Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present Office Action is responsive to communication received 10/2/2020. Claims 1-26 are pending.

Priority
The present application is a continuation of US 15795101, filed 10/26/2017 ,now U.S. Patent 10853490.

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 12/29/2020, 7/28/2021, 8/23/2021 and 2/4/2022 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1-10, 12-23, 25-26 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-3, 5-6, 8-9  of U.S. Patent No10853490 (‘490), in view of US 20190034624 to Chen et al.  as follows:
Regarding claims 1, 14, all limitations are recited in claim 1 of ‘490 except: 
while the policy is set, detecting a second attempt by the first application to access the first hardware resource; in response to detecting the second attempt by the first application to access the first hardware resource while the policy is set, determining that the mobile device is in a locked state; and denying the first application access to the first hardware resource in response to determining that the mobile device is in the locked state.  Chen in an analogous art discloses while the policy is set, detecting a second attempt by the first application to access the first hardware resource ([0038] each time the application attempts to access the camera, evaluate permission); in response to detecting the second attempt by the first application to access the first hardware resource while the policy is set, determining that the mobile device is in a locked state ([0066]: determine that the device is in a locked state and there is a potential risk); and denying the first application access to the first hardware resource in response to determining that the mobile device is in the locked state ([0046][0048] Fig. 3, 344 : if it is determined that the context poses a risk, deny access).  It would have been obvious to a skilled artisan before the present application was filed to combine the teachings of claim 1 of ‘490 and Chen because it would allow to impose more restrictions to application attempts to access hardware resource, refining the access controls.
Regarding claims 2, 15, claim 1 of ‘490 in view of Chen discloses the limitations (see below).
Regarding claims 3, 16, claim 1 of ‘490 in view of Chen discloses the method of claim 1; additional limitations are taught by claim 2 of ‘490.
Regarding claims 4, 17, claim 1 of ‘490 in view of Chen discloses the method of claim 1; additional limitations are taught by claim 3 of ‘490.
Regarding claims 5, 18, claim 1 of ‘490 in view of Chen discloses the method of claim 1; additional limitations are taught by claim 5 of ‘490.
Regarding claims 6, 19, claim 1 of ‘490 in view of Chen discloses the method of claim 1; additional limitations are taught by claim 6 of ‘490.
Regarding claims 7, 20, claim 1 of ‘490 in view of Chen discloses the method of claim 1; additional limitations are taught by claim 2 of ‘490.
Regarding claims 8, 21, claim 1 of ‘490 in view of Chen discloses the method of claim 1; additional limitations are taught by claim 1 of ‘490.
Regarding claims 9, 22, claim 1 of ‘490 in view of Chen discloses the method of claim 1; additional limitations are taught by claim 5 of ‘490.
Regarding claims 10, 23, claim 1 of ‘490 in view of Chen discloses the method of claim 1; additional limitations are taught by claim 6 of ‘490.
Regarding claims 12, 25, claim 1 of ‘490 in view of Chen discloses the method of claim 1; additional limitations are taught by claim 8 of ‘490.
Regarding claims 13, 26, claim 1 of ‘490 in view of Chen discloses the method of claim 1; additional limitations are taught by claim 9 of ‘490.
Claims 11 and 24 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 of ‘490 and Chen, in view of publication titled “Rethinking Security of Web-Based System Applications”, 2015, ACM, p.366-376 hereinafter Georgiev..
Regarding claims 4, 17, claim 1 of ‘490 in view of Chen discloses the method of claim 1, Georgiev discloses the rest of the limitations as seen presented below.


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claims 1, 3, 5, 7, 9, 12, 14, 16, 18, 20, 22 and 25 are rejected under 35 U.S.C. 102 a2 as being anticipated by US 20190034624 to Chen et al., hereinafter Chen.  Chen is cited in IDS dated 12/29/2020.

Regarding claims 1, and substantially 14, Chen discloses
A method to manage hardware resource access on a mobile device, the method comprising: setting a policy of the mobile device to grant permission to a first application to access a first hardware resource, wherein the first hardware resource is a camera of the mobile device or a microphone of the mobile device ; while the policy is set, detecting a first attempt by the first application to access the first hardware resource ([0038] detect attempt to access the camera); in response to detecting the first attempt by the first application to access the first hardware resource while the policy is set, determining that the first application is executing in a background of the mobile device ([0056]: at runtime of application, determine potential risk and context of the application, e.g the application is running in the background); denying the first application access to the first hardware resource in response to determining that the first application is executing in the background of the mobile device ([0046][0048] Fig. 3, 344 : if it is determined that the context poses a risk, deny access); while the policy is set, detecting a second attempt by the first application to access the first hardware resource ([0038] each time the application attempts to access the camera, evaluate permission); in response to detecting the second attempt by the first application to access the first hardware resource while the policy is set, determining that the mobile device is in a locked state ([0066]: determine that the device is in a locked state and there is a potential risk); and denying the first application access to the first hardware resource in response to determining that the mobile device is in the locked state ([0046][0048] Fig. 3, 344 : if it is determined that the context poses a risk, deny access).  

Regarding claims 3 and 16, Chen discloses the method of claim 1, further comprising: providing a notification requesting user input to grant or deny access to the 
Regarding claims 5 and 18, Chen discloses the method of claim 3, wherein providing the notification requesting user input to grant or deny access comprises providing a graphical user interface on a display of the mobile device or providing a natural language message using an audio output of the mobile device ([0041]: receive user input thru GUI).  

