DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Specification
The abstract of the disclosure is objected to because it exceeds the 150-word limit.  Correction is required.  See MPEP § 608.01(b).

Election/Restrictions
Restriction to one of the following inventions is required under 35 U.S.C. 121:
I. Claims 1-22, 47-51, and 53, drawn to Fig. 4 and Fig. 6, classified in G06F21/6245.
II. Claims 23-46, 52, and 54, drawn to Fig. 5, classified in H04L63/102.
Inventions I and II are related as subcombinations disclosed as usable together in a single combination.  The subcombinations are distinct if they do not overlap in scope and are not obvious variants, and if it is shown that at least one subcombination is separately usable.  In the instant case, subcombination II has separate utility such as setting permissions via API(s).  See MPEP § 806.05(d).
The examiner has required restriction between subcombinations usable together. Where applicant elects a subcombination and claims thereto are subsequently found allowable, any claim(s) depending from or otherwise requiring all the limitations of the allowable subcombination will be examined for patentability in accordance with 37 CFR 1.104.  See MPEP § 821.04(a).  Applicant is advised that if any claim presented in a continuation or divisional application is anticipated by, or includes all the limitations of, a claim that is allowable in the present application, such claim may be subject to 
In response to a telephone conversation with Mr. Dimitri Dovas on 01/11/2022 a provisional election was made without traverse to prosecute the invention of group I, claims 1-22, 47-51, and 53.  Affirmation of this election must be made by applicant in replying to this Office action.  Claims 23-46, 52, and 54 withdrawn from further consideration by the examiner, 37 CFR 1.142(b), as being drawn to a non-elected invention.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-6, 9-16, 18, 20, 47-49, 51, and 53 are rejected under 35 U.S.C. 103 as being unpatentable over MURDOCH (US-20200351271-A1), in view of VESTERNINEN (US-20100280965-A1), and further in view of SANKURATRIPATI (US-11126745-B1), hereinafter MURDOCH-VESTERNINEN- SANKURATRIPATI .
Regarding claim 1, MURDOCH teaches “A method for controlling application enabling, the method comprising: receiving from a particular user an indication of data for sharing ([Abstract] “Receiving a request from an entity for using data stored in a data storage that is associated with a DID as one or more inputs of an application associated with the entity to generate one or more results.”) receiving from the particular user an indication of at least one recipient with which to share the data; ([Paragraph 0152] “The method 900 includes generating a notification to the DID owner (e.g., Alice 640) in response to the receiving of the request (901). The method 900 may also include receiving a user indication (e.g., Alice 640's input) that indicates a scope of permission that is to be granted (902). The method 900 may then determine the scope of permission that is consistent with the user indication (e.g., Alice's input) (903).”) …. detecting a request from the particular user to enable a particular application via a computing device; ([Paragraph 0102] “The principles described herein will further allow a user (e.g., a DID owner) to specify a scope of permission that is specific to be used in the execution of a particular application or a type of applications.”) accessing data permission requirements of the particular application; ([Paragraph 0139] “The method 700 also includes identifying one or more characteristics of the application (702). The one or more characteristics may be the characteristics 625-626 illustrated in FIG. 6. The one or more characteristics 621 of the application 620 may include (but not limited to) the identity of the entity 610, the nature of the application 620, what type of information is requested by the application 620, and what type of results will be generated by the application 620.”) determining a multidimensional coordinate based on the data permission requirements of the particular application ([Paragraph 0005] “Next, one or more characteristics of the application associated with the entity is identified. Based on the identified one or more characteristics, a scope of permission to use the requested data as one or more inputs of the application is determined.”) …. receiving an affirmation of the request from the particular user via the computing device; ([Paragraph 0128] “After Alice receives a notification, she can grant or deny the request on the fly. The permission storage 631 in the DID management module 630 and/or in the permission storage 667 in the DID owner's personal storage 660 may also be configured to automatically store or backup the permissions generated or the denied request by Alice 640 on the fly.” ) and enabling the particular application responsive to the affirmation of the request. ([Paragraph 0019] “Then, the scope of permission is granted to a container where the application is or is to be stored. Next, the application is executed in the container to generate the one or more result(s).”)
However, MURDOCH does not teach “determining a multidimensional zone based on the indication of the data for sharing and the indication of the at least one recipient; …. comparing the multidimensional zone to the multidimensional coordinate;”.
In analogous teaching, VESTERNINEN teaches “determining a multidimensional zone based on the indication of the data for sharing and the indication of the at least one recipient; ([Paragraph 0032] “In some embodiments, information radii and contact radii for a user of mobile terminal 120 are derived based, at least in part, on user activity on the mobile terminal 120. As used herein, activity on the mobile terminal includes one or more network communications with each of one or more contacts, or proximity of mobile terminal 120 to the address or mobile location of each of one or more contacts, or some combination.”)  … ([Paragraph 0045] “The radius derivation module 317 receives activity date from the activity tracker module 301 and derives any modifications to the radius values already stored in the database, e.g., database 137.”) …. determining a multidimensional coordinate based on the data permission requirements of the particular application; comparing the multidimensional zone to the multidimensional coordinate; ([Paragraph 0037] “The user contact field 221 includes a contact identifier (ID) field 223, a communications/proximity data field 225, and a contact radius field 227. The contact ID field 223 holds data that indicates a particular contact of the user”) ([Paragraph 0039] “the user contact field 221 includes a contact radius field 227 that holds data that indicates the relative closeness of the contact to the user as indicated by the user's actions”) ([Paragraph 003] “In response to a request from the contact for information about the user, information about the user is provided, which has an information radius value in a range that is based on a value of the contact radius associated with the contact.”).
Thus, given the teaching of VESTERNINEN, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of an intuitive method for managing privacy settings as taught by VESTERNINEN into the method for controlling an application enabling as taught by MURDOCH. One of ordinary skill in the art would have been motivated to do so because VESTERNINEN recognizes the importance of enhancing the management of private information. ([VESTERNINEN, Paragraph 0002] “Therefore, there is a need for a less tedious, more intuitive way to manage the private information”).
Furthermore, although MURDOCH teaches of generating a notification to the user (paragraph 0132), however, MURDOCH-VESTERNINEN does not teach “notifying the particular user via the computing device of the comparing of the multidimensional zone to the multidimensional coordinate;”.
In analogous teaching of privacy approval system, SANKURATRIPATI teaches “notifying the particular user via the computing device of the comparing of the multidimensional zone to the multidimensional coordinate” ([Column 5 lines 15-19] “In some embodiments, before notifying the second user (e.g., the privacy compliance officer) about the request to approve the new application feature, the privacy approval application 105 automatically computes a risk score for the selected fields characterizing utilization of the user data”).
Thus, given the teaching of SANKURATRIPATI, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of notifying the user based on a privacy computation as taught by SANKURATRIPATI into the method for controlling an application enabling as taught by MURDOCH-VESTERNINEN. One of ordinary skill in the art
would have been motivated to do so because SANKURATRIPATI recognizes the importance of safeguarding a user’s private information. ([SANKURATRIPATI, Col. 1 lines 22-32] “While the collection and analysis of such data can be of great benefit not only to the particular user but to other users of the service provider, it can also be the subject of considerable abuse, such as provision of the information to a third party …. For these reasons, as well as privacy regulations or regulatory constraints, when personal information is stored in databases, it is incumbent on service providers that control this data to protect the data from abuse. ”).

