DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
The amendment filed July 26 2022 has been entered. Applicant amended claims 1, 8, and 13 and cancelled claims 2, 11-12, 14, and 20. Accordingly, claims 1, 3-10, 13, and 15-19 remain pending.
	Applicant’s amendment to the specification overcomes the specification and drawing objections of April 27 2022. Therefore, the specification and drawing objections of April 27 2022 are withdrawn.
	As a result of Applicant’s cancellation of claims 11-12 and 20, the claim objections of April 27 2022 are withdrawn.

Response to Arguments
Applicant’s arguments, see pages 8-9, filed July 26 2022, with respect to the drawing and specification objections have been fully considered and are persuasive.  The drawing and specification objections of April 26 2022 have been withdrawn. 
Applicant’s arguments, see page 9, filed July 26 2022, with respect to the claim objections have been fully considered and are persuasive.  The claim objections of April 26 2022 have been withdrawn. 

Applicant's arguments see pages 11-14 filed July 26 2022 have been fully considered but they are not persuasive. 
On page 11, Applicant alleges, “Bhatia does not disclose that the instrumentation is performed on a plurality of the APIs being called to acquire the privacy information in a frame work for each piece of private information”. This is not persuasive. Bhatia discloses one or more libraries used by the hosted application (paragraph 194).  A class loader can load libraries into the memory during execution of the hosted application  and thus  the class loader fetches a library for loading into memory . Once the library is loaded in memory, the code in the libraries can be called on and executed by the hosted application  (paragraph 195-196). In paragraph 196, Bhatia reveals an agent can modify the binary code for the library by inserting instrumentation code into the binary code. The agent uses APIs provided by each of the libraries to insert instrumentation code. Thus, since one or more libraries is used by the hosted application and an API is provided by each library. Bhatia discloses instrumentation performed on a plurality of the API  (the one or more API is provided by  each of the one or more libraries). Paragraph 105 reveals the private data that is collected/acquired using APIs and examples of APIs that are used are listed. These APIs are REST, J2EE, SOAP, and native application API’s for Java. Paragraph 196 provides further example, by stating the Java™ provides a library called java.lang.instrument, which enables agents to instrument programs  running on a Java Virtual Machine. Accordingly, the java.lang.instrument is an instrumentation API. Instrumentation is the addition of the byte-code to methods for the purpose of gathering data to be utilized by tools, and in Bhatia, the data gathered is private data.  Paragraph 198 reveals that the libraries selected for instrumentation includes libraries that enable hosted application to execute sensitive information. Again, an API is provided by the one or more libraries. These libraries via the API instrumentation enable access to privacy related information such as access to authentication information. Thus, Bhatia discloses instrumentation performed on the API(s) (can be on a plurality of API since, an API can be provided for each library)  being called to acquire the privacy information in a frame work for private information. 

On page 12, Applicant alleges, “…instead of performing instrumentation on the plurality of the APIs being called to acquire the privacy information, Bhatia performs instrumentation on the byte code for the library… Bhatia does not perform instrumentation for each piece of the private information.” This is not persuasive. Paragraph 198 reveals that the libraries selected for instrumentation includes libraries that enable hosted application to execute security sensitive operation pertaining to sensitive information (instrumentation libraries for authentication information). Instrumentation is the addition of the byte-code to methods for the purpose of gathering data to be utilized by tools, and in Bhatia, the data gathered is private data.  (Since an API can be provided by each of the one or more libraries), these libraries are instrumented that enable access to privacy related information such as access to authentication information and users data (see paragraph 198).  Paragraph 105 reveals the private data that is collected/acquired using APIs and examples of APIs that are used are listed. These APIs are REST, J2EE, SOAP, and native application API’s for Java. Thus, Bhatia discloses performing instrumentation on the plurality of the API being called to acquire privacy information, thus Bhatia teaches instrumentation can be performed for each piece of private information (such as the authentication information and the user data).

On page 13, Applicant alleges, ““…[i]n the present application…instrumentation is performed, by a read only memory on a plurality of APIs being called to acquire the privacy information in a framework layer for each piece of private information…the instrumentation only needs to be performed once for one terminal…Therefore, the instrumentation performed by Bhatia is completely different from the instrumentation performed in the present invention ”. In paragraph 196, Bhatia reveals a class loader that fetches a library for loading into memory. An agent uses APIs provided by the each of the one or more libraries to insert instrumentation code. Thus, since one or more libraries is used by the hosted application and an API is provided by each library, Bhatia discloses instrumentation performed on a plurality of the API  (the one or more API is provided by  each of the one or more libraries, see also paragraph above) which is loaded in memory, which can be read only memory. Paragraph 66 reveal that the memory can be non-volatile memory such as ROM.

