TECHNIQUES FOR TIME-CONTROLLED USER DATA PRIVACY

§103 §112

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claims 1, 12, 19, 26-36, 42-47, and 54-60 have been examined. Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 10/07/2025 has been entered. Information Disclosure Statement The information disclosure statements (IDSs) submitted on 10/07/2025 and 11/14/2025 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements are being considered by the examiner. Response to Amendment Claim 48 has been cancelled. Claims 1, 12, 19, 26, 42, and 54 have been amended. Applicant’s arguments with respect to claims 1, 12, 19, 26, 42, and 54 regarding the new limitations: “the generated data comprising a predicted audience assignment for the user profile”, “the first personal data comprising a predicted audience assignment for the user profile”, and “wherein the first data qualifies as one or more classes of data, and wherein when the first data qualifies as more than one class of data of the one or more classes of data, the first data is subject to a shortest data retention time limit for respective classes of data of the more than one class of data” have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Claim Rejections - 35 USC § 112 The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112: The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention. Claims 19 and 54 rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Claims 19 and 54 recite: “the first personal data comprising a predicted audience assignment for the user profile”. The examiner did not find support for this limitation in the specification of the instant application. The published specification of the instant application recites: [0107] At step 6, the full 1AdID packet is optionally processed at the edge or in the cloud (e.g., to assign the end user to their relevant audience(s), or other such predictions or inferences). The processing may be done using machine learning and artificial intelligence. The specific algorithm(s) used for assignment to audience can be proprietary to advertisers (e.g., unique to the advertising opportunity), mobile operators (e.g., unique to all mobile phone service customers), the physical location (e.g., unique to all visitors to an amusement park), or any permutation thereof, i.e., the audience assignment is inferred/generated from the personal data received by the edge or cloud and is not contained in the personal data itself. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action. Claims 1, 12, 26-29, 31-34, and 42-43 are rejected under 35 U.S.C. 103 as being unpatentable over prior art of record CN102571949A to Fu et al (hereinafter Fu), prior art of record US 20230027736 to McLachlan et al (hereinafter McLachlan) and US 20210243150 to Vasamsetti et al (hereinafter Vasamsetti). Examiner’s Note: The examiner used an English translation of CN102571949A which has been provided in the previous office action. As per claims 1 and 26, Fu teaches: A method performed by a network node, the method comprising: receiving, from a device associated with a user profile, first data for a first data transaction (Fu: [0045]: a user uses a micro personal computer with an x86 architecture to input user data to a network server) in response to receiving the first data from the device, enabling transmission of second data (Fu: [0045]: When a user uses a micro personal computer with an x86 architecture to input user data to a network server, the web service application deployed on the network server calls the storage module (data receiving entity) to receive the user data and the self-destruction time of the user data input by the user), and in accordance with a determination that the indication of the time limit indicates a non-zero time limit for retention of the first data for the first data transaction, enabling storage of one or more of the first data and the second data according to the time limit; and in accordance with a determination that the indication of the time limit does not indicate a non-zero time limit for retention of the first data for the first data transaction, causing deletion of the first data and the second data (Fu: [0051], [0057]: After the user data is submitted to the network server, the network server calls the data storage module on the web service for processing, divides the user data into shards according to the shard size of 2048, uses the fifth version of the message digest algorithm to hash the corresponding hash value of each shard, and adds a data self-destruction timestamp 2010-11-19 13:11:23 to the shard data, and stores it in the database management system, mixed with other records. [0060]: When the preset data self-destruction timestamp 2010-11-19 13:11:23 is exceeded, the web service application data monitoring module deployed on the network server uses the structured query language through the database management system interface to destroy the corresponding records of the expired shards). Fu does not teach: a first data transaction that is assigned a unique identifier that uniquely identifies the first data transaction; and enabling transmission of second data and the unique identifier to one or more data receiving entity; wherein the second data comprises data that includes the first data and data generated using the first data, the generated data comprising a predicted audience assignment for the user profile; and wherein the first data qualifies as one or more classes of data, and wherein when the first data qualifies as more than one class of data of the one or more classes of data, the first data is subject to a shortest data retention time limit for respective classes of data of the more than one class of data. However, McLachlan teaches: a first data transaction that is assigned a unique identifier that uniquely identifies the first data transaction (McLachlan: [0055] At step 2, the user's device automatically generates a 1AdID that uniquely identifies the context (e.g., the device, visited application or physical location, etc.) and the relevant advertisement opportunities. [0056] At step 3, the mobile or XR device appends real-time IoT and sensor data to the 1AdID from devices directly connected to the device, if the user has consented to data sharing for advertisement. [0058] At step 4, the 1AdID is then uploaded via long term evolution (LTE), WiFi, or 5G to, for example, the nearest edge or cloud computing facility.) and enabling transmission of second data and the unique identifier to one or more data receiving entity (McLachlan: [0062] At step 7, after processing, the resulting audience, 1AdID, and bid request payload that identifies the device and corresponding opportunity is sent to an advertisement exchange as a bid request); wherein the second data comprises data that includes the first data and data generated using the first data, the generated data comprising a predicted audience assignment for the user profile (McLachlan: [0019]: Particular embodiments integrate real-time data and process the data in an edge or cloud computing environment to assign devices to audiences. For example, some embodiments may use Internet-of-Things (IoT) data to assign audiences in real time. [0060] At step 6, the full 1AdID packet is processed at the edge or in the cloud to assign the end user to their relevant audience(s). [0061] The range of possible audiences can be defined qualitatively, using predefined, human-interpretable labels such as “business traveler” or “stay at home parent.”); Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of McLachlan in the invention of Fu to include the above limitations. The motivation to do so would be to use in