Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
1. 		Claims 1-20 are presented for the examination. 
                                             

 Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

5.	Claims 1, 3, 5, 7, 8, 12, 14, 15, 16, 17 are rejected under 35 U.S.C. 103 as being unpatentable over Shepard( US 20130054803 A1) in view of  Poschel (US 20180219846 A1) and further  in view of NISHIDA(US 20180203655 A1).  

As to claim 1,  Shepard teaches  determining that an application on the first computing device has requested personal information( operating system 213 of user device 210 proxies authentication sessions between client applications 214 and first-party data manager 220 (e.g., the social-networking system). In particular embodiments, when a client application 214 wishes to access user data 221 stored on remote hosts, instead of requesting an access token directly from first-party data manager 220, the client application 214 may send a request to operating system 213, para[0018],ln 1-10), wherein the personal information can be provided by a personal information manager on a second computing device( there is a first party 220 that is responsible for managing data 221 stored on remote hosts (e.g., on servers or in databases) associated with first party 220. In particular embodiments, first party 220 may be a social-networking system, and a user of user device 210 may be a member of social-networking system 220. Data 221 may be data of the user maintained by social-networking system 220, such as the user's profile, social connections and contacts, calendar entries, interests and hobbies, news feeds generated for the user, images uploaded to social-networking system 220 by the user, messages or posts sent by or sent to the user, and so on, para[0015] to para[0016]), 
wherein the first computing device operates using a first platform and the second computing device operates using a second platform, wherein the second platform is different from the first platform ( a user device 210, such as a desktop computer or a mobile device (e.g., notebook computer, netbook computer, mobile telephone, a gaming console, etc.), may have an operating system 213 and a number of client applications 214, para[0014]/ there is a first party 220 that is responsible for managing data 221 stored on remote hosts (e.g., on servers or in databases) associated with first party 220. In particular embodiments, first party 220 may be a social-networking system, and a user of user device 210 may be a member of social-networking system 220, para[0015]),
 wherein there is a trusted connection between the first computing device and the second computing device( operating system 213 may establish a secure network connection (e.g., SSL connection) with first-party data manager 220, and send the request over this secure connection, para[0022], ln 16-25),
 sending a request to a second broker on the second computing device to provide the personal information for the application, wherein the request is sent automatically in response to determining that the application has requested the personal information( When a specific user is running a client application 214 on user device 210, if the client application 214 wishes to access the specific user's data, the user's digital certificate 211 may be used in connection with the authentication process (e.g., used to establish a secure connection between user device 210 and first party 220), para[0019], ln 8-16/ operating system 213 may send a request to first-party data manager 220 on behalf of the requesting client application 214, as illustrated in STEP 130. The request, such as proxy.Authorize (app_id, developer_id, permissions), may include both the developer_identifier (e.g., "ABCD1234") and the application identifier of the requesting client application 214. The request may also contain a user identifier (or any other suitable account identifier) that the remote host may associate to a set of data (such as user account data). Optionally, the request may also include information describing which specific portion (permissions) of user data 221 client application 214 wishes to access (e.g., the information from the initial request received from client application 214), para[0022], ln 1-30).
Shepard does not teach receiving the personal information from the second broker on the second computing device; and providing the personal information to the application for use by the application. However, Poschel teaches receiving the personal information from the second broker on the second computing device; and providing the personal information to the application(  PII or derived data directly from the data provider service. The requested PII or derived data can be delivered from the data provider service to the browser application via the data provider API.In some aspects, the data provider system allows sensitive data about individuals or other entities to be securely delivered to a browser application, para[0023],ln 11-15 to para[0024], ln 1-6/ These browser integration operations can allow a third-party system 104 to control how the sensitive data from the data provider service 109 is displayed to users of an online service 105 that is provided by the third-party system 104 without requiring the third-party system 104 to access the sensitive data from the data provider service 109.FIG. 2 is a flow chart depicting an example of a method 200 for integrating sensitive data from a data provider service with a web-based application of a third-party online service via a browser application of a user device, para[0048], ln 19-39/ para[0048], ln 1-10).
It would be obvious to one of the ordinary skill in the art before the effective filling date of claimed invention was made to modify the teaching of  Shepard with  Poschel to incorporate the feature of receiving the personal information from the second broker on the second computing device; and providing the personal information to the application because this  allows conventional techniques for directing the consumer to the data provider service may be inadequate for handling the consumer's request for secured information via the online service.
 Shepard and Poschel do not teach  determining by the first broker that an application on the first computing device has requested personal information, wherein the personal information  is stored by a personal information manager on a second computing device, sending a request by the first broker to a second broker on the second computing device to provide the personal information for the application, receiving the personal information obtained by the second broker from the  personal information manager on the second computing device; and providing the personal information to the application for use by the application. However, NISHIDA teaches determining by the first broker that an application on the first computing device has requested personal information( a user (proxy) operating the image forming apparatus 20[broker], para[0032], ln 1-3/As illustrated in FIG. 4, the image forming apparatus 20[first broker] includes a login control unit 221, a proxy information acquisition unit 222, a job list acquisition unit 223, a print data request unit 224, and a job execution unit 225. These units represent functions and units implemented by any of the elements and devices of the image forming apparatus 20, para[0053], ln 1-10/ The login control unit 221 is configured to send an authentication request to the authentication server 30 so that the authentication server 30 is requested to perform authentication of a login user based on a user ID and a password which are input to the image forming apparatus 20 by the user. When the authenticity of the login user is successfully verified by the authentication server 30, the login control unit 221 is configured to identify the login user based on the input user ID. The proxy information acquisition unit 222 is configured to acquire from the authentication server 30 an owner ID associated with the proxy ID which accords with the user ID of the login user, para[0054] to para[0055]/ determining by the first broker that an application on the first computing device has requested personal information since the acquisition unit 222 request the owner ID associated with login user when login control unit in  the image forming apparatus 20 [broker] verify successfully authenticity of the login user by sending authentication request and identify the login user based on the input user ID as described above.  
, wherein the personal information  is stored by a personal information manager on a second computing device( store the information indicating the association between the owner ID and the proxy ID into the proxy information storage unit 35, para[0052], ln 6-15/ The authentication server 30 further includes a user information storage unit 34 and a proxy information storage unit 35. These storage units are implemented by using an auxiliary storage device of the authentication server 30, para[0050], ln 13-25).
sending a request by the first broker to a second broker on the second computing device to provide the personal information for the application  receiving the personal information obtained by the second broker from the  personal information manager on the second computing device(  Further, the proxy information management unit 33 is configured to receive from the image forming apparatus 20 an acquire request for acquiring an owner ID associated with the proxy ID which accords with the user ID included in the acquire request, and send to the image forming apparatus 20 the owner ID obtained by making reference to the stored information in the proxy information storage unit 35, para[0052], ln 15-40/ Further, the proxy information management unit 33 is configured to receive from the image forming apparatus 20 an acquire request for acquiring an owner ID associated with the proxy ID which accords with the user ID included in the acquire request, and send to the image forming apparatus 20 the owner ID obtained by making reference to the stored information in the proxy information storage unit 35.The proxy information management unit 33 of the authentication server 30 sends to the proxy information acquisition unit 222 an owner ID associated with the proxy ID which accords with the user ID included in the proxy information request, para[0073], ln 11-30).
It would be obvious to one of the ordinary skill in the art before the effective filling date of claimed invention was made to modify the teaching of  Shepard  and  Poschel with NISHIDA to incorporate the feature of determining by the first broker that an application on the first computing device has requested personal information, wherein the personal information  is stored by a personal information manager on a second computing device, sending a request by the first broker to a second broker on the second computing device to provide the personal information for the application, receiving the personal information obtained by the second broker from the  personal information manager on the second computing device; and providing the personal information to the application for use by the application because this reduces the possibility that confidential information or the like is revealed to other people .
As to claim 3,   Shepard teaches  determining that the application on the first computing device has requested the personal information comprises receiving an application programming interface (API) request from the application(  the client application 214 may send a request to operating system 213, as illustrated in STEP 110. For example, the client application 214 may make an API call to operating system 213 to open a session with first-party data manger 220 (e.g., the social-networking system), such as "getSession (app_id, permissions)", para[0018], ln 8-20).
As to claim 5, Poschel teaches sending the request to the second computing device comprises calling an application programming interface (API) that is exposed by a broker on the second computing device( The data provider service 109 can communicate, via the data provider API 110, with user devices 102, third-party systems 104, or some combination thereof via encrypted communication. Data exchanged between the data provider API 110 and other systems can have any suitable format, para[0036], ln 1-15).  
As to claim 7, it is rejected for the same reason as to claim 1 above.
As to claim 8, Poschel teaches obtaining the personal information comprises sending an application programming interface (API) request to an API that is exposed by the personal information manager( The data provider service 109 can communicate, via the data provider API 110, with user devices 102, third-party systems 104, or some combination thereof via encrypted communication. Data exchanged between the data provider API 110 and other systems can have any suitable format, para[0036], ln 1-15).  
As to claim 12, it is rejected for the same reason as to claim 1 above. In additional, Poschel teaches first computing device that operates using a first platform; a first broker on the first computing device; a second computing device that operates using a second platform, wherein the second platform is different from the first platform( a browser application 103 executed by the user device 102 and an online service 105 that is hosted by (or otherwise associated with) the third-party system 104. The online service 105 can provide, via an interface presented by the browser application 103, one or more options for enrolling a user of the user device 102 in the data provider service 109, para[0052], ln 9-15/ telecommunications network server 108 to implement block 204. For example, the authentication engine 111 can obtain, from the enrollment API call, information that identifies a user that is described by one or more of the user data records 118. The authentication engine 111 can use the obtained information to retrieve one or more user data records 118 that include data describing the user, para[0052], ln 6-26), the first broker is additionally configured to request personal information from the personal information manager via the second broker( FIG. 9 depicts an example of a request 900 from the browser application 103 using an access token. The telecommunications network server 108 can receive, via the data provider API 110, the communication 326 having the access token and the request, para[0088], ln 15-25).
As to claim  14, Shepard teaches the system further comprises an application on the first computing device; and the first broker is configured to automatically request the personal information in response to determining that the application has requested the personal information(Then, each time when a client application 214 wishes to access the user's information (e.g., data 221), instead of contacting and troubling the user, operating system 213 may send a request to the social-networking system hosting the social-networking website (i.e., first-party data manager 220). The social-networking system may authenticate the client application 214 according to the specification previously made by the user , para[0029], ln 20-35).
As to claim 15, Poschel teaches the first broker is additionally configured to: determine context information related to the personal information; and provide the context information to the personal information manager in connection with requesting the personal information( FIG. 9 depicts an example of a request 900 from the browser application 103 using an access token. The telecommunications network server 108 can receive, via the data provider API 110, the communication 326 having the access token and the request, para[008], ln 15-35).  
As to claim 16,  Shepard teaches  the second broker is configured to expose an application programming interface (API); the first broker is configured to request the personal information from the personal information manager via an API request(  In particular embodiments, social-networking system 220 may provide Application Programming Interfaces (APIs) that enable software applications (e.g., applications developed by third-party developers) to access some or all of the user's data either stored on user device 210 or on remote hosts (e.g., data 221). For example, client applications 214 may access some of the user's data (e.g., profile information, social connections, images, etc.) using the APIs provided by social-networking system 220, para[0017], ln 1-15).  
As to claim 17,  Poschel teaches  the second broker is configured to: obtain the personal information from the personal information manager on the second computing device; and send the personal information to the first broker on the first computing device( When a specific user is running a client application 214 on user device 210, if the client application 214 wishes to access the specific user's data, the user's digital certificate 211 may be used in connection with the authentication process (e.g., used to establish a secure connection between user device 210 and first party 220), para[0019], ln 8-16/ operating system 213 may send a request to first-party data manager 220 on behalf of the requesting client application 214, as illustrated in STEP 130. The request, such as proxy.Authorize (app_id, developer_id, permissions), may include both the developer_identifier (e.g., "ABCD1234") and the application identifier of the requesting client application 214. The request may also contain a user identifier (or any other suitable account identifier) that the remote host may associate to a set of data (such as user account data). Optionally, the request may also include information describing which specific portion (permissions) of user data 221 client application 214 wishes to access (e.g., the information from the initial request received from client application 214), para[0022], ln 1-30)..  
As to claim 18,  Shepard teaches obtaining the personal information comprises sending an application programming interface (API) request to an API exposed by the personal information manager(In particular embodiments, social-networking system 220 may provide Application Programming Interfaces (APIs) that enable software applications (e.g., applications developed by third-party developers) to access some or all of the user's data either stored on user device 210 or on remote hosts (e.g., data 221). For example, client applications 214 may access some of the user's data (e.g., profile information, social connections, images, etc.) using the APIs provided by social-networking system 220, para[0017], ln 1-15)..

