DETAILED ACTION

Currently pending claims are 1 – 20.

Response to Arguments

Applicant's arguments with respect to the subject matter of the instant claims have been fully considered but are not persuasive.
As per claim 1, Applicant asserts prior-art(s) does not teach the newly amended claim element such as “wherein the security settings define, for an application, application features internal to the application and other than launching the application that are enabled or disabled for particular security levels” (Remarks: Page 8).  Examiner respectfully disagrees with the following rationale.
(a) Gum teaches the security setting defines application features such as the e-commerce (financial) transaction or the particular program (project) / data (e.g. work context, home context or school context) to be accessed (or downloaded) by the user can be enabled or disabled based upon whether the access request satisfies the requirements of particular security levels associated with a particular location / environment of the user as required; and 
(b) furthermore, activating a internal feature of an application such as dealing with a particular financial transaction at a specific security level – for example, requiring at a particular security level of authentication to activate a more protected financial transaction (Gum: Para [0054]) – this is consistent with the disclosure of the instant specification (SPEC: Para [0011] Last sentence and Para [0032] Line 1 – 4)).  As such Applicant's arguments are respectfully traversed.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1 – 3, 6, 7, 9 – 13, 15 & 17 – 20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Gum et al. (U.S. Patent 2010/0175116). 

As per claim 1, 12 & 19, Gum teaches a method comprising: 
receiving security settings specifying a mapping of security events to security levels, wherein each security level defines authentication procedures required to achieve that security level (Gum: Para [0016] / [0017], Para [0055] / [0039] and Para [0053] / [0093] / [0094]: security setting configuration data can be retrieved (received) by a computing device that defines a corresponding requirements between a security event (e.g. an e-commerce (financial) transaction event or a particular program (project) / data accessing event along with an access attempt level) and a security level specifying whether an associated heightened (tightened) security level is required or not for authentication purpose (e.g. multi-factor authentions) – e.g. a banking application typically requires a higher security level) and wherein the security settings define, for an application, application features internal to the application and other than launching the application that are enabled or disabled for particular security levels (Gum: Para [0054], Para [0039] / [0055] and Para [0093] / [0094]: 
(a) Gum teaches the security setting defines application features such as the e-commerce (financial) transaction or the particular program (project) / data (e.g. work context, home context or school context) to be accessed (or downloaded) by the user can be enabled or disabled based upon whether the access request satisfies the requirements of particular security levels associated with a particular location / environment of the user as required; and 
(b) furthermore, activating a internal feature of an application such as dealing with a particular financial transaction at a specific security level – for example, requiring at a particular security level of authentication to activate a more protected financial transaction (Gum: Para [0054]) – this is consistent with the disclosure of the instant specification (SPEC: Para [0011] Last sentence and Para [0032] Line 1 – 4)).
identifying a security event corresponding to one of the security settings (see above); 
applying the mapping to the identified security event to determine a change from a previous security level to a new security level (Gum: see above & Para [0055]: when a particular location / environment is changed, the required security level is changed accordingly); 
performing an authentication procedure defined for the new security level (see above); and 
in response to the authentication procedure being successful and based on the security settings, enabling one or more application features that were disabled in the previous security level (see above).  

As per 2, 6 – 7 and 13, the claims contain(s) similar limitations to claim(s) 1 and thus is/are rejected with the same rationale.

As per claim 3, Gum teaches the application features were identified as being in the category of application features by a provider of the application (Gum: see above: the category of work context / school context to be loaded as identified by the provider of employer company or school accordingly or, on the other hand, a financial transaction service provider).  

As per claim 9, 17 and 20, Gum teaches wherein at least some of the security settings define applications or application features that can be accessed at a security level with an application procedure with no required authentication user input (Gum: see above & Para [0054] Last sentence).  

As per claim 10 and 18, Gum teaches determining a location change to a new location (Gum: see above); wherein the authentication procedure comprises determining that the new location is in an identified safe zone defined in a security setting mapped, in the mapping, to the security event (Gum: see above), and wherein the application features are enabled in response to the authentication procedure without requiring further authentication input from a user (Gum: see above & Para [0054] Last sentence).  

