Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
EXAMINER'S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in an interview with Attorney Natalie K. Walford on 08/25/2022.

The application has been amended as follows: 

(Currently Amended)  A method for performing secure transactions, comprising:
providing an access controller between a core application and a third-party application, wherein the access controller prevents the third-party application from unauthorized access to the core application, wherein the access controller is independent from the core application;
receiving, by the access controller, a command from the third-party application to access the core application;
receiving, by the access controller, an identifier associated with the command and identifying a secure application, wherein the identifier is one of a two-dimensional bar code, numerical value, or a string, generated by the secure application and transmitted by the third-party application, wherein the third-party application and the secure application execute on a mobile device of a user;
transmitting, by the access controller, an authorization request to [[a]] the secure application storing credentials of [[a]] the user, wherein the access controller transmits the authorization request to the secure application based on the identifier; 
providing, by the access controller, the third-party application with access to the core application in response to the access controller receiving a notification from the secure application that the command is authorized; and
preventing, by the access controller, the third-party application from accessing the core application in response to the access controller receiving the notification from the secure application that the command is unauthorized.
(Original)  The method of claim 1, wherein the providing the third-party application with access comprises transmitting, by the access controller, the command to the core application.
(Original)  The method of claim 2, wherein the core application is associated with an institution, and wherein the core application executes the command.  
(Original)  The method of claim 3, wherein the command comprises locking a user account.
(Original)  The method of claim 3, further comprising:
receiving, by the access controller, user data from the core application based on the command; and
transmitting, by the access controller, the user data to the third-party application,
wherein the command comprises a request to download the user data from the core application to the third-party application.
(Original)  The method of claim 5, wherein the user data comprises health data of the user.
(Cancelled)  
(Cancelled)  
(Original)  The method of claim 3, further comprising:
validating the credentials on a ledger with the institution, wherein the institution issued the credentials.
 (Original)  The method of claim 1, wherein the secure application displays an alert to the user in response to receiving the authorization request.
 (Currently Amended)  A system for performing secure transactions, comprising:
a computer processor; and
a memory storing an access controller that, when executed by the computer processor, performs a plurality of operations that prevent unauthorized access to a core application, wherein the access controller is independent from the core application, the plurality of operations comprising:
receiving a command from a third-party application to access the core application;
receiving an identifier associated with the command and identifying a secure application, wherein the identifier is one of a two-dimensional bar code, numerical value, or a string, generated by the secure application and transmitted by the third-party application, wherein the third-party application and the secure application execute on a mobile device of a user;
transmitting an authorization request to [[a]] the secure application storing credentials of [[a]] the user, wherein the access controller transmits the authorization request to the secure application based on the identifier; 
providing the third-party application with access to the core application in response to the access controller receiving a notification from the secure application that the command is authorized; and
preventing the third-party application from accessing the core application in response to the access controller receiving the notification from the secure application that the command is unauthorized.
 (Original)  The system of claim 11, wherein the providing the third-party application with access comprises transmitting, by the access controller, the command to the core application, and wherein the core application executes the command.
 (Original)  The system of claim 12, wherein the core application is associated with an institution, and wherein the command comprises a request to download user data from the core application to the third-party application.
 (Original)  The system of claim 13, the plurality of operations further comprising:
receiving the user data from the core application based on the command; and
transmitting the user data to the third-party application.
 (Cancelled)  
 (Original)  The system of claim 13, the plurality of operations further comprising:
validating the credentials on a ledger with the institution, wherein the institution issued the credentials.
 (Currently Amended)  A non-transitory computer readable (CRM) storing instructions for performing secure transactions using an access controller, the instructions, when executed by a computer processor, cause the access controller to perform a plurality of operations that prevent unauthorized access to a core application, the plurality of operations comprising:
receiving a command from a third-party application to access the core application, wherein the access controller is independent from the core application;
receiving an identifier associated with the command and identifying a secure application, wherein the identifier is one of a two-dimensional bar code, numerical value, or a string, generated by the secure application and transmitted by the third-party application, wherein the third-party application and the secure application execute on a mobile device of a user;
transmitting an authorization request to [[a]] the secure application storing credentials of [[a]] the user, wherein the access controller transmits the authorization request to the secure application based on the identifier; 
providing the third-party application with access to the core application in response to the access controller receiving a notification from the secure application that the command is authorized; and
preventing the third-party application from accessing the core application in response to the access controller receiving the notification from the secure application that the command is unauthorized.
 (Currently Amended)  The non-transitory CRM of claim 17, the plurality of operations further comprising:


wherein the command comprises a request to download user data from the core application to the third-party application;
receiving the user data from the core application based on the command; and
transmitting the user data from the access controller to the third-party application,
wherein the core application is associated with an institution.
 (Cancelled)  
 (Original)  The non-transitory CRM of claim 18, the plurality of operations further comprising:
validating the credentials on a ledger of the institution, wherein the institution issued the credentials.

Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: The prior art of record (in particular, the combination of Montgomerie et al. US Pub. No.: 2021/0400037 A1 (hereinafter Montgomerie) in view of Tussy et al US Pub. No: 2020/0042685 A1 (hereinafter Tussy) does not disclose, with respect to independent claims 1, 11 and 17, receiving an identifier associated with the command and identifying a secure application, wherein the identifier is one of a two-dimensional bar code, numerical value, or a string, generated by the secure application and transmitted by the third-party application, wherein the third-party application and the secure application execute on a mobile device of a user; transmitting an authorization request to the secure application storing credentials of the user, wherein the access controller transmits the authorization request to the secure application based on the identifier; providing the third-party application with access to the core application in response to the access controller receiving a notification from the secure application that the command is authorized; and preventing the third-party application from accessing the core application in response to the access controller receiving the notification from the secure application that the command is unauthorized.. Rather, Montgomerie authenticated interface element interactions.  Similarly, Tussy discloses  Method and apparatus for creation and use of digital identification.  Accordingly, claims 1-6, 9-18 and 20 are allowed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NEGA WOLDEMARIAM whose telephone number is (571)270-7478. The examiner can normally be reached Monday to Friday, 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 5712726798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/NEGA WOLDEMARIAM/Examiner, Art Unit 2433                   

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433