DETAILED ACTION
1. 		Claims 1-20 are presented for the examination. 
                                            Claim Rejections - 35 USC § 101
                             § 101 2. 35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. 
2. Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed an abstract idea without significantly more.
3.  The limitations for “ determining that an application on the first computing device has requested personal information” that, under its broadest reasonable interpretation, covers steps that could reasonably be performed in the mind, including with the aid of pen and paper, but for the recitation of generic computer components, under its broadest reasonable interpretation, recite the abstract idea of mental processes.  These limitations encompass a human mind carrying out these functions through observation, evaluation judgment and /or opinion, or even with the aid of pen and paper.  Thus, these limitations recite and fall within the “Mental Processes” grouping of abstract ideas. 
4.   This judicial exception is not integrated into a practical application. The claim recites the following additional elements “ the personal information can be provided by a personal information manager on a second computing device, wherein the first computing device operates using a first platform and the second computing device operates using a second platform, wherein the second platform is different from the first platform, and wherein there is a trusted 
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application.  See MPEP 2106.05(d).  Thus, the claim is not patent eligible.


Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

5.	Claims 1, 3, 5, 7, 8, 12, 14, 15, 16, 17 are rejected under 35 U.S.C. 103 as being unpatentable over Shepard( US 20130054803 A1) and further in view of  Poschel (US 20180219846 A1).   