As per claim 11, Gum teaches wherein at least some of the security settings map to a security event comprising a first timeout that, when the first timeout expires, disables a first set of applications and/or application features; and wherein at least some of the security settings map to a security event comprising a second timeout that, when the second timeout expires, disables a second set of applications and/or application features (Gum: Para [0027]: (e.g.) a biometric authentication key (as per various biometric identifications w.r.t. different security levels required) can be valid only for a given amount of time and as such, the associated applications and/or application features would be disabled when the time period expired).  

As per claim 15, Gum teaches wherein the security event comprises one of a determination of identifying an unlock event or a device sleep exit event or identifying a device startup event (Gum: see above & Figure 3 / E-340 & E-315: to lock / unlock the portable device for the user to access).  

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 4, 5 and 14 are rejected under 35 U.S.C.103 as being unpatentable over Gum et al. (U.S. Patent 2010/0175116), in view of Rungta et al. (U.S. Patent 11,017,107).  

As per claim 4 and 14, Rungta (& Gum) teaches wherein the application features were identified as being in the category of application features via a user causing an API call to the application to obtain access to the application features (Gum: see above) || (Rungta: Col. 13 Line 62 – 67 and Col. 14 Line 1 – 7 / Line 39 – 48: utilizing an API call to specify security permissions that define access rights to grant / deny a particular user to access a particular resource (e.g. application features (functions), as disclosed at the primary Gum’5116).  
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to propose the modification of causing an API call to the application to obtain access to the application features because Rungta teaches to alternatively, effectively and securely utilize an API call to specify security permissions that define access rights to grant / deny a particular user to access a particular resource (e.g. application features (functions), as disclosed within he Gum’s system of defining security setting such as application features that include the e-commerce (financial) transaction or the particular program (project) / data (e.g. work context, home context or school context) to be accessed (or downloaded) by the user that can be enabled or disabled based upon whether the access request satisfies the requirements of particular security levels associated with a particular location / environment of the user as required (see above).

As per claim 5, Rungta (& Gum) teaches wherein the application features are enabled by making an API call to an application with features specified in the security settings (Rungta: Col. 13 Line 62 – 67 and Col. 14 Line 1 – 7 / Line 39 – 48: see above).  See the same rationale of combination applied herein as above in rejecting the claim 4.
  
Claims 8 and 16 are rejected under 35 U.S.C.103 as being unpatentable over Gum et al. (U.S. Patent 2010/0175116), in view of Andersson et al. (U.S. Patent 7,712,126).  

As per claim 8 and 16, Andersson (& Gum) teaches some of the security settings are defined by a policy received over a network from a remote source (Gum: see above) || (Andersson: Col. 4 Line 60 – Col. 5 Line 11: the security policies / settings (e.g. access permissions) can be dynamically downloaded together with the applications from a remote location).  
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to propose the modification of receiving some of the security settings over a network from a remote source because Andersson teaches to dynamically download the security policies / settings (e.g. access permissions) together with the applications from a remote location (see above) within the Gum’s system of retrieving the security setting from the computing device assicated with application features such as the e-commerce (financial) transaction or the particular program (project) / data (e.g. work context, home context or school context) to be accessed (or downloaded) by the user that can be enabled or disabled based upon whether the access request satisfies the requirements of particular security levels associated with a particular location / environment of the user as required (see above). 

Conclusion

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 




Any inquiry concerning this communication or earlier communications from the examiner should be directed to LONGBIT CHAI whose telephone number is (571)272-3788. The examiner can normally be reached Monday - Friday 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D. Feild can be reached on 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

---------------------------------------------------
                  /Longbit Chai/
           Longbit Chai E.E. Ph.D.
    Primary Examiner, Art Unit 2431
                   No. #2317 – 2022
---------------------------------------------------