In response to applicant's argument that the references fail to show certain features of applicant’s invention, it is noted that the features upon which applicant relies (i.e., the instrumentation only needs to be performed once for one terminal ) are not recited in the rejected claim(s).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).

On page 13, Applicant states, “…on page 7 of the Office Action, it was asserted that the technical features ‘instrumentation on a plurality of the APIs is being called to acquire the privacy information in a framework for each piece of the private information’ can be obtained from disclosures of Bhatia….The Applicant again respectfully disagrees.” The examiner respectfully directs the Applicant to the paragraphs above. 

On pages 13-14, Applicant alleges, “Bhatia has explicitly disclosed that the instrumentation is performed, by agent 430, by modifying the byte code for the library. One the other hand, even the instrumentation performed by the agent 430 is different from the instrumentation performed in the present application. As such, those skilled in the art cannot obtain technical teachings from Bhatia, and there is no reason, motivation or suggestion to perform instrumentation on the plurality of the APIs being called to acquire the privacy information…” This is not persuasive. In paragraph 196, Bhatia reveals agent uses APIs provided by the libraries to insert instrumentation code. Thus, since one or more libraries is used by the hosted application and an API is provided by each library, Bhatia discloses instrumentation performed on API(s)  (the one or more API is provided by  each of the one or more libraries). Paragraph 105 reveals the private data that is collected using APIs and examples of APIs are provided. These APIs are REST, J2EE, SOAP, and native application API’s for Java. Paragraph 196 provides further example, by stating the Java™ provides a library called java.lang.instrument, which enables agents to instrument programs  running on a Java Virtual Machine. Accordingly, the java.lang.instrument is an instrumentation API. Instrumentation is the addition of the byte-code to methods for the purpose of gathering data to be utilized by tools.  Paragraph 198 reveals that the libraries selected for instrumentation includes libraries that enable hosted application to execute sensitive information. Again, an API is provided by the one or more libraries. These libraries enable access to/collection of privacy related information such as authentication information. Thus, Bhatia discloses instrumentation performed on a plurality of the APIs being called to acquire the privacy information in a frame work for private information. The examiner has also cited Ferrara US 2019021987 in the conclusion of this office action that teaches instrumentation performed on a plurality of APIs.

In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  In this case, the motivation to combine Bhatia’s teachings of instrumentation on a plurality of API with Hatakeyama is found in paragraph 199 of Bhatia as stated in the office action.

On pages 13-14, Applicant alleges, “…neither Hatakeyama nor Bhatia disclose or suggest the underlined features of the amended claim…or similar features as recited in amended independent claims 8 and 13. Cao fails to cure the deficiencies of Hatakeyama and Bhatia, and is silent with respect to the above features. As such, amended independent claims 1, 8, and 13 are patentable over the references for at least the reasons set forth above.” This is not persuasive, please see the paragraphs above.

Claim Objections
Claims 1, 3-7 and 13, 15-19 are objected to because of the following informalities: 
“the privacy information” recited in the amended claims 1 and 13, in “performing, by a read-only memory, instrumentation on a plurality of the APIs being called to acquire the privacy information in a framework layer for teach piece of the private information” comes before the antecedent limitation “privacy information” in line 8 of claim 1 and line 13 of claim 13;
 “the APIs” recited in the amended claims 1 and 13, in “performing, by a read-only memory, instrumentation on a plurality of the APIs being called to acquire the privacy information in a framework layer for teach piece of the private information” comes before the antecedent limitation “an application programming interface API” in line 7 of claim 1 and lines 8-9 of claim 13; and
claims 3-7 and 15-19 are objected to because said claims depend respectively on claims 1 and 13.  
Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-8, 10, 13, and 15-19 are rejected under 35 U.S.C. 103 as being unpatentable over Hatakeyama EP 2375360 (hereinafter Hatakeyama) in view of Bhatia et al US 20190318100 (hereinafter Bhatia).

