DETAILED ACTION
1.	Claims 41-60 are currently pending. Claims 1-40 were cancelled. The effective filing date of the present application is 8/26/2014. 

Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
	

Drawings
3.	The drawings are objected to under 37 CFR 1.83(a). The drawings must show every feature of the invention specified in the claims. Therefore, the security mechanism and security device must be shown or the feature(s) canceled from the claim(s). No new matter should be entered.
Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.

Claim Objections
4.	Claim 41-60 are objected to because of the following informalities: 
Claims 41 and 48 recite “second service provider data” without introducing a first service provider data.
Claim 55 states “from the at application,” which is not grammatical. For the purposes of examination, examiner is reading it as “from the application.”
Claim 55 states “the at least one third-party device.” The prior antecedent introduction of the term introduced “a third-party device,” which is singular. For the purposes of examination, examiner is reading it as “the third-party device.”
Appropriate correction is required.

Claim Interpretation
5.	The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 

Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are:
Claim 41 – “[T]he security mechanism determines if the security condition is met.” See MPEP 2181. The claim limitation uses the generic placeholder “security mechanism.” The generic placeholder is modified by functional language “determines if the security condition is met. . . .” The means is not modified by sufficient structure, material or acts for performing the claim. Therefore, 112(f) is invoked.
Claim 48 – “[W]hen a security condition is determined to be met by the security device.” See MPEP 2181. The claim limitation uses the generic placeholder “security device.” The generic placeholder is modified by functional language “determined to 
Claim 55 – “[A] security mechanism capable of determining if the application can interact.” See MPEP 2181. The claim limitation uses the generic placeholder “security mechanism.” The generic placeholder is modified by functional language “capable of determining if the application can interact. . . .” The means is not modified by sufficient structure, material or acts for performing the claim.

Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 112
6.	The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

7.	Claims 41-60 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. The specification does not disclose adequate structure (or material or acts) for performing the recited functions for a security mechanism or security device, see MPEP §2181 discussing 35 U.S.C. §112(f). Examiner further notes these terms are not used within the specification and no specific example relates to the claimed functions of these terms either.


(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

9.	Claims 41-60 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 42 and 49 recite the limitation “a security condition” in lines 1-2 and 1-2, respectfully. It is unclear whether Applicant is referring to the “security condition” of claims 41 and 48, respectfully, or if Applicant is introducing a new term. Appropriate clarification is needed. 
Claims 42 and 49 recite the limitation “a security condition” in lines 1-2 and 1-2, respectfully. It is unclear whether Applicant is referring to the “security condition” of claims 41 and 48, respectfully, or if Applicant is introducing a new term. Appropriate clarification is needed.
Claims 47 and 60 recite the limitation "the password" in lines 1 and 2, respectfully. There is insufficient antecedent basis for this limitation in the claim.
Claims 47 and 60 recite the limitation "the token" in lines 1 and 2, respectfully. There is insufficient antecedent basis for this limitation in the claim.
Claim 48 recites the limitation "the security mechanism" in line 6. There is insufficient antecedent basis for this limitation in the claim. For the proposes of examination, the examiner has interpreted the security mechanism in claims 48-54 as the “security device” that was introduced.

Claim limitations “security mechanism” and “security device” invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. No association between the structure and the function can be found in the specification. Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.
Applicant may:
(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 
(a)        Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.

Claim Rejections - 35 USC § 101
10.	35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

