DETAILED ACTION
1.	This Final Office Action is in response to Applicant’s Amendments filed 6/16/2022. Claims 41-60 are currently pending. The earliest effective filing date of the present application is 8/26/2014.

Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

	

Claim Objections
3.	Claim 41-60 are objected to because of the following informalities:  
Claim 41, line 19 misspelling “wherien” for the purposes of examination it will be read as “wherein.”
Claim 48, line 16 misspelling “wherien” for the purposes of examination it will be read as “wherein.”
Claim 54, line 19 misspelling “wherien” for the purposes of examination it will be read as “wherein.”
Claim 41, line 21 misspelling “prodcut” for the purposes of examination it will be read as “product.”
Claim 48, line 18 misspelling “prodcut” for the purposes of examination it will be read as “product.”
Claim 54, line 21 misspelling “prodcut” for the purposes of examination it will be read as “product.”
Appropriate correction is required.

Claim Interpretation
4.	The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are:
Claim 41 – “[T]he security mechanism identifies a security condition using first application data.” See MPEP 2181. The claim limitation uses the generic placeholder “security mechanism.” The generic placeholder is modified by functional language “identifies a security condition using first application data. . . .” The means is not modified by sufficient structure, material or acts for performing the claim. Therefore, 112(f) is invoked. See Spec. [0124].
Claim 55 – “[A] security mechanism to determine a relationship between the application and the third-party device.” See MPEP 2181. The claim limitation uses the generic placeholder “security mechanism.” The generic placeholder is modified by functional language “to determine a relationship between the application and the third-party device. . ..” The means is not modified by sufficient structure, material or acts for performing the claim. Therefore, 112(f) is invoked. See Spec. [0124].
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 112
5.	The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

6.	Claims 41-60 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Claim 41 (similarly claims 48 and 55) recites “a rules-based or artificial intelligence (AI)/machine-learning network trained to provide a secure data storage, wherein the trained rules-based or AI/machine-learning network is applied to provide the secure data storage service; a server within the trained rules-based or AI/machine-learning network.” However, the disclosure does not provide support for training a rules-based or artificial intelligence (AI)/machine-learning network nor the network itself being rules-based or artificial intelligence (AI)/machine-learning. Applicant has pointed to [0046]-[0054] as support for these limitations, but as far as the specification discloses “A network 10, such as the Internet, but not necessarily restricted thereto, is bidirectionally accessible by any one of a plurality of client devices 12. Each of the client devices 12 can be, but is not limited to, a network enabled smart phone, tablet, or other computing device such as a laptop, palmtop, or desktop personal computer. As new types of computing devices are developed, these too can be employed as client devices 12.” This is not enough support for a rules-based or artificial intelligence (AI)/machine-learning network one of skilled in the art at time of filing. Further, Applicant’s inclusion of “new type of computing devices” does not allow Applicant to claim current technology because the claims and disclosure are limited to time of filing.
Claim Rejections - 35 USC § 103
7.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

8.	Claims 41-44, 48-51, and 55-57are rejected under 35 U.S.C. 103 as being unpatenable by U.S. Pat. Pub. No. 2009/0292641 to Weiss et al. (“Weiss”) in view of U.S. Pat. No. 7,222,100 to Tresser et al. (“Tresser”) in view of U.S. Pat. No. 7,254,569 to Goodman et al. (“Goodman”) in view of U.S. Pat. Pub. No. 2015/0293980 to Dola (“Dola”).