the construction of digital advertising audiences (McLachlan: [0020]). Fu in view of McLachlan does not teach the rest of the limitations. However, Vasamsetti teaches: wherein the first data qualifies as one or more classes of data, and wherein when the first data qualifies as more than one class of data of the one or more classes of data, the first data is subject to a shortest data retention time limit for respective classes of data of the more than one class of data (Vasamsetti: [0067] In some embodiments a data retention policy for an entity is determined based on a hierarchy of entity associations within the group-based communication system. For example, in some embodiments, a data retention policy assigned to a sub-entity overrides the data retention policy of a higher-level entity. For example, in some such embodiments, a data retention policy for a group-based communication channel overrides a data retention policy for an organization associated with the group-based communication channel when the data retention policy for the group-based communication channel defines a shorter retention interval than the retention interval defined by the data retention policy for the organization. In this regard, in some embodiments, a group-based communication system is configured to identify a data retention policy that governs certain data, such as messages, based on the data retention policies assigned to the various higher-level entities associated with the data). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Vasamsetti in the invention of Fu in view of McLachlan to include the above limitations. The motivation to do so would be so that data linked to different entities (e.g., different organizations, workspaces, channels, and/or the like) may be retained only for minimal required time intervals before deletion to minimize prospective risk due to data exposure (Vasamsetti: [0040]). As per claim 27, Fu in view of McLachlan and Vasamsetti teaches: The network node of claim 26, wherein the unique identifier is assigned by the device or the network node (McLachlan: [0055] At step 2, the user's device automatically generates a 1AdID that uniquely identifies the context (e.g., the device, visited application or physical location, etc.) and the relevant advertisement opportunities). The examiner provides the same rationale to combine Fu and McLachlan as in claim 26 above. As per claim 28, Fu in view of McLachlan and Vasamsetti teaches: The network node of claim 26, wherein the memory further includes instructions executable by the one or more processor for causing the network node to: perform one or more processes on the first data to generate the second data (Fu: [0057]: After the user data is submitted to the network server, the network server calls the data storage module on the web service for processing, divides the user data into shards according to the shard size of 2048, uses the fifth version of the message digest algorithm to hash the corresponding hash value of each shard, and adds a data self-destruction timestamp 2010-11-19 13:11:23 to the shard data, and stores it in the database management system, mixed with other records). As per claim 29, Fu in view of McLachlan and Vasamsetti teaches: The network node of claim 26, wherein the unique identifier includes one or more of the following: a use code identifying at least one permitted use of the second data; and an entity identifier identifying at least one entity that is permitted to access the second data (McLachlan: page 32, lines 12-16: For example, the end user electronic device may generate an advertisement identifier (e.g., 1AdID) that identifies an advertising opportunity (use code identifying at least one permitted use) in an advertising RTB system). The examiner provides the same rationale to combine Fu and McLachlan as in claim 26 above. As per claim 31, Fu in view of McLachlan and Vasamsetti teaches: The network node of claim 26, wherein the unique identifier is a one-time use identifier such that a different unique identifier is used for a second data transaction involving the device associated with the user profile (McLachlan: [0200] 1AdID A one-time use unique identifier for digital advertising. It is inherent that a different 1AdId is generated for each transaction). The examiner provides the same rationale to combine Fu and McLachlan as in claim 26 above. As per claim 32, Fu in view of McLachlan and Vasamsetti teaches: The network node of claim 26, wherein enabling storage of one or more of the first data and the second data according to the time limit comprises one or more of the following: storing, by the network node, the second data in data storage according to the time limit; and transmitting, by the network node, the second data to one or more database nodes for storage according to the time limit (Fu: [0057]: After the user data is submitted to the network server, the network server calls the data storage module on the web service for processing, divides the user data into shards according to the shard size of 2048, uses the fifth version of the message digest algorithm to hash the corresponding hash value of each shard, and adds a data self-destruction timestamp 2010-11-19 13:11:23 to the shard data, and stores it in the database management system, mixed with other records). As per claim 33, Fu in view of McLachlan and Vasamsetti teaches: The network node of claim 26, wherein the memory further includes instructions executable by the one or more processor for causing the network node to: cause deletion of one or more of the first data and the second data before or upon expiration of the time limit (Fu: [0060]: When the preset data self-destruction timestamp 2010-11-19 13:11:23 is exceeded, the web service application data monitoring module deployed on the network server uses the structured query language through the database management system interface to destroy the corresponding records of the expired shards). As per claim 34, Fu in view of McLachlan and Vasamsetti teaches: The network node of claim 26, wherein the time limit is a first time limit, wherein the second data is a first type of data that is subject to the first time limit, wherein third data, received from the device or generated by the network node based on data received from the device, is a second type of data that is different than the first type of data, and wherein the third data is subject to a second time limit different than the first time limit for at least the reason that the third data is the second type of data (Fu: [0045]: When a user uses a micro personal computer with an x86 architecture to input user data to a network server, the web service application deployed on the network server calls the storage module to receive the user data and the self-destruction time of the user data input by the user, and generates a self-destruction timestamp D for the user data, where D is a 32-bit Datetime type object, i.e., each time user data is entered by the user, it is associated with a self-destruction time input by the user for that particular user data. Also, [0054]). As per claims 12 and 42, Fu teaches: A method performed by an electronic device, the method comprising: presenting one or more options for configuring one or more data retention time limits for one or more classes of data, wherein each of the one or more data retention time limits controls a length of time that a remote user data collection system is permitted to retain certain data, of the one or more classes of data, associated with a respective data retention time limit of the one or more data retention time limits (Fu: [0045]: When a user uses a micro personal computer