11.	Claims 41-60 are rejected under 35 U.S.C. 101 because the claimed invention is directed to abstract idea without significantly more. Claim 41 is directed towards a system , claim 48 is directed towards device, and claim 55 is directed towards a method.
Claim 41 (similarly claim 48) recites a series of steps for bidirectional communication with secure encryption, which is a method of organizing human activity for managing personal behavior or relationships or interactions between people and/or commercial or legal interactions. This judicial exception is not integrated into a practical application because an application capable of bidirectionally communicating, an application programming interface that can be used by the application to interact; a security condition, wherein determines if the security condition is met, the determination including at least using first application data from the application, wherein the first application data is encrypted and stored using a first private key, and using second service provider data, wherein the second service provider data is encrypted and stored using a second private key do not add a meaningful limitation to the method as they are insignificant extra-solution activity and only generally link the use of the judicial exception to a particular technological environment or field of use. Claim 41 and 48 do not include additional elements that are sufficient to amount to significantly more than the judicial exception because a server, security mechanism, a security device, and data store are considered generic computer technology implementing well-understood, routine, and conventional activity, see MPEP §2106.05(d). Specifically, for a server, security mechanism, and a security device see MPEP §2106.05(d) (II) (ii) discussing the performance of repetitive calculations by a computer; and for data store see MPEP §2106.05(d) (II) (iv) discussing storing and retrieving of information in memory. Therefore, the additional elements of claims 41 and 48 in separately or in combination do not add significantly more.

wherein the determination that a security condition is met includes receiving and sending application data, service provider data, requests and commands do not add a meaningful limitation to the method as they are insignificant extra-solution activity and only generally link the use of the judicial exception to a particular technological environment or field of use. Claims 42 and 49 do not include additional elements that are sufficient to amount to significantly more than the judicial exception. The additional elements of claims 42 and 49 in separately or in combination do not add significantly more. 

Claim 43 (similarly claim 50) only furthers the of steps for bidirectional communication with secure encryption, which is a method of organizing human activity for managing personal behavior or relationships or interactions between people and/or commercial or legal interactions. Claim 43 (similarly claim 50) is not integrated into a practical application because wherein the accesses [is] only from a previously registered IP address, or a token do not add a meaningful limitation to the method as they are insignificant extra-solution activity and only generally link the use of the judicial exception to a particular technological environment or field of use. Claims 43 and 50 do not include additional elements that are sufficient to amount to significantly more than the judicial exception because a server and data store are considered generic computer technology implementing well-understood, routine, and conventional activity, see MPEP §2106.05(d). Specifically, for a server see MPEP §2106.05(d) (II) (ii) discussing the performance of repetitive calculations by a computer; and for data store see MPEP §2106.05(d) (II) (iv) discussing storing and retrieving of information in memory. The additional elements of claims 43 and 50 in separately or in combination do not add significantly more. 

Claim 44 (similarly claim 51) only furthers the of steps for bidirectional communication with secure encryption, which is a method of organizing human activity for managing personal behavior or relationships or interactions between people and/or commercial or legal interactions. Claim 44 (similarly claim 51) is not integrated into a practical application because wherein the security mechanism is configured to make a determination whether the application supplied a password or a token, as a condition for the security condition being met do not add a meaningful limitation to the method as they are insignificant extra-solution activity and only generally link the use of the judicial exception to a particular technological environment or field of use. Claims 44 and 51 do not include additional elements that are sufficient to amount to significantly more than the judicial exception because a security mechanism is considered generic computer technology implementing well-understood, routine, and conventional activity, see MPEP §2106.05(d). Specifically, for a security mechanism see MPEP §2106.05(d) (II) (ii) discussing the performance of repetitive calculations by a computer. The additional elements of claims 44 and 51 in separately or in combination do not add significantly more. 

Claim 45 (similarly claim 52) only furthers the of steps for bidirectional communication with secure encryption, which is a method of organizing human activity for managing personal behavior or relationships or interactions between people and/or commercial or legal interactions. Claim 45 (similarly claim 52) is not integrated into a practical application because is capable of encrypting one or more of the first and second private keys do not add a meaningful limitation to the method as they are insignificant extra-solution activity and only generally link the use of the judicial exception to a particular technological environment or field of use. Claims 45 and 52 do not include additional elements that are sufficient to amount to significantly more than the judicial exception because a security device is considered generic computer technology implementing well-understood, routine, and conventional activity, see MPEP §2106.05(d). Specifically, for a security device see MPEP §2106.05(d) (II) (ii) discussing the performance of repetitive calculations by a computer. The additional elements of claims 45 and 52 in separately or in combination do not add significantly more. 