Regarding claims 7 and 20, Chen discloses the method of claim 1, further comprising: providing a notification requesting user input to grant or deny access to the first hardware resource by the first application in response to the second attempt; receiving user input to grant access to the first hardware resource responsive to the notification ([0040][0041]: post-installation permission, inputted on GUI); and generating a new policy to grant access to the first hardware resource by the first application according to the user input ([0086]: GUI used to update a permission setting associated with the application and resource).  

Regarding claims 9 and 22, Chen discloses the method of claim 7, wherein providing the notification requesting user input to grant or deny access comprises 

Regarding claims 12 and 25, Chen discloses the method of claim 1, wherein the policy comprises granting permission to the first application to access the first hardware resource when the mobile device is located in a first geographic location ([0079]: evaluate risks based on the device location, if no risks, the application is allowed to access the camera see Fig. 3, 333).  

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 2, 4, 8, 15,  17 and 21 are rejected under 35 USC 103 as being unpatentable over Chen.
Regarding claims 2 and 15, Chen discloses the method of claim 1, further comprising: while the policy is set, detecting a third attempt by the first application to access the first hardware resource ([0038] each time the application attempts to access the camera, evaluate permission); in response to detecting the third attempt by the first application to access the first hardware resource while the policy is set, determining that or the device is locked); and granting the first application access to the first hardware resource in response to determining that the first application is not executing in the background of the mobile device and that the mobile device is not in the locked state ([0047]: grant access if there is no risk).  
Chen discloses determining that the first application is not executing in the background of the mobile device or that the mobile device is not in the locked state ([0066]), however, it would have been obvious to a skilled artisan before the application was filed to detect both the application is not executing in the background and the mobile device in not in a locked state to implement the claim because it would add more constraints to the access control, if so desired the user ([0052] user’s choices). 

Chen Regarding claims 4 and 17, Chen discloses the method of claim 3; Chen does not explicitly teach the rest of the claims however, Chen discloses the user updates the permission ([0044][0086]), the permission represents the user’s choices ([0052]) and is accessed by a monitor to verify at each attempt if an application has permission to access the resource (Fig. 3, 301 [0044]); Chen also teaches an application at post-installation time can be given permission to access a resource ([0040). Therefore, Chen suggests further comprising granting access to the first application to access the first hardware resource while executing in the background of the mobile device according to the new policy ([0040] post-installation grant). It would have been obvious to a skilled artisan before the application was effectively filed to use 
Regarding claims 8 and 21, Chen discloses the method of claim 7; although Chen does not explicitly teach the rest of the claims, Chen discloses post-installation permission, and determining that the attempts from the application presents a risk according to rules and context  ([0040][0041]), the context including whether the device is locked; a user can sets privacy preferences in response to a first notification ([0079]). Therefore it would have been obvious to a skilled artisan before the application was effectively filed to disclose the method further comprising granting access to the first application to access the first hardware resource while the mobile device is in the locked state according to the new policy because it would provide flexibility to the users to set their choices as to what applications and in which context access to camera, microphone ... is granted/denied.

Claims 6, 10, 19 and 23 are rejected under 35 U.S.C. 103 as being unpatentable Chen, in view of US 20130246470 to Price et al., hereinafter Price. Price is cited in IDS dated 12/29/2020.
Regarding claims 6 and 19, Chen discloses the method of claim 3, further comprising: determining that a period of time has elapsed since generating the new policy ([0067]: determine elapsed time since application ‘s attempt to access)  but does not teach deleting the new policy.  In an analogous art, Price discloses specifying in a access control list ACL a validity period for accessing a particular resource, determining 

Regarding claims 10 and 23, the claims recite same content as claim 6 and are rejected with the rationales rejecting claim 6.

Claims 11 and 24 are rejected under 35 U.S.C. 103 as being unpatentable Chen, in view of publication titled “Rethinking Security of Web-Based System Applications”, 2015, ACM, p.366-376 hereinafter Georgiev.
Regarding claims 11 and 24, Chen discloses the method of claim 1. Additionally Chen discloses  wherein the policy comprises a plurality of records, and wherein each record comprises a rule that indicates whether a specified application is flagged to be reported when attempting access to a resource ([0092]); however, Chen does not explicitly teach indicating whether a specified application is granted or denied access to a specified hardware resource of the mobile device. In an analogous art, Georgiev discloses configuring rules for applications to access specific objects by specifying whether the application should be granted or denied access and whether the user should be prompted or not (default is yes) (p.372). The objects accessed are camera, geolocation ... (see Abstract). It would have been obvious to a skilled artisan before the filing data of the application to specify whether an application is granted access or 

Claims 13 and 26 are rejected under 35 U.S.C. 103 as being unpatentable Chen, in view of US 20160191534 to Mallozzi et al., hereinafter Mallozzi. Mallozzi is cited in IDS dates 12/29/2020.
Regarding claims 13 and 26, Chen discloses the method of claim 12. Chen additionally teaches detecting the location of the device ([0079])  but does not teach further comprising in response to detecting the first attempt by the first application to access the first hardware resource, determining that the mobile device is not located in the first geographic location.  In an analogous art, Mallozzi discloses specifying permitted locations at which an application is allowed to access the resource ([0018])  and detecting the device is outside the location ([0127])]. It would have been obvious to a skilled artisan before the filing data of the application to detect a device is not in the permitted location when the application attempts to access a resource as taught by Mallozzi because it would allow to enforce location-based access of the device’s resource.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CATHERINE B THIAW whose telephone number is (571)270-1138. The examiner can normally be reached Monday-Friday 7am-4pm.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, CARL G COLIN can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Catherine Thiaw/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        2/26/2022