As to claim 1, Hatakeyama teaches an information acquisition method (Figure 14), applied to a terminal (paragraph 16 discloses a personal information acquisition device that requests and acquires personal information from the personal information providing apparatus and a user terminal device of the user), comprising: 
determining privacy-related information (Figure 14, steps s1201 “Request Personal Information” and s1203 “Receive Personal Information”), wherein the privacy-related information is associated with a process of the target App acquiring the privacy information (paragraph 16 discloses a personal information acquisition device that requests and acquires personal information from the personal information providing apparatus… and provides the personal information acquisition device with the user’s personal information acquired from the personal information storage device, wherein the target App is the personal information providing apparatus); 
storing the privacy-related information (Figure 14, step s1205 “Store Personal Information”); and 
reading, with a designated App, the privacy-related information stored in a preset time period (Figure 14, step s1207 “Receive Personal Information”, wherein the personal information is received, and, read by the designated App, personal information acquisition device), and uploading, with the designated App, the privacy-related information read to a server side (Figure 14, steps s1209 “Transmit Personal Information” and s1103 “Receive Personal Information”, wherein the personal information is uploaded, transmitted by the designated App and received/read to a server side, and paragraph 31 discloses the personal information providing apparatus is implemented by a server computer).
Hatakeyama  is silent in teaching performing, by a read-only memory (ROM), instrumentation on a plurality of the APIs being called to acquire the privacy information in a framework layer for each piece of the private information; and determining privacy-related information according to instrumentation information in an application programming interface (API) when calling, with a target application (App), the API to acquire privacy information of the terminal.
Bhatia teaches performing, by a read-only memory (ROM), instrumentation on a plurality of the API(s) being called to acquire the privacy information in a framework layer for each piece of the private information(paragraphs 195-198 disclose a class loader can load libraries into the memory during execution of the hosted application. Once the library is loaded in memory, the code in the libraries can be called on and executed by the hosted application. An agent can modify the binary code for the library by inserting instrumentation code into the binary code and the agent uses APIs provided by each of the libraries to insert instrumentation code.  Thus, since one or more libraries is used by the hosted application and an API can be provided by each library. Bhatia discloses instrumentation performed on a plurality of the API  (the one or more API is provided by  each of the one or more libraries). Instrumentation is the addition of the byte-code to methods for the purpose of gathering data to be utilized by tools, and in Bhatia, the data gathered is private data.  Paragraph 198 reveals that the libraries selected for instrumentation includes libraries that enable hosted application to execute sensitive information. Again, an API(s) is provided by the one or more libraries. Paragraph 105 reveals the private data that is collected/acquired using APIs and examples of APIs that are used are listed. These APIs are REST, J2EE, SOAP, and native application API’s for Java. These libraries via the API instrumentation enable access to privacy related information such as access to authentication information. Thus, Bhatia discloses instrumentation that can be performed on a plurality of the APIs being called to acquire the privacy information in a frame work for private information); determining privacy-related information according to instrumentation information in an application programming interface (API) when calling, with a target application (App), the API to acquire privacy information of the terminal  (paragraphs 194-198:  an agent 430 instrumenting libraries 426 to obtain target App 422 behavior to be sent to a server side 402 for evaluation, the agent 430 uses API provided by the libraries agent to insert instrumentation code and to acquire/output application data such as privacy information. The private information can be authentication information and users information).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Hatakeyama’s information acquisition method with Bhatia’s method of obtaining privacy information to monitor security risks of the application without needing to make extra cost efforts (paragraph 199 of Bhatia).

As to claim 3, the combination of Hatakeyama in view of Bhatia teaches wherein the privacy information comprises at least one of international mobile equipment identity (IMEI) information of the terminal, system identification information of the terminal, and a mobile phone number of the terminal (Hatakeyama: paragraph 148 disclose the privacy information is a mobile phone number).

As to claim 4, the combination of Hatakeyama in view of Bhatia teaches wherein the privacy-related information comprises at least one of 38process and thread information, context information, and log information (Hatakeyama: paragraph 148 disclose the privacy-related information is context information).