Claim 46 (similarly claim 53) only furthers the of steps for bidirectional communication with secure encryption, which is a method of organizing human activity for managing personal behavior or relationships or interactions between people and/or commercial or legal interactions. Claim 46 (similarly claim 53) is not integrated into a practical application because stores the encrypted first or the second private keys do not add a meaningful limitation to the method as they are insignificant extra-solution activity and only generally link the use of the judicial 

Claim 47 (similarly claim 54) only furthers the of steps for bidirectional communication with secure encryption, which is a method of organizing human activity for managing personal behavior or relationships or interactions between people and/or commercial or legal interactions. Claim 47 (similarly claim 54) is not integrated into a practical application because wherein the password or the token is used to determine whether to decrypt the first or the second private keys do not add a meaningful limitation to the method as they are insignificant extra-solution activity and only generally link the use of the judicial exception to a particular technological environment or field of use. Claims 47 and 54 do not include additional elements that are sufficient to amount to significantly more than the judicial exception because a security device, security mechanism, and data store is considered generic computer technology implementing well-understood, routine, and conventional activity, see MPEP §2106.05(d). Specifically, for a security device and security mechanism see MPEP §2106.05(d) (II) (ii) discussing the performance of repetitive calculations by a computer; and for data store see MPEP §2106.05(d) (II) (iv) discussing storing and retrieving of information in memory. The additional elements of claim 47 and 54 in separately or in combination do not add significantly more. 

Claim 55 recites a series of steps for bidirectional communication with secure encryption, which is a method of organizing human activity for managing personal behavior or relationships or interactions between people and/or commercial or legal interactions. This judicial exception is not integrated into a practical application because obtaining the first data from the at application, wherein the first data is encrypted and stored using a first private key; obtaining second data, wherein the second data is encrypted and stored using a second private key; receiving a request via an application programming interface from the application to interact; and determining if the application can interact do not add a meaningful limitation to the method as they are insignificant extra-solution activity and only generally link the use of the judicial exception to a particular technological environment or field of use. Claim 55 does not include additional elements that are sufficient to amount to significantly more than the judicial exception because a server, security mechanism, third-party device, and data store are considered generic computer technology implementing well-understood, routine, and conventional activity, see MPEP §2106.05(d). Specifically, for a server, security mechanism, and a third-party device see MPEP §2106.05(d) (II) (ii) discussing the performance of repetitive calculations by a computer; and for data store see MPEP §2106.05(d) (II) (iv) discussing storing and retrieving of information in memory. Therefore, the additional elements of claim 55 in separately or in combination do not add significantly more.

Claim 56 recites a series of steps for bidirectional communication with secure encryption, which is a method of organizing human activity for managing personal behavior or relationships or interactions between people and/or commercial or legal interactions. Claim 56 is not integrated into a practical application receiving a password or a token that is used to determine if a security condition has been met do not add a meaningful limitation to the method as they are insignificant extra-solution activity and only generally link the use of the judicial exception to a particular technological environment or field of use. Claim 56 does not include additional elements that are sufficient to amount to significantly more than the judicial exception because a security mechanism is considered generic computer technology implementing well-understood, routine, and conventional activity, see MPEP §2106.05(d). Specifically, for a security mechanism see MPEP §2106.05(d) (II) (ii) discussing the performance of repetitive calculations by a computer. Therefore, the additional elements of claim 56 in separately or in combination do not add significantly more.

providing a user interface to the application and receiving the request via the user interface do not add a meaningful limitation to the method as they are insignificant extra-solution activity and only generally link the use of the judicial exception to a particular technological environment or field of use. Claim 57 does not include additional elements that are sufficient to amount to significantly more than the judicial exception. Therefore, the additional elements of claim 57 in separately or in combination do not add significantly more.

