Enforcing Compliance with Data Use Policies

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION Claims 1-20 are pending in this office action. Applicant’s arguments, filed October 21, 2025, have been considered but are moot in view of the new ground of rejection. Allowable Subject Matter Claims 9-15 are allowed. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claims 1-8 and 16-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Ashley et al. (U.S. Patent Pub. No. 2006/0136985). Regarding claims 1 and 16, Ashley et al. teaches a method comprising: receiving, from an application, a message that includes data to upload from a device (paragraph 0054); executing, in response to receiving the message, a compliance function associated with a type of the data of the message, the type comprising a data structure or a container of the data, the compliance function configured to enforce compliance of the data of the message with data use policies associated with the type of the data (paragraph 0064); asserting, by the compliance function, one of the data use policies associated with the type of the data based on a state of a field of the data of the message (paragraph 0078); determining, by the compliance function, whether a user of the device has accepted the data use policy asserted for the data in the message, the acceptance of the data use policy indicating compliance of the data with the data use policy (paragraph 0073); and allowing the upload of the data from the device based on the compliance with the data use policy accepted by the user; or blocking the upload of the data from the device based on a lack of compliance with the data use policy (paragraph 073). Regarding claims 2 and 17, Ashley et al. teaches wherein the data use policy comprises a notice relating to the field of the data, a consent relating to the field of the data, or a control relating to the field of the data (paragraph 0071). Regarding claims 3 and 18, Ashley et al. teaches wherein the data use policy comprises: a notice, a consent, or a control associated with a type of the message and is enforced on the field of the data based on the type of the message; or a logical expression of multiple notices, consents, or controls relating to the field of the data or the type of the message (paragraph 0052). Regarding claims 4 and 19, Ashley et al. teaches further comprising: in response to blocking the upload of the data based on the lack of compliance with the data use policy, creating a record of the blocked upload of the data and associating the record with the message received from the application (paragraph 0079). Regarding claim 5, Ashley et al. teaches wherein: the message to upload the data is received by a network library of the device that manages access to a network configured to support data communication; and the network library invokes the compliance function in response to receiving the message to upload the data from the application (paragraph 0054). Regarding claim 6, Ashley et al. teaches wherein: the compliance function is received by a compliance manager of the device; and the compliance manager invokes the compliance function in response to receiving the message to upload the data from the device (paragraph 0053). Regarding claim 7, Ashley et al. teaches wherein: the application provides the data for upload in a structure associated with a data configuration file; and the compliance function is configured to identify the field of data to which the data use policy applies based on a description associated with the data configuration file (paragraph 0072). Regarding claim 8, Ashley et al. teaches wherein the data configuration file comprises a protocol definition file (paragraph 0031). Regarding claim 20, Ashley et al. teaches wherein: the compliance manager is implemented as part of the application; or the compliance manager is implemented as part of a network library of the computing device that manages access to a network configured to support data communication (paragraph 0053). Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRANDON HOFFMAN whose telephone number is (571)272-3863. The examiner can normally be reached Monday-Friday 8:30AM-5:00PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached at (571)272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /BRANDON HOFFMAN/Primary Examiner, Art Unit 2433