Prosecution Insights
Last updated: July 17, 2026
Application No. 18/961,957

USER INTERACTION DATA MANAGEMENT

Non-Final OA §101§103§112
Filed
Nov 27, 2024
Priority
Nov 30, 2023 — provisional 63/604,781
Examiner
BAKER, IRENE H
Art Unit
2152
Tech Center
2100 — Computer Architecture & Software
Assignee
SAP SE
OA Round
3 (Non-Final)
54%
Grant Probability
Moderate
3-4
OA Rounds
1y 10m
Est. Remaining
81%
With Interview

Examiner Intelligence

Grants 54% of resolved cases
54%
Career Allowance Rate
131 granted / 244 resolved
-1.3% vs TC avg
Strong +27% interview lift
Without
With
+27.1%
Interview Lift
resolved cases with interview
Typical timeline
3y 5m
Avg Prosecution
23 currently pending
Career history
280
Total Applications
across all art units

Statute-Specific Performance

§101
2.8%
-37.2% vs TC avg
§103
92.9%
+52.9% vs TC avg
§102
1.5%
-38.5% vs TC avg
§112
1.1%
-38.9% vs TC avg
Black line = Tech Center average estimate • Based on career data from 244 resolved cases

Office Action

§101 §103 §112
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 4 May 2026 has been entered. Introductory Remarks In response to communications filed on 4 May 2026, claims 1, 3-5, 8, 10-12, 15, and 17-19 are amended per Applicant's request. No claims were cancelled. No claims were withdrawn. No new claims were added. Therefore, claims 1-20 are presently pending in the application, of which claims 1, 8, and 15 are presented in independent form. The previously raised 112 rejection of claims 3-4 is withdrawn in view of the amendments to the claims. The previously raised 101 rejection of the pending claims is maintained. The previously raised 103 rejection of the pending claims is withdrawn in view of the amendments to the claims. A new ground(s) of rejection has been issued. Response to Arguments Applicant’s arguments filed 4 May 2026 with respect to the 112 rejection of claims 3-4 (see Remarks, p. 11) have been fully considered and are persuasive. The amendments overcome the 112 rejection, and the 112 rejection has been accordingly withdrawn. Applicant’s arguments filed 4 May 2026 with respect to the rejection of the claims under 35 U.S.C. 101 (see Remarks, p. 11-13) have been fully considered but are not persuasive. Applicant argues that a claim may be patent eligible is via integration of the judicial exception into a practical application, such as “when the claimed invention improves the functioning of a computer or improves another technology or technical field” (see Remarks, p. 11-12), citing examples of how the claimed steps result in “Improving the scalability and flexibility of software development, e.g., modification of capabilities and functionalities of software products using user interaction data, while simultaneously ensuring data security and privacy” (see Remarks, p. 12). However, this is unpersuasive, as the manner by which this is accomplished is through a series of high-level steps that include comparing the data management against certain compliance policies, determining whether certain actions are allowed, etc. The rest of the steps, however, are well-understood, routine, and conventional activities of simply collecting/retrieving data. Thus, the modification of the functionality of the software, which occurs as a result of performing these abstract steps, is also certain methods of organizing human activity. Thus, none of the claimed steps, when taken separately or in combination, improve upon the underlying technology. Instead, it recites a series of high-level steps that can be performed by people and in accordance with certain human-created policies/restrictions, using the most basic computer functions to achieve this task. Applicant argues that “specific features—including the use of an aggregate store that comprises multiple data aggregates and relevant compliance policies associated with software products that define allowed use cases” provides such an improvement (see Remarks, p. 12-13). However, this is not persuasive, as such a limitation does nothing more than describe the context rather than a particular manner of achieving the claimed steps. It does not change the functioning of the computer, other than to state that certain information is drawn from certain data aggregates, which again, provides context rather than an improvement to any technical area. Thus, such limitations constitute, at best, insignificant field-of-use limitations, describing the context rather than a particular manner of achieving the result. Thus, for at least the aforementioned reasons and those set forth in the 101 rejection below, the 101 rejection has been maintained. Applicant’s arguments filed 4 May 2026 with respect to the rejection of the claims under 35 U.S.C. 103 (see Remarks, p. 13-15) have been fully considered but are moot because the arguments do not apply to the new references being used in the current rejection. Claim Rejections - 35 USC § 112 The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112: The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention. Claims 1-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. The independent claims recite “modifying a functionality of the first software product based on analyzing data records that comprise the first record in accordance with the prospective use case”. This appears to indicate that multiple data records, including the first record, are used to determine how to modify the functionality of the software product. However, such a limitation is not supported by the Specification. The rest of the dependent claims are rejected for at least by virtue of their dependency on their respective independent