with an x86 architecture to input user data to a network server, the web service application deployed on the network server calls the storage module to receive the user data and the self-destruction time of the user data input by the user, and generates a self-destruction timestamp D for the user data, where D is a 32-bit Datetime type object. [0057]: The user uses a browser that supports Hypertext Transfer Protocol to enter user data through the server-side web interface. Providing an option to input information such as the self-destruction time in the server-side web interface was well known to one of ordinary skill in the art before the effective filing date of the claimed invention); receiving user input, associated with the one or more options, that specifies a first data retention time limit for a first class of data (Fu: [0045]: When a user uses a micro personal computer with an x86 architecture to input user data to a network server, the web service application deployed on the network server calls the storage module to receive the user data and the self-destruction time of the user data input by the user, and generates a self-destruction timestamp D for the user data, where D is a 32-bit Datetime type object); wherein the first data retention time limit is associated with a second data that comprises generated data (Fu: [0057]: After the user data is submitted to the network server, the network server calls the data storage module on the web service for processing, divides the user data into shards according to the shard size of 2048, uses the fifth version of the message digest algorithm to hash the corresponding hash value of each shard, and adds a data self-destruction timestamp 2010-11-19 13:11:23 to the shard data, and stores it in the database management system, mixed with other records); causing the first data retention time limit to be associated with the user profile that is associated with the electronic device; and while the first data retention time limit is associated with the user profile, transmitting one or more sets of data that qualify as the first class of data for storage at the remote user data collection system for no longer than the first data retention time limit (Fu: [0057]: After the user data is submitted to the network server, the network server calls the data storage module on the web service for processing, divides the user data into shards according to the shard size of 2048, uses the fifth version of the message digest algorithm to hash the corresponding hash value of each shard, and adds a data self-destruction timestamp 2010-11-19 13:11:23 to the shard data, and stores it in the database management system, mixed with other records. [0060]: When the preset data self-destruction timestamp 2010-11-19 13:11:23 is exceeded, the web service application data monitoring module deployed on the network server uses the structured query language through the database management system interface to destroy the corresponding records of the expired shards). Fu does not teach: wherein the one or more classes of data are associated with one or more data transactions involving a user profile that is associated with the electronic device; a second data that comprises generated data comprising a predicted audience assignment for the user profile; wherein the one or more sets of data that qualify as the first class of data are associated with one or more data transactions each identified by a respective unique identifier, wherein a first data qualifies as the one or more classes of data, and wherein when the first data qualifies as more than one class of data of the one or more classes of data, the first data is subject to a shortest data retention time limit for respective classes of data of the more than one class of data. However, McLachlan teaches: wherein the one or more classes of data are associated with one or more data transactions involving a user profile that is associated with the electronic device (McLachlan: At step 1, an end user triggers an advertisement opportunity by, e.g., visiting or launching an application with opportunities to display advertisement, such as a website, application, or video game. [0055] At step 2, the user's device automatically generates a 1AdID that uniquely identifies the context (e.g., the device, visited application or physical location, etc.) and the relevant advertisement opportunities. [0058] At step 4, the 1AdID is then uploaded via long term evolution (LTE), WiFi, or 5G to, for example, the nearest edge or cloud computing facility); a second data that comprises generated data comprising a predicted audience assignment for the user profile (McLachlan: [0019]: Particular embodiments integrate real-time data and process the data in an edge or cloud computing environment to assign devices to audiences. For example, some embodiments may use Internet-of-Things (IoT) data to assign audiences in real time. [0060] At step 6, the full 1AdID packet is processed at the edge or in the cloud to assign the end user to their relevant audience(s). [0061] The range of possible audiences can be defined qualitatively, using predefined, human-interpretable labels such as “business traveler” or “stay at home parent.”); wherein the one or more sets of data that qualify as the first class of data are associated with one or more data transactions each identified by a respective unique identifier (McLachlan: [0055] At step 2, the user's device automatically generates a 1AdID that uniquely identifies the context (e.g., the device, visited application or physical location, etc.) and the relevant advertisement opportunities. [0056] At step 3, the mobile or XR device appends real-time IoT and sensor data to the 1AdID from devices directly connected to the device, if the user has consented to data sharing for advertisement. [0058] At step 4, the 1AdID is then uploaded via long term evolution (LTE), WiFi, or 5G to, for example, the nearest edge or cloud computing facility.). Fu in view of McLachlan does not teach: wherein a first data qualifies as the one or more classes of data, and wherein when the first data qualifies as more than one class of data of the one or more classes of data, the first data is subject to a shortest data retention time limit for respective classes of data of the more than one class of data. However, Vasamsetti teaches: wherein a first data qualifies as the one or more classes of data, and wherein when the first data qualifies as more than one class of data of the one or more classes of data, the first data is subject to a shortest data retention time limit for respective classes of data of the more than one class of data (Vasamsetti: [0067] In some embodiments a data retention policy for an entity is determined based on a hierarchy of entity associations within the group-based communication system. For example, in some embodiments, a data retention policy assigned to a sub-entity overrides the data retention policy of a higher-level entity. For example, in some such embodiments, a data retention policy for a group-based communication channel overrides a data retention policy for an organization associated with the group-based communication channel when the data retention policy for the group-based communication channel defines a shorter retention interval than the retention interval defined by the data retention policy for the organization. In this regard, in some embodiments, a group-based communication system is configured to identify a data retention policy that governs certain data, such as messages, based on the data retention policies assigned to the various higher-level entities associated with the data). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Vasamsetti in the invention of Fu in view of McLachlan to include the above limitations. The motivation to do so would be so that data linked to different entities (e.g., different organizations, workspaces, channels, and/or the like) may be retained only for minimal required time intervals before deletion to minimize prospective risk due to data exposure (Vasamsetti: [0040]). As per claim 43, Fu in view of McLachlan and Vasamsetti teaches: The electronic device of claim 42, wherein the memory further includes instructions executable by the one or more processor for causing the electronic device to: receive user input, associated with the one or more options, that specifies a second data retention time limit for a subset of the first class of data; cause the second data retention time limit to be associated with the user profile that is associated with the electronic device; and while the second data retention time limit is associated with the user profile, transmit one or more sets of data that qualify as the subset of the first class of data for storage at the remote user data collection system for no longer than the first data retention time limit or the second data retention time limit (Fu: [0045]: When a user uses a micro personal computer with an x86 architecture to input user data to a network server, the web service application deployed on the network server calls the storage module to receive the user data and the self-destruction time of the user data input by the user, and generates a self-destruction timestamp D for the user data, where D is a 32-bit Datetime type object. [0054]. [0057]: After the user data is submitted to the network server, the network server calls the data storage module on the web service for processing, divides the user data into shards according to the shard size of 2048, uses the fifth version of the message digest algorithm to hash the corresponding hash value of each shard, and adds a data self-destruction timestamp 2010-11-19 13:11:23 to the shard data, and stores it in the database management system, mixed with other records. [0060]: When the preset data self-destruction timestamp 2010-11-19 13:11:23 is exceeded, the web service application data monitoring module deployed on the network server uses the structured query language through the database management system interface to destroy the corresponding records of the expired shards). Claim 30 is rejected under 35 U.S.C. 103 as being unpatentable over Fu in view of McLachlan and Vasamsetti as applied to claim 26 above, and further in view of prior art of record US 20220343023 to Kirschbaum et al (hereinafter Kirschbaum). As per claim 30, Fu in view of McLachlan and Vasamsetti does not teach the limitations of claim 30. However, Kirschbaum teaches: wherein the unique identifier maintains anonymity of the device and the user profile from the one or more data receiving entity that receives transmission of or access to the second data (Kirschbaum: [0087] In this first embodiment, the terminal T acquires the anonymous unique identifier CUA by executing a random generation function. The anonymous unique identifier CUA is thus generated by the terminal T. To guarantee the uniqueness of the identifier generated by the terminal, it is in particular a function either of a unique data provided by the personalization device P or of user-specific identification data. Particularly, the function applied on the user-specific identification data to generate the anonymous unique identifier does not allow a third party to find these identification data by inverse function. Thus, the anonymity of the anonymous unique identifier is secured. [0015]: the anonymous unique identifier allows identifying all the queries originating from the terminal without disclosing, neither to the service provision device(s), or to the personalization device, any information neither on the terminal itself (MAC address, brand, model), nor on the user of the terminal (name, email address, telephone number)). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Kirschbaum in the invention of Fu in view of McLachlan and Vasamsetti to include the above limitations. The motivation to do so would be to allow a user to access a personalized service without disclosing his personal information, in other words anonymously (Kirschbaum: [0006]). Claims 35, 36, and 44-47 are rejected under 35 U.S.C. 103 as being unpatentable over Fu in view of McLachlan and Vasamsetti as applied to claim 26 above, and further in view of prior art of record US 20210026803 to Dudani et al (hereinafter Dudani). As per claim 35, Fu in view of McLachlan and Vasamsetti does not teach the limitations of claim 35. However, Dudani teaches: wherein the user profile includes one or more user-configured time limits that includes the time limit (Dudani: [0039]: In some embodiments, however, additional examples (e.g., categories) of metadata, such as the associated operation, a document type, user access permissions, a retention policy, a security policy, and/or legal hold data, among other things, may be determined and associated with the document after the document is received (process block 302). [0042]-[0043]: In some embodiments, in response to receiving an input to close the operation, a suitable action may be performed on the document (process block 308). The suitable action may be determined based on the metadata associated with the document. A suitable action for the document may include moving the document to a profile (e.g., a user or personnel profile), which may be stored in the database 108 and/or memory 206, i.e., the document with the associated retention policy is stored in the user profile. [0047]: The retention policy 508 may include information regarding how long the document 404 may be maintained in the document management portal before it is purged). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Dudani in the invention of Fu in view of McLachlan and Vasamsetti to include the above limitations. The motivation to do so would be to dictate the period of time to maintain the document 404 within the document management portal (Dudani: [0059]). As per claim 36, Fu in view of McLachlan, Vasamsetti, and Dudani teaches: The network node of claim 35, wherein the one or more user-configured time limits are specified respectively per one or more of: an identity of the receiving entity, a type of use, or a type of data (Dudani: [0047] In some embodiments, as illustrated in FIG. 5, associating a document type 420 to the document 404 may result in secondary (e.g., inherited) information, such as a document type name 504, employee (e.g., user) access permissions 506, a retention policy 508, a security policy 510, legal hold data 512, being included in the metadata 406. The retention policy 508 may include information regarding how long the document 404 may be maintained in the document management portal before it is purged, i.e., the retention policy is based on document type). The examiner provides the same rationale to combine Fu in view of McLachlan and Dudani as in claim 35 above. As per claim 44, Fu in view of McLachlan and Vasamsetti teaches a self-destruction timestamp for data entered by the user and data transactions each identified by a respective unique identifier (McLachlan: [0055]) but does not explicitly teach the rest of the limitations of claim 44. However, Dudani teaches: wherein the memory further includes instructions executable by the one or more processor for causing the electronic device to: receive user input, associated with the one or more options, that specifies a third data retention time limit