Regarding claim 2, MURDOCH-VESTERNINEN-SANKURATRIPATI teach all limitations of claim 1, VESTERNINEN further teaches “the receiving from the particular user the indication of the at least one recipient with which to share the data ([0001] “For example, the user might not want to share the same information with all subscribers who are in the friends group, but rather might want to share some information with close friends”) comprising receiving from the particular user an indication of at least one of network destinations for receiving the data, other applications for receiving the data, or other users for receiving the data.” ([Paragraph 0032] “As used herein, activity on the mobile terminal includes one or more network communications with each of one or more contacts, or proximity of mobile terminal 120 to the address or mobile location of each of one or more contacts, or some combination. In such embodiments, the mobile terminal 120 includes a mobile terminal activity tracker module 121 that detects those communications and proximity events and reports those activities, or statistical data or radii derived from them, to the network privacy service module 133 over network 105.”). 
The same motivation to modify MURDOCH-SANKURATRIPATI with VESTERNINEN , as in the rejection of claim 1, applies. 

Regarding claim 3, MURDOCH-VESTERNINEN-SANKURATRIPATI teach all limitations of claim 1, VESTERNINEN further teaches “determining a first multidimensional vector based on the indication of the data for sharing and determining a second multidimensional vector based on the indication of the at least one recipient with which to share the data; ([Paragraph 0050] “For example, contact icon 413 (Partner) and contact icon 415 (Close Friend) with contact radii 0.1 and 0.5, respectively (both less than 1.0), are in the innermost circle with information radius 1, representing access to the UserA's physical location. These contacts also have access to the information represented by the outer circles 403, 405 and 407. Similarly, contact 425 (Colleague C), with contact radius 1.5, lies outside the innermost circle 401 with information radius 1 and inside the second circle 403, with radius 2, which represents access to UserA's phone number. This contact is denied access to UserA's physical location in the circle with a smaller radius, but is granted access to UserA's phone number and information represented by the outer circles 405 and 407.”) wherein determining the multidimensional zone comprises determining a combined multidimensional vector based on the first multidimensional vector and the second multidimensional vector.” ([Paragraph 0048] “Circles are nested when the circle with the smaller radius lies entirely within a circle with a larger radius. In some embodiments, the nested circles are concentric. For example, in FIG. 4, the four radii 1, 2, 3 and 4 for the four pieces of user information in the example: (physical location, phone number, email address and service name, respectively), are shown by the four nested circles, circle 401, circle 403, circle 405 and circle 407, respectively.”) ([0028] “the numerical values used for information radius is on a different scale than the numerical values used for contact radius; and, a scale factor or transform algorithm is used to convert values in one scale to corresponding values in the other scale.”).
The same motivation to modify MURDOCH-SANKURATRIPATI with VESTERNINEN , as in the rejection of claim 1, applies. 