claims. The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Independent Claims 1, 8, and 15 recite “managing in an aggregate store that comprises multiple data aggregates, a collection of records associated with interactions of users with one or more of a set of software products, wherein the collection of records is obtained according to relevant compliance policies for data storage defined correspondingly for the set of software products, and wherein each data aggregate in the aggregate store corresponds to a separate storage area defined for a different prospective use case…”. It is ambiguous from the claimed limitation and the Specification the relationship between “collection of records” and “data aggregate”. The claim appears to be ambiguous, e.g., it cannot be ascertained whether “data aggregate” corresponds to the “collection of records”, or what the relationship between the two clearly is. For purposes of examination, the two have been treated as the same. The independent claims further recite “receiving a request for data management in relation to a first record”. Given that these records are later used to check whether to permit access to the record or not, it is unclear what a request “for data management” means. For purposes of examination, the interpretation that “request for data management” means intended use, i.e., access control information, has been taken. The independent claims further recite “modifying a functionality of the first software product based on analyzing data records that comprise the first record in accordance with the prospective use case”. This appears to indicate that multiple data records, including the first record, are used to determine how to modify the functionality of the software product. However, it is unclear what is precisely meant by this sort of limitation. For purposes of examination, the interpretation that only the first record is analyzed, has been taken. Dependent claims 3, 10, and 17 recite “wherein the prospective use case of the first record comprises modifying a functionality of the first software product based on analyzing the first record”. However, it cannot be ascertained whether this is claiming the same limitation as in their respective independent claims, or whether this is meant to be distinct, as both pertain to modifying a functionality of the first software product based on analyzing the first record, i.e., and tied to the prospective use case. Thus, the metes and bounds of these dependent claims relative to their independent claims cannot be ascertained. For purposes of examination, the interpretation that this is the same as the independent claims has been taken. Lastly, dependent claims 5, 12, and 19 recite “wherein collecting the interaction data comprises determining a relevant policy for storing the interaction data for the first software product”. It appears to be substantially similar to the independent claims’ limitation of “wherein the collection of records [associated with interactions of users with one or more of a set of software products] is obtained according to relevant compliant policies for data storage defined correspondingly for the set of software products”. However, it is unclear whether these are the same limitations or different, i.e., and if they are different, what the scope of difference was meant to be between these limitations. The dependent claims are rejected for at least by virtue of their dependency on their respective independent claims, and for failing to cure the deficiencies of their respective independent claims. The following is a quotation of 35 U.S.C. 112(d): (d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers. The following is a quotation of pre-AIA 35 U.S.C. 112, fourth paragraph: Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA 35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers. Claims 3, 10, and 17 are rejected under 35 U.S.C. 112(d) or pre-AIA 35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends. The claims recite “wherein the prospective use case of the first record comprises modifying a functionality of the first software product based on analyzing the first record”. This appears to already be claimed in their respective independent claims. Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-20 are rejected under 35 U.S.C. 101 because the claims are directed to a judicial exception (i.e., an abstract idea) without significantly more. Independent Claims 1, 8, and 15 recite managing a collection of records, the collection of records obtained according to relevant compliance policies for the data storage defined correspondingly for a set of software products; receiving a request for data management in relation to a first record of the collection of records, wherein the request specifies a prospective use case for a software product enabled by the first record, the prospective use case being associated with a first software product of the set of software products (claim 1); in response to receiving a request for data management in relation to a first record of the collection of records, determining a relevant compliance policy for the first record, the relevant compliance policy being associated with the (first) software product, wherein the relevant compliance policy defines one or more allowed purposes of use / application-oriented use cases for the respective software product enabled by the first record by one or more software products of the set of software products; in response to determining that the purpose of use is in the one or more allowed purposes of use, providing access to the first record in response to the request; and obtaining and storing, at the