DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings
Figure 1 should be designated by a legend such as --Prior Art-- because only that which is old is illustrated.  See MPEP § 608.02(g).  Corrected drawings in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. The replacement sheet(s) should be labeled “Replacement Sheet” in the page header (as per 37 CFR 1.84(c)) so as not to obstruct any portion of the drawing figures. If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.

Specification
Applicant is reminded of the proper language and format for an abstract of the disclosure.
The abstract should be in narrative form and generally limited to a single paragraph on a separate sheet within the range of 50 to 150 words in length. The abstract should describe the disclosure sufficiently to assist readers in deciding whether there is a need for consulting the full patent text for details.
The language should be clear and concise and should not repeat information given in the title. It should avoid using phrases which can be implied, such as, “The disclosure concerns,” “The disclosure 
The abstract of the disclosure is objected to because the it contains the phrase “is disclosed”. As stated above, the abstract should avoid phrases which can be implied.  Correction is required.  See MPEP § 608.01(b).
The disclosure is objected to because of the following informalities: paragraph 40 recites “….is being monitored a third party”. This should be “…is being monitored by a third party”.  
Appropriate correction is required.

Claim Objections
Claim 11 is objected to because of the following informalities:  
claim 11, last line, “…with respect \to one another” which should be “with respect to one another”.  Appropriate correction is required.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 5-6 are rejected under 35 U.S.C. 103 as being unpatentable over Vanstone et al US 20120137368 (hereinafter Vanstone) in view of Sidler et al US 20160239932 (hereinafter Sidler).

As to claim 1, Vanstone teaches a method for determining and displaying the security state of data (abstract discloses determining the security state of information on a device and whether the information content is below a security threshold. Furthermore, the abstract discloses displaying a visual indication of the security state, see also paragraph 21), the method comprising the steps of: providing a third party database (Figure 4, reference number 284) operated by a third party (paragraph 67 discloses the host system that has the database/data store is a corporate enterprise or an organization) having a computer storage medium  configured for the storage of non-transitory data (Figure 4, reference number 292 and paragraph 28 mentions non-transitory data stored in memory);  storing data, from a first party, on the third party database (paragraph 70 discloses the memory unit can store functions used in implementing the IT policy as well as related data; paragraph 80 discloses the data server 274 of Figure 4 stores information that is relevant to the corporation, the server can include databases, see also paragraph 89); establishing, by the first party, a website interface accessible on the Internet to the data stored on the third party database (paragraph 81 discloses the mobile data server 274 can connect to the internet or other public network through http server or other web server to retrieve http webpages. The web server retrieves the webpage over the internet and returns it to mobile data server 274, see also paragraph 84) ; allowing access, by a second party, to the website interface of the first party (paragraph 80 discloses the communication device 100 of the user has access to the retrieved webpage via the shared network infrastructure 224 and the wireless network 200, see also paragraphs 84, 98-100 ); establishing a set of validation rules configured to be applied to the data, wherein compliance or non-compliance with the set of validation rules determines a security state of the data (paragraph 103 discloses the security state is based on the criteria security threshold which may comprise a minimum requirement and see also claim 11); evaluating whether the data is in compliance with the set of validation rules or whether the data is in non-compliance with the set of validation rules (paragraph 104 discloses the device is operative to identify the content as protected information and evaluate the security state, see also paragraphs 123-124 and claim 11); determining the security state of the data based upon the compliance of the data with the set of validation rules (paragraph 104 discloses the device is operative to identify the content as protected information and evaluate the security state to determine that it is below a security threshold, see also paragraphs 123-124); sending, by the third party, an indicator representative of the security state of the data to the website interface of the first party (paragraph 104 discloses upon determining that protected information is being entered and that the connection state is below a security threshold, the device presents a visual indication to the user); and displaying the indicator to the second party on the website interface (paragraphs 104-106, and Figures 9 and 10 shows the indicator alerting the user the website is not secure).
	Vanstone does not teach allowing access, by a second party, to the data stored on the third party database through the website interface of the first party.
	Sidler teaches allowing access, by a second party, to the data stored on the third party database through the website interface of the first party (paragraph 131 disclose a web browser is used again to access by the user to data contained in databases maintained at different facilities or another source information).
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Vanstone’s web browser to have access to databases as taught by Sidler to provide anytime anywhere access to robust data (paragraph 131 of Sidler).

