Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of claims
This office action is in response to claims filed on 11/01/2021; the provisional application priority date of 03/06/2018 is considered.
Claims 1-20 are pending and rejected; claims 1 and 11 are independent claims
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 11/01/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 are rejected on the ground of nonstatutory double patenting over claims 1-12 of U.S. Patent No. 11,218,469 B2 since the claims, if allowed, would improperly extend the “right to exclude” already granted in the patent.
The subject matter claimed in the instant application is fully disclosed in the patent and is covered by the patent since the patent and the application are claiming common subject matter, as follows: See independent claims comparison in the table below.
Patent NO.: 11,218,469 B2
Instant application
1. A method comprising: 
authenticating a client application provided on a computing device of a user; 
receiving, from the authenticated client application, a list of one or more protected accounts, wherein each protected account is an online user account associated with the user; 
for each protected account from the list of protected accounts: 
generating a privacy configuration, wherein the privacy configuration is generated based at least in part on one or more user-specific privacy rules; 
accessing a login session for the protected account, wherein the login session is accessed without transmitting or receiving the user's password for the protected account; 
based on the accessed login session for the protected account, determining a plurality of current status indicators for a plurality of privacy settings associated with the protected account; 
calculating a risk score for the user, the risk score based on a plurality of action values calculated for one or more security domains, wherein: a first user security domain is a privacy domain, and the plurality of action values for the privacy domain are calculated based at least in part on the accessed login session for the protected account and the determination of current status indicators; and 
a second user security domain is a device security domain, and the plurality of action values for the device security domain are calculated based at least in part on device-specific data received from the client application provided on the computing device of the user; 
analyzing the plurality of current status indicators to generate updated configuration settings for one or more of the privacy settings associated with the protected account; and 
using the login session for the protected account, applying the updated configuration settings to the protected account.
1. A method comprising: 



receiving a list of one or more protected accounts, wherein each protected account is an online user account associated with a user; 

for each protected account from the list of protected accounts: 
generating a privacy configuration, wherein the privacy configuration is generated based at least in part on one or more user-specific privacy rules; 
accessing a login session for the protected account, wherein the login session is accessed without transmitting or receiving the user's password for the protected account; 
based on the accessed login session for the protected account, determining a plurality of current status indicators for a plurality of privacy settings associated with the protected account; 















analyzing the plurality of current status indicators to generate updated configuration settings for one or more of the privacy settings associated with the protected account; and 
using the login session for the protected account, applying the updated configuration settings to the protected account.


Furthermore, there is no apparent reason why applicant was prevented from presenting claims corresponding to those of the instant application during prosecution of the application which matured into a patent. See In re Schneller, 397 F.2d 350, 158 USPQ 210 (CCPA 1968). See also MPEP § 804.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Atanda US Pub. No.: 2019/0253431 A1 (hereinafter Atanda) in view of Mellmer et al. US Pub. No.: 2005/0044423 A1 (hereinafter Mellmer).

Atanda teaches:
As to claim 1, a method comprising: 
receiving a list of one or more protected accounts, wherein each protected account is an online user account associated with a user (see Atanda ¶¶53-54, personal data including user account information is collect); 
for each protected account from the list of protected accounts: 
generating a privacy configuration, wherein the privacy configuration is generated based at least in part on one or more user-specific privacy rules (see Atanda ¶80, discrete groups of data are categorized in two or more of the following categories: confidential, personal, contextual, user generated, and third party generated); 
based on the accessed login session for the protected account, determining a plurality of current status indicators for a plurality of privacy settings associated with the protected account (see Atanda ¶¶75-77, personal data sharing system further comprises means for automatically assigning a level of authenticity and/or reliability to a discrete group of data); 
analyzing the plurality of current status indicators to generate updated configuration settings for one or more of the privacy settings associated with the protected account (see Atanda ¶220, Analytics tools can monitor one's patterns, examine variances, set personal targets and goals, and visualize data); and 
using the login session for the protected account, applying the updated configuration settings to the protected account (see Atanda ¶171, dynamically track the data groups 26 of other entities and receive updates to changes to the structure, contents or data units 20 of the tracked entity's data feeds). 
Atanda does not explicitly teaches but the related art Mellmer teaches:
accessing a login session for the protected account, wherein the login session is accessed without transmitting or receiving the user's password for the protected account (see Mellmer ¶218, a cache of site login credentials instead of requiring the user to type in and remember those credentials); 
Therefore, it would have been obvious to one with ordinary skill in the art at the time the invention was filed to modify intelligent personal information management system disclosed by Atanda to include the system for managing digital identity information as thought by Mellmer, in order access protected accounts without password. It would have been obvious to a person with ordinary skill in the art to uses cached credential instead of entering password/credentials in order to enhance security and usability.
As to claim 2, the combination of Atanda and Mellmer teaches the method of claim 1, further comprising authenticating a client application provided on a computing device of the user, such that the list of one or more protected accounts is received from the authenticated client application (see Atanda ¶401, application that Integrates multiple authentication protocols and authenticates users intelligently based on contextual intelligence). 

As to claim 3, the combination of Atanda and Mellmer teaches the method of claim 2, wherein accessing the login session for the protected account comprises: detecting, with the authenticated client application, a cached account credential corresponding to the protected account, wherein the cached account credential and the authenticated client application are located on the same computing device of the user (see Mellmer ¶205, digitalme.com server 504 uses session cookies to cache the login credentials for the user at the user's computer 106); and 
causing the computing device of the user to establish the login session for the protected account based on the detected cached account credential (see Mellmer ¶207, the DigitalMe.TM. software caches and submits all other web login credentials). 

As to claim 4, the combination of Atanda and Mellmer teaches the method of claim 3, wherein: the cached account credential is stored on the computing device of the user by an internet browser; and the authenticated client application is a browser extension compatible with the internet browser (see Mellmer ¶182, client browsers caches). 

As to claim 5, the combination of Atanda and Mellmer teaches the method of claim 1, where generating a privacy configuration comprises: obtaining, for each protected account from the list of protected accounts, a set of controllable privacy settings associated with the protected account; and generating, for each controllable privacy setting of the set of controllable privacy settings, a setting-specific privacy configuration (see Atanda ¶¶28, 164, 303, actively manage and control their online personal information). 

As to claim 6, the combination of Atanda and Mellmer teaches the method of claim 5, further comprising using the setting-specific privacy configurations to determine the plurality of current status indicators for the plurality of privacy settings associated with the protected account (see Atanda ¶74, personal data sharing system further comprises a record of an event of access when a third party has accessed a discrete group of data). 

As to claim 7, the combination of Atanda and Mellmer teaches the method of claim 2, further comprising calculating a risk score for the user, wherein the risk score is based on a plurality of action values calculated for one or more user security domains (see Atanda ¶360, machine learning and artificial intelligence to automatically assign a level of data sensitivity and identity exposure risk to a cluster of information based on the changing context of its use). 

As to claim 8, the combination of Atanda and Mellmer teaches the method of claim 7, wherein a first user security domain is a privacy domain, and the plurality of action values for the privacy domain are calculated based at least in part on the accessed login session for the protected account and the determination of current status indicators (see Atanda ¶¶75-77, personal data sharing system further comprises means for automatically assigning a level of authenticity and/or reliability to a discrete group of data). 

As to claim 9, the combination of Atanda and Mellmer teaches the method of claim 7, wherein a second user security domain is a device security domain, and the plurality of action values for the device security domain are calculated based at least in part on device-specific data received from the client application provided on the computing device of the user (see Atanda ¶164, units of data 20 are tagged and mapped either automatically or manually on a personal data map by assigning a minimum of 1 data domain and 1 data sub domain). 

As to claim 10, the combination of Atanda and Mellmer teaches the method of claim 2, further comprising transmitting a login prompt to the client application provided on the computing device of the user, the login prompt transmitted in response to a failure to access the login session for a given protected account, where the login prompt causes the client application to display a request for the user to login to the given protected account on the computing device (see Mellmer ¶20, user logs in to a DigitalMe.TM. web site, that user is prompted to enter NDS credentials such as a password). 
As to independent claim 11, this claim directed to a non-transitory medium having stored therein instructions executing the method of claim 1; therefore it is rejected along similar rationale.
As to dependent claims 12-20, these claims contain substantially similar subject matter as claim 2-10; therefore they are rejected along the same rationale.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NEGA WOLDEMARIAM whose telephone number is (571)270-7478. The examiner can normally be reached Monday to Friday, 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 5712726798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/NEGA WOLDEMARIAM/             Examiner, Art Unit 2433         

/JEFFREY C PWU/             Supervisory Patent Examiner, Art Unit 2433