first software product, data from the first record in accordance with the specified purpose of use (claim 1); and modifying a functionality of the first software product based on analyzing data records that comprise the first record in accordance with the prospective use case (claims 8 and 15). These encompass an evaluation, observation, and/or judgment (i.e., the determining steps), which falls under the “Mental processes” grouping of abstract ideas. Additionally, and with respect to the rest of the other limitations cited here, the claims encompass managing personal behavior or relationships or interactions between people, which falls under the “Certain methods of organizing human activity” grouping of abstract ideas. Dependent Claims 2, 9, and 16 recite wherein each record in the collection of records is subject to a respective retention period, and wherein managing the collection of records comprises: determining that a respective retention period for a second record in the collection of records has expired, and in response, deleting the second record that has the expired respective retention period. Similarly, this encompasses an evaluation, observation, and/or judgment (i.e., the determining steps), which falls under the “Mental processes” grouping of abstract ideas. Additionally, and with respect to the rest of the other limitations cited here, the claims encompass managing personal behavior or relationships or interactions between people, which falls under the “Certain methods of organizing human activity” grouping of abstract ideas. Dependent claims 3, 10, and 17 recite that the prospective use case for the software product comprises modifying a functionality of the software product based on analyzing the first record, and dependent claims 4, 11, and 18 recite that for the first record, the one or more allowed application-oriented use cases defined in the relevant compliance policy comprise modifying different functionalities of the software product based on analyzing the first record. These encompass both an evaluation, observation, and/or judgment, which falls under the “Mental Processes” grouping of abstract ideas, as well as managing personal behavior or relationships or interactions between people, which falls under the “Certain methods of organizing human activity” grouping of abstract ideas. Dependent Claims 5, 12, and 19 recite collecting the interaction data comprises determining a relevant policy for storing the interaction data for the first software product. This encompasses both an evaluation, observation, and/or judgment, which falls under the “Mental processes” grouping of abstract ideas, as well as managing personal behavior or relationships or interactions between people, which falls under the “Certain methods of organizing human activity” grouping of abstract ideas. Dependent Claims 6, 13, and 20 recite wherein a record of the first set of records associated with the first software product is obtained and managed based on rules defined in the relevant compliance policy for the first software product and for a first user associated with interaction data from the record. This encompasses both an evaluation, observation, and/or judgment, which falls under the “Mental processes” grouping of abstract ideas, as well as managing personal behavior or relationships or interactions between people, which falls under the “Certain methods of organizing human activity” grouping of abstract ideas. Because the claims recite “Mental processes” as well as “Certain methods of organizing human activity”, the claims accordingly recite an abstract idea. The claims do not recite additional elements that amount to significantly more than the judicial exception. The claimed computing elements are recited at a high level of generality and recited so generically that they represent no more than mere instructions to apply the judicial exception on a computer (see MPEP 2106.05(f)). These limitations can also be viewed as nothing more than an attempt to generally link the use of the judicial exception to the technological environment of a computer (see MPEP 2106.05(h)). The claims further recite that the software products are defined at a platform solution (see, e.g., independent claims 1, 8, and 15, and dependent claims 3, 10, and 17). The independent claims further recite that the collection of records is managed in an aggregate store that comprises multiple data aggregates, wherein each data aggregate in the aggregate store corresponds to a separate storage area defined for a different prospective use case, such that records for different prospective use cases are stored separately from each other. These are nothing more than an attempt to limit the claims to a particular technological environment, describing only a context rather than a particular manner of achieving the claimed result. Similarly, dependent claims 6, 13, and 20 recite that wherein the collection of records includes sets of records per software product of the set of software products, wherein a first set of records for a first software product is associated with one or more users. Dependent claims 7 and 14 recite that the insight is for a process execution through two or more software products of the set of software products, wherein the process execution is a cross-product process execution associated with multipole software products and multiple users interacting with the multiple software products. These are nothing more than insignificant field-of-use limitations, describing the context rather than a particular manner of achieving the result. Dependent Claims 5, 12, and 19 recite collecting interaction data. This