DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This action is response to communication:  response to amendments/argumetns filed on 10/22/2021.
Claims 1, 3-6, 9-12, and 14-25 are currently pending in this application.  Claim 25 is new.  
No new IDS has been field for this application. .

Response to Arguments
Applicant’s arguments with respect to claims have been fully considered but are moot in view of new grounds of rejection.  See amended rejection below. 

Examiner Note
As per claims 21 and 22, the claims recite “means for” limitations.  Such limitations will be interpreted according to applicant’s specification.  For example, see paragraphs 41-48.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention 

Claims 1, 6, 11, 12, 14-25 are rejected under 35 U.S.C. 103 as being unpatentable over Ren et al. US Patent Application Publication 2015/0348015 (hereinafter Ren) in view of Lingappa US Patent Application Publication 2015/0332262 (hereinafter Lingappa), and further in view of Hind et al. US Patent Application Publication 2003/0135507 (hereinafter Hind).

As per claim 1, Ren teaches a method comprising: generating a data request at a first application that runs in a first operating environment of a mobile device, wherein the data request contains data identifying the first application or an entity associated with the first application (paragraph 33 wherein third-party application sends request to electronic wallet; electronic wallet may be an app as seen in Figure 3; see paragraph 53 with electronic wallet and third party application installed on terminal device; see paragraph 63 wherein terminal may be a mobile device; see Figure 2, paragraph 11, wherein the application sends profile information to login to wallet, which includes application ID, certificate, signature, etc ); communicating with a second application that runs in a second operating environment, wherein the second application is a trusted application that runs in a secure environment, and wherein the communicating includes transferring the data request identifying the first application to the second application; (paragraph 33, Figure 3, and throughout wherein third party application sends a request to electronic wallet; see also Figure 2, Figure 11, and throughout sending profile information from third party application to wallet); and receiving data from the trusted 
Although Ren teaches utilizing two different applications at two different security levels (third party vs first party wallet), Ren does not explicitly teach wherein the applications are running in different operating environments parallel with one another.  This would have been obvious, if not inherent though.  As seen in Ren in paragraph 15 (background of application), electronic wallets refer to hardware/software modules which consist of a security element.  Thus, as defined by Ren, the wallet would include a security element, which is a trusted operating environment that runs parallel with the rest of the system.  Thus, the electronic wallet as taught by Ren would read upon the claimed language.  However, to expedite prosecution, a further reference is shown to show the inherency/obviousness of such a teaching.  For example, see Lingappa (paragraph 60, with a wallet application stored and executed by a secure elemtn or other trusted environment, with applets needing authentication to communicate with wallet application)
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of Ren with Lingappa.  One of ordinary skill in the art would have been motivated to perform such an addition to provide security utilizing wallet applications (paragraphs 3-5 of Lingappa).
Ren as modified does not explicitly teach wherein receipt of the data request cause the second application to: identify a subset of plurality of data types based on the identifying data; and retrieve a subset of data aossicated with a user from a database on a remote server, the subset selected based on the identified subset of the plurality of data types.  However, such 
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of the Ren combination with Hind.  One of ordinary skill in the art would have been motivated to perform such an addition to provide a secure way to securely access meta data (paragraph 13 of Hind).
As per claim 6, Ren does not explicitly teach wherein the second application encrypts the dta communicated to the first application.  However, encrypting information by a secure application and sending encrypted data to other applications would have been obvious.  FOr example, see Lingappa (paragraph 60, wherein wallet application may encrypt information being passed to other applications).
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of Ren with Lingappa.  One of ordinary skill in the art would have been motivated to perform such an addition to provide security utilizing wallet applications (paragraphs 3-5 of Lingappa).
	As per claim 11, it would have been obvious over the Ren combination wherein the received data comprises data identifying a tokenized payment card or encrypted payment information or encrypted payment account details (see rejection of claim 6 wherein it would have been obvious over Lingappa that information is encrypted; see Ren abstract and 
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of Ren with Lingappa.  One of ordinary skill in the art would have been motivated to perform such an addition to provide security utilizing wallet applications (paragraphs 3-5 of Lingappa).
As per claim 12, the Ren combination teaches wherein the tokenized or encrypted payment instrument data includes data identifying an entity associated with the trusted application (Ren paragraph 64 wherein data includes user-specific information, information for login, or for payment process, or personal information)
As per claim 14, the Ren combination teaches wherein the data request further identifies one or more data entities to be verified, and wherein the trusted application processes the retrieved data to verify said one or more data entities (Ren paragraph 64; also see ). 
As per claim 15, it would have been obvious over the Ren combination wherein the data rquest comprises a payment request token (see Lingappa paragraph 38 wherein data request from mobile application may be a payment processing request)
	As per claim 16, the Ren combination teaches wherein the first application is a web browser or a native mobile application (Ren paragraph 73 wherein 3rd party application is a browser).