6.	Claims 2, 11, 13   are rejected under 35 U.S.C. 103 as being unpatentable over Shepard( US 20130054803 A1) in view of  Poschel (US 20180219846 A1) in view of NISHIDA(US 20180203655 A1) and further in view of Ricci(US 20130167159 A1).
 As to claim 2, Shepard, Poschel and NISHIDA do not teach  the first computing device comprises a desktop computer that runs a desktop operating system; and the second computing device comprises a mobile device that runs a mobile operating system. However, Ricci teaches the first computing device comprises a desktop computer that runs a desktop operating system; and the second computing device comprises a mobile device that runs a mobile operating system( A personal computing device operating system runs concurrently with the mobile operating system in a second execution environment on the shared kernel, the personal computing device operating system includes a second application framework supporting a second application that is incompatible with the first application framework. A vehicle processing module operating system runs concurrently with the mobile operating system in a third execution environment, para[0080], ln 6-10).
It would be obvious to one of the ordinary skill in the art before the effective filling date of claimed invention was made to modify the teaching of Shepard, Poschel and NISHIDA with Ricci to incorporate the feature of  the first computing device comprises a desktop computer that runs a desktop operating system; and the second computing device comprises a mobile device that runs a mobile operating system because this helps distribute digital content over the Internet by ensuring both high availability and high performance.
As to claims 11,  13, they are  rejected for the same reason as to claim 2 above.
 
