the art would have been motivated to use conventional method to manage user 
		While the combination of Steele-Zhang-Masushio teaches acquiring local information but does not expressly teach wherein the local information is a verification result acquired by verifying a local digital certificate of the terminal through the local application tool, however in the same field of endeavor, Tuch teaches: 
[acquiring, through the local application tool, local information of the terminal corresponding to the first request for information acquisition, wherein, in response to the receiving the first request for information acquisition the local application tool is instructed to acquire the local information] (see Steele’s teachings above) and wherein the local information is a verification result acquired by verifying a local digital certificate of the terminal through the local application tool (Tuch, [Abstract] discloses validation of root certificate to confirm presence of the configuration profile from policy server by application tool local to mobile device. Referring to Fig. 2, and [0017] Since the validation certificate was signed by the root certificate which was previously loaded into the trusted certificate chain of mobile OS 160 in step 250, in step 270, mobile OS 160 can verify that the validation certificate is signed by a trusted authority (the root CA) (i.e. verifying a local digital certificate).  In step 275, mobile OS 160 can then confirm to application management agent 150 that the validation certificate is indeed trusted (i.e. verification result). Confirmation of trust in the validation certificate by mobile OS 160 to application management agent 150 implicitly indicates to application management agent 150 that configuration profile 170 has been successfully installed and therefore the security measures reflected in configuration profile 170 have been implemented by mobile OS 160. Also see Fig. 1 where Application management Agent and Mobil OS are local application tool);
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Tuch in the method and system for access to consumer authentication information of Steele-Zhang-Masushio to substitute Steele’s search result with Tuch’s teachings of trusted validation certificate. This would have been obvious because the person having ordinary skill in the art would have been motivated to have local application tool/agent to validate device certificate to confirm the presence of configuration profile to access managed data in order to access to certain resources of the device (Tuch, [Abstract], [0005]).

		As per claim 9, the combination of Steele-Zhang-Masushio-Tuch discloses: 
		An apparatus (Steele, see Fig. 1 Host server 108 and Database Management System 109) for acquiring local information, the apparatus comprising: a memory storing a set of instructions; and one or more processors configured to execute the set of instructions to cause the apparatus (Steele, [0035] a processor for processing data and executing computer-executable instructions) to perform: the method steps substantially similar to the method of claim 4, therefore is rejected with the same reason set forth as rejection of claim 4 above.

		As per claim 15, the combination of Steele-Zhang-Masushio-Tuch discloses: 
		A non-transitory computer readable medium that stores a set of instructions that is executable by at least one processor of an apparatus to cause the apparatus to perform a (Steele, [0035] a processor for processing data and executing computer-executable instructions), the method comprising: method steps substantially similar to the method of claim 4, therefore is rejected with the same reason set forth as rejection of claim 4 above.

Regarding claim 3, similarly claim 8 and claim 14, the combination of Steele-Zhang-Masushio-Tuch further teaches: 
The method of claim 1, the apparatus of claim 6, the non-transitory computer readable medium of claim 12, 
wherein the script includes a JavaScript script (Steele, [0042] A web page file 116 displayed by the browser 112 may include input fields for the input of consumer information.  …  JAVA applets are well known client-side applications and are particularly suited for use in various embodiments due to their platform-independent nature).

Claims 2, 5, 7, 10, 13, 16 are rejected under 35 U.S.C. 103 as being unpatentable over the combination of Steele-Zhang-Masushio-Tuch as applied above to claim 1, 6 and 12 respectively, further in view of Kim (US20120054492A1, hereinafter, "Kim").
Regarding claim 2, similarly claim 7 and claim 13, the combination of Steele-Zhang-Masushio-Tuch teaches: 
The method of claim 1, the apparatus of claim 6, the non-transitory computer readable medium of claim 12, 

wherein the first request for information acquisition acquired through the local application tool is an encrypted first request for information acquisition (Kim, [0009] method of sharing resources within a mobile terminal that includes: when a service is requested by a web browser reading a symmetric key from a cookie of the web browser, encrypting a message and calculating a Hash-based Message Authentication code (HMAC) by a web server (i.e. “network apparatus”)), and wherein the method further comprises: decrypting the first request for information acquisition through the local application tool before acquiring, through the local application tool, the local information corresponding to the first request for information acquisition (Kim, referring to Fig. 5, [0050] the resources 120 (i.e. “local application tool”) decrypt the encrypted message with k1 and verify the HMAC using k2, thereby verifying the identity of the web server 200 and the identity of the resources 120 in part of terminal, Fig. 1)). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Kim in the method and system for access to consumer authentication information of Steele-Zhang-Masushio-Tuch by further implementing encryption and decryption of the message from the terminal to the server. This would have been obvious because the person having ordinary skill would have been motivated to use encryption and decryption techniques to further enhance the data security for sharing resource between terminal and server devices against attacking or message being altered (Kim, [Abstract], [0005], [0009]).

Regarding claim 5, similarly claim 10 and claim 16, the combination of Steele-Zhang-Masushio-Tuch teaches: 
The method of claim 4, the apparatus of claim 9, the non-transitory computer readable medium of claim 15, 
While the combination of Steele-Zhang-Masushio-Tuch does not explicitly teach the following limitation(s), however in the same field of endeavor Kim teaches: 
further comprising: encrypting the first request for information acquisition corresponding to the random number carried in the second request for information acquisition before sending, to the terminal, the first request for information acquisition corresponding to the random number carried in the second request for information acquisition (Kim, Fig. 2 and Fig. 3, [0033] The web server 200 determines whether predefined security information (for example, key information) exists within the cookie information (i.e. “first request for information acquisition”), if there is no security information, enters key exchange services and generates an authentication number and a first random value (i.e. “random number”) wa (S220); And [0046] the web server 200 calls the keys k1 and k2 from the cookie transferred along with the request for the service, encrypts the message with the key k1 and calculates a HMAC (Hash-based Message Authentication code)). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Kim in the method and system for access to consumer authentication information of Steele-Zhang-.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL M LEE whose telephone number is (571)272-1975.  The examiner can normally be reached on M-F: 8:30AM - 5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/MICHAEL M LEE/Examiner, Art Unit 2436
/SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436