9.	With regards to claim 41 (Similarly claims 48 and 55), Weiss disclosed the limitations of,
communicatively connected to at least one data store comprising application data having public data and private data (See [0068] discussing the universal secure registry (USR) database (24) as a server communicating with a computer system (10) and [0072] discussing the information types included in the USR database including publicly information, financial information, and validation information. The examiner is interpreting the computer system as a server.);
a security mechanism coupled to the server (See Fig. 1 processor/CPU (16) and [0068] discussing the processor/CPU (16) of computer system (10).); and
an application capable of bidirectionally communicating with the server via the security mechanism (See [0098] discussing USR software (18) receiving and transmitting data to the USR database. The examiner is interpreting the receiving and transmitting as bidirectional. See also [0068] discussing USR software (18) being on processor/CPU (16).), the security mechanism further comprising, 
wherein the security mechanism identifies a security condition (See [0087] discussing processor/CPU (16) implementing the USR software (18) to implement functions and [0080] describing a validation by the USR software (18) by such methods as a password, token, pin, biometrics, etc.) using first application data from the application, wherein the first application data is encrypted and stored using a first private key (See [0130] discussing the public/private key pairing and the storing of the keys on the system.);
wherein a risk-based data matching routine determines if customer information retrieved from a personal data store matches customer information from a product/policy… (See [0170] discussing matching of personal information e.g., PIN, biometric, etc., to the stored information. See also [0172] discussing the matching process with memory on user device. The examiner is interpreting the memory of the user device as a personal data store.) when a mismatch occurs between the customer information from the personal data store and the prodcut/policy (See [0173] discussing protocols when the information does not match.)
Weiss does not explicitly teach the limitations of,
an application programming interface that can be used by the application to interact with the server;
the determination including at least using first application data from the application1, and using service provider data from the server, wherein the service provider data is encrypted and stored using a second private key,
However, Tresser teaches at [Col. 2, l. 14-39] and [Col. 4, l. 35-41] that it would have been obvious to one of ordinary skill in the data management art to include an application programming interface that can be used by the application to interact with the server (See [Col. 2, l. 14-39] discussing the data interaction with the server and users interaction with the data through an interface.) and using service provider data from the server, wherein the service provider data is encrypted and stored using a second private key (See [Col. 4, l. 35-41] discussing the maintaining of encrypted data from a service provider being secured by either a secret key or a public/private key pair.). 
Therefore, it would have been obvious for one of ordinary skill in the data management art before the effective filing date of the claimed invention to have modified the teachings of Weiss to include an application programming interface that can be used by the application to interact with the server and using second service provider data from the server, wherein the second service provider data is encrypted and stored using a second private key, as disclosed by Tresser. One of ordinary skill in the art would have been motivated to make this modification in order to provide a secure environment (Tresser [Col. 4, l. 21-41]).  
Weiss and Tresser are silent on the limitation of,
a rules-based or artificial intelligence (AI)/machine-learning network trained to provide a secure data storage, wherein the trained rules-based or AI/machine-learning network is applied to provide the secure data storage service; 
a server within the trained rules-based or AI/machine-learning network
However, Goodman teaches at [Col. 7, l. 43-59] and [Col. 19, l. 29-50] that it would have been obvious to one of ordinary skill in the data art to include a rules-based or artificial intelligence (AI)/machine-learning network trained to provide a secure data storage, wherein the trained rules-based or AI/machine-learning network is applied to provide the secure data storage service and a server within the trained rules-based or AI/machine-learning network (See [Col. 19, l. 29-50] discussing the computer and server environment of the network and [Col. 7, l. 43-59] discussing the machine-learning component used to autofill information based on a data store.). 
Therefore, it would have been obvious for one of ordinary skill in the data art before the effective filing date of the claimed invention to have modified the teachings of Weiss and Tresser to include a rules-based or artificial intelligence (AI)/machine-learning network trained to provide a secure data storage, wherein the trained rules-based or AI/machine-learning network is applied to provide the secure data storage service and a server within the trained rules-based or AI/machine-learning network, as disclosed by Goodman. One of ordinary skill in the art would have been motivated to make this modification in order to improve data entry (Goodman [Col. 1, l. 54-56]).  
Weiss, Tresser, and Goodman are silent on the limitation of,
wherien a crypt app server is used to obtain correct data
However, Dola teaches at [0077] that it would have been obvious to one of ordinary skill in the data art to include the server providing correct data (See [0077] discussing in the case of a non-matching record vendors server resolves the issue with new corrected data.). 
Therefore, it would have been obvious for one of ordinary skill in the data art before the effective filing date of the claimed invention to have modified the teachings of Weiss, Tresser, and Goodman to include the server providing correct data, as disclosed by Dola. One of ordinary skill in the art would have been motivated to make this modification in order to correct a file when issues are detected (Dola [0077]).  
	
10.	With regards to claims 42 and 49, Weiss disclosed the limitations of,
wherein identification of the security condition includes receiving and sending application data, service provider data, requests and commands (See [0019] discussing the authentication method including receiving authentication information, communicating authentication information and validating authentication information. The examiner is interpreting the validation as a request and command.).

11.	With regards to claims 43 and 50, Weiss disclosed the limitations of,
wherein the server accesses the at least one data store only from a previously registered IP address, or a token (See [0243] discussing the system being used accessed by the user token for data such as financial or medical records.).

12.	With regards to claims 44 and 51, Weiss disclosed the limitations of,
wherein the security mechanism is configured to make a determination whether the application supplied a password or a token, as a condition for the security condition being met (See [0080] discussing passwords, tokens, or biometrics as the validation information for accessing the system.).