Claim 58 recites a series of steps for bidirectional communication with secure encryption, which is a method of organizing human activity for managing personal behavior or relationships or interactions between people and/or commercial or legal interactions. Claim 58 is not integrated into a practical application encrypting one or more of the first and second private keys do not add a meaningful limitation to the method as they are insignificant extra-solution activity and only generally link the use of the judicial exception to a particular technological environment or field of use. Claim 58 does not include additional elements that are sufficient to amount to significantly more than the judicial exception. Therefore, the additional elements of claim 58 in separately or in combination do not add significantly more.

storing the encrypted first or the second private keys do not add a meaningful limitation to the method as they are insignificant extra-solution activity and only generally link the use of the judicial exception to a particular technological environment or field of use. Claim 59 does not include additional elements that are sufficient to amount to significantly more than the judicial exception because a data store is considered generic computer technology implementing well-understood, routine, and conventional activity, see MPEP §2106.05(d). Specifically, for data store see MPEP §2106.05(d) (II) (iv) discussing storing and retrieving of information in memory. Therefore, the additional elements of claim 59 in separately or in combination do not add significantly more.

Claim 60 recites a series of steps for bidirectional communication with secure encryption, which is a method of organizing human activity for managing personal behavior or relationships or interactions between people and/or commercial or legal interactions. Claim 59 is not integrated into a practical application using the password or the token to determine whether to decrypt the first or the second private keys do not add a meaningful limitation to the method as they are insignificant extra-solution activity and only generally link the use of the judicial exception to a particular technological environment or field of use. Claim 60 does not include additional elements that are sufficient to amount to significantly more than the judicial exception because a data store is considered generic computer technology implementing well-understood, routine, and conventional activity, see MPEP §2106.05(d). Specifically, for data store see MPEP §2106.05(d) (II) (iv) discussing storing and retrieving of information in memory. Therefore, the additional elements of claim 60 in separately or in combination do not add significantly more.
Therefore, claims 41-60 are rejected under §101.
Claim Rejections - 35 USC § 103
12.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

13.	Claims 41-44, 48-51, and 55-57are rejected under 35 U.S.C. 103 as being unpatenable by U.S. Pat. Pub. No. 2009/0292641 to Weiss et al. (“Weiss”) in view of U.S. Pat. No. 7,222,100 to Tresser et al. (“Tresser”).

14.	With regards to claims 41 and 48, Weiss disclosed the limitations of,
a server communicatively connected to at least one data store comprising application data having public data and private data (See [0068] discussing the universal secure registry (USR) database (24) as a server communicating with a computer system (10) and [0072] discussing the information types included in the USR database including publicly information, financial information, and validation information. The examiner is interpreting the computer system as a server.);
a security mechanism coupled to the server (See Fig. 1 processor/CPU (16) and [0068] discussing the processor/CPU (16) of computer system (10).); and
an application capable of bidirectionally communicating with the server via the security mechanism (See [0098] discussing USR software (18) receiving and transmitting data to the USR database. The examiner is interpreting the receiving and transmitting as bidirectional. See also [0068] discussing USR software (18) being on processor/CPU (16).), the security mechanism further comprising, 
a security condition, wherein the security mechanism determines if the security condition is met (See [0087] discussing processor/CPU (16) implementing the USR software , the determination including at least using first application data from the application, wherein the first application data is encrypted and stored using a first private key (See [0130] discussing the public/private key pairing and the storing of the keys on the system.);
Weiss does not explicitly teach the limitations of,
an application programming interface that can be used by the application to interact with the server;
the determination including at least using first application data from the application1, , and using second service provider data from the server, wherein the second service provider data is encrypted and stored using a second private key.
However, Tresser teaches at [Col. 2, l. 14-39] and [Col. 4, l. 35-41] that it would have been obvious to one of ordinary skill in the data management art to include an application programming interface that can be used by the application to interact with the server (See [Col. 2, l. 14-39] discussing the data interaction with the server and users interaction with the data through an interface.) and using second service provider data from the server, wherein the second service provider data is encrypted and stored using a second private key (See [Col. 4, l. 35-41] discussing the maintaining of encrypted data from a service provider being secured by either a secret key or a public/private key pair.). 
Therefore, it would have been obvious for one of ordinary skill in the data management art before the effective filing date of the claimed invention to have modified the teachings of Weiss to include an application programming interface that can be used by the application to interact with the server and using second service provider data from the server, wherein the second service provider data is encrypted and stored using a second private key, as disclosed by Tresser. One of ordinary skill in the art would have been motivated to make this modification in order to provide a secure environment (Tresser [Col. 4, l. 21-41]).  