for a second class of data, wherein the third data retention time limit is different than the first data retention time limit, and wherein the second class of data is different than the first class of data; cause the third data retention time limit to be associated with the user profile that is associated with the electronic device; and while the third data retention time limit is associated with the user profile, transmit one or more sets of data that qualify as the second class of data for storage at the remote user data collection system for no longer than the third data retention time limit, wherein the one or more sets of data that qualify as the second class of data are associated with one or more data transactions (Dudani: [0039]: In some embodiments, however, additional examples (e.g., categories) of metadata, such as the associated operation, a document type, user access permissions, a retention policy, a security policy, and/or legal hold data, among other things, may be determined and associated with the document after the document is received (process block 302). [0042]-[0043]: In some embodiments, in response to receiving an input to close the operation, a suitable action may be performed on the document (process block 308). The suitable action may be determined based on the metadata associated with the document. A suitable action for the document may include moving the document to a profile (e.g., a user or personnel profile), which may be stored in the database 108 and/or memory 206, i.e., the document with the associated retention policy is stored in the user profile. [0047]: In some embodiments, as illustrated in FIG. 5, associating a document type 420 to the document 404 may result in secondary (e.g., inherited) information, such as a document type name 504, employee (e.g., user) access permissions 506, a retention policy 508, a security policy 510, legal hold data 512, being included in the metadata 406. The document type name 504 may identify a category (e.g., type) of documents relevant to the document 404. The retention policy 508 may include information regarding how long the document 404 may be maintained in the document management portal before it is purged, i.e., different categories (classes) of documents have different retention policies associated with them). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Dudani in the invention of Fu in view of McLachlan and Vasamsetti to include the above limitations. The motivation to do so would be to dictate the period of time to maintain the document 404 within the document management portal (Dudani: [0059]). As per claim 45, Fu in view of McLachlan and Vasamsetti does not teach the limitations of claim 45. However, Dudani teaches: wherein a given class of data is defined in terms of one or more of the following: an identity of an origin device, of one or more electronic devices associated with the user profile, that is the source of the respective data; a destination receiving entity that is to be provided access to the respective data; a use type for the respective data; and a type of the respective data (Dudani: [0049] Further, as described with reference to FIG. 4, the document 404 may be associated with (e.g., assigned to) a type of HR case (e.g., an operation). Examples of an HR case type may include a new employee onboarding, a disciplinary issue, an employee exit case, and/or the like (use type and/or type of data)). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Dudani in the invention of Fu in view of McLachlan and Vasamsetti to include the above limitations. The motivation to do so would be to dictate the period of time to maintain the document 404 within the document management portal (Dudani: [0059]). As per claim 46, Fu in view of McLachlan, Vasamsetti, and Dudani teaches: The electronic device of claim 45, wherein the use type for the respective data includes one or more of the following: advertising, billing, service optimization, and media (Dudani: Examples of an HR case type may include a new employee onboarding (billing), a disciplinary issue, an employee exit case (billing), and/or the like). The examiner provides the same rationale to combine Fu in view of McLachlan, Vasamsetti and Dudani as in claim 45 above. As per claim 47, Fu in view of McLachlan, Vasamsetti, and Dudani teaches: The electronic device of claim 45, wherein the type of the respective data includes one or more of the following: fitness data, location data, and financial transaction data (Dudani: Examples of an HR case type may include a new employee onboarding (financial transaction), a disciplinary issue, an employee exit case (financial transaction), and/or the like). The examiner provides the same rationale to combine Fu in view of McLachlan, Vasamsetti, and Dudani as in claim 45 above. Claims 19 and 54-59 are rejected under 35 U.S.C. 103 as being unpatentable over Fu, McLachlan, Dudani and Vasamsetti. As per claims 19 and 54, Fu teaches: A method performed by a network node, the method comprising: receiving first data for a first data transaction that is associated with a user profile (Fu: [0057]: The user uses a browser that supports Hypertext Transfer Protocol to enter user data through the server-side web interface), an indication of a first time limit for retention of the first data for the first transaction (Fu: [0045]: When a user uses a micro personal computer with an x86 architecture to input user data to a network server, the web service application deployed on the network server calls the storage module to receive the user data and the self-destruction time of the user data input by the user, and generates a self-destruction timestamp D for the user data, where D is a 32-bit Datetime type object); storing the first data for access by the external requesting entity (Fu: [0057]: After the user data is submitted to the network server, the network server calls the data storage module on the web service for processing, divides the user data into shards according to the shard size of 2048, uses the fifth version of the message digest algorithm to hash the corresponding hash value of each shard, and adds a data self-destruction timestamp 2010-11-19 13:11:23 to the shard data, and stores it in the database management system, mixed with other records), providing, to the external requesting entity other than the user profile, the first unique identifier and the first personal data (Fu: [0057]: Finally, a request string with a link in a data self-destructing format is returned to the user's browser. [0058]-[0059]: The user fills the request string with the data self-destructing format link into the HTML code segment of the user's email and then sends it. When the recipient receives the data containing the data self-destructing format link, the browser submits the data self-destructing format link to the network server); and upon the expiration of the first time limit for retention of the first data for the first transaction, deleting at least a portion of the first data that includes the first unique identifier (Fu: [0060]: When the preset data self-destruction timestamp 2010-11-19 13:11:23 is exceeded, the web service application data monitoring module deployed on the network server uses the structured query language through the database management system interface to destroy the corresponding records of the expired shards), wherein the first data includes: a first unique identifier that uniquely identifies the first data transaction involving a device associated with the user profile; an identifier of an external requesting entity, other than the user profile, that is permitted access to the first data; and first