Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
 
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-11 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) the steps of “generating…collecting…identifying…identifying…determining…” which is considered the abstract idea of “mental processes” (i.e. concepts performed in the human mind including observation, evaluation, judgement, opinion). This judicial exception is not integrated into a practical application because the claim is not directed to  an improvement in the functioning of a computer, or an improvement to other technology or technical field, as discussed in MPEP §§ 2106.04(d)(1) and 2106.05(a);
• Implementing a judicial exception with, or using a judicial exception in conjunction with, a particular machine or manufacture that is integral to the claim, as discussed in MPEP § 2106.05(b). The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the claims are not directed to any of the factors listed in MPEP 2106.05(A)(i-vi).

Claim 6 is rejected under 35 U.S.C. 101 because the claimed invention claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because The broadest reasonable interpretation of a claim drawn to a computer readable medium (also called machine readable medium and other such variations) typically covers forms of non-transitory tangible media and transitory propagating signals per se in view of the ordinary and customary meaning of computer readable media, particularly when the specification is silent. See MPEP 2111.01 When the broadest reasonable interpretation of a claim covers a signal per se, the claim must be rejected under U.S.C. 101 as covering non-statutory subject matter. See In re Nuijten, 500 F.3d 1346, 1356-56 (Fed Cir. 2007)(transitory embodiments are not directed to statutory subject matter)

The USPTO suggests the following approach to overcome this 101 rejection. A claim drawn to such a computer readable medium that covers both transitory and non-transitory may be amended to marrow the claim to cover only statutory embodiments to avoid a rejection under 35 U.S.C. 101 by adding the limitation "non-transitory" to the claim.




Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-9, 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Moshir (US 2014/0214610) in view of Akkiraju (US 2012/0116839).


Regarding Claim 1,

Moshir (US 2014/0214610) teaches a risk identification method for PII (Personally Identifiable Information) comprising: 
generating a profiling chart for identifying an application having privacy permission for PII and PPII (Potential Personally Identifiable Information) (Paragraph [0099-0100] teaches determining whether the App ask for PII or information that when combined with other information may be PII (i.e. PPII)); 
collecting privacy permission of an application identified through the profiling chart; identifying a first risk factor through total PPII collected by publisher of the application identified through the profiling chart (Figure 4, Enter manufacturer’s profile, 214, Risk Score calculation per app, 216); 
Moshir does not explicitly teach identifying a second risk factor through total PPII collected by parent organization of the publisher; 
and determining total risk factor based on the first risk factor and the second risk factor.
Akkiraju (US 2012/0116839) teaches identifying a second risk factor collected by parent organization of the publisher; and determining total risk factor based on the first risk factor and the second risk factor (Paragraph [0011-0012] teaches identifying a risk factor of a sub-organization and adding the risk factor to the assessment of risk for the parent organization)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the PII risk assessment of developer of an application and apply the same risk assessment to the parent organization of the developer. 
The motivation is to provide a method for analyzing enterprise level risk (Paragraph [0008] of Akkiraju)

Regarding Claim 3,

Moshir and Akkiraju teaches the risk identification method of claim 1. Moshir teaches wherein the identifying a first risk factor determines the total number of PPII given to applications included in an application group by a first user of a set of users as the first risk factor for the first user (Figure 6, allows a first user to review risk scores calculated for applications)(Paragraph [0099-0100] include PPII)

Regarding Claim 4,

Moshir and Akkiraju teaches the risk identification method of claim 1. Moshir teaches and the total number of PPII given to applications of the publisher which is a sub-organization of the parent organization by the first user as the second risk factor for the first user (Paragraph [0099-0100]). Akkiraju teaches wherein the identifying risk factor of the parent organization in the same way as the sub-organization.



Regarding Claim 5,

Moshir and Akkiraju teaches the risk identification method of claim 1. Moshir teaches wherein the determining total risk factor determines the total risk factor based as the first risk factor, the second risk factor, and other influence factors (above cited for first and second risk factor)(Figure 3 teaches other influence factors, 220, 222).
Moshir does not explicitly teach a risk factor is based on error rate
The Examiner takes Official notice that it is common to include error rate as a risk factor
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Moshir to include error rate as a factor for total risk factor and the results would be predictable.

Regarding Claim 6,

Claim 6 is similar in scope to Claim 1 and is rejected for a similar rationale.
Regarding Claims 7, 9-11,

Claims 7, 9-11 are similar in scope to Claims 1, 3-5 and are rejected for a similar rationale.

Claims 2, 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Moshir (US 2014/0214610) in view of Akkiraju (US 2012/0116839) in further view of Xing (US 2016/0044049)

Regarding Claim 2,

Moshir and Akkiraju teaches the risk identification method of claim 1, but does not explicitly teach wherein the generating a profiling chart generates the profiling chart for identifying an application having privacy permission corresponding to dangerous permission among normal, signature, and dangerous permission which are three protection levels affecting third-party app data access and collections in Android OS.
Xing (US 2016/0044049) teaches privacy permission corresponding to dangerous permission among normal, signature, and dangerous permission which are three protection levels affecting third-party app data access and collections in Android OS (Paragraph [0016] teaches privacy permissions including “normal, dangerous, signature” in Android mobile OS)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Moshir, Akkiraju with the privacy permissions of Xing and the results would be predictable (i.e. privacy permissions in Moshir would correspond to normal, signature, and dangerous as is well known in Android mobile OS)

Regarding Claim 10,

Claim 10 is similar in scope to Claim 2 and is rejected for a similar rationale.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARRIS C WANG whose telephone number is (571)270-1462.  The examiner can normally be reached on M-F 9:00-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LUU PHAM can be reached on 571-270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/HARRIS C WANG/Primary Examiner, Art Unit 2439