	As to claim 2, the combination of Vanstone  in view of Sidler teaches wherein the data is non-transitory data (Vanstone: paragraph 28 discloses non-transitory data stored in memory).

As to claim 3, the combination of Vanstone in view of Sidler teaches wherein the step of evaluating whether the data is in compliance with the set of validation rules or whether the data is in non-compliance with the set of validation rules occurs each time when the data is created, updated, listed or deleted (Vanstone: paragraphs 49, 51, 68, and 89 mention updates to the data. Paragraph 89 discloses the host server may maintain local copies of certificate authentication in host data store that may be periodically updated from a third party certificate authority; abstract, paragraphs 27, 29, 104, 109, 111, and claim 11, wherein claim 11 discusses evaluating a security state based on criteria stored in one or more data stores. Paragraph 89 disclose the data stores is periodically updated).

	As to claim 5, the combination of Vanstone in view of Sidler teaches wherein the first party is a corporation (Vanstone: paragraphs 67, 88, and 99 disclose a corporate embodiment, wherein paragraph 99 discloses an application, which can be a web browser application, is a corporate application).

	As to claim 6, the combination of Vanstone in view of Sidler teaches wherein the second party is a website user (Vanstone: paragraph 101 discloses web page receiving content from a user).
	
Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Vanstone et al US 20120137368 (hereinafter Vanstone) in view of Sidler et al US 20160239932 (hereinafter Sidler) in further view of Satkunanathan et al US 20080047007 (hereinafter Satkunanthan).

As to claim 4, the combination of Vanstone in view of Sidler teaches all the limitations as recited in claim 1 above. The combination of Vanstone in view of Sidler does not teach including the step of confirming that a negative security state of the data has been resolved, and sending, by the third 
Satkunanthan teaches including the step of confirming that a negative security state of the data has been resolved, and sending, by the third party, a new indicator WOCA21043UA12 representative of the new security state of the data to the website interface of the first party and displaying the new indicator to the second party on the website interface (paragraphs 5-6, 29-32 disclose the page is updated in response to a change in security state data, see also Figures 5-7 reveal the update to the webpage based on security status indicator).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the webpage as taught by Vanstone in view of Sidler with Satkunanthan’s  indicator updates to provide the administrator with easy access to the latest information on current threats (paragraph 21 of Satkunanthan).

Claims 7-8 are rejected under 35 U.S.C. 103 as being unpatentable over Vanstone et al US 20120137368 (hereinafter Vanstone) in view of Sidler et al US 20160239932 (hereinafter Sidler) in further view of Simmons et al US 9424834 (hereinafter Simmons).

As to claim 7, the combination of Vanstone in view of Sidler teaches all the limitations recited in claim 1 above. The combination of Vanstone in view of Sidler is silent in disclosing the third party is affiliated with the first party. The combination of Vanstone in view of Sidler does not teach wherein the third party is not affiliated with the first party.
Simmons teaches wherein the third party is not affiliated with the first party (claim 17 discloses wherein the first party is different and not affiliated with the second party or the third party).
the method taught by Vanstone in view of Sidler to include Simmons’ teachings of non-affiliated parties to establish a secure link between the webpage access by the user and the database of the third party and provide successful authentications of the first, second, and third parties to the computing device.

As to claim 8, the combination of Vanstone in view of Sidler teaches all the limitations recited in claim 1 above. While the combination of Vanstone in view of Sidler is silent in disclosing the first party, second party, and third party are affiliated with one another, the combination of Vanstone in view of Sidler is also silent in teaching wherein the first party, the second party and the third party are not affiliated with one another.
Simmons teaches wherein the first party, the second party, and the third party are not affiliated with one another(claim 17 discloses wherein the first party is different and not affiliated with the second party or the third party).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the method taught by Vanstone in view of Sidler to include Simmons’ teachings of non-affiliated parties to establish a secure link between the webpage access by the user and the database of the third party and provide successful authentications of the first, second, and third parties with the computing device.

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Vanstone et al US 20120137368 (hereinafter Vanstone) in view of Sidler et al US 20160239932 (hereinafter Sidler) in further view of Gagle US 20050286699 (hereinafter Gagle).