personal data, provided by a device associated with the user profile; the first personal data comprising a predicted audience assignment for the user profile; and wherein the first data qualifies as one or more classes of data, and wherein when the first data qualifies as more than one class of data of the one or more classes of data, the first data is subject to a shortest data retention time limit for respective classes of data of the more than one class of data. However, wherein the first data includes: a first unique identifier that uniquely identifies the first data transaction involving a device associated with the user profile (McLachlan: [0055] At step 2, the user's device automatically generates a 1AdID that uniquely identifies the context (e.g., the device, visited application or physical location, etc.) and the relevant advertisement opportunities. [0056] At step 3, the mobile or XR device appends real-time IoT and sensor data to the 1AdID from devices directly connected to the device, if the user has consented to data sharing for advertisement. [0058] At step 4, the 1AdID is then uploaded via long term evolution (LTE), WiFi, or 5G to, for example, the nearest edge or cloud computing facility); and first personal data, provided by a device associated with the user profile (McLachlan: [0163] At step 1016, the end user electronic device obtains demographic information associated with a user of the end user electronic device. The demographic information may comprise metadata describing the user and/or the user's consumption patterns. As described above, the demographic information may comprise information about the user's age, gender, income, interests, etc.); the first personal data comprising a predicted audience assignment for the user profile (McLachlan: [0166] At step 1020, the end user electronic device may assign an audience identifier to the opportunity identifier. The assigned audience identifier is based on at least one of the environmental information and the demographic information). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of McLachlan in the invention of Fu to include the above limitations. The motivation to do so would be to use in the construction of digital advertising audiences (McLachlan: [0020]). Fu in view of McLachlan does not teach the rest of the limitations. However, Dudani teaches: an identifier of an external requesting entity, other than the user profile, that is permitted access to the first data (Dudani: [0038]: The document may be received from a user (e.g., a computing device 200 of the client device 102) and/or from another computing device 200 via the document management portal. [0040]: In cases that an input regarding inherent metadata, such as the user access permissions and/or the retention policy associated with the operation, is received, the inherited metadata settings may be overridden with those included in the input. [0047]: The employee (e.g., user) access permissions 506 may be used to restrict use and/or direct access to the document 404 to a specific set of users.). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Nakayama in the invention of Fu in view of McLachlan to include the above limitations. The motivation to do so would be to dictate the period of time to maintain the document within the document management portal (Dudani: [0059]). And, Vasamsetti teaches: wherein the first data qualifies as one or more classes of data, and wherein when the first data qualifies as more than one class of data of the one or more classes of data, the first data is subject to a shortest data retention time limit for respective classes of data of the more than one class of data (Vasamsetti: [0067] In some embodiments a data retention policy for an entity is determined based on a hierarchy of entity associations within the group-based communication system. For example, in some embodiments, a data retention policy assigned to a sub-entity overrides the data retention policy of a higher-level entity. For example, in some such embodiments, a data retention policy for a group-based communication channel overrides a data retention policy for an organization associated with the group-based communication channel when the data retention policy for the group-based communication channel defines a shorter retention interval than the retention interval defined by the data retention policy for the organization. In this regard, in some embodiments, a group-based communication system is configured to identify a data retention policy that governs certain data, such as messages, based on the data retention policies assigned to the various higher-level entities associated with the data). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Vasamsetti in the invention of Fu in view of McLachlan and Dudani to include the above limitations. The motivation to do so would be so that data linked to different entities (e.g., different organizations, workspaces, channels, and/or the like) may be retained only for minimal required time intervals before deletion to minimize prospective risk due to data exposure (Vasamsetti: [0040]). As per claim 55, Fu in view of McLachlan, Dudani, and Vasamsetti teaches: The network node of claim 54, wherein the memory further includes instructions executable by the one or more processor for causing the network node to: receive second data for a second data transaction that is associated with the user profile, wherein the second data includes: a second unique identifier that uniquely identifies the second data transaction involving the device associated with the user profile (McLachlan: [0200] 1AdID A one-time use unique identifier for digital advertising. [0055] At step 2, the user's device automatically generates a 1AdID that uniquely identifies the context (e.g., the device, visited application or physical location, etc.) and the relevant advertisement opportunities. [0056] At step 3, the mobile or XR device appends real-time IoT and sensor data to the 1AdID from devices directly connected to the device, if the user has consented to data sharing for advertisement. [0058] At step 4, the 1AdID is then uploaded via long term evolution (LTE), WiFi, or 5G to, for example, the nearest edge or cloud computing facility, i.e., a second data transaction will include a second unique identifier); the identifier of the external requesting entity, other than the user profile, that is permitted access to the second data (Dudani: [0040]: In cases that an input regarding inherent metadata, such as the user access permissions and/or the retention policy associated with the operation, is received, the inherited metadata settings may be overridden with those included in the input. [0047]: The employee (e.g., user) access permissions 506 may be used to restrict use and/or direct access to the document 404 to a specific set of users); an indication of a second time limit for retention of the second data for the second transaction (Dudani: [0040]: In cases that an input regarding inherent metadata, such as the user access permissions and/or the retention policy associated with the operation, is received, the inherited metadata settings may be overridden with those included in the input. [0047] In some embodiments, as illustrated in FIG. 5, associating a document type 420 to the document 404 may result in secondary (e.g., inherited) information, such as a document type name 504, employee (e.g., user) access permissions 506, a retention policy 508, a security policy 510, legal hold data 512, being included in the metadata 406); and second personal data, provided by the device associated with the user profile, wherein the first personal data is a