Regarding claim 4, MURDOCH-VESTERNINEN-SANKURATRIPATI teach all limitations of claim 1, MURDOCH further teaches “the accessing the data permission requirements of the particular application comprising: accessing rules indicating information to be shared; and accessing rules indicating targets of the information to be shared;” ([Paragraph 0139] “The method 700 also includes identifying one or more characteristics of the application (702). The one or more characteristics may be the characteristics 625-626 illustrated in FIG. 6. The one or more characteristics 621 of the application 620 may include (but not limited to) the identity of the entity 610, the nature of the application 620, what type of information is requested by the application 620, and what type of results will be generated by the application 620.”) the method further comprising determining the multidimensional coordinate based on the information to be shared and the targets of the information to be shared. ([Paragraph 0005] “Next, one or more characteristics of the application associated with the entity is identified. Based on the identified one or more characteristics, a scope of permission to use the requested data as one or more inputs of the application is determined.”).

Regarding claim 5, MURDOCH-VESTERNINEN-SANKURATRIPATI teach all limitations of claim 4. Furthermore, this claim recites features similar to those recited in claim 2. Therefore, claim 5 is rejected with a similar rational as in the rejection of claim 2. 

Regarding claim 6, MURDOCH-VESTERNINEN-SANKURATRIPATI teach all limitations of claim 1. MURDOCH further teaches “the accessing the data permission requirements of the particular application comprising: accessing rules indicating information to be shared; and accessing rules indicating targets of the information to be shared; ([Paragraph 0139] “The method 700 also includes identifying one or more characteristics of the application (702). The one or more characteristics may be the characteristics 625-626 illustrated in FIG. 6. The one or more characteristics 621 of the application 620 may include (but not limited to) the identity of the entity 610, the nature of the application 620, what type of information is requested by the application 620, and what type of results will be generated by the application 620.”) …. and determining the multidimensional coordinate based on the first position vector and the second position vector” ([Paragraph 0005] “Next, one or more characteristics of the application associated with the entity is identified. Based on the identified one or more characteristics, a scope of permission to use the requested data as one or more inputs of the application is determined.”).
However, MURDOCH-SANKURATRIPATI does not teach “the method further comprising: determining a first position vector based on the information to be shared; determining a second position vector based on the targets of the information to be shared;”.
In analogous teaching VESTERNINEN teaches “the method further comprising: determining a first position vector based on the information to be shared; determining a second position vector based on the targets of the information to be shared;” ([Paragraph 0050] “For example, contact icon 413 (Partner) and contact icon 415 (Close Friend) with contact radii 0.1 and 0.5, respectively (both less than 1.0), are in the innermost circle with information radius 1, representing access to the UserA's physical location. These contacts also have access to the information represented by the outer circles 403, 405 and 407. Similarly, contact 425 (Colleague C), with contact radius 1.5, lies outside the innermost circle 401 with information radius 1 and inside the second circle 403, with radius 2, which represents access to UserA's phone number. This contact is denied access to UserA's physical location in the circle with a smaller radius, but is granted access to UserA's phone number and information represented by the outer circles 405 and 407.”).
The same motivation to modify MURDOCH-SANKURATRIPATI with VESTERNINEN , as in the rejection of claim 1, applies. 


Regarding claim 9, MURDOCH-VESTERNINEN-SANKURATRIPATI teach all limitations of claim 1. MURDOCH further teaches “receiving from the particular user at least one allowed action for the data;” ([Paragraph 0113] “For instance, the application 620″ may be an insurance quoting application for the entity 610. Many existing or potential customers of the entity 610 may have allowed the application 620″ to use their driving history data (e.g., Alice's driving history data 661) to generate one or more insurance quotes. After the quotes are generated, the quotes may be stored together with the application 620″.”). 
However, MURDOCH-SANKURATRIPATI does not teach “and determining the multidimensional zone further based on the at least one allowed action for the data.”.
In analogous teaching VESTERNINEN teaches “and determining the multidimensional zone further based on the at least one allowed action for the data.” ([Paragraph 0032] “In some embodiments, information radii and contact radii for a user of mobile terminal 120 are derived based, at least in part, on user activity on the mobile terminal 120. As used herein, activity on the mobile terminal includes one or more network communications with each of one or more contacts, or proximity of mobile terminal 120 to the address or mobile location of each of one or more contacts, or some combination. In such embodiments, the mobile terminal 120 includes a mobile terminal activity tracker module 121 that detects those communications and proximity events and reports those activities, or statistical data or radii derived from them, to the network privacy service module 133 over network 105.”).
The same motivation to modify MURDOCH-SANKURATRIPATI with VESTERNINEN , as in the rejection of claim 1, applies. 