With regards to claims 42 and 49, Weiss disclosed the limitations of,
wherein the determination that a security condition is met includes receiving and sending application data, service provider data, requests and commands (See [0019] discussing the authentication method including receiving authentication information, communicating authentication information and validating authentication information. The examiner is interpreting the validation as a request and command.).

16.	With regards to claims 43 and 50, Weiss disclosed the limitations of,
wherein the server accesses the at least one data store only from a previously registered IP address, or a token (See [0243] discussing the system being used accessed by the user token for data such as financial or medical records.).

17.	With regards to claims 44 and 51, Weiss disclosed the limitations of,
wherein the security mechanism is configured to make a determination whether the application supplied a password or a token, as a condition for the security condition being met (See [0080] discussing passwords, tokens, or biometrics as the validation information for accessing the system.).
18.	With regards to claim 55, Weiss disclosed the limitations of,
providing at least one server communicatively connected to at least one data store comprising first data having public data and private data relating to an application (See [0068] discussing the universal secure registry (USR) database (24) as a server communicating with a computer system (10) and [0072] discussing the information types included in the USR database including publicly information, financial information, and validation information. The examiner is interpreting the computer system as a server.), wherein the server is bidirectionally communicating with the application and a third-party device (See Fig. 2 depicting USR system communicating in both directions with the interface centers (27) and [0098] discussing USR software (18) receiving and transmitting data to the USR database. The examiner is interpreting the interface centers as third-party devices.);
obtaining the first data from the at application, wherein the first data is encrypted and stored using a first private key(See [0130] discussing the public/private key pairing and the storing of the keys on the system.);
using a security mechanism capable of determining if2 the application can interact with the third-party device (See [0087] discussing processor/CPU (16) implementing the USR software (18) to implement functions and [0080] describing a validation by the USR software (18) by such methods as a password, token, pin, biometrics, etc.).
Weiss does not explicitly disclose the limitations of,
receiving a request via an application programming interface from the application to interact with the third party device; and
obtaining second data from the at least one third-party device, wherein the second data is encrypted and stored using a second private key;
However, Tresser teaches at [Col. 2, l. 14-39], [Col. 3, l. 65-Col.4, l. 20], and [Col. 4, l. 35-41] that it would have been obvious to one of ordinary skill in the data management art to include the ability to receiving a request via an application programming interface from the application to interact with the third party device (See [Col. 2, l. 14-39] discussing the data interaction with the server and users interaction with the data through an interface and [Col. 3, l. 65-Col.4, l. 20] discussing the interaction through the interface of the customer to request information from the institution.) and obtaining second data from the at least one third-party device, wherein the second data is encrypted and stored using a second private key (See [Col. 4, l. 35-41] discussing the maintaining of encrypted data from a service provider being secured by either a secret key or a public/private key pair.). 
Therefore, it would have been obvious for one of ordinary skill in the data management art before the effective filing date of the claimed invention to have modified the teachings of Weiss to include the ability to receiving a request via an application programming interface from the application to interact with the third party device and obtaining second data from the at least one third-party device, wherein the second data is encrypted and stored using a second private key, as disclosed by Tresser. One of ordinary skill in the art would have been motivated to make this modification in order to provide a secure environment (Tresser [Col. 4, l. 21-41]).  