As to claim 5, the combination of Hatakeyama in view of Bhatia teaches wherein the storing the privacy-related information (Hatakeyama: paragraph 28) comprises: storing the privacy-related information (Hatakeyama: paragraph 28 discloses the personal information storage device holds personal information) to a designated directory (Bhatia: paragraph 68 discloses storage can include one or more file stores, and this reads on a directory, since a directory is a collection of files) by calling the API in the designated App (Bhatia: paragraphs 194-202 disclose an API call is used in the target application/agent 430 to access authentication information): and the reading, by a designated App, the privacy-related information stored in a preset time period (Hatakeyama: Figure 14, step s1207 “Receive Personal Information”, wherein the personal information is received, and, read by the designated App, personal information acquisition device) comprises: reading, by the designated App, the privacy-related information stored in the designated directory(Bhatia: paragraph 68) in the preset time period ( Hatakeyama: Figure 14, step s1207 “Receive Personal Information”, wherein the personal information is received, and, read by the designated App, personal information acquisition device).

As to claim 6, the combination of Hatakeyama in view of Bhatia teaches wherein the designated directory is a directory preset on a secure digital memory card for storing the privacy-related information (Bhatia: paragraphs 66-67: disclose the memory of the security monitoring and control system is a flash memory, and the security monitoring and control system stores various data. Paragraph 68 discloses storage can include one or more file stores, and this reads on a directory, since a directory is a collection of files; Hatakeyama: paragraph 28 discloses the personal information storage device holds personal information).

As to claim 7, the combination of Hatakeyama in view of Bhatia teaches wherein the reading, by a designated App, the privacy-related information stored in a preset time period (Hatakeyama : Figure 14, step s1207 “Receive Personal Information”, wherein the personal information is received, and, read by the designated App, personal information acquisition device), and uploading, by the designated App, the privacy-related information read to a server side (Hatakeyama : Figure 14, steps s1209 “Transmit Personal Information” and s1103 “Receive Personal Information”, wherein the personal information is uploaded, transmitted by the designated App and received/read to a server side, and paragraph 31 discloses the personal information providing apparatus is implemented by a server computer) comprises: reading, by a target process of the designated App, the privacy-related information stored in the preset time period (Hatakeyama :Figure 14, step s1207 “Receive Personal Information”, wherein the personal information is received, and, read by the process of the designated App, personal information acquisition device; paragraph 141), and uploading, by the target process, the privacy-related information read to the server side, wherein the target process is a process of the designated App which is online at any time (Hatakeyama :Figure 14, steps s1209 “Transmit Personal Information” and s1103 “Receive Personal Information”, wherein the personal information is uploaded, transmitted by the process of the designated App and received/read to a server side, and paragraph 31 discloses the personal information providing apparatus is implemented by a server computer; paragraph 141).

As to claim 8, Hatakeyama teaches an information acquisition method (Figure 14), applied to a server side (paragraph 31 discloses the personal information providing apparatus is implemented by a server computer), comprising: 
39receiving privacy-related information uploaded by a terminal, wherein the privacy-related information is associated with a process of the target application (App) acquiring privacy information of the terminal (paragraph 16 discloses a personal information acquisition device that requests and acquires personal information from the personal information providing apparatus and a user terminal device of the user; paragraph 140 discloses the personal information receiving unit receives the personal information from the personal information providing apparatus via the network, the personal information receiving unit is the target application); and 
determining a target detection result according to the privacy-related information, wherein the target detection result is configured to indicate whether the process of the target App acquiring the privacy information of the terminal complies with a preset user privacy protection rule (paragraph 100 discloses a determination unit that determines whether it is possible to comply with the request according to the acquired privacy policy;  and a providing unit that provides the requesting information acquisition device with the personal information acquired from the personal information storage device which stores the personal information if it is determined that it is possible to comply with the request; see also paragraphs 30, 33, 66-68, and 139-141; claim 33).
Hatakeyama does not teach wherein the privacy related information is determined according to instrumentation information in an application programming interface when calling, by a target application, the API to acquire the privacy information of the terminal; and wherein the instrumentation is performed by a read only memory (ROM), on a plurality of the APIs being called to acquire the privacy information in a framework layer for each piece of the private information.
Bhatia teaches wherein the privacy related information is determined according to instrumentation information in an application programming interface when calling, by a target application, the API to acquire the privacy information of the terminal(Paragraphs 194-198: an agent 430 instrumenting libraries 426 to obtain target App 422 behavior to be sent to a server side 402 for evaluation, the agent 430 uses API provided by the libraries agent to insert instrumentation code and to acquire/output application data such as privacy information. The private information can be authentication information and users information); and wherein the instrumentation is performed by a read only memory (ROM), on a plurality of the API(s) being called to acquire the privacy information in a framework layer for each piece of the private information (paragraphs 195-198 disclose a class loader can load libraries into the memory during execution of the hosted application. Once the library is loaded in memory, the code in the libraries can be called on and executed by the hosted application. An agent can modify the binary code for the library by inserting instrumentation code into the binary code and the agent uses APIs provided by each of the libraries to insert instrumentation code.  Thus, since one or more libraries is used by the hosted application and an API can be provided by each library. Bhatia discloses instrumentation performed on a plurality of the API  (the one or more API is provided by  each of the one or more libraries). Instrumentation is the addition of the byte-code to methods for the purpose of gathering data to be utilized by tools, and in Bhatia, the data gathered is private data.  Paragraph 198 reveals that the libraries selected for instrumentation includes libraries that enable hosted application to execute sensitive information. Again, an API(s) is provided by the one or more libraries. These libraries via the API instrumentation enable access to privacy related information such as access to authentication information. Paragraph 105 reveals the private data that is collected/acquired using APIs and examples of APIs that are used are listed. These APIs are REST, J2EE, SOAP, and native application API’s for Java. Thus, Bhatia discloses instrumentation that can be performed on a plurality of the APIs being called to acquire the privacy information in a frame work for private information).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Hatakeyama’s information acquisition method with Bhatia’s method of obtaining privacy information to monitor security risks of the application without needing to make extra cost efforts (paragraph 199 of Bhatia).