Regarding claim 10, MURDOCH-VESTERNINEN-SANKURATRIPATI teach all limitations of claim 9. VESTERNINEN further teaches “querying the particular user via a user interface of the computing device; ([Paragraph 0048] “FIG. 4 is a diagram of a graphical user interface 400 for intuitively managing information privacy, according to one embodiment. The graphical user interface 400 includes nested circles to represent the different information radii for the user.”) and receiving the indication of the data for sharing, the indication of the at least one recipient”   ([Paragraph 0058] “In step 519, it is determined whether a user request is received to set privacy. If so, then in step 521 the user is presented with a user interface (UI) to make the changes to a contact radius or information radius.”). 
The same motivation to modify MURDOCH-SANKURATRIPATI with VESTERNINEN , as in the rejection of claim 1, applies.
Furthermore, MURDOCH teaches “and the at least one allowed action for the data via the user interface of the computing device responsive to the querying.” ([Paragraph 0113] “For instance, the application 620″ may be an insurance quoting application for the entity 610. Many existing or potential customers of the entity 610 may have allowed the application 620″ to use their driving history data (e.g., Alice's driving history data 661) to generate one or more insurance quotes. After the quotes are generated, the quotes may be stored together with the application 620″.”). 

Regarding claim 11, MURDOCH-VESTERNINEN-SANKURATRIPATI teach all limitations of claim 9. MURDOCH further teaches “the accessing of the data permission requirements of the particular application comprising accessing at least one of a manifest of the particular application, an end-user license agreement ("EULA") of the particular application, or privacy settings of the particular application.” ([Paragraph 0139] “The method 700 also includes identifying one or more characteristics of the application (702). The one or more characteristics may be the characteristics 625-626 illustrated in FIG. 6. The one or more characteristics 621 of the application 620 may include (but not limited to) the identity of the entity 610, the nature of the application 620, what type of information is requested by the application 620, and what type of results will be generated by the application 620.”).

Regarding claim 12, MURDOCH-VESTERNINEN-SANKURATRIPATI teach all limitations of claim 9. VESTERNINEN further teaches “determining a first value on a first axis based on the indication of the data for sharing; determining a second value on a second axis based on the indication of the at least one recipient with which to share the data;” ([Paragraph 0050] “For example, contact icon 413 (Partner) and contact icon 415 (Close Friend) with contact radii 0.1 and 0.5, respectively (both less than 1.0), are in the innermost circle with information radius 1, representing access to the UserA's physical location. These contacts also have access to the information represented by the outer circles 403, 405 and 407. Similarly, contact 425 (Colleague C), with contact radius 1.5, lies outside the innermost circle 401 with information radius 1 and inside the second circle 403, with radius 2, which represents access to UserA's phone number. This contact is denied access to UserA's physical location in the circle with a smaller radius, but is granted access to UserA's phone number and information represented by the outer circles 405 and 407.”) ….  wherein determining the multidimensional zone comprises determining a combined multidimensional vector based on the first value on the first axis, the second value on the second axis, and the third value on the third axis.”  ([Paragraph 0048] “Circles are nested when the circle with the smaller radius lies entirely within a circle with a larger radius. In some embodiments, the nested circles are concentric. For example, in FIG. 4, the four radii 1, 2, 3 and 4 for the four pieces of user information in the example: (physical location, phone number, email address and service name, respectively), are shown by the four nested circles, circle 401, circle 403, circle 405 and circle 407, respectively.”) ([0028] “the numerical values used for information radius is on a different scale than the numerical values used for contact radius; and, a scale factor or transform algorithm is used to convert values in one scale to corresponding values in the other scale.”).
The same motivation to modify MURDOCH-SANKURATRIPATI with VESTERNINEN , as in the rejection of claim 1, applies.
Furthermore, MURDOCH teaches “and determining a third value on a third axis based on the at least one allowed action for the data;” ([Paragraph 0113] “For instance, the application 620″ may be an insurance quoting application for the entity 610. Many existing or potential customers of the entity 610 may have allowed the application 620″ to use their driving history data (e.g., Alice's driving history data 661) to generate one or more insurance quotes. After the quotes are generated, the quotes may be stored together with the application 620″. Alternatively, a separate database may be generated to store all the quotes generated by the application 620″. Each time a quote is generated, the container 673 may send the generated results 676 back to the DID owner who has provided his/her personal data. Further, the container 673 may also send the generated results to the entity 610. Alternatively, or in addition, the container 673 may allow the entity to access the database that includes all the insurance quotes generated at any time.”).