As to claim 9, the combination of Vanstone in view of Sidler teaches all the limitations of claim 1 above. While the combination of Vanstone in view of Sidler teaches the second party is remote from the third party (Vanstone: paragraphs 114 and 122 disclose the user device receive content from a remote system/server, a corporate server), the combination of Vanstone in view of Sidler is silent in teaching the first party, the second party, and the third party are located in the same physical location. Furthermore, the combination of Vanstone in view of Sidler does not teach wherein the first party, the second party and the third party are located in different physical locations with respect to one another.
Gagle teaches wherein the first party, the second party and the third party are located in different physical locations with respect to one another (paragraph 24 discloses the first party, the second party, and third party are in different physical locations).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Vanstone in view of Sidler with Gagle’s teachings such that the online systems of these parties can provide information, accept and forward information, and/or allow access to online resources. These parties can secure their systems so that authorize activities are allowed while unauthorized activities are prevented. 

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Vanstone et al US 20120137368 (hereinafter Vanstone) in view of Sidler et al US 20160239932 (hereinafter Sidler) in further view of Dalcher et al US 20130276120(hereinafter Dalcher).

As to claim 10, the combination of Vanstone in view of Sidler teaches all the limitations of claim 1 above; the combination of Vanstone in view of Sidler does not teach including the step of restricting access to the data by the second party when the data is in non-compliance with the set of validation rules.
Dalcher teaches including the step of restricting access to the data by the second party when the data is in non-compliance with the set of validation rules (paragraph 50 disclose the endpoint device may disallow execution of the data based on the received security status).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the method as taught by Vanstone in view of Sidler with Dalcher’s method of restricting access to the data to minimize and/or eliminate unnecessary data being sent to the endpoint device accessing the data (paragraph 77 of Dalcher).

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Vanstone et al US 20120137368 (hereinafter Vanstone) in view of Sidler et al US 20160239932 (hereinafter Sidler) in further view of Simmons et al US 9424834 (hereinafter Simmons) in further view of Gagle US 20050286699 (hereinafter Gagle).