13.	With regards to claim 56, Weiss disclosed the limitations of,
receiving a password or a token that is used to determine if2 a security condition has been met (See [0087] discussing processor/CPU (16) implementing the USR software (18) to implement functions and [0080] describing a validation by the USR software (18) by such methods as a password, token, pin, biometrics, etc.).
14.	With regards to claim 57, Weiss disclosed the limitations of,
providing a user interface to the application and receiving the request via the user interface.
However, Tresser teaches at [Col. 2, l. 14-39], [Col. 3, l. 65-Col.4, l. 20], and [Col. 4, l. 35-41] that it would have been obvious to one of ordinary skill in the data management art to include a user interface to the application and receiving the request via the user interface (See [Col. 2, l. 14-39] discussing the data interaction with the server and users interaction with the data through an interface and [Col. 3, l. 65-Col.4, l. 20] discussing the interaction through the interface of the customer to request information from the institution.).
Therefore, it would have been obvious for one of ordinary skill in the data management art before the effective filing date of the claimed invention to have modified the teachings of Weiss to include a user interface to the application and receiving the request via the user interface, as disclosed by Tresser. One of ordinary skill in the art would have been motivated to make this modification in order to provide a secure environment (Tresser [Col. 4, l. 21-41]).  

15.	Claims 45-47, 52-54, and 58-60 are rejected under 35 U.S.C. 103 as being unpatenable by Weiss, Tresser, Goodman, and Dola in view of U.S. Pat. No. 5,241,599 to Bellovin et al. (“Bellovin”).

16.	With regards to claims 45, 52, and 58, Weiss, Tresser, Goodman, and Dola are silent on the limitations of,
wherein the security mechanism is capable of encrypting one or more of the first and second private keys.
However, Bellovin teaches at [Col. 14, l. 26-44] that it would have been obvious to one of ordinary skill in the encryption art to include the ability to encrypting one or more of the first and second private keys (See [Col. 14, l. 26-44] discussing the encryption of the private key with a secret key.). 
Therefore, it would have been obvious for one of ordinary skill in the encryption art before the effective filing date of the claimed invention to have modified the teachings of Weiss, Tresser, Goodman, and Dola to include encrypting one or more of the first and second private keys, as disclosed by Bellovin. One of ordinary skill in the art would have been motivated to make this modification in order to establish a private and authenticated communication channel (Bellovin [Col. 14, l. 26-44]).  
		
17.	With regards to claims 46, 53, and 59, Weiss disclosed the limitations of,
wherein the security mechanism stores the encrypted first or the second private keys in the data store (See [0130] discussing the public/private key pairing and the storing of the keys on the system.).

18.	With regards to claims 47, 54, and 60, Weiss, Tresser, Goodman, and Dola are silent on the limitations of,
wherein the password or the token is used by the security mechanism to determine whether to decrypt the first or the second private keys from the data store.
However, Bellovin teaches at [Col. 14, l. 65-Col. 15, l.15] that it would have been obvious to one of ordinary skill in the encryption art to include the ability for the password or the token is used to determine whether to decrypt the first or the second private keys (See [Col. 14, l. 65-Col. 15, l.15] discussing the decryptor accepting secret password (P) to recover the encrypted key.). 
Therefore, it would have been obvious for one of ordinary skill in the encryption art before the effective filing date of the claimed invention to have modified the teachings of Weiss, Tresser, Goodman, and Dola to include the ability for the password or the token is used to determine whether to decrypt the first or the second private keys, as disclosed by Bellovin. One of ordinary skill in the art would have been motivated to make this modification in order to prevent the computer devices from being impersonated (Bellovin [Col. 15, l.1-15]).  
Response to Arguments
19.	Applicant’s arguments, see Remarks, filed 6/16/2022, with respect to 35 U.S.C. §101 have been fully considered and are persuasive. The §101 rejection of 41-60 has been withdrawn. 
	Examiner notes that the claims are directed to a practical application by providing a technical improvement.

20. Applicant’s arguments, see Remarks, filed 6/16/2022, with respect to the rejection(s) of claim(s) 41-60 under §112 (a), objections, and §103 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made of claims 41-44, 48-51, and 55-57 in view of Weiss, Tresser, Goodman, and Dola and claims 45-47, 52-54, and 58-60 in view of Weiss, Tresser, Goodman, Dola, and Bellovin. Examiner notes that the amendments raised new issues in objections and §112(a)



Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See Notice of References Cited, PTO form 892.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL JARED WALKER whose telephone number is (303)297-4407. The examiner can normally be reached Monday-Thursday 9:00 AM -5:00 PM MT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Fahd A Obeid can be reached on (571)270-3324. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/MICHAEL JARED WALKER/Examiner, Art Unit 3687                                                                                                                                                                                                        Michael.walker@uspto.gov

/FAHD A OBEID/Supervisory Patent Examiner, Art Unit 3687                                                                                                                                                                                                        


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 The examiner is using plain text for context.
        2 This “if” limitation is a conditional limitation under the broadest reasonable interpretation does not have to be satisfied for a method claim. See MPEP §2111.04.