Regarding claim 13, MURDOCH-VESTERNINEN-SANKURATRIPATI teach all limitations of claim 9. 
Furthermore, this claim recites features similar to those recited in claim 12. Therefore, claim 13 is rejected with a similar rational as in the rejection of claim 12.

Regarding claim 14, MURDOCH-VESTERNINEN-SANKURATRIPATI teach all limitations of claim 9.
MURDOCH further teaches “the accessing the data permission requirements of the particular application comprising: accessing rules indicating information to be shared; accessing rules indicating targets of the information to be shared; ([Paragraph 0139] “The method 700 also includes identifying one or more characteristics of the application (702). The one or more characteristics may be the characteristics 625-626 illustrated in FIG. 6. The one or more characteristics 621 of the application 620 may include (but not limited to) the identity of the entity 610, the nature of the application 620, what type of information is requested by the application 620, and what type of results will be generated by the application 620.”) and accessing rules indicating allowed actions for the information; ([Paragraph 0113] “For instance, the application 620″ may be an insurance quoting application for the entity 610. Many existing or potential customers of the entity 610 may have allowed the application 620″ to use their driving history data (e.g., Alice's driving history data 661) to generate one or more insurance quotes. After the quotes are generated, the quotes may be stored together with the application 620″.”) the method further comprising determining the multidimensional coordinate based on the information to be shared, the targets of the information to be shared, and the allowed actions for the information. ([Paragraph 0005] Based on the identified one or more characteristics, a scope of permission to use the requested data as one or more inputs of the application is determined.”).  

Regarding claim 15, MURDOCH-VESTERNINEN-SANKURATRIPATI teach all limitations of claim 14. Furthermore, this claim recites features similar to those recited in claim 2. Therefore, claim 15 is rejected with a similar rational as in the rejection of claim 2.

Regarding claim 16, MURDOCH-VESTERNINEN-SANKURATRIPATI teach all limitations of claim 9.
MURDOCH further teaches “the accessing the data permission requirements of the particular application comprising: accessing rules indicating information to be shared; accessing rules indicating targets of the information to be shared; ([Paragraph 0139] “The method 700 also includes identifying one or more characteristics of the application (702). The one or more characteristics may be the characteristics 625-626 illustrated in FIG. 6. The one or more characteristics 621 of the application 620 may include (but not limited to) the identity of the entity 610, the nature of the application 620, what type of information is requested by the application 620, and what type of results will be generated by the application 620.”) and accessing rules indicating allowed actions for the information; ([Paragraph 0113] “For instance, the application 620″ may be an insurance quoting application for the entity 610. Many existing or potential customers of the entity 610 may have allowed the application 620″ to use their driving history data (e.g., Alice's driving history data 661) to generate one or more insurance quotes. After the quotes are generated, the quotes may be stored together with the application 620.”) …. determining a third position vector based on the allowed actions for the information; ([Paragraph [0156] “For example, the application 620 may be an application associated with a bank (e.g., entity 610) for extending credit card limit of Alice. Alice 640 has granted the scope of her personal data 661-663 to the container 651 or 673 to execute the application 620′ or 620″. The result of the application 620′ or 620″ may include Alice's credit score and a decision whether an extension of credit should be approved.”) and determining the multidimensional coordinate based on the first position vector, the second position vector, and the third position vector.” ([Paragraph 0005] “Next, one or more characteristics of the application associated with the entity is identified. Based on the identified one or more characteristics, a scope of permission to use the requested data as one or more inputs of the application is determined.”).
Furthermore, VESTERNINEN teaches “the method further comprising: determining a first position vector based on the information to be shared; determining a second position vector based on the targets of the information to be shared;” ([Paragraph 0050] “For example, contact icon 413 (Partner) and contact icon 415 (Close Friend) with contact radii 0.1 and 0.5, respectively (both less than 1.0), are in the innermost circle with information radius 1, representing access to the UserA's physical location. These contacts also have access to the information represented by the outer circles 403, 405 and 407. Similarly, contact 425 (Colleague C), with contact radius 1.5, lies outside the innermost circle 401 with information radius 1 and inside the second circle 403, with radius 2, which represents access to UserA's phone number. This contact is denied access to UserA's physical location in the circle with a smaller radius, but is granted access to UserA's phone number and information represented by the outer circles 405 and 407.”).
The same motivation to modify MURDOCH-SANKURATRIPATI with VESTERNINEN , as in the rejection of claim 1, applies.