7.	Claim 4 is  rejected under 35 U.S.C. 103 as being unpatentable over Shepard( US 20130054803 A1) in view of  Poschel (US 20180219846 A1) in view of NISHIDA(US 20180203655 A1) and further in view of Alejo(US 20170301013 A).
As to claim 4, Shepard, Poschel and NISHIDA do not teach  determining that the application on the first computing device has requested the personal information comprises detecting a system call made by the application. However, Alejo teaches determining that the application on the first computing device has requested the personal information comprises detecting a system call made by the application (the proxy server provided by the illustrative embodiments may process requests for access to the human resource services based on dynamic discovery of application programming interfaces connected to the proxy server at the time the request is processed. In this manner, these profiles may be updated over time to keep up with changes or modifications to these application programming interfaces. The profiles may be used to generate responses to requests for access to the human resource services that may be sent to the client applications. These responses contain the data requested by the client applications, para[0176]).  
It would be obvious to one of the ordinary skill in the art before the effective filling date of claimed invention was made to modify the teaching of Shepard, Poschel and NISHIDA with Alejo to incorporate the feature of determining that the application on the first computing device has requested the personal information comprises detecting a system call made by the application  because this facilitates access to credit scores in an enterprise system.

8.	Claims 6, 9, 19  are rejected under 35 U.S.C. 103 as being unpatentable over Shepard( US 20130054803 A1) in view of  Poschel (US 20180219846 A1) in view of NISHIDA(US 20180203655 A1) and further in view of Muttik(US 20160330172 A1).

As to claim 6. Shepard, Poschel and NISHIDA do not teach the personal information comprises at least one of password information, address information, financial account information, account information for a customer loyalty program, and government identification information. However, Muttik teaches  the personal information comprises at least one of password information, address information, financial account information, account information for a customer loyalty program, and government identification information( Private data can also include any other data or information designated by a user or entity including, but not limited to, account numbers (e.g., financial, health, school, etc.), credit card numbers, personal data (e.g., gender, weight, etc.), social security numbers, home address , particular photographs, etc, para[0015],l n 24-30).  
It would be obvious to one of the ordinary skill in the art before the effective filling date of claimed invention was made to modify the teaching of Shepard, Poschel and NISHIDA with  Mukkit   to incorporate the feature of the personal information comprises at least one of password information, address information, financial account information, account information for a customer loyalty program, and government identification information because this protects client devices from malicious persons who seek to misappropriate private data from the client devices.
As to claim 9, Poschel teaches obtaining the personal information comprises simulating that a second application on the second computing device is requesting the personal information( he authentication engine 111 can obtain, from the enrollment API call, information that identifies a user that is described by one or more of the user data records 118. The authentication engine 111 can use the obtained information to retrieve one or more user data records 118 that include data describing the user, para[0053], ln 7-20).  
As to claim 19, it is rejected for the same reason as to claim 9 above.