As to claim 10, the combination of Hatakeyama in view of Bhatia further comprising: uploading the target detection result to a detection platform (Hatakeyama: paragraph 141 discloses the providing unit transmits/uploads the personal information to the personal information acquisition device via the network, wherein the detection platform is the personal information acquisition device).

As to claim 13, Hatakeyama teaches an information acquisition device (Figure 12: reference numbers 400 “Personal Information Providing Apparatus” and 20a-20n “Personal Information Acquisition Device”), applied to a terminal (paragraph 16 discloses a personal information acquisition device that requests and acquires personal information from the personal information providing apparatus; and a user terminal device of the user), comprising: 
a processor(paragraph 31 discloses the personal information providing apparatus has a CPU); and 
a memory device storing executable instructions of the processor that, when being executed by the processor, cause the processor to implement an information acquisition method (paragraph 31 discloses the personal information providing apparatus has a memory, and the CPU reads and executes instruction of a method), 
wherein the information acquisition method comprises: 
determining privacy-related information (Figure 14, steps s1201 “Request Personal Information” and s1203 “Receive Personal Information”), wherein the privacy-related information is associated with a process of the target App acquiring the privacy information(paragraph 16 discloses a personal information acquisition device that requests and acquires personal information from the personal information providing apparatus… and provides the personal information acquisition device with the user’s personal information acquired from the personal information storage device, wherein the target App is the personal information providing apparatus); 
storing the privacy-related information (Figure 14, step s1205 “Store Personal Information”); and 
reading, by a designated App, the privacy-related information stored in a preset time period(Figure 14, step s1207 “Receive Personal Information”, wherein the personal information is received, and, read by the designated App, personal information acquisition device), and uploading, by the designated App, the privacy-related information read to a server side (Figure 14, steps s1209 “Transmit Personal Information” and s1103 “Receive Personal Information”, wherein the personal information is uploaded, transmitted by the designated App and received/read to a server side, and paragraph 31 discloses the personal information providing apparatus is implemented by a server computer).
Hatakeyama  is silent in teaching performing, by a read-only memory (ROM), instrumentation on a plurality of the APIs being called to acquire the privacy information in a framework layer for each piece of the private information; and determining privacy-related information according to instrumentation information in an application programming interface (API) when calling, with a target application (App), the API to acquire privacy information of the terminal.
Bhatia teaches performing, by a read-only memory (ROM), instrumentation on a plurality of the API(s) being called to acquire the privacy information in a framework layer for each piece of the private information(paragraphs 195-198 disclose a class loader can load libraries into the memory during execution of the hosted application. Once the library is loaded in memory, the code in the libraries can be called on and executed by the hosted application. An agent can modify the binary code for the library by inserting instrumentation code into the binary code and the agent uses APIs provided by each of the libraries to insert instrumentation code.  Thus, since one or more libraries is used by the hosted application and an API can be provided by each library. Bhatia discloses instrumentation performed on a plurality of the API  (the one or more API is provided by  each of the one or more libraries). Instrumentation is the addition of the byte-code to methods for the purpose of gathering data to be utilized by tools, and in Bhatia, the data gathered is private data.  Paragraph 198 reveals that the libraries selected for instrumentation includes libraries that enable hosted application to execute sensitive information. Again, an API(s) is provided by the one or more libraries. These libraries via the API instrumentation enable access to privacy related information such as access to authentication information. Thus, Bhatia discloses instrumentation that can be performed on a plurality of the APIs being called to acquire the privacy information in a frame work for private information); determining privacy-related information according to instrumentation information in an application programming interface (API) when calling, with a target application (App), the API to acquire privacy information of the terminal  (paragraphs 194-198:  an agent 430 instrumenting libraries 426 to obtain target App 422 behavior to be sent to a server side 402 for evaluation, the agent 430 uses API provided by the libraries agent to insert instrumentation code and to acquire/output application data such as privacy information. The private information can be authentication information and users information).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Hatakeyama’s information acquisition method with Bhatia’s method of obtaining privacy information to monitor security risks of the application without needing to make extra cost efforts (paragraph 199 of Bhatia).