Regarding claim 18, MURDOCH-VESTERNINEN-SANKURATRIPATI teach all limitations of claim 9. MURDOCH further teaches “wherein the enabling of the particular application comprises enabling use of a web-based application.” ([Paragraph 0103] “In the modern world, there are many service providers that use customer's information as input to run some applications to generate one or more results for different purposes. For example, when a customer shops around for auto insurance, he/she often calls a few insurance agents and gives these insurance agents his/her personal information, and ask each of these insurance agents to generate a quote. Alternatively, the customer may go online and fill in some online forms at different insurance companies' websites, then these web applications use the user information to generate one or more quotes for the customer. Further, some of these web applications also send the user's information to several insurance agents. After the insurance agents receive this user information, they will start to contact the user continuously for a few weeks or even months.”).

Regarding claim 20, MURDOCH-VESTERNINEN-SANKURATRIPATI teach all limitations of claim 9. 
Furthermore, this claim recites features similar to those recited in claim 2. Therefore, claim 20 is rejected with a similar rational as in the rejection of claim 2.

Regarding claim 47, this claim recites features similar to those recited in claim 1. Therefore, claim 47 is rejected with a similar rational as in the rejection of claim 1. MURDOCH further teaches “accessing rules for the particular application indicating targets of the information to be shared; ([Paragraph 0139] “The method 700 also includes identifying one or more characteristics of the application (702). The one or more characteristics may be the characteristics 625-626 illustrated in FIG. 6. The one or more characteristics 621 of the application 620 may include (but not limited to) the identity of the entity 610, the nature of the application 620, what type of information is requested by the application 620, and what type of results will be generated by the application 620.”) …. receiving a request from the user to disable the particular application disabling the particular application.” ([Paragraph 0118] “management module 630 may determine that the characteristics 621 of the application 620 include that the application 620 requires very sensitive personal information, such as social security number and date of birth, from Alice 640. Based on these characteristics 621, Alice's DID management module 630 may automatically deny the request”) ([Paragraph 0123] “In addition to expressly granted permissions, Alice 640 may also have a blacklist of applications and/or entities and/or type of applications and/or entities that she wants to deny their access to her personal data”).

Regarding claim 48, MURDOCH-VESTERNINEN-SANKURATRIPATI teach all limitations of claim 47.  MURDOCH further teaches “, further comprising receiving from the user at least one allowed action for the data; ([Paragraph 0113] “For instance, the application 620″ may be an insurance quoting application for the entity 610. Many existing or potential customers of the entity 610 may have allowed the application 620″ to use their driving history data (e.g., Alice's driving history data 661) to generate one or more insurance quotes. After the quotes are generated, the quotes may be stored together with the application 620″.”) …. accessing rules for the particular application indicating allowed actions for the information; ([Paragraph 0139] “The one or more characteristics 621 of the application 620 may include (but not limited to) the identity of the entity 610, the nature of the application 620, what type of information is requested by the application 620, and what type of results will be generated by the application 620.”) ([Paragraph 0103] “these web applications use the user information to generate one or more quotes for the customer. Further, some of these web applications also send the user's information to several insurance agents. After the insurance agents receive this user information, they will start to contact the user continuously for a few weeks or even months.”) and determining the multidimensional coordinate further based on the allowed actions for the information.” ([Paragraph 0005] “Next, one or more characteristics of the application associated with the entity is identified. Based on the identified one or more characteristics, a scope of permission to use the requested data as one or more inputs of the application is determined.”).
However, MURDOCH-SANKURATRIPATI does not teach “determining the multidimensional zone further based on the at least one allowed action for the data”.
In analogous teaching VESTERNINEN teaches “and determining the multidimensional zone further based on the at least one allowed action for the data.” ([Paragraph 0032] “In some embodiments, information radii and contact radii for a user of mobile terminal 120 are derived based, at least in part, on user activity on the mobile terminal 120. As used herein, activity on the mobile terminal includes one or more network communications with each of one or more contacts, or proximity of mobile terminal 120 to the address or mobile location of each of one or more contacts, or some combination. In such embodiments, the mobile terminal 120 includes a mobile terminal activity tracker module 121 that detects those communications and proximity events and reports those activities, or statistical data or radii derived from them, to the network privacy service module 133 over network 105.”).
The same motivation to modify MURDOCH-SANKURATRIPATI with VESTERNINEN , as in the rejection of claim 1, applies. 

Regarding claim 49, MURDOCH-VESTERNINEN-SANKURATRIPATI teach all limitations of claim 47. Furthermore, this claim recites features similar to those recited in claim 2. Therefore, claim 20 is rejected with a similar rational as in the rejection of claim 2.

Regarding claim 51, this claim recites features similar to those recited in claims 1 and 48. Therefore, claim 51 is rejected with a similar rational as in the rejection of claims 1 and 48.