With regards to claim 56, Weiss disclosed the limitations of,
receiving a password or a token that is used to determine if3 a security condition has been met (See [0087] discussing processor/CPU (16) implementing the USR software (18) to implement functions and [0080] describing a validation by the USR software (18) by such methods as a password, token, pin, biometrics, etc.).

20.	With regards to claim 57, Weiss disclosed the limitations of,
providing a user interface to the application and receiving the request via the user interface.
However, Tresser teaches at [Col. 2, l. 14-39], [Col. 3, l. 65-Col.4, l. 20], and [Col. 4, l. 35-41] that it would have been obvious to one of ordinary skill in the data management art to include a user interface to the application and receiving the request via the user interface (See [Col. 2, l. 14-39] discussing the data interaction with the server and users interaction with the data through an interface and [Col. 3, l. 65-Col.4, l. 20] discussing the interaction through the interface of the customer to request information from the institution.).
Therefore, it would have been obvious for one of ordinary skill in the data management art before the effective filing date of the claimed invention to have modified the teachings of Weiss to include a user interface to the application and receiving the request via the user interface, as disclosed by Tresser. One of ordinary skill in the art would have been motivated to make this modification in order to provide a secure environment (Tresser [Col. 4, l. 21-41]).  

	Claims 45-47, 52-54, and 58-60 are rejected under 35 U.S.C. 103 as being unpatenable by Weiss and Tresser in view of U.S. Pat. No. 5,241,599 to Bellovin et al. (“Bellovin”).

22.	With regards to claims 45, 52, and 58, Weiss and Tresser are silent on the limitations of,
wherein the security mechanism is capable of encrypting one or more of the first and second private keys.
However, Bellovin teaches at [Col. 14, l. 26-44] that it would have been obvious to one of ordinary skill in the encryption art to include the ability to encrypting one or more of the first and second private keys (See [Col. 14, l. 26-44] discussing the encryption of the private key with a secret key.). 
Therefore, it would have been obvious for one of ordinary skill in the encryption art before the effective filing date of the claimed invention to have modified the teachings of Weiss and Tresser to include encrypting one or more of the first and second private keys, as disclosed by Bellovin. One of ordinary skill in the art would have been motivated to make this modification in order to establish a private and authenticated communication channel (Bellovin [Col. 14, l. 26-44]).  
		
23.	With regards to claims 46, 53, and 59, Weiss disclosed the limitations of,
wherein the security mechanism stores the encrypted first or the second private keys in the data store (See [0130] discussing the public/private key pairing and the storing of the keys on the system.).

24.	With regards to claims 47, 54, and 60, Weiss and Tresser are silent on the limitations of,
wherein the password or the token is used by the security mechanism to determine whether to decrypt the first or the second private keys from the data store.
However, Bellovin teaches at [Col. 14, l. 65-Col. 15, l.15] that it would have been obvious to one of ordinary skill in the encryption art to include the ability for the password or the token is used to determine whether to decrypt the first or the second private keys (See [Col. 14, l. 65-Col. 15, l.15] discussing the decryptor accepting secret password (P) to recover the encrypted key.). 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See Notice of References Cited, PTO form 892.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL JARED WALKER whose telephone number is (303)297-4407. The examiner can normally be reached Monday-Thursday 9:00 AM -5:00 PM MT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Fahd A Obeid can be reached on (571)270-3324. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/MICHAEL JARED WALKER/Examiner, Art Unit 3687                                                                                                                                                                                                        Michael.walker@uspto.gov


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 The examiner is using plain text for context.
        2 This “if” limitation is a conditional limitation under the broadest reasonable interpretation does not have to be satisfied for a method claim. See MPEP §2111.04.
        3 This “if” limitation is a conditional limitation under the broadest reasonable interpretation does not have to be satisfied for a method claim. See MPEP §2111.04.