As to claim 15, the combination of Hatakeyama in view of Bhatia teaches wherein the privacy information comprises at least one of international mobile equipment identity (IMEI) information of the terminal, system identification information of the terminal, and a mobile phone number of the terminal (Hatakeyama: paragraph 148 disclose the privacy information is a mobile phone number).

As to claim 16, the combination of Hatakeyama in view of Bhatia teaches wherein the privacy-related information comprises at least one of 38process and thread information, context information, and log information (Hatakeyama: paragraph 148 disclose the privacy-related information is context information).

As to claim 17, the combination of Hatakeyama in view of Bhatia teaches wherein the storing the privacy-related information (Hatakeyama: paragraph 28) comprises: storing the privacy-related information (Hatakeyama: paragraph 28 discloses the personal information storage device holds personal information)  to a designated directory (Bhatia: paragraph 68 discloses storage can include one or more file stores, and this reads on a directory, since a directory is a collection of files) by calling the API in the designated App (Bhatia: paragraphs 194-202 disclose an API call is used in the target application/agent 430 to access authentication information): and the reading, by a designated App, the privacy-related information stored in a preset time period (Hatakeyama: Figure 14, step s1207 “Receive Personal Information”, wherein the personal information is received, and, read by the designated App, personal information acquisition device) comprises: reading, by the designated App, the privacy-related information stored in the designated directory (Bhatia: paragraph 68)  in the preset time period (Hatakeyama: Figure 14, step s1207 “Receive Personal Information”, wherein the personal information is received, and, read by the designated App, personal information acquisition device).

As to claim 18, the combination of Hatakeyama in view of Bhatia teaches wherein the designated directory is a directory preset on a secure digital memory card for storing the privacy-related information (Bhatia: paragraphs 66-67: disclose the memory of the security monitoring and control system is a flash memory, and the security monitoring and control system stores various data. Paragraph 68 discloses storage can include one or more file stores, and this reads on a directory, since a directory is a collection of files; Hatakeyama: paragraph 28 discloses the personal information storage device holds personal information).

As to claim 19, the combination of Hatakeyama in view of Bhatia teaches wherein the reading, by a designated App, the privacy-related information stored in a preset time period(Hatakeyama :Figure 14, step s1207 “Receive Personal Information”, wherein the personal information is received, and, read by the designated App, personal information acquisition device), and uploading, by the designated App, the privacy-related information read to a server side (Hatakeyama : Figure 14, steps s1209 “Transmit Personal Information” and s1103 “Receive Personal Information”, wherein the personal information is uploaded, transmitted by the designated App and received/read to a server side, and paragraph 31 discloses the personal information providing apparatus is implemented by a server computer) comprises: reading, by a target process of the designated App, the privacy-related information stored in the preset time period(Hatakeyama : Figure 14, step s1207 “Receive Personal Information”, wherein the personal information is received, and, read by the process of the designated App, personal information acquisition device; paragraph 141), and uploading, by the target process, the privacy-related information read to the server side, wherein the target process is a process of the designated App which is online at any time (Hatakeyama : Figure 14, steps s1209 “Transmit Personal Information” and s1103 “Receive Personal Information”, wherein the personal information is uploaded, transmitted by the process of the designated App and received/read to a server side, and paragraph 31 discloses the personal information providing apparatus is implemented by a server computer; paragraph 141).


Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Hatakeyama EP 2375360 (hereinafter Hatakeyama) in view of Bhatia et al US 20190318100 (hereinafter Bhatia) in further view of Cao US 20200320066 (hereinafter Cao).

As to claim 9, the combination of Hatakeyama in view of Bhatia teaches all the limitations recited in claim 8 above. The combination of Hatakeyama in view of Bhatia further teaches wherein the determining a target detection result according to the privacy-related information comprises: 
determining, according to the privacy-related information, App identification information of the target App and privacy information (Hatakeyama: paragraph 29 discloses a policy storage device which stores a privacy policy set for each personal information acquisition device that acquires personal information and for each user a policy management unit which records and manages identification information that identifies whether the policy storage unit stores the privacy policy in a policy management table; a search unit which searches for the identification information on the privacy policy corresponding to the personal information acquisition device and the user by reference to the policy management table storage unit, see also paragraphs 36 and 38); 
determining privacy information corresponding to the App identification information of the target App according to a correspondence between preset App identification information and privacy information allowed to be acquired when the App is called (Hatakeyama: paragraph 33 discloses the policy storage unit that stores a privacy policy set for each personal information acquisition device, which is the App, which acquires personal information); and 
determining the target detection result was that the process of the target App acquiring the privacy information of the terminal complies with the preset user privacy protection rule(Hatakeyama: paragraph 100 discloses a determination unit that determines whether it is possible to comply with the request according to the acquired privacy policy;  and a providing unit that provides the requesting information acquisition device with the personal information acquired from the personal information storage device which stores the personal information if it is determined that it is possible to comply with the request; see also paragraphs 30, 33, 66-68, and 139-141; claim 33), and otherwise determining the target detection result as that the process of the target App acquiring the privacy information of the terminal does not comply with the preset user privacy protection rule (Hatakeyama: paragraph 104 discloses for the personal information acquisition device which has not been approved to access to the personal information, and does not comply with the request, in the personal information storage device by the determination unit, the providing unit creates an error notification message and transmits the created message to one of the personal information acquisition devices which has requested the information).
The combination of Hatakeyama in view of Bhatia does not teach and first privacy information of the terminal acquired by the target App; determining second privacy information; acquiring the privacy information of the terminal complies with the preset user privacy protection rule in response to that the second privacy information comprises the first privacy information
Cao teaches and first privacy information of the terminal acquired by the target App (paragraph 59 discloses the application programming interface is invoked and a first interface log information is acquired); determining second privacy information (paragraph 62 discloses  second log information is determined); acquiring the privacy information of the terminal in response to that the second privacy information comprises the first privacy information (paragraphs 62-63 discloses the second interface log information in the first interface log information is determined…and the second interface log interface is finally screened and determined from the first interface log information based on the message time parameter input).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Hatakeyama’s information acquisition method  in view of Bhatia’s instrumentation libraries of the APIs with Cao’s method of acquiring first and second privacy information such that the information acquisition device  can conveniently acquire the condition parameters and screen out the interface log information (paragraphs 67-68 of Cao).
 
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Chen et al US 20150227746 (hereinafter Chen) and Ferrara et al US 20190121987 (hereinafter Ferrara).

Chen teaches an information acquisition method, applied to a terminal, comprising: performing, by a read-only memory (ROM), instrumentation on a plurality of the APIs being called to acquire the privacy information in a framework layer for each piece of the private information (paragraphs 19 and 21) ; determining privacy-related information according to instrumentation information in an application programming interface (API) when calling, with a target application (App), the API to acquire privacy information of the terminal(paragraph 19), wherein the privacy-related information is associated with a process of the target App acquiring the privacy information; storing the privacy-related information (paragraph 24 reveal storage of the taint data which is the detection of privacy leakage data) as recited in claims 1, 8, and 13.

Ferrara teaches  performing instrumentation on a plurality of the APIs being called to acquire the privacy information (paragraph 18 reveals that operating system includes one or more APIs which include instrumented libraries; and paragraph 52 reveal that the instrumentation performs data tracking on the private data) as recited in claims 1, 8, and 13.


Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to FELICIA FARROW whose telephone number is (571)272-1856. The examiner can normally be reached M - F 7:30--5:30pm (EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on (571)272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/F.F/Examiner, Art Unit 2437       
/KRISTINE L KINCAID/Supervisory Patent Examiner, Art Unit 2437