DETAILED ACTION

1.	Claims 1-20 are presented for consideration.

Continued Examination Under 37 CFR 1.114

2.	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 07/14/2022 has been entered.

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

3.	Claims 1-4, 6, and 8-19 are rejected under 35 U.S.C. 103 as being unpatentable over Amaya Calvo [ WO 2012/136652 A1 ], in view of Hockey et al. [ US Patent Application No 2019/0318122 ].

4.	As per claim 1, Amaya discloses the invention as claimed including a method comprising:
	providing, from a server to a service provider, an application programming interface (API) for installation at the service provider [ i.e. API integrated in a TPS ], wherein the API serves as a data interface between the server and the service provider [ i.e. the API comprises means for communicating with the PUB server ] [ page 6, lines 24-28; and page 16, lines 4-10 ];
	receiving, at the server and from the API installed at the service provider, a message indicating a data access request to access user data, relating to a user, that was previously stored with the service provider [ i.e. the requestor user of the third party service wants to search for other users ] [ Figure 7; and page 16, lines 12-20 ],
	wherein the API receives the message indicating the data access request from the service provider when the service provider receives the data access request at a database of the service provider from a data requestor [ i.e. a request placed by a third party service on behalf of a user of the TPS, the data requestor ] [ Figure 8; page 5, lines 6-11; and page 16, lines 32-33 ];	
	sending, via a communication network, the electronic message to a user device associated with the user when the electronic message is generated as a response to the received message indicating the data access request from the service provider [ i.e. triggers the sending of a message to all the PII owners ] [ page 18, lines 1-5, and 18-22 ].
	Amaya does not specifically disclose	
	determining that the user has previously registered for user data access alerts;
	generating an electronic message indicating the data access request in response to determining that the user has previously registered for the user data access alerts.
	Hockey disclsoes
	determining that the user has previously registered for user data access alerts [ i.e. register or setting up alerts ] [ paragraphs 0256, 0281, 0339, an d0344 ];
	generating an electronic message indicating the data access request in response to determining that the user has previously registered for the user data access alerts [ i.e. alert or indication ] [ paragraphs 0421, and 0505 ].
	It would have been obvious to a person skill in the art before the effective filing date of the claimed invention to combine the teaching of Amaya and Hockey because the teaching of Hockey would enable to provide system and method for secure permissioning of access to user accounts, including secure distribution of aggregated user account data [ Hockey, paragraph 0002 ]..

5.	As per claim 2, Amaya discloses wherein the API receives an API call initiated by the service provider when the service provider detects the data access request to the user data, and wherein the API call includes a request to send the electronic message to the user device [ page 19, lines 5-9 ].

6.	As per claim 3, Amaya discloses determining, via the API, a type of the data access request and information relating to the data requestor of the data access request; and determining whether to send the electronic message based on the type of the data access request or the information relating to the data requestor [ i.e. search terms ] [ page 17, lines 12-20 ].

7.	As per claim 4, Amaya discloses wherein the generating, by the API, the electronic message indicating the data access request is further in response to determining that the data requestor is outside a white list of previously authorized data requestors [ i.e. authorized user’s list, and the user is external to the ISP ] [ page 2, lines 19-25; and page 7, lines 24-28 ].

8.	As per claim 6, Amaya discloses wherein the generating, by the API, the electronic message indicating the data access request comprises incorporating an actionable user interface element into the electronic message, and wherein the actionable user interface element is engageable by the user to provide permission for the data access request [ i.e. if the requester wishes to ask for permission of the PII owner ] [ page 17, lines 33-page 18, lines 1 ], and the method further comprises: receiving, by the API and via the communication network, a user response approving the data access request; and sending, via the API to the service provider, the response approving the data access request [ i.e. owner user that grants the request, the PUB server sends a message to the end user using the messaging system of the social network ] [ page 18, lines 4-8 ] .

9.	As per claim 8, Amaya in view of Hockey discloses the method of claim 1, furthermore, Amaya discloses providing, to the user device, the API that comprises a browser plugin integrated with a web application running on the user device [ page 14, lines 28-29 ], and Hockey discloses wherein the API obtains information relating to user usage of the user device from the web application [ paragraphs 0354, and 0435 ].

10.	As per claim 9, Hockey discloses wherein the API is configured to perform: preventing access to the information relating to user usage of the user device stored with the web application; or sending the electronic message to the user device when the information relating to user usage of the user device stored with the web application is being accessed by the data requestor [ i.e. restrict access ] [ paragraphs 0288, 0300, and 0352 ].