first type of data and the second personal data is a second type of data different from the first type of data, wherein the first type of data is subject to the first time limit for retention and the second type of data is subject to the second time limit for retention, and wherein the second time limit is different than the first time limit (Dudani: [0038] In any case, to initiate the method 300, a document may be received that is associated with an operation (process block 302), such as (in a human resources context) a recruiting operation, an on-boarding operation, a promotion or reassignment operation, a disciplinary operation, and so forth (different types of documents). [0047] In some embodiments, as illustrated in FIG. 5, associating a document type 420 to the document 404 may result in secondary (e.g., inherited) information, such as a document type name 504, employee (e.g., user) access permissions 506, a retention policy 508, a security policy 510, legal hold data 512, being included in the metadata 406. [0060]: As such, a first document 404 may be retained, for example, until the first day of a specified month, while a second document 404 may be retained until five years after an employee leaves an enterprise, i.e., different types of documents have different retention periods); store the second data for access by the external requesting entity (Fu: [0057]: After the user data is submitted to the network server, the network server calls the data storage module on the web service for processing, divides the user data into shards according to the shard size of 2048, uses the fifth version of the message digest algorithm to hash the corresponding hash value of each shard, and adds a data self-destruction timestamp 2010-11-19 13:11:23 to the shard data, and stores it in the database management system, mixed with other records); provide, to the external requesting entity other than the user profile, the second unique identifier and the second personal data (Fu: [0057]: Finally, a request string with a link in a data self-destructing format is returned to the user's browser. [0058]-[0059]: The user fills the request string with the data self-destructing format link into the HTML code segment of the user's email and then sends it. When the recipient receives the data containing the data self-destructing format link, the browser submits the data self-destructing format link to the network server. McLachlan: [0062] At step 7, after processing, the resulting audience, 1AdID, and bid request payload that identifies the device and corresponding opportunity is sent to an advertisement exchange as a bid request); and upon the expiration of the second time limit for retention of the second data for the second transaction, delete at least a portion of the second data that includes the second unique identifier (Fu: [0060]: When the preset data self-destruction timestamp 2010-11-19 13:11:23 is exceeded, the web service application data monitoring module deployed on the network server uses the structured query language through the database management system interface to destroy the corresponding records of the expired shards. Dudani: [0059]: The retention policy 508 associated with the document 404 (e.g., via metadata 406) may dictate the period of time to maintain the document 404 within the document management portal. In some embodiments, for example, purging the document may involve a suitable combination of deleting the document from the database 108). The examiner provides the same rationale to combine Fu in view of McLachlan and Dudani as in claim 54 above. As per claim 56, Fu in view of McLachlan, Dudani, and Vasamsetti teaches: The network node of claim 55, wherein the external requesting entity is a first external requesting entity, and wherein the memory further includes instructions executable by the one or more processor for causing the network node to: receive third data for a third data transaction that is associated with the user profile, wherein the third data includes: a third unique identifier that uniquely identifies the third data transaction involving a device associated with the user profile ((McLachlan: [0200] 1AdID A one-time use unique identifier for digital advertising. [0055] At step 2, the user's device automatically generates a 1AdID that uniquely identifies the context (e.g., the device, visited application or physical location, etc.) and the relevant advertisement opportunities. [0056] At step 3, the mobile or XR device appends real-time IoT and sensor data to the 1AdID from devices directly connected to the device, if the user has consented to data sharing for advertisement. [0058] At step 4, the 1AdID is then uploaded via long term evolution (LTE), WiFi, or 5G to, for example, the nearest edge or cloud computing facility, i.e., a second data transaction will include a second unique identifier)); an identifier of a second external requesting entity, other than the user profile, that is permitted access to at least a portion of the third data, wherein the first external requesting entity is different than the second external requesting entity (Dudani: [0040]: In cases that an input regarding inherent metadata, such as the user access permissions and/or the retention policy associated with the operation, is received, the inherited metadata settings may be overridden with those included in the input. [0047]: The employee (e.g., user) access permissions 506 may be used to restrict use and/or direct access to the document 404 to a specific set of users); an indication of a third time limit for retention of the third data for the third transaction, wherein data access permission for the first external requesting entity is subject to the first time limit for retention and data access permission for the second external requesting entity is subject to the third time limit for retention, and wherein the third time limit is different than the first time limit (Dudani: [0040]: In cases that an input regarding inherent metadata, such as the user access permissions and/or the retention policy associated with the operation, is received, the inherited metadata settings may be overridden with those included in the input. [0047] In some embodiments, as illustrated in FIG. 5, associating a document type 420 to the document 404 may result in secondary (e.g., inherited) information, such as a document type name 504, employee (e.g., user) access permissions 506, a retention policy 508, a security policy 510, legal hold data 512, being included in the metadata 406. [0060]: As such, a first document 404 may be retained, for example, until the first day of a specified month, while a second document 404 may be retained until five years after an employee leaves an enterprise, i.e., different types of documents have different retention periods); and third personal data, provided by a device associated with the user profile (Dudani: [0055] Turning to FIG. 8, as illustrated in a screenshot of a user interface 800, a profile page 802 may allow a user, such as an employee or an HR representative, to view and/or edit a profile (e.g., a user profile). The profile page 802 may include one or more input fields, drop downs, or lists, to receive inputs of selections from a user, the computing device 200. Further, the profile page 802 may include a document table 804, which may contain a list of documents 404 included in the employee profile); store the third data for access by the second external requesting entity (Fu: [0057]: After the user data is submitted to the network server, the network server calls the data storage module on the web service for processing, divides the user data into shards