DETAILED ACTION
This office action is in response to the application filed on 5/29/2020.  Claim(s) 1-20 is/are pending and are examined.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Priority
Applicant’s priority claim is hereby acknowledged of Indian application 202041015290 filed on 04/07/2020, which papers submitted under 35 U.S.C. § 119(a)-(d) have been placed of record in the file.

Information Disclosure Statement PTO-1449
The Information Disclosure Statement(s) submitted by applicant on 6/2/2020 has/have been considered. The submission is in compliance with the provisions of 37 CFR § 1.97. Form PTO-1449 signed and attached hereto. 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-2, 8, 11-13, 17, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Porjo et al. (US 2014/0123319 A1), in view of Cockerill et al. (US 2018/0359244 A1). 
Regarding claim 1, Porjo teaches:
“An apparatus, comprising: 	a memory element operable to store instructions (Porjo, ¶ 43, memory for storing instructions); and 	a processor operable to execute the instructions (Porjo, ¶ 43, processor for executing instructions), such that the apparatus is configured to: 	identify sensitive user data stored in the memory (Porjo, ¶ 30-31, and 68, sensitive user data is stored in the memory and request monitoring module is able to identify that the resource being requested is sensitive user data) by a first application (Porjo, ¶ 34 teaches that applications are downloaded onto the phone.  Porjo, ¶ 30 and teaches that the phone includes sensitive user data.  One of ordinary skill would recognize that the app data includes sensitive user data); 	determine a risk exposure score for the sensitive user data (Porjo, ¶ 68, the risk exposure of the sensitive user data is classified higher than benign resources such as the backlight of the device); 	apply, based on a determination that the risk exposure score is above a threshold, a security policy to restrict access to the sensitive user data (Porjo, ¶ 68-69, a security setting is implemented based on the exposure risk that when an application attempts to access an unapproved resource with a high risk exposure over a threshold, such as sensitive user data, it is blocked); 	receive a request from a second application to access the sensitive user data (Porjo, ¶ 68-69, monitoring module receives a request for a resource from an application that is not approved to use the resource, thereby being a second application, different that the application that has default access to the resources); 	determine (Porjo, ¶ 68, a determination is made whether or not the application is approved to use the resource and the exposure risk of the resource);
and allow access (Porjo, ¶ 68, if the unapproved application is attempting to access a benign resource, such as the backlight, it will be approved).
Porjo does not, but in related art, Cockerill teaches:
 “determine whether the first application and the second application are similar applications (Cockerill, ¶ 842, and 860-861 teaches determining a signature of all of the applications on a mobile device and comparing a second application with the signature to determine if a similarity exists); and 	access based on a determination that the first application and the second application are similar applications (Cockerill, ¶ 867-868, the similarity between applications allows the detection of malicious or clean versions of applications which are alerted to the user to allow or block the application)”.
	Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Porjo and Cockerill, to modify the application request security system of Porjo to include the method to compare the similarity of applications as taught in Cockerill to detect the presence of malicious application behavior.  The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.

Regarding claim 2, Porjo in view of Cockerill teaches:
“The apparatus of claim 1 (Porjo in view of Cockerill teaches the limitations of the parent claims as discussed above), further configured to: 	deny access (Porjo, ¶ 68-69, a security setting is implemented based on the exposure risk that when an application attempts to access an unapproved resource with a high risk exposure over a threshold, such as sensitive user data, it is blocked) based on a determination that the first application and the second application are not similar applications (Cockerill, ¶ 867-868, the similarity between applications allows the detection of malicious or clean versions of applications which are alerted to the user to allow or block the application)”.

Regarding claim 8, Porjo in view of Cockerill teaches:
“The apparatus of claim 1 (Porjo in view of Cockerill teaches the limitations of the parent claims as discussed above), further configured to: 	inspect the sensitive user data (Porjo, ¶ 68-69, the sensitive user data is evaluated for its exposure risk); and 	determine whether to recommend a corrective action (Porjo, ¶ 68-69, based on the determined risk the user is alerted to security settings that should be implemented to restrict access to the resource)”.

Regarding claim 11, Porjo in view of Cockerill teaches:
“The apparatus of claim 1 (Porjo in view of Cockerill teaches the limitations of the parent claims as discussed above), further configured to: 	determine whether the second application is a valid application (Cockerill, ¶ 867-868, the similarity between applications allows the detection of malicious or clean versions of applications which are alerted to the user to allow or block the application)”.

Regarding claim 12, Porjo teaches:
“At least one non-transitory computer-readable medium comprising one or more instructions that when executed by a processor (Porjo, ¶ 43, memory for storing instructions executed by a processor), cause the processor to: 	identify sensitive user data stored, by a first application, in memory on an electronic device (Porjo, ¶ 30-31, and 68, sensitive user data is stored in the memory and request monitoring module is able to identify that the resource being requested is sensitive user data Porjo, ¶ 34 teaches that applications are downloaded onto the phone.  Porjo, ¶ 30 and teaches that the phone includes sensitive user data.  One of ordinary skill would recognize that the app data includes sensitive user data); 	determine a risk exposure score for the sensitive user data (Porjo, ¶ 68, the risk exposure of the sensitive user data is classified higher than benign resources such as the backlight of the device); 	apply, based on a determination that the risk exposure score is above a threshold, a security policy to restrict access to the sensitive user data (Porjo, ¶ 68-69, a security setting is implemented based on the exposure risk that when an application attempts to access an unapproved resource with a high risk exposure over a threshold, such as sensitive user data, it is blocked); 	receive a request from a second application to access the sensitive user data (Porjo, ¶ 68-69, monitoring module receives a request for a resource from an application that is not approved to use the resource, thereby being a second application, different that the application that has default access to the resources); 	determine (Porjo, ¶ 68, a determination is made whether or not the application is approved to use the resource and the exposure risk of the resource); and 	deny access (Porjo, ¶ 68-69, a security setting is implemented based on the exposure risk that when an application attempts to access an unapproved resource with a high risk exposure over a threshold, such as sensitive user data, it is blocked)”.
Porjo does not, but in related art, Cockerill teaches:
 “determine whether the first application and the second application are similar applications (Cockerill, ¶ 842, and 860-861 teaches determining a signature of all of the applications on a mobile device and comparing a second application with the signature to determine if a similarity exists); and 	access based on a determination that the first application and the second application are similar applications (Cockerill, ¶ 867-868, the similarity between applications allows the detection of malicious or clean versions of applications which are alerted to the user to allow or block the application)”.
	Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Porjo and Cockerill, to modify the application request security system of Porjo to include the method to compare the similarity of applications as taught in Cockerill to detect the presence of malicious application behavior.  The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.

Regarding claim 13, Porjo in view of Cockerill teaches:
“The at least one non-transitory computer-readable medium of claim 12 (Porjo in view of Cockerill teaches the limitations of the parent claims as discussed above), further comprising one or more instructions that when executed by a processor, cause the processor to: 	notify a user of the request by the second application to access the sensitive user data (Porjo, ¶ 68 the user is informed that an unapproved application is attempting to access a resource containing sensitive user data)”.

Regarding claim 17, Porjo teaches:
“A method, comprising: 	determining whether a corrective action is recommended (Porjo, ¶ 68-69, based on the determined risk the user is alerted to security settings that should be implemented to restrict access to the resource); and 	prompting, based on a determination that the corrective action is recommended, a user to take the corrective action (Porjo, ¶ 68-69, based on the determined risk the user is alerted to security settings that should be implemented to restrict access to the resource)”.
Porjo does not, but in related art, Cockerill teaches:
	“analyzing a user's digital profile on an electronic device (Cockerill, ¶ 778-782, user’s mobile device is scanned to develop a digital profile of the applications stored on the device and determine if they conform with the user’s policy)”.
	Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Porjo and Cockerill, to modify the application request security system of Porjo to include the method to scan a device and develop a user profile as taught in Cockerill.  The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.
Regarding claim 20, Porjo in view of Cockerill teaches:
	“The method of claim 17 (Porjo in view of Cockerill teaches the limitations of the parent claims as discussed above), wherein analyzing the user's digital profile includes identifying sensitive user data stored locally by an application and assigning a risk exposure score (Porjo, ¶ 68, the risk exposure of the sensitive user data is classified higher than benign resources such as the backlight of the device)”.   
Claim(s) 3 is/are rejected under 35 U.S.C. 103 as being unpatentable over Porjo, in view of Cockerill in view of De et al. (US 2018/0032721 A1).
Regarding claim 3, Porjo in view of Cockerill teaches:
“The apparatus of claim 1 (Porjo in view of Cockerill teaches the limitations of the parent claims as discussed above)”.
 Porjo in view of Cockerill does not, but in related art, De teaches:	“wherein the first application and the second application are web browsers (De, ¶ 80 and 82 teaches multiple separate processes of a web browser running on a computer)”.
	Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Porjo, De, and Cockerill, to modify the application request security system of Porjo and Cockerill to include an instance of two web browser instances running on a system as taught in De.  The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.