11.	As per claim 10, Amaya discloses the invention as claimed including a system comprising a communication interface configured to:
	provide, from a server, an application programming interface (API) to be integrated with a service provider [ i.e. API integrated in a TPS ] [ page 6, lines 24-28; and page 16, lines 4-10 ]; and
	a memory storing a plurality of processor-executable instructions; and
	a processor executing the plurality of processor-executable instructions to:
	receive, at the API from the service provider, a message indicating a data access request to access user data  [ i.e. the requestor user of the third party service wants to search for other users ] [ Figure 7; and page 16, lines 12-20 ], relating to a user, that was previously stored with the service provider when the service provider receives the data access request at a database of the service provider from a data requestor  [ i.e. a request placed by a third party service on behalf of a user of the TPS, the data requestor ] [ Figure 8; page 5, lines 6-11; and page 16, lines 32-33 ]; and
	forward, by the API to the server, the message indicating the data access request [ i.e. forwarded to the PUB server through the search API ] [ page 16, lines 17-20 ]; and
	send, by the API, via a communication network, an electronic message indicating the data access request, to a user device associated with the user, in response to the message indicating the data access request [ i.e. triggers the sending of a message to all the PII owners ] [ page 18, lines 1-5, and 18-22 ].
	Amaya does not specifically disclose
	receive, via the API from the service provider, a user registration record that a user has registered for user data access alerts.
	Hockey discloses 
	receive, via the API from the service provider, a user registration record that a user has registered for user data access alerts [ i.e. register or setting up alerts ] [ paragraphs 0256, 0281, 0339, an d0344 ].
	It would have been obvious to a person skill in the art before the effective filing date of the claimed invention to combine the teaching of Amaya and Hockey because the teaching of Hockey would enable to provide system and method for secure permissioning of access to user accounts, including secure distribution of aggregated user account data [ Hockey, paragraph 0002 ].

12.	As per claim 11, Hockey discloses generate the electronic message according to a user specified communication protocol in the user registration record [ paragraphs 0374, and 0421 ].

13.	As per claim 12, it is rejected for similar reasons as stated above in claim 4.

14.	As per claims 13, and 14, they are rejected for similar reasons as stated above in claim 6, furthermore, Amaya discloses wherein the API is configured to forward the response approving the data access request to the service provider [ Figure 8 ].

15.	As per claim 15, it is rejected for similar reasons as stated above in claim 2.

16.	As per claim 16, it is rejected for similar reasons as stated above in claim 1.

17.	As per claim 17, Amaya discloses wherein the instructions include processor-executable code to build the API [ page 6, lines 24-28 ].

18.	As per claim 18, Amaya discloses receive an API call initiated by a database of the service provider when the database receives the data access request from a data requestor [ page 19, lines 5-9 ].

19.	As per claim 19, Hockey discloses receive, via the API and from the service provider, a user registration request for the user to register for user data access alerts; and forward the user registration request to the server [ i.e. register or setting up alerts ] [ paragraphs 0256, 0281, 0339, an d0344 ].


20.	Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Amaya Calvo [ WO 2012/136652 A1 ], in view of Hockey et al. [ US Patent Application No 2019/0318122 ], and further in view of Dunjic et al. [ US Patent Application No 2021/0084070 ].

21.	As per claim 5, Amaya in view of Hockey does not specifically disclose wherein the generating, by the API, the electronic message indicating the data access request is further in response to determining that a frequency of the data access request corresponding to the user has exceeded a threshold.  Dunjic discloses wherein the generating, by the API, the electronic message indicating the data access request is further in response to determining that a frequency of the data access request corresponding to the user has exceeded a threshold [ i.e. threshold may defined as a frequency ] [ paragraphs 0114, 0143, and 0155 ].  It would have been obvious to a person skill in the art before the effective filing date of the claimed invention to combine the teaching of Amaya, Hockey, and Dunjic because the teaching of Dunjic would enable to provide system and method for evaluating security of third-party applications that request to gain access to a protected data resource [ Dunjic, paragraph 0001 ].
.

22.	Claims 7, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Amaya Calvo [ WO 2012/136652 A1 ], in view of Hockey et al. [ US Patent Application No 2019/0318122 ], and further in view of Chud [ US Patent No 10,673,905 ].

23.	As per claim 7, Amaya in view of Hockey does not specifically discloses maintaining a user response log relating to user approval or disapproval of previously received data access requests; and wherein the generating, by the API, the electronic message indicating the data access request, is further in response to determining that a disapproval percentage of the previously received data access requests from the user response log is greater than a threshold.  Chud discloses maintaining a user response log relating to user approval or disapproval of previously received data access requests; and wherein the generating, by the API, the electronic message indicating the data access request, is further in response to determining that a disapproval percentage of the previously received data access requests from the user response log is greater than a threshold [ i.e. percentage of requests from the one or more subsequent requests for which the access policy resulted in deny result ] [ 712, 713, Figure 7; and col 19, lines 28-65 ].  It would have been obvious to a person skill in the art before the effective filing date of the claimed invention to combine the teaching of Amaya, Hockey, and Chud because the teaching of Chud would enable to provide authorization service, which manages access control policies of service instances corresponding to multiple network-accessible services [ Chud, col 2, lines 43-67 ].

24.	As per claim 20, it is rejected for similar reasons as stated above in claims 6 and 7. 

Response to Arguments

25.	Applicant’s arguments with respect to claim(s) 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to DUSTIN NGUYEN whose telephone number is (571)272-3971.  The examiner can normally be reached on Monday-Friday 9-6 PST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Brian Gillis can be reached on 571-2727952.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/DUSTIN NGUYEN/Primary Examiner, Art Unit 2446