9.	Claims 10, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Shepard( US 20130054803 A1) in view of  Poschel (US 20180219846 A1) in view of NISHIDA(US 20180203655 A1) and further in view of Fraser(US 6067416 A).

As to claim 10,  Poschel teaches  the second application corresponding to the first application on the first computing device( requesting client application 214 can use the access token to access data associated with the user on remote host 220, para[0025], ln 1-20).
Shepard, Poschel and NISHIDA do not teach  launching a second application on the second computing device,; and copying the personal information when the personal information manager provides t information to the second application. However, Fraser teaches launching a second application on the second computing device,; and copying the personal information when the personal information manager provides t information to the second application( when a user wishes to download a software product or other file, the user first enters into the web browser program on the user's computer the URL of the site at which the file to be downloaded is located. The browser then connects to the corresponding web server and requests the file. The web server software responds by launching the DWE program on the web server. The DWE accesses the specified file and embeds special information into the file such as the user's name, the download date, and identifying information for the store from which the software product is downloaded. The DWE program then sends the file along with the embedded information to the web server software, which in turn sends it to the web browser on the user's computer one byte at a time. The browser assembles the file one byte at a time on the user's computer so that the user has a modified copy of the original file, col 2, ln 20-35). 
It would be obvious to one of the ordinary skill in the art before the effective filling date of claimed invention was made to modify the teaching of Shepard, Poschel and NISHIDA with Fraser   to incorporate the feature of launching a second application on the second computing device,; and copying the personal information when the personal information manager provides t information to the second application because this  provides an improved method for downloading files such as software products from the Internet.
As to claim 20, it is rejected for the same reason as to claim 10 above. 
Response to the argument: 

10.	Applicant amendment filed on 06/30/2022 has been considered but they are not persuasive: 


Applicant argued in substance that : 
 (1) “  the cited references fail to disclose or suggest the features recited in the independent claims. For example, the Applicant submits that the combination of Shepard and Poschel have not been shown to disclose or suggest "sending a request by the first broker to a second broker on the second computing device to provide the personal information for the application, wherein the request is sent automatically in response to determining that the application has requested the personal information; [and] receiving the personal information obtained by the second broker from the personal information manager on the second computing device," as recited in amended claim 1.”
 
30.	 Examiner respectfully disagreed with Applicant's remarks:
               As to the point (1), NISHIDA teaches Further, the proxy information management unit 33 is configured to receive from the image forming apparatus 20 an acquire request for acquiring an owner ID associated with the proxy ID which accords with the user ID included in the acquire request, and send to the image forming apparatus 20 the owner ID obtained by making reference to the stored information in the proxy information storage unit 35, para[0052], ln 15-40/ Further, the proxy information management unit 33 is configured to receive from the image forming apparatus 20 an acquire request for acquiring an owner ID associated with the proxy ID which accords with the user ID included in the acquire request, and send to the image forming apparatus 20 the owner ID obtained by making reference to the stored information in the proxy information storage unit 35.The proxy information management unit 33 of the authentication server 30 sends to the proxy information acquisition unit 222 an owner ID associated with the proxy ID which accords with the user ID included in the proxy information request, para[0073], ln 11-30).
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 


                                                                   Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LECHI TRUONG whose telephone number is ( 571) 272-3767.  The examiner can normally be reached on 10-8PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor,  Chow, Dennis can be reached on ( 571) 272-7767   . The fax phone number for the organization where this application or proceeding is assigned is 703-872-9306.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR of Public PAIP. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIP system, contact the Electronic Business Center (EBC) at 866-217-9197(toll-free).
                                 /LECHI TRUONG/                                                Primary Examiner, Art Unit 2194