is nothing more than an insignificant pre-solution activity of, e.g., gathering data. Furthermore, that the data is collected at a “centralized storage space from a first software product from the set of software products defined at a platform solution” is nothing more than an attempt to limit the claims to a particular technological field, and does nothing more than provide an insignificant field-of-use limitation that describes only the context rather than a particular manner of achieving the result. Furthermore, independent Claims 1, 8, and 15 recite that the obtaining and storing is for performing a data analysis at the first software product. Dependent Claims 7 and 14 recite analyzing interaction data from the collection of records to provide insight. These represent nothing more than field-of-use limitations, describing the context rather than a particular manner of achieving the results, as well as mere instructions to “apply” the judicial exception in a generic way, and thus do not integrate the mental analysis step into a practical application. See, e.g., MPEP § 2106.05(f) (“Mere Instructions to Apply an Exception”). Lastly, independent Claims 1, 8, and 15 recite that providing access to the first record in response to the request is performed by obtaining the first record from a data aggregate of the aggregate store that corresponds to the prospective use case. The “obtaining” step is an insignificant extra-solution activity, as well as an insignificant field-of-use limitation, describing the context rather than a particular manner of achieving the result. Accordingly, the claims are not integrated into a practical application of the idea. The claims do not recite additional elements that amount to significantly more than the judicial exception. As discussed above with respect to the integration of the abstract idea into a practical application, the additional elements of various computing hardware components, which amount to no more than mere instructions to apply the exception using generic computer components. Mere instructions to apply an exception using generic computer components cannot provide an inventive concept. The independent claims recite obtaining data. This is an insignificant extra-solution activity that is well-understood, routine, and conventional. See MPEP 2106.05(d)(II) (“Receiving or transmitting data over a network, e.g., using the Internet to gather data”; “Storing and retrieving data from memory”; and “Electronic recordkeeping”). Dependent Claims 5, 12, and 19 recite collecting (i.e., receiving) data. This is an insignificant extra-solution activity that is well-understood, routine, and conventional. See MPEP 2106.05(d)(II) (“Receiving or transmitting data over a network, e.g., using the Internet to gather data”). Even as an ordered combination, the claimed elements do not add anything that is not already present when the steps are considered separately. The claims recite a series of abstract steps at a high level of generality, and reciting the generic factors that were involved in managing the data collection, data access, and retention. See, e.g., Affinity Labs of Texas LLC v. DirecTV., 838 F.3d 1266 (Fed. Cir. 2016) at p. 7-8 (“At that level of generality, the claims do no more than describe a desired function or outcome, without providing any limiting detail that confines the claim to a particular solution to an identified problem. The purely functional nature of the claim confirms that it is directed to an abstract idea, not to a concrete embodiment of that idea”); and Elec. Power Grp., LLC v. Alstom S.A., 830 F.3d 1350 (Fed. Cir. 2016), slip op. 12 (“[The] essentially result-focused, functional character of claim language has been a frequent feature of claims held ineligible under § 101”). Thus, despite the claims’ attempt to narrow the claims to particular types of information, such limitations do not move the claims outside the realm of abstract ideas. See, e.g., SAP America, Inc. v. InvestPic, LLC, 890 F.3d 1016, 126 USPQ2d 1638 (Fed. Cir. 2018) at p. 12) (finding that the claimed limitations attempting to narrow the claimed statistical methods to bootstrap, jackknife, and cross-validation were all particular methods of resampling, thus doing no more than simply providing further narrowing of what were still mathematical operations, and added nothing outside the abstract realm). In other words, at this level of generality, the claims do no more than describe a desired function or outcome, and without providing any limiting detail that confines the claims to a particular solution to an identified problem. The purely functional nature of the claims confirm that they are directed to an abstract idea, not to a concrete embodiment of the idea. A desired goal (i.e., result or effect), absent of structural or procedural means for achieving that goal, is an abstract idea. In this case, the claims are directed to an abstract idea for failing to describe how—by what particular process or structure—the goal is accomplished. Even with the additional elements, the claimed limitations fail to restrict how the goal is accomplished. Thus, for at least the aforementioned reasons, the claims are rejected under 35 U.S.C. 101 for being directed to a judicial exception (i.e., an abstract idea) without significantly more. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 3, 5-6, 8, 10, 12-13, 15, 17, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Chandra et al. (“Chandra”) (US 2024/0419781 A1), in view of Bohrer et al. (“Bohrer”) (US 2003/0088520 A1). Regarding claim 1: Chandra teaches A computer-implemented method, comprising: managing, in an aggregate store that comprises multiple data aggregates, a collection of records associated with interactions of users with one or more of a set of software products defined at a platform solution (Chandra, [0026], where the system receives or obtains an indication of one or more permissions associated with a dataset shared by the data provider device, the one or more permissions indicating a purpose for which the dataset is shared, including, e.g., permitted uses of the shared data (e.g., a category or type of data processing application that can be applied to the shared data), how the data is to be shared (e.g., a sharing method), the data that is available to be shared, one or more permitted recipients or consumers of the shared data, access permissions, access controls, and/or sharing options (all of which constitute “interactions of users with one or more of a set of software products”). See Chandra, [0027], where datasets are made available from and to various execution environments, which may include a cloud computing environment (Chandra, [0024]) (i.e., “defined at a platform solution”)), … and wherein each data aggregate in the aggregate store corresponds to a separate storage area defined for a different prospective use case, such that records for different prospective use cases are stored separately from each other (Chandra, [0028-0029], where indication of the one or more permissions are stored in the purpose database, which includes or indicates an identifier associated with the dataset, and the purpose database may include a collection of indications of shared datasets and respective permissions, e.g., purposes for which the datasets are shared, associated with the shared datasets (i.e., “managing, in an aggregate store that comprises multiple data aggregates”). Note that “collection” implies “wherein each data aggregate in the aggregate store corresponds to a separate [location] defined for a different prospective use case, such that records for different prospective use cases are stored separately from each other”. Although Chandra does not appear to explicitly state that this corresponds to a separate “storage area” as claimed (i.e., physical separation), one of ordinary skill in the art would have found it obvious to have modified Chandra such that the collections are physically stored separately with the motivation of faster retrieval (e.g., information that are relevant and grouped together in the same storage location are faster to search than if they were dispersed into separate storage locations)); receiving a request for data management in relation to a first record of the collection of records, wherein the request specifies a prospective use case of the first record, the prospective use case being associated with a first software product of the set of software products (Chandra, [0030-0031], where a data consumer device may request to register an intended use of one or more data processing applications with respect to shared data. The intended use may also indicate who has access to the data, how long access to the data is granted, whether copies of the data will be made, whether the data is stored, and/or how or where the data is stored (i.e., “request for data management”). The registration request is received by the violation detection device, which the utilizes entries in the purpose database storing permissions indicating an identifier of the data provider and/or that is unique to the dataset to determine whether to grant registration and subsequent access to the dataset (see Chandra, [0028-0029] and [0035] below for further detail) (i.e., “in relation to a first record of the collection of records”)); and in response to receiving the request for data management in relation to the first record of the collection of records, determining a relevant compliance policy for the first record, the relevant compliance policy being associated with the first software product, wherein the relevant compliance policy defines one or more allowed use cases of the first record by the first software product (Chandra, [0035], where the violation detection device may determine whether to register the data processing application based on the intended use associated with the data processing application, where the violation detection device stores one or more permitted uses and/or one or more prohibited uses (i.e., “compliance policy”). The violation detection device checks one or more entries in the purpose database storing the permissions that indicate an identifier of the data provider and/or unique to the dataset (Chandra, [0028-0029]). If the intended use is included in the one or more permitted uses, the violation detection devices registers the data processing application. If the intended use is not included in the one or more permitted uses, the violation detection device does not register the data processing application. See Chandra, [0028-0029], where an indication of one or more permissions is stored in the purpose database, where the violation detection device generated one or more entries in the purpose database associated with the dataset); and in response to determining that the prospective use case is in the one or more allowed use cases, providing access to the first record in response to the request by obtaining the first record from a data aggregate of the aggregate store that corresponds to the prospective use case; and modifying a functionality of the first software product based on analyzing data records that comprise the first record in accordance with the prospective use case (Chandra, [0038-0040], where if the violation detection device determines to register