Claim(s) 4-5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Porjo, in view of Cockerill in view of Hecht et al. (US 10,607,015 B1).
Regarding claim 4, Porjo in view of Cockerill teaches:
“The apparatus of claim 1 (Porjo in view of Cockerill teaches the limitations of the parent claims as discussed above)”.
Porjo in view of Cockerill does not, but in related art, Hecht teaches:
“wherein the risk exposure score is determined based on a type of sensitive user data stored and an amount of sensitive user data stored (Hecht, Col. 10 Ln. 55 – Col. 11 teaches calculating the risk for data exposure based on the number of credentials detected and the particular types of credentials detected)”.
	Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Porjo, Hecht, and Cockerill, to modify the application request security system of Porjo and Cockerill to include the method to calculate total risk based on quantity and type of risk factor.  The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.

Regarding claim 5, Porjo in view of Cockerill in view of Hecht teaches:
“The apparatus of claim 4 (Porjo in view of Cockerill in view of Hecht teaches the limitations of the parent claim as discussed above), wherein the risk exposure score is determined by assigning a risk value to the type of sensitive user data stored and summing the risk values of the sensitive user data (Hecht, Col. 14 Ln. 13-27 teaches calculating the total risk from the component risk factors)”.

Claim(s) 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Porjo, in view of Cockerill in view of Vogel et al. (US 2008/0216174 A1).
Regarding claim 6, Porjo in view of Cockerill teaches:
“The apparatus of claim 1 (Porjo in view of Cockerill teaches the limitations of the parent claims as discussed above)”.
Porjo, in view of Cockerill does not, but in related art, Vogel teaches:	“wherein identifying the sensitive user data includes searching unencrypted and encrypted user data stored by the first application (Vogel, ¶ 72 teaches searching encrypted and unencrypted information for sensitive data)”.
	Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Porjo, Vogel, and Cockerill, to modify the application request security system of Porjo and Cockerill to include method to search for sensitive data in protected and unprotected formats.  The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.

Claim(s) 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Porjo, in view of Cockerill in view of Das et al. (US 2021/0279357 A1).
Regarding claim 7, Porjo in view of Cockerill teaches:
“The apparatus of claim 1 (Porjo in view of Cockerill teaches the limitations of the parent claims as discussed above)”.
Porjo, in view of Cockerill does not, but in related art, Das teaches:	“wherein the security policy includes encrypting the sensitive user data (Das, ¶ 48 and 70 teaches smart encryption system which detects and encrypts sensitive data based on the security policy)”.
	Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Porjo, Das, and Cockerill, to modify the application request security system of Porjo and Cockerill to include method to encrypt sensitive information based on a security policy.  The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.

Claim(s) 9-10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Porjo, in view of Cockerill in view of Wright et al. (US 2021/0306315 A1).
Regarding claim 9, Porjo in view of Cockerill teaches:
“The apparatus of claim 8 (Porjo in view of Cockerill teaches the limitations of the parent claims as discussed above)”.
Porjo, in view of Cockerill does not, but in related art, Wright teaches:	“wherein determining whether to recommend a corrective action includes decrypting the sensitive user data and identifying whether a first password and a second password are a same password (Wright, ¶ 26-27, and 35 teaches a password policy detection and enforcement system which decrypted passwords and checks for duplicated passwords in the system)”.
	Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Porjo, Wright, and Cockerill, to modify the application request security system of Porjo and Cockerill to include the password policy detection and enforcement system which decrypted passwords and checks for duplicated passwords in the system.  The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.

Regarding claim 10, Porjo in view of Cockerill teaches:
“The apparatus of claim 8 (Porjo in view of Cockerill teaches the limitations of the parent claims as discussed above)”.
Porjo, in view of Cockerill does not, but in related art, Wright teaches:	“wherein determining whether to recommend a corrective action includes identifying that a password has not been changed within a defined time period (Wright, ¶ 22 teaches checking if passwords comply with the policy to be changed every 90 days by determining if they have lapsed the time limit)”.
	Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Porjo, Wright, and Cockerill, to modify the application request security system of Porjo and Cockerill to include the password policy detection and enforcement system which decrypted passwords and checks for duplicated passwords in the system.  The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.
Claim(s) 14-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Porjo, in view of Cockerill in view of Salehpour et al. (US 11.113,380 B1).
Regarding claim 14, Porjo in view of Cockerill teaches:
“The at least one non-transitory computer-readable medium of claim 12 (Porjo in view of Cockerill teaches the limitations of the parent claims as discussed above), further comprising one or more instructions that when executed by a processor, cause the processor to: 	send data associated with the request by the second application to access the sensitive user data for processing to identify whether the second application includes malware (Porjo, ¶ 64-66, logged request information is sent to a trusted third party to determine if the application is malware); 	receive processed data identifying whether the second application includes malware (Porjo, ¶ 64-66, the trusted third party sends information indicating if the application is malware); 	identify, based on a determination that the second application includes malware, a corrective action (Cockerill, ¶ 867-868, the similarity between applications allows the detection of malicious or clean versions of applications which are alerted to the user to allow or block the application); and 	prompt a user to take the corrective action (Cockerill, ¶ 867-868, the similarity between applications allows the detection of malicious or clean versions of applications which are alerted to the user to allow or block the application)”.
Porjo, in view of Cockerill does not, but in related art, Salehpour teaches:	“send and receive, to and from a cloud server, data (Salehpour, Col. 8 Ln. 51 – Col. 9 Ln. 42 teaches sending application information to a cloud server for analysis to determine if the application contains malware and if malware is found, alerting the user to remediate the situation)”.
	Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Porjo, Salehpour, and Cockerill, to modify the application request security system of Porjo and Cockerill to include the cloud based malware detection system as taught in Salepour.  The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.
Regarding claim 15, Porjo, in view of Cockerill in view of Salehpour teaches:
“The at least one non-transitory computer-readable medium of claim 14 (Porjo, in view of Cockerill in view of Salehpour teaches the limitations of the parent claim as discussed above), wherein the corrective action includes one or more of: 	scanning the electronic device with anti-malware software (Cockerill, ¶ 762 and 779 teaches scanning the device for malware upon receiving a violation of the security policy)”.

Claim(s) 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Porjo, in view of Cockerill in view of Salehpour in view of Hering et al. (US 2011/0119765 A1).
Regarding claim 16, Porjo, in view of Cockerill in view of Salehpour teaches:
“The at least one non-transitory computer-readable medium of claim 14 (Porjo, in view of Cockerill in view of Salehpour teaches the limitations of the parent claim as discussed above), further comprising one or more instructions that when executed by a processor, cause the processor to”.
Porjo, in view of Cockerill in view of Salehpour does not, but in related art, Hering teaches:	“determine whether the corrective action has been taken within a defined time period (Hering, ¶ 52 and 61, system determines that user has not taken action in one day); and 	re-prompt, based on a determination that the corrective action has not been taken within the defined time period, the user to take the corrective action (Hering, ¶ 52 and 61, user is reminded to take corrective action)”.
	Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Porjo, Salehpour, Hering, and Cockerill, to modify the application request security system of Porjo, Salehpour and Cockerill to include the method to simply remind users to correct their detected vulnerabilities as taught in Hering.  The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.
Claim(s) 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Porjo, in view of Cockerill in view of Cowdrey et al. (US 2016/0246790 A1) in view of Frost et al. (US 2020/0349258 A1).
Regarding claim 18, Porjo in view of Cockerill teaches:
“The method of claim 17 (Porjo in view of Cockerill teaches the limitations of the parent claims as discussed above)”.
Porjo in view of Cockerill does not, but in related art, Cowdrey teaches:
 “wherein analyzing the user's digital profile includes identifying the user's online browsing history, bookmarks, frequently visited websites, favorite websites (Cowdrey, ¶ 36, 40, and 67 teaches building a user profile from the browsing history, bookmarks, frequently visited web pages and favorite sites)”.
Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Porjo, Cowdrey, and Cockerill, to modify the application request security system of Porjo and Cockerill to include web based user feature profile as taught in Cowdrey.  The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.
Porjo in view of Cockerill in view of Cowdrey does not, but in related art, Frost teaches:
“and online purchasing history (Frost, ¶ 19 teaches combining a user profile based on both the browsing history and online purchase history)”.
Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Porjo, Frost, Cowdrey, and Cockerill, to modify the application request security system of Porjo, Cowdrey, and Cockerill to include web based and online purchase based user feature profile as taught in Frost.  The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.

Claim(s) 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Porjo, in view of Cockerill in view of Kane-Perry et al. (US 9,838,384 B1).
Regarding claim 19, Porjo in view of Cockerill teaches:
“The method of claim 17 (Porjo in view of Cockerill teaches the limitations of the parent claims as discussed above)”.
Porjo in view of Cockerill does not, but in related art, Kane-Perry teaches:	“wherein analyzing the user's digital profile includes comparing a user's passwords across different login accounts and assigning a password similarity score to the user's passwords (Kane-Perry, Col. 15 Ln. 48- Col. 16 Ln 3, Col. 20 Ln. 13-41 and Col. 33 Ln. 55 – Col. 34 Ln. 14 teaches determining the similarity between sets of user passwords to determine potential vulnerabilities)”.
	Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Porjo, Kane-Perry, and Cockerill, to modify the application request security system of Porjo and Cockerill to include the password similarity detection system as taught in Kane-Perry.  The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.

Conclusion
	In the case of amending the claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention.
	The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure: See PTO-892.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to STEPHEN GUNDRY whose telephone number is (571)270-0507 and can normally be reached on Monday - Friday 8:30 AM - 5PM EST.
	If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571) 272-3685.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000.
/STEPHEN T GUNDRY/Examiner, Art Unit 2435