Regarding claim 53, this claim recites features similar to those recited in claim 1.Therefore, claim 53 is rejected with a similar rational as in the rejection of claim 1. Furthermore, MURDOCH teaches “detecting a request from the particular user to access a particular webpage via a computing device;” ([Paragraph 0103] “the customer may go online and fill in some online forms at different insurance companies' websites, then these web applications use the user information to generate one or more quotes for the customer. Further, some of these web applications also send the user's information to several insurance agents.”).

Claims 7, 8, 17, 19, 21, 22, and 50 are rejected under 35 U.S.C. 103 as being unpatentable over  MURDOCH-VESTERNINEN- SANKURATRIPATI, in view of ANTONELLI (US-20170140171-A1). 

Regarding claim 7, MURDOCH-VESTERNINEN-SANKURATRIPATI teach all limitations of claim 1. Furthermore, MURDOCH teaches “and the notifying of the particular user comprises notifying the particular user that the multidimensional coordinate is outside the multidimensional zone.” ([Paragraph 0128] “Alice 640 may also set up her DID management module 630 and/or his/her personal storage 660 to generate a notification whenever an express permission cannot be found”).
However, MURDOCH-VESTERNINEN-SANKURATRIPATI does not teach “wherein: the comparing of the multidimensional zone to the multidimensional coordinate comprises determining that the multidimensional coordinate is outside the multidimensional zone;”.
In analogous teaching of managing personal data, ANTONELLI teaches “wherein: the comparing of the multidimensional zone to the multidimensional coordinate comprises determining that the multidimensional coordinate is outside the multidimensional zone;” ([Paragraph [0110-0111] “The mediator 184 (e.g., the server-side mediator 184′) verifies the authorization token, and then compares the user-defined policies with the retrieved set of rules for checking whether the user-defined policies are compatible with the requirements of the APP 140 defined in the corresponding statement (interaction 316). At this point, the outcome of the authorization process of the APP 140 is notified, and the user may decide to activate/suspend the authorization token for that APP 140 based on such outcome, in such a way to allow/avoid the possibility that the APP 140 requests PD (interaction 318). Particularly, if the user-defined policies are not compatible with the requirements of the APP 140 defined in the corresponding statement, the user may suspend the authorization token;”).
Thus, given the teaching ANTONELLI, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of comparing the user’s policies with the requirements of the application and if they are not compatible not allowing the authorization of the APP as taught by ANTONELLI into the method for controlling an application enabling as taught by MURDOCH-VESTERNINEN-SANKURATRIPATI. One of ordinary skill in the art would have been motivated to do so because ANTONELLI recognizes the need for a better way to manage a user’s personal data. ([ANTONELLI , Paragraph 0014] “the management and the usage of such PD is raising new concerns about privacy and the need of new technological and regulatory solutions to give users more control over their data life-cycle.”).

Regarding claim 8, MURDOCH-VESTERNINEN-SANKURATRIPATI teach all limitations of claim 1. Furthermore, this claim recites features similar to those recited in claim 1. In a similar manner as claim 1, what is taught for the particular user would also teach the same features for the “other users”. However, MURDOCH-VESTERNINEN-SANKURATRIPATI does not teach “comparing the other multidimensional zone to the multidimensional coordinate”.
In analogous teaching of managing personal data, ANTONELLI teaches “comparing the other multidimensional zone to the multidimensional coordinate” ([Paragraph 0103] “Moreover, the user 160 may be further provided with a (e.g., real-time) report on how active instances of the APPs 140 already activated and authorized by other users 160 access PD.”).
The same motivation to modify MURDOCH-SANKURATRIPATI-VESTERNINEN with ANTONELLI, as in the rejection of claim 7, applies. 

Regarding claim 17, MURDOCH-VESTERNINEN-SANKURATRIPATI teach all limitations of claim 9.
However, MURDOCH-VESTERNINEN-SANKURATRIPATI does not teach “wherein the enabling of the particular application comprises at least one of enabling installation of the particular application on the computing device or enabling use of the particular application.”.
In analogous teaching of managing personal data, ANTONELLI teaches “wherein the enabling of the particular application comprises at least one of enabling installation of the particular application on the computing device or enabling use of the particular application.” ([Paragraph 0061] “The APPs 140 distributed by the APP distribution platform 110 are application software adapted to be installed onto the user devices 120 for being exploited by users 160 of the user devices 120 in order to avail of their functionalities. As will be described in the following, APPs 140 generally require to access PD of the users 160 to fully provide the expected functionalities.”).
The same motivation to modify MURDOCH-SANKURATRIPATI-VESTERNINEN with ANTONELLI, as in the rejection of claim 7, applies. 

Regarding claim 19, MURDOCH-VESTERNINEN-SANKURATRIPATI teach all limitations of claim 9. Furthermore, this claim recites features similar to those recited in claim 7. Therefore, claim 19 is rejected with a similar rational as in the rejection of claim 7.

