DETAILED ACTION
	1. 	This office action is in response to an amendment filed on August 12, 2021. Claims 1-20 are pending and claims 1, 8 and 15 are independent. Each independent claim is amended. 					Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Response to Arguments

3.		As it argued, the amendment made to independent claims 1, 8 and 15 overcome the non-statutory double patent rejection set forth in the previous office action and this particular rejection has been withdrawn.
Allowable Subject Matter
4.	Claims 1-20 are allowed. 
5.	The following is an examiner’s statements of reasons for allowance:
6. 	 The following references/prior arts disclose some of the claim limitation and the general subject matter recited in independent claims 1, 8 and 15 before the claims are amended.

				As per independent claims 1, 8 and 15 Maher discloses a computer-implemented method for controlling application access to data implemented in a computer comprising a processor, memory accessible by the processor, and computer program instructions stored in the memory and executable by the processor [See Computer System shown on figure 9 and paragraph 0094, computer system 900 that can be used to practice embodiments of the present invention. Computer system 900 may comprise a general-purpose computing device such as a personal computer or network server, or a specialized computing device such as a cellular telephone, personal digital assistant, portable audio or video player, television set-top box, kiosk, or the like. Computing device 900 will typically include a processor 902, memory 904, a user interface 906, a port 907 for accepting removable memory 908, a network interface 910, and a bus 912 for connecting the aforementioned elements. The operation of computing device 900 will typically be controlled by processor 902 operating under the guidance of programs stored in memory 904]
		, the method comprising: 
		receiving an application  [See figure 1 and paragraph 0024 where an application 107a is received from an application developer 106 by the credential authority shown on figure 1, 102 having a set of requirements defined by a credential authority 102.] and 
		generating a cryptographic certificate for each application  [See paragraph 0024, Certification service analyzes and tests application 107a to make sure that it meets the requirements 103 specified by credential authority 102. An application 107a that satisfies these requirements is given an appropriate credential or certificate 105. Upon obtaining credential 105, the application developer 106 may distribute the credentialed application 107 to an application user 108.See also paragraph 0026 how the presence of the corresponding/credential certificate 105 determines whether or not the application could proceed using the content 104.See paragraph 0028, credential 105 is formed by applying a strong cryptographic hash algorithm (e.g., SHA-1) 202 to the application 200 (or to selected portions thereof) to yield hash or message digest 204. Message digest 204 (and, in some embodiments, identification information 207) is encrypted (206) using the certification service's (or credential authority's) private key 208 to yield credential or signature 210.] and the only data access [See paragraph 0024, That indicates that only application that satisfies a declared the set of requirements are certified and provided a certification/credentials 105. Certification service analyzes and tests application 107a to make sure that it meets the requirements 103 specified by credential authority 102. An application 107a that satisfies these requirements is given an appropriate credential or certificate 105 and 0026, when user 108 attempts to use application 107 to process content 114, the user's system checks application 107 for the presence of the appropriate credential 105. If the credential 105 is present, the application 107 may proceed with using content 114. If credential 105 is not present, use of content 114 can be prohibited] 
		Maher substantially discloses all the limitation recited in the claim, but does not explicitly disclose the following underlined claim limitation: a plurality of application parts, each application part associated purpose”; each application part to be certified by determining a declared purpose for each application part to be certified is correct; the only data access purpose for that part, wherein the declared purpose is included in purpose information with each application part to be certified”, however Siber discloses these underlined claim limitations:
		 In particular Siber discloses:
		 “an application comprising a plurality of application parts, [See paragraph 0154, provide a credential having multiple elements covering corresponding parts of the application—and preferably having a combined overall effect of covering all (or a substantial portion) of the application 600. For example, the credential can provide verification information for different byte ranges, virtual paths, and/or other portions of application 600] each application part [See paragraph 0078, FIG. 1 shows load module 54 as a complicated looking machine part for purposes of illustration only; the load module preferably comprises one or more computer instructions and/or data elements used to assist, allow, prohibit, direct, control or facilitate at least one task performed at least in part by an electronic appliance such as a computer. For example, load module 54 may comprise all or part of an executable computer program and/or associated data ("executable"), and may constitute a sequence of instructions or steps that bring about a certain result within a computer or other computation element] associated with a declared data access purpose” [See figure 4 where each module/application 54 having a list of  specifications shown on figure 4/110 describing the functions or purposes that each module/application 54 performs. See paragraph 0089, Provider 52 may provide, with each load module 54, associated specifications 110 identifying the load module and describing the functions the load module performs. In this example, these specifications 110 are illustrated as a manufacturing tag, but preferably comprise a data file associated with and/or attached to the load module 54] 
		“generating a cryptographic certificate for each application part to be certified by determining whether a declared data access purpose for each application part to be certified is correct [See paragraph 0090, Verifying authority 100 uses an analyzing tool(s) 112 to analyze and test load module 54 and determine whether it performs as specified by its associated specifications 110--that is, whether the specifications are both accurate and complete…Such testing (in addition to ensuring that the load module 54 satisfies its specifications 110) can provide added degrees of assurance that the load module isn't harmful and will work as it is supposed to. See figure 2 and figure 17 and paragraph 0087, Verifying authority 100 carefully analyzes the load modules 54 (see 102), testing them to make sure they do what they are supposed to do and do not compromise or harm system 50. If a load module 54 passes the tests verifying authority 100 subjects it to, a verifying authority may affix a digital "seal of approval" (see 104) to the load module and paragraph 0092, FIG. 4-5 illustrates the digital sealing process as being performed by a stamp 114, but in a preferred embodiment the digital sealing process is actually performed by creating a digital signature using a well-known process]]; and the only data access purpose for that part, wherein the declared purpose is included in purpose information associated with each application part to be certified” [See figure 4, paragraph 0089, FIG. 4 shows the analysis and digital signing steps 102, 104 performed by verifying authority 100 in this example. Provider 52 may provide, with each load module 54, associated specifications 110 identifying the load module and describing the functions the load module performs. In this example, these specifications 110 are illustrated as a manufacturing tag, but preferably comprise a data file associated with and/or attached to the load module 54. Paragraph 0090, Verifying authority 100 uses an analyzing tool(s) 112 to analyze and test load module 54 and determine whether it performs as specified by its associated specifications 110--that is, whether the specifications are both accurate and complete and finally see paragraph 0092, Once verifying authority 100 is satisfied with load module 54, it affixes its digital seal of approval 106 to the load module. FIG. 4 illustrates the digital sealing process as being performed by a stamp 114, but in a preferred embodiment the digital sealing process is actually performed by creating a digital signature using a well-known process. See also the abstract, The verifying authority can provide an application intended for insecure environments with a credential having multiple elements covering different parts of the application. To verify the application, a trusted element can issue challenges based on different parts of the authenticated credential that the trusted element selects in an unpredictable (e.g., random) way, and deny service (or take other appropriate action) if the responses do not match the authenticated credential]
				Furthermore an updated search reveals the following prior arts that discloses the general subject matter recited in independent claims 1, 8 and 15:
				A. 	US Publication No. 2006/0010319 A1 to Bonnet discloses the present invention is of the type described above and it is remarkable in its broadest sense in that it pertains to a procedure for communication between at least two applications A and B in an operating system intended to prevent application B from accessing the information content of an application window A, characterized in that it comprises the following steps: [0008] a step of creation of at least one variable by application A; [0009] a step of reception of a request from application B by application A; [0010] a step of verification of the value of said variable by application A with the goal of verifying the validity of said request or of authenticating its origin; [0011] a step of response to said request as a function of said value and/or said origin.