	As per claim 18, the Ren combination teaches wherein the first application includes a software module from the payment provider to communicate with the second application (Ren Figure 1 and paragraphs 73-74 wherein applications communicate with the second application; see Ren Figure 4 wherein 3rd party apps may be payment applications such as paypass).  
	As per claim 19, it would have been obvious over the Ren combination wherein the software module is an API of a software development kit (Ren paragraph 33 wherein third party application supports an API; see also Figure 4 with API communicating between the third party applications and the wallet).
	Claim 20 is rejected using the same basis of arguments used to reject claim (different side of systems but the rejection of claim 1 covers both sides of the methods).
	Claim 21 is rejected using the same basis of arguments used to reject claim 1 above.
	Claim 22 is rejected using the same basis of arguments used to reject claim 20 above.
	Claim 23 is rejected using the same basis of arguments used to reject claim 1 above.
	Claim 24 is rejected using the same basis of arguments used to reject claim 20 above.
	As per claim 25, the Ren combination teaches wherein communicating data data from the trusted application to the first application comprises communicating the retrieved data or a token granting the first application access to the retrieved data (Ren paragraph 33, Figure 2, 

Claims 3-5, 9, and 10 are are rejected under 35 U.S.C. 103 as being unpatentable over the Ren combination as applied above, and further in view of Kelly et al. US Patent Application Publication 2013/0042295 (hereinafter Kelly).

	As per claim 3, Ren as modified does not explicitly teach wherein data request handling functionality of the second application cannot be accessed until the secure environment is established.  However, this would have been obvious, if not inherent.  Ren and Lingappa both already teach a second application (such as a wallet) running in a trusted environment.  If the trusted environment did not exist, the second application would not be able to hand data requests as the second application is running in this environment.  However, for a further show of obviousness of limiting data request handling until the secure environment is established, see Kelly (Figure 21 and 22, wherein access to secure virtual environment may not occur until the virtual environment is started and user is authenticated; also see paragraph 35 wherein secure virtual environment is implemented as an aplication).
	At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of the Ren combination with Kelly.  One of ordinary skill in the art would have been motivated to perform such an addition to create more security on mobile devices (paragraph 3-4 of Kelly).

	As per claim 5, it would have been obvious over the Ren combination wherein data to verify the identity of the user is generated and stored when the second application is configured for initial use (paragraph 147 wherein authentication information is automatically provisioned and stored such that the application will initially open; see also paragraph 49 wherein authentication input is stored such that when the information is input, the information is automatically compared to the stored authentication information).
	As per claim 9, Ren as modified does not explicitly teach wherein the trusted application communicates a further subset of the received data to the first application responsive to the data request.  However, selecting/choosing data to be sent via a secure environment is merely a design choice.  For example, choosing to send less/partial data than what is received is a design choice and depends on the scenario.  Even if such a limitation is not a design choice, such limitations would have been obvious.  Configuring and managing how data is handled in a secure environment is notoriously well known in the art.  For example, see Kelly (paragarph 35, wherein data may be manipulated based on user action).

	As per claim 10, Ren as modified teaches wherein the further subset of dta is determined from user input (Kelly paragraph 35 wherein data may be manipulated by user as he deems fit).
	

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON KAI YIN GEE whose telephone number is (571)272-6431.  The examiner can normally be reached on Monda-Friday 8:30-5:00 PST Pacific.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/JASON K GEE/Primary Examiner, Art Unit 2495