according to the shard size of 2048, uses the fifth version of the message digest algorithm to hash the corresponding hash value of each shard, and adds a data self-destruction timestamp 2010-11-19 13:11:23 to the shard data, and stores it in the database management system, mixed with other records); provide, to the second external requesting entity other than the user profile, the third unique identifier and the third personal data (Fu: [0057]: Finally, a request string with a link in a data self-destructing format is returned to the user's browser. [0058]-[0059]: The user fills the request string with the data self-destructing format link into the HTML code segment of the user's email and then sends it. When the recipient receives the data containing the data self-destructing format link, the browser submits the data self-destructing format link to the network server); and upon the expiration of the third time limit for retention of the third data for the third transaction, delete at least a portion of the third data that includes the third unique identifier (Fu: [0060]: When the preset data self-destruction timestamp 2010-11-19 13:11:23 is exceeded, the web service application data monitoring module deployed on the network server uses the structured query language through the database management system interface to destroy the corresponding records of the expired shards. Dudani: [0059]: The retention policy 508 associated with the document 404 (e.g., via metadata 406) may dictate the period of time to maintain the document 404 within the document management portal. In some embodiments, for example, purging the document may involve a suitable combination of deleting the document from the database 108). The examiner provides the same rationale to combine Fu in view of McLachlan and Dudani as in claim 54 above. As per claim 57, Fu in view of McLachlan, Dudani, and Vasamsetti teaches: The network node of claim 54, wherein the memory further includes instructions executable by the one or more processor for causing the network node to: prior to the expiration of the first time limit, receive a request, from the external requesting entity, to access data from the first data including at least the first unique identifier and the first personal data, wherein the first unique identifier and the first personal data is provided in response to receiving the request (Fu: [0059]: When the recipient receives the data containing the data self-destructing format link, the browser submits the data self-destructing format link to the network server. The network server calls the web service application data extraction module, searches for the corresponding data segment through the data self-destructing format link, restores the user data and returns it, and the user can browse the email content normally. [0060]: When the preset data self-destruction timestamp 2010-11-19 13:11:23 is exceeded, the web service application data monitoring module deployed on the network server uses the structured query language through the database management system interface to destroy the corresponding records of the expired shards. At this time, even if the user tries to extract the user data through the data self-destruction format link, the web service application data extraction module can only return the prompt message "DESTRUCTED DATA" indicating that the data shard does not exist). As per claim 58, Fu in view of McLachlan, Dudani, and Vasamsetti teaches: The network node of claim 57, wherein the first data includes a permitted use code, wherein the request includes a requested use code, and wherein the memory further includes instructions executable by the one or more processor for causing the network node to: determine that the permitted use code matches the requested use code prior to providing the first unique identifier and the first personal data to the external requesting entity (Dudani: [0056]: As such, the employee may apply permissions (e.g., metadata 406) to the document 404 before sending it to the additional user. These permissions may include an expiration date, permissible actions (e.g., view, download, edit, and/or print) that the additional user may perform on the document 404, and/or the like. It was well known to one of ordinary skill in the art before the effective filing date of the claimed invention that the additional user’s requested action on the document will be matched against the permissible actions before providing the document to the additional user). The examiner provides the same rationale to combine Fu in view of McLachlan and Dudani as in claim 54 above. As per claim 59, Fu in view of McLachlan, Dudani, and Vasamsetti teaches: The network node of claim 54, wherein deleting the at least the portion of the first data includes deleting the first personal data (Fu: [0060]: When the preset data self-destruction timestamp 2010-11-19 13:11:23 is exceeded, the web service application data monitoring module deployed on the network server uses the structured query language through the database management system interface to destroy the corresponding records of the expired shards. Dudani: [0059]: The retention policy 508 associated with the document 404 (e.g., via metadata 406) may dictate the period of time to maintain the document 404 within the document management portal. In some embodiments, for example, purging the document may involve a suitable combination of deleting the document from the database 108). Claim 60 is rejected under 35 U.S.C. 103 as being unpatentable over Fu in view of McLachlan, Dudani, and Vasamsetti as applied to claim 60 above, and further in view of Kirschbaum. As per claim 60, Fu in view of McLachlan, Dudani, and Vasamsetti does not teach the limitations of claim 60. However, Kirschbaum teaches: wherein the first unique identifier maintains anonymity of the device and the user profile from the external requesting entity (Kirschbaum: [0087] In this first embodiment, the terminal T acquires the anonymous unique identifier CUA by executing a random generation function. The anonymous unique identifier CUA is thus generated by the terminal T. To guarantee the uniqueness of the identifier generated by the terminal, it is in particular a function either of a unique data provided by the personalization device P or of user-specific identification data. Particularly, the function applied on the user-specific identification data to generate the anonymous unique identifier does not allow a third party to find these identification data by inverse function. Thus, the anonymity of the anonymous unique identifier is secured. [0015]: the anonymous unique identifier allows identifying all the queries originating from the terminal without disclosing, neither to the service provision device(s), or to the personalization device, any information neither on the terminal itself (MAC address, brand, model), nor on the user of the terminal (name, email address, telephone number)). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Kirschbaum in the invention of Fu in view of McLachlan, Dudani, and Vasamsetti to include the above limitations. The motivation to do so would be to allow a user to access a personalized service without disclosing his personal information, in other words anonymously (Kirschbaum: [0006]). Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to MADHURI R HERZOG whose telephone number is (571)270-3359. The examiner can normally be reached 8:30AM-4:30PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached at (571)272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. MADHURI R. HERZOG Primary Examiner Art Unit 2438 /MADHURI R HERZOG/Primary Examiner, Art Unit 2438