			B.		US Patent No. 10152761 B2 to Kress discloses the method wherein determining to install the mobile application on the device of the particular patient comprises: receiving, by the computer system and from the device of the particular patient, data indicating an electronic reimbursement claim relating to the mobile application; and validating, by the computer system, the electronic reimbursement claim relating to the mobile application based at least on the obtained healthcare data, wherein validating the electronic reimbursement claim relating to the mobile application comprises: accessing, from a database of the computer system, a plurality of formulary data structures that are each (i) associated with a healthcare plan, and (ii) include a list of mobile applications approved for compensation by the particular healthcare plan; and determining that at least one of the plurality of formulary data structures is associated with a particular healthcare plan for the electronic profile for the particular patient; and determining that the mobile application related to the prescription for the patient is included 

		C.	 	US Publication No. 2018/0364988 A1 to Horowitz discloses according to another aspect, provided is a REST compliant API for attaching to a cloud implemented database (e.g., the well-known MONGODB database, available commercially from MongoDB Inc., New York, N.Y.) that enables access to raw database features while providing user level security, and integration to other execution environments for more complex processing and features sets. Traditionally direct access by a client application to a back end database enables too much authority. By validating client application requests at the API through the declarative statement framework and user context models, direct access is permitted with the assurance of security and permission control.

However, the above prior arts of record including the rest of the cited prior arts and the prior art submitted with IDS either taken alone or in combination neither anticipates nor renders obvious the claimed subject matter of the instant application that is taken as a whole recited in each amended independent claim 1, 8 and 15.  For this reason, the specific claim limitations recited in the amended independent claims 1, 8 and 15 taken as whole are found to be allowable.
7.	 The dependent claims which are dependent on the above independent claims 1, 8 and 15 being further limiting to the independent claims, definite and enabled by the specification are also allowed.



Conclusion

9.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMSON B LEMMA whose telephone number is 571-272-3806.  The examiner can normally be reached on M-F 8am-10pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shaw Yin Chen can be reached on 571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.	
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/SAMSON B LEMMA/Primary Examiner, Art Unit 2498