As to claim 1,  Shepard teaches  determining that an application on the first computing device has requested personal information( operating system 213 of user device 210 proxies authentication sessions between client applications 214 and first-party data manager 220 (e.g., the social-networking system). In particular embodiments, when a client application 214 wishes to access user data 221 stored on remote hosts, instead of requesting an access token directly from first-party data manager 220, the client application 214 may send a request to operating system 213, para[0018],ln 1-10), wherein the personal information can be provided by a personal information manager on a second computing device( there is a first party 220 that is responsible for managing data 221 stored on remote hosts (e.g., on servers or in databases) associated with first party 220. In particular embodiments, first party 220 may be a social-networking system, and a user of user device 210 may be a member of social-networking system 220. Data 221 may be data of the user maintained by social-networking system 220, such as the user's profile, social connections and contacts, calendar entries, interests and hobbies, news feeds generated for the user, images uploaded to social-networking system 220 by the user, messages or posts sent by or sent to the user, and so on, para[0015] to para[0016]), wherein the first computing device operates using a first platform and the second computing device operates using a second platform, wherein the second platform is different from the first platform ( a user device 210, such as a desktop computer or a mobile device (e.g., notebook computer, wherein there is a trusted connection between the first computing device and the second computing device( operating system 213 may establish a secure network connection (e.g., SSL connection) with first-party data manager 220, and send the request over this secure connection, para[0022], ln 16-25), sending a request to a second broker on the second computing device to provide the personal information for the application, wherein the request is sent automatically in response to determining that the application has requested the personal information( When a specific user is running a client application 214 on user device 210, if the client application 214 wishes to access the specific user's data, the user's digital certificate 211 may be used in connection with the authentication process (e.g., used to establish a secure connection between user device 210 and first party 220), para[0019], ln 8-16/ operating system 213 may send a request to first-party data manager 220 on behalf of the requesting client application 214, as illustrated in STEP 130. The request, such as proxy.Authorize (app_id, developer_id, permissions), may include both the developer_identifier (e.g., "ABCD1234") and the application identifier of the requesting client application 214. The request may also contain a user identifier (or any other suitable account identifier) that the remote host may associate to a set of data (such as user account data). Optionally, the request may also include information describing which specific portion (permissions) of user data 221 client application 214 wishes to 
Shepard does not teach receiving the personal information from the second broker on the second computing device; and providing the personal information to the application. However, Poschel teaches receiving the personal information from the second broker on the second computing device; and providing the personal information to the application(  PII or derived data directly from the data provider service. The requested PII or derived data can be delivered from the data provider service to the browser application via the data provider API.In some aspects, the data provider system allows sensitive data about individuals or other entities to be securely delivered to a browser application, para[0023],ln 11-15 to para[0024], ln 1-6).
It would be obvious to one of the ordinary skill in the art before the effective filling date of claimed invention was made to modify the teaching of  Shepard with  Poschel to incorporate the feature of receiving the personal information from the second broker on the second computing device; and providing the personal information to the application because this  allows conventional techniques for directing the consumer to the data provider service may be inadequate for handling the consumer's request for secured information via the online service.
As to claim 3,   Shepard teaches  determining that the application on the first computing device has requested the personal information comprises receiving an application programming interface (API) request from the application(  the client application 214 may send a request to operating system 213, as illustrated in STEP 110. For example, the client application 214 may make an API call to operating system 213 to open a session with first-party data manger 220 
As to claim 5, Poschel teaches sending the request to the second computing device comprises calling an application programming interface (API) that is exposed by a broker on the second computing device( The data provider service 109 can communicate, via the data provider API 110, with user devices 102, third-party systems 104, or some combination thereof via encrypted communication. Data exchanged between the data provider API 110 and other systems can have any suitable format, para[0036], ln 1-15).  
As to claim 7, it is rejected for the same reason as to claim 1 above.
As to claim 8, Poschel teaches obtaining the personal information comprises sending an application programming interface (API) request to an API that is exposed by the personal information manager( The data provider service 109 can communicate, via the data provider API 110, with user devices 102, third-party systems 104, or some combination thereof via encrypted communication. Data exchanged between the data provider API 110 and other systems can have any suitable format, para[0036], ln 1-15).  
As to claim 12, it is rejected for the same reason as to claim 1 above. In additional, Poschel teaches first computing device that operates using a first platform; a first broker on the first computing device; a second computing device that operates using a second platform, wherein the second platform is different from the first platform( a browser application 103 executed by the user device 102 and an online service 105 that is hosted by (or otherwise associated with) the third-party system 104. The online service 105 can provide, via an 103, one or more options for enrolling a user of the user device 102 in the data provider service 109, para[0052], ln 9-15/ telecommunications network server 108 to implement block 204. For example, the authentication engine 111 can obtain, from the enrollment API call, information that identifies a user that is described by one or more of the user data records 118. The authentication engine 111 can use the obtained information to retrieve one or more user data records 118 that include data describing the user, para[0052], ln 6-26), the first broker is additionally configured to request personal information from the personal information manager via the second broker( FIG. 9 depicts an example of a request 900 from the browser application 103 using an access token. The telecommunications network server 108 can receive, via the data provider API 110, the communication 326 having the access token and the request, para[0088], ln 15-25).
As to claim  14, Shepard teaches the system further comprises an application on the first computing device; and the first broker is configured to automatically request the personal information in response to determining that the application has requested the personal information(Then, each time when a client application 214 wishes to access the user's information (e.g., data 221), instead of contacting and troubling the user, operating system 213 may send a request to the social-networking system hosting the social-networking website (i.e., first-party data manager 220). The social-networking system may authenticate the client application 214 according to the specification previously made by the user , para[0029], ln 20-35).
As to claim 15, Poschel teaches the first broker is additionally configured to: determine context information related to the personal information; and provide the context information to 900 from the browser application 103 using an access token. The telecommunications network server 108 can receive, via the data provider API 110, the communication 326 having the access token and the request, para[008], ln 15-35).  
As to claim 16,  Shepard teaches  the second broker is configured to expose an application programming interface (API); the first broker is configured to request the personal information from the personal information manager via an API request(  In particular embodiments, social-networking system 220 may provide Application Programming Interfaces (APIs) that enable software applications (e.g., applications developed by third-party developers) to access some or all of the user's data either stored on user device 210 or on remote hosts (e.g., data 221). For example, client applications 214 may access some of the user's data (e.g., profile information, social connections, images, etc.) using the APIs provided by social-networking system 220, para[0017], ln 1-15).  
As to claim 17,  Poschel teaches  the second broker is configured to: obtain the personal information from the personal information manager on the second computing device; and send the personal information to the first broker on the first computing device( When a specific user is running a client application 214 on user device 210, if the client application 214 wishes to access the specific user's data, the user's digital certificate 211 may be used in connection with the authentication process (e.g., used to establish a secure connection between user device 210 and first party 220), para[0019], ln 8-16/ operating system 213 may send a request to first-party data manager 220 on behalf of the requesting client application 214, as illustrated in STEP 130. The request, such as proxy.Authorize (app_id, developer_id, permissions), may include both the 
As to claim 18,  Shepard teaches obtaining the personal information comprises sending an application programming interface (API) request to an API exposed by the personal information manager(In particular embodiments, social-networking system 220 may provide Application Programming Interfaces (APIs) that enable software applications (e.g., applications developed by third-party developers) to access some or all of the user's data either stored on user device 210 or on remote hosts (e.g., data 221). For example, client applications 214 may access some of the user's data (e.g., profile information, social connections, images, etc.) using the APIs provided by social-networking system 220, para[0017], ln 1-15)..