Regarding claim 21, MURDOCH-VESTERNINEN-SANKURATRIPATI teach all limitations of claim 9. Furthermore, this claim recites feature similar to those recited in claim 1. Therefore, in a similar manner as claim 1, what is taught for accessing, determining, and comparing would also teach for re-accessing, re-determining, and re-comparing. However, MURDOCH-VESTERNINEN-SANKURATRIPATI does not teach “determining change in the data permission requirements of the particular application;”.
In analogous teaching of managing personal data, ANTONELLI teaches “determining change in the data permission requirements of the particular application;” ([Paragraph 0101] “However, similar considerations apply if the developer 170 is updating an APP 140 already published on the APP distribution platform 110.”) ([Paragraphs 0108-0110] “The APP registry 186 retrieves the set of rules associated with the APP-token and generated during the procedure already described with reference to FIG. 2 (interaction 312). The APP registry 186 sends the retrieved set of rules, the authorization token, and the APP-token to the mediator 184 (e.g., the server-side mediator 184′) (interaction 314). The mediator 184 (e.g., the server-side mediator 184′) verifies the authorization token, and then compares the user-defined policies with the retrieved set of rules for checking whether the user-defined policies are compatible with the requirements of the APP”).
The same motivation to modify MURDOCH-SANKURATRIPATI-VESTERNINEN with ANTONELLI, as in the rejection of claim 7, applies. 

Regarding claim 22, MURDOCH-VESTERNINEN-SANKURATRIPATI teach all limitations of claim 9. Furthermore, this claim recites features similar to those recited in claim 21. Therefore claim 22 is rejected with a similar rational as in the rejection of claim 21. ANTONELLI further teaches “wherein the notifying the particular user of the comparing comprises notifying the particular user regarding the multidimensional coordinate being within the multidimensional zone, the method further comprising: ([Paragraph 0111] “At this point, the outcome of the authorization process of the APP 140 is notified, and the user may decide to activate/suspend the authorization token for that APP”) ([Paragraph 0110] “The mediator 184 (e.g., the server-side mediator 184′) verifies the authorization token, and then compares the user-defined policies with the retrieved set of rules for checking whether the user-defined policies are compatible with the requirements of the APP 140 defined in the corresponding statement (interaction 316).”) …. “and notifying the particular user via the computing device regarding the re-determined multidimensional coordinate being outside of the multidimensional zone.” ([Paragraph 0111] “At this point, the outcome of the authorization process of the APP 140 is notified, and the user may decide to activate/suspend the authorization token for that APP 140 based on such outcome, in such a way to allow/avoid the possibility that the APP 140 requests PD (interaction 318). Particularly, if the user-defined policies are not compatible with the requirements of the APP 140 defined in the corresponding statement, the user may suspend the authorization token;”).   
The same motivation to modify MURDOCH-SANKURATRIPATI-VESTERNINEN with ANTONELLI, as in the rejection of claim 7, applies. 

Regarding claim 50, MURDOCH-VESTERNINEN-SANKURATRIPATI teach all limitations of claim 47. MURDOCH further teaches “the detecting of the accessing of the particular application comprising at least one of: detecting executing of the particular application on the computing device; ([Paragraph 0104] “The principles described herein provide user a greater and more flexible control over his/her personal data, while still allowing the third-party application to run with the necessary user data to generate the results that the user needs. Further details of the embodiments of the systems and the methods for executing an application within a scope of user-granted permission are described with respect to FIGS. 6-10.”) detecting a request to install the particular application on the computing device; ([Paragraph 0112] “For example, the entity 610 may choose to use container 673 as its service provider, and pre-store and/or pre-install all of its applications at the container 673. Since all the applications provided by the entity 610 have been stored in the container 673, when a DID owner (e.g., Alice 640) decides to allow an application to be executed using her personal data” ).  
However, MURDOCH-VESTERNINEN-SANKURATRIPATI does not teach “or detecting processes of the particular application between the computing device and a network-accessible server”.
In analogous teaching of managing personal data, ANTONELLI teaches “or detecting processes of the particular application between the computing device and a network-accessible server” ([Paragraph 0065] “According to an embodiment of the present invention, the PD managing system 180 is a client/server system comprising software and/or hardware modules located at the user devices 120 as well as at a server unit 185.”). 
The same motivation to modify MURDOCH-SANKURATRIPATI-VESTERNINEN with ANTONELLI, as in the rejection of claim 7, applies. 


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AFAQ ALI whose telephone number is (571)272-1571. The examiner can normally be reached Mon - Fri 7:30am - 5:30pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, KAMBIZ ZAND can be reached on (571) 272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/AFAQ ALI/Examiner, Art Unit 2434                                                                                                                                                                                                        

/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434