As to claim 11, Vanstone teaches a method for determining and displaying the security state of data (abstract discloses determining the security state of information on a device and whether the information content is below a security threshold. Furthermore, the abstract discloses displaying a visual indication of the security state, see also paragraph 21), the method comprising the steps of: providing a third party database (Figure 4, reference number 284) operated by a third party (paragraph 67 discloses the host system that has the database/data store is a corporate enterprise or an organization) having a computer storage medium  configured for the storage of non-transitory data (Figure 4, reference number 292 and paragraph 28 mentions non-transitory data stored in memory);  storing data, from a first party, on the third party database (paragraph 70 discloses the memory unit can store functions used in implementing the IT policy as well as related data; paragraph 80 disclose the data server 274 of Figure 4 stores information that is relevant to the corporation, the server can include databases, see also paragraph 89); establishing, by the first party, a website interface accessible on the Internet to the data stored on the third party database (paragraph 81 discloses the mobile data server 274 can connect to the internet or other public network through http server or other web server to retrieve http webpages. The web server retrieves the webpage over the internet and returns it to mobile data server 274, see also paragraph 84) ; allowing access, by a website user, to the website interface of the first party (paragraph 80 discloses the communication device 100 of the user has access to the retrieved webpage via the shared network infrastructure 224 and the wireless network 200, see also paragraphs 84, 98-100 ); establishing a set of validation rules configured to be applied to the data, wherein compliance or non-compliance with the set of validation rules determines a security state of the data(paragraph 103 discloses the security threshold may comprise minimum requirement for a secure connection and claim 11 ); evaluating whether the data is in compliance with the set of validation rules or whether the data is in non-compliance with the set of validation rules (paragraph 104 discloses the device is operative to identify the content as protected information and evaluate the security state, see also paragraphs 123-124); determining the security state of the data based upon the compliance of the data with the set of validation rules(paragraph 104 discloses the device is operative to identify the content as protected information and evaluate the security state to determine that it is below a security threshold, see also paragraphs 123-124); sending, by the third party, an indicator representative of the security state of the data to the website interface of the first party (paragraph 104 discloses upon determining that protected information is being entered and that the connection state is below a security threshold, the device presents a visual indication to the user); and displaying the indicator to the second party on the website interface (paragraphs 104-106, and Figures 9 and 10 show the indicator alerting the user the website is not secure); wherein the step of evaluating whether the data is in compliance with the set of validation rules or whether the data is in non-compliance with the set of validation rules occurs each time when the data is created, updated, listed or deleted (paragraphs 49, 51, 68, and 89 mention updates to the data. Paragraph 89 discloses the host server may maintain local copies of certificate authentication in host data store that may be periodically updated from a third party certificate authority; abstract, paragraphs 27, 29, 104, 109, 111, and claim 11, wherein claim 11 discusses evaluating a security state based on criteria stored in one or more data stores. Paragraph 89 discloses the data stores is periodically updated).
	Vanstone does not teach allowing access, by a second party, to the data stored on the third party database through the website interface of the first party; wherein the first party, the website user, and the third party are not affiliated with one another; and wherein the first party, the website user and the third party are located in different physical locations with respect to one another.
	Sidler teaches allowing access, by a second party, to the data stored on the third party database through the website interface of the first party (paragraph 131 discloses a web browser is used to again access by the user to data contained in databases maintained at different facilities or another source information).
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Vanstone’s web browser to have access to databases as taught by Sidler to provide anytime anywhere access to robust data (paragraph 131 of Sidler).
The combination of Vanstone in view of Sidler is silent in disclosing the first party, website user, and third party are affiliated with one another. While the combination of Vanstone in view of Sidler discloses the second party is remote from the third party (Vanstone: paragraphs 114 and 122 disclose the user device receives content from a remote system/server, a corporate server), the combination of Vanstone in view of Sidler is silent in teaching wherein the first party, the website user, and the third party are not affiliated with one another; wherein the first party, the website user and the third party are located in different physical locations with respect to one another.
Simmons teaches wherein the first party, the website user, and the third party are not affiliated with one another(claim 17 discloses wherein the first party is different and not affiliated with the second party or the third party).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the method taught by Vanstone in view of Sidler to include Simmons’ teachings of non-affiliated parties to establish a secure link between the webpage access by the user and the database of the third party and provide successful authentications of the first, second, and third parties to the computing device.
The combination of Vanstone in view of Sidler and Simmons do not teach wherein the first party, the website user and the third party are located in different physical locations with respect to one another.
Gagle teaches wherein the first party, the website user and the third party are located in different physical locations with respect to one another (paragraph 24 discloses the first party, the second party, and third party are in different physical locations).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Vanstone in view of Sidler and Simmons with Gagle’s method such that the online systems of these parties can provide information, accept and forward information, and/or allow access to online resources. These parties can secure their systems so that authorize activities are allowed while unauthorized activities are prevented.

Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Vanstone et al US 20120137368 (hereinafter Vanstone) in view of Sidler et al US 20160239932 (hereinafter Sidler) in further view of Simmons et al US 9424834 (hereinafter Simmons) in further view of Gagle US 20050286699 (hereinafter Gagle) in further view of Satkunanathan et al US 20080047007 (hereinafter Satkunanthan).

As to claim 12, the combination of Vanstone in view of Sidler, Simmons, and Gagle teach all the limitations as recited in claim 11 above. The combination of Vanstone in view of Sidler, Simmons, and Gagle do not teach including the step of confirming that a negative security state of the data has been resolved, and sending, by the third party, a new indicator WOCA21043UA12 representative of the new security state of the data to the website interface of the first party and displaying the new indicator to the second party on the website interface.
Satkunanathan teaches including the step of confirming that a negative security state of the data has been resolved, and sending, by the third party, a new indicator WOCA21043UA12 representative of the new security state of the data to the website interface of the first party and displaying the new indicator to the second party on the website interface (paragraphs 5-6, 29-32 disclose the page is updated in response to a change in security state data, see also Figures 5-7 reveals the update to the webpage security status indicator).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the webpage as taught by Vanstone in view of Sidler, Simmons, and Gagle with Satkunanathan’s  indicator updates to provide the administrator with easy access to the latest information on current threats (paragraph 21 of Satkunanathan).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Mahaffey et al US 20100100964 teaches a method for determining and displaying the security state of data (abstract).

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on (571)272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/F.F/Examiner, Art Unit 2437  

/KRISTINE L KINCAID/Supervisory Patent Examiner, Art Unit 2437