6.	Claims 2, 11, 13   are rejected under 35 U.S.C. 103 as being unpatentable over Shepard( US 20130054803 A1) in view of  Poschel (US 20180219846 A1)  and further in view of Ricci(US 20130167159 A1).
 As to claim 2, Shepard and Poschel do not teach  the first computing device comprises a desktop computer that runs a desktop operating system; and the second computing device comprises a mobile device that runs a mobile operating system. However, Ricci teaches the first computing device comprises a desktop computer that runs a desktop operating system; and the second computing device comprises a mobile device that runs a mobile operating system( A 
It would be obvious to one of the ordinary skill in the art before the effective filling date of claimed invention was made to modify the teaching of Shepard  and Poschel with Ricci to incorporate the feature of  the first computing device comprises a desktop computer that runs a desktop operating system; and the second computing device comprises a mobile device that runs a mobile operating system because this helps distribute digital content over the Internet by ensuring both high availability and high performance.
As to claims 11,  13, they are  rejected for the same reason as to claim 2 above.
 
7.	Claim 4 is  rejected under 35 U.S.C. 103 as being unpatentable over Shepard( US 20130054803 A1) in view of  Poschel (US 20180219846 A1)  and further in view of Alejo(US 20170301013 A).
As to claim 4, Shepard  and Poschel do not teach  determining that the application on the first computing device has requested the personal information comprises detecting a system call made by the application. However, Alejo teaches determining that the application on the first computing device has requested the personal information comprises detecting a system call made by the application (the proxy server provided by the illustrative embodiments may process requests for access to the human resource services based on 
It would be obvious to one of the ordinary skill in the art before the effective filling date of claimed invention was made to modify the teaching of Shepard  and Poschel with Alejo to incorporate the feature of determining that the application on the first computing device has requested the personal information comprises detecting a system call made by the application  because this facilitates access to credit scores in an enterprise system.

8.	Claims 6, 9, 19  are rejected under 35 U.S.C. 103 as being unpatentable over Shepard( US 20130054803 A1) in view of  Poschel (US 20180219846 A1)  and further in view of Muttik(US 20160330172 A1).

As to claim 6. Shepard  and Poschel do not teach the personal information comprises at least one of password information, address information, financial account information, account information for a customer loyalty program, and government identification information. However, Muttik teaches  the personal information comprises at least one of password information, address information, financial account information, account information for a customer loyalty program, and government identification information( Private data can also include any other data or information designated by a user or entity including, but not limited to, 
It would be obvious to one of the ordinary skill in the art before the effective filling date of claimed invention was made to modify the teaching of Shepard  and Poschel with  Mukkit   to incorporate the feature of the personal information comprises at least one of password information, address information, financial account information, account information for a customer loyalty program, and government identification information because this protects client devices from malicious persons who seek to misappropriate private data from the client devices.
As to claim 9, Poschel teaches obtaining the personal information comprises simulating that a second application on the second computing device is requesting the personal information( he authentication engine 111 can obtain, from the enrollment API call, information that identifies a user that is described by one or more of the user data records 118. The authentication engine 111 can use the obtained information to retrieve one or more user data records 118 that include data describing the user, para[0053], ln 7-20).  
As to claim 19, it is rejected for the same reason as to claim 9 above.

9.	Claims 10, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Shepard( US 20130054803 A1) in view of  Poschel (US 20180219846 A1)  and further in view of Fraser(US 6067416 A).

As to claim 10,  Poschel teaches  the second application corresponding to the first application on the first computing device( requesting client application 214 can use the access token to access data associated with the user on remote host 220, para[0025], ln 1-20).
Shepard  and Poschel do not teach  launching a second application on the second computing device,; and copying the personal information when the personal information manager provides t information to the second application. However, Fraser teaches launching a second application on the second computing device,; and copying the personal information when the personal information manager provides t information to the second application( when a user wishes to download a software product or other file, the user first enters into the web browser program on the user's computer the URL of the site at which the file to be downloaded is located. The browser then connects to the corresponding web server and requests the file. The web server software responds by launching the DWE program on the web server. The DWE accesses the specified file and embeds special information into the file such as the user's name, the download date, and identifying information for the store from which the software product is downloaded. The DWE program then sends the file along with the embedded information to the web server software, which in turn sends it to the web browser on the user's computer one byte at a time. The browser assembles the file one byte at a time on the user's computer so that the user has a modified copy of the original file, col 2, ln 20-35). 
It would be obvious to one of the ordinary skill in the art before the effective filling date of claimed invention was made to modify the teaching of Shepard  and Poschel with Fraser   to incorporate the feature of launching a second application on the second computing device,; and copying the personal information when the personal information manager provides t information 
As to claim 20, it is rejected for the same reason as to claim 10 above. 
 
                                                                   Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LeChi  Truong whose telephone number is ( 571) 272-3767.  The examiner can normally be reached on 10-8PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor,  Chow, Dennis can be reached on ( 571) 272-7767   . The fax phone number for the organization where this application or proceeding is assigned is 703-872-9306.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR of Public PAIP. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIP system, contact the Electronic Business Center (EBC) at 866-217-9197(toll-free).
                                 /LECHI TRUONG/                                                Primary Examiner, Art Unit 2194