the data processing application, e.g., from having checked the one or more entries in the purpose database storing a collection of indications of shared datasets and respective permissions that indicate an identifier associated with the dataset (e.g., an identifier of the data provider and/or unique to the dataset) (i.e., “by obtaining the first record from a data aggregate of the aggregate store”) (see Chandra, [0028-0029] and [0035]) (i.e., “based on analyzing data records in accordance with the prospective use case”), then the violation detection device may provide an indication to the data consumer device that the data processing application has been registered for operation in the data consumer execution environment, the communication including information that enables the data processing application to be executed via the data consumer execution environment (otherwise, the data processing application is prevented and/or restricted from executing in the data consumer execution environment), e.g., making the dataset available in the data provider execution environment, and configured to allow access to the dataset to devices associated with one or more data consumer execution environments (i.e., “providing access to the first record in response to the request”)). Chandra does not appear to explicitly teach wherein the collection of records is obtained according to relevant compliance policies for data storage defined correspondingly for the set of software products. Bohrer teaches wherein the collection of records is obtained according to relevant compliance policies for data storage defined correspondingly for the set of software products (Bohrer, [0017], where the collection and release of data held by third parties, as well as authorizing release of such data, is based on the matching of the privacy policies of the data subject and the data requester. See also Bohrer, [0034], where the policy authorization engine 112 performs automatic authorization for release of requested data based on authorization rules including information about privacy policy information associated with data, templates, and request types, as well as users authorized to access the data, where privacy policies can be different for different groups of requesters. See Bohrer, [0087-0088], where, after checking to see if the data requester is allowed the action according to the action control specified in the data subject’s privacy preference rule, the data is released to the third party. See Chandra above with respect to “[relevant compliance policies] defined correspondingly for the set of software products”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have combined the teachings of Chandra and Bohrer with the motivation of ensuring that an organization or entity is in compliance with one or more legal or industry requirements related to the collection, storage, and processing of data1, as well as allowing automatic release of data (i.e., greater convenience, instead of pinging the user with notifications all the time for information) with varying degrees of granularity with respect to policies, thereby increased control/customization (see, e.g., Bohrer, [0013-0014]). Regarding claim 3: Chandra as modified teaches The method of claim 1, wherein the prospective use case of the first record comprises modifying a functionality of the first software product based on analyzing the first record (Chandra, [0038-0040], where if the violation detection device determines to register the data processing application, e.g., from having checked the one or more entries in the purpose database storing a collection of indications of shared datasets and respective permissions that indicate an identifier associated with the dataset (e.g., an identifier of the data provider and/or unique to the dataset) (i.e., “the prospective use case of the first record”) (see Chandra, [0028-0029] and [0035]) (i.e., “based on analyzing data records in accordance with the prospective use case”), then the violation detection device may provide an indication to the data consumer device that the data processing application has been registered for operation in the data consumer execution environment, the communication including information that enables the data processing application to be executed via the data consumer execution environment (otherwise, the data processing application is prevented and/or restricted from executing in the data consumer execution environment), e.g., making the dataset available in the data provider execution environment, and configured to allow access to the dataset to devices associated with one or more data consumer execution environments). Regarding claim 5: Chandra as modified teaches The method of claim 1, wherein collecting the interaction data comprises determining a relevant policy for storing the interaction data for the first software product (Bohrer, [0017], where the collection and release of data held by third parties, as well as authorizing release of such data, is based on the matching of the privacy policies of the data subject and the data requester. See Bohrer, [0084-0085], where the privacy policy includes retention, e.g., after successfully checking the purpose privacy statements against the data subject’s privacy preference rule, the matching algorithm proceeds to the retention statement check, where the retention statement is declared using one of five subelements, each expressing different privacy levels with some more restrictive than others). Regarding claim 6: Chandra as modified teaches The method of claim 1, wherein the collection of records includes sets of records per software product of the set of software products, wherein a first set of records for a first software product is associated with one or more users, wherein a record of the first set of records associated with the first software product is obtained and managed based on rules defined in the relevant compliance policy for the first software product and for a first user associated with interaction data from the record (Chandra, [0026], where the system receives or obtains an indication of one or more permissions associated with a dataset shared by the data provider device, the one or more permissions indicating a purpose for which the dataset is shared, including, e.g., permitted uses of the shared data (e.g., a category or type of data processing application that can be applied to the shared data), how the data is to be shared (e.g., a sharing method), the data that is available to be shared, one or more permitted recipients or consumers of the shared data (i.e., “based on rules defined in the relevant compliance policy for the first software product and for a first user associated with interaction data from the record”), access permissions, access controls, and/or sharing options (all of which constitute “interactions of users with one or more of a set of software products”). See also Chandra, [0031], where the intended use of the data processing application includes an indication of access controls associated with the data processing application, e.g., who has access to the data, for how long access to the data is to be granted, whether copies of the data will be made, whether the data is stored, and/or how or where the data is stored, among other examples (i.e., “relevant compliance policy for the first software product and for a first user associated with interaction data from the record”). See Chandra, [0028-0029], where indication of the one or more permissions are stored in the purpose database, which includes or indicates an identifier associated with the dataset, which may be an identifier of the data provider, e.g., the data provider service (i.e., “associated with one or more users”), and the purpose database may include a collection of indications of shared datasets and respective permissions, e.g., purposes for which the datasets are shared, associated with the shared datasets. See Bohrer, [0017], [0034], and [0087-0088] in claim 1 above with respect to “wherein a record of the first set of records … is obtained and managed based on rules defined in the relevant compliance policy”. See Bohrer, [0046], where access list in a rule declares who can access the specified data set upon privacy preference matching, where each access list contains one or more authorization party 212, which can be a user 213, a group 214, etc., where a data subject can define one or more authorization rules for one or more groups of users who are then granted access to the data for the same privacy preference rules (i.e., “associated with one or more users” and “for a first user associated with interaction data from the record”)). Regarding claim 8: Claim 8 recites substantially the same claim limitations as claim 1, and is rejected for the same reasons. Note that Chandra teaches A non-transitory, computer-readable medium storing one or more instructions executable by a computer system to perform one or more operations comprising [the claimed steps] (Chandra, [0004], [0077], and [Claims 16-20], where the disclosed steps may be implemented via a non-transitory, computer-readable medium (i.e., a memory 430 that includes volatile and/or nonvolatile memory) storing a set of instructions that, when executed by the one or more processors of the device, cause the device to implement the disclosed steps). Regarding claim 10: Claim 10 recites substantially the same claim limitations as claim 3, and is rejected for the same reasons. Regarding claim 12: Claim 12 recites substantially the same claim limitations as claim 5, and is rejected for the same reasons. Regarding claim 13: Claim 13 recites substantially the same claim limitations as claim 6, and is rejected for the same reasons. Regarding claim 15: Claim 15 recites substantially the same claim limitations as claim 8, and is rejected for the same reasons. Note that Chandra teaches A computer-implemented system, comprising: one or more computers; and one or more computer memory devices interoperably coupled with the one or more computers and having tangible, non-transitory, machine-readable media storing one or more instructions that, when executed by the one or more computers, perform one or more operations comprising [the claimed steps] (Chandra, [0004], [0077], and [Claims 16-20], where the disclosed steps may be implemented via a non-transitory, computer-readable medium (i.e., a memory 430 that includes volatile and/or nonvolatile memory) storing a set of instructions that, when executed by the one or more processors of the device, cause the device to implement the disclosed steps). Regarding claim 17: Claim 17 recites substantially the same claim limitations as claim 3, and is rejected for the same reasons. Regarding claim 19: Claim 19 recites substantially the same claim limitations as claim 5, and is rejected for the same reasons. Regarding claim 20: Claim 20 recites substantially the same claim limitations as claim 6, and is rejected for the same reasons. Claims 2, 9, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Chandra et al. (“Chandra”) (US 2024/0419781 A1), in view of Bohrer et al. (“Bohrer”) (US 2003/0088520 A1), in further view of Sarferaz et al. (“Sarferaz”) (US 2014/0032600 A1). Regarding claim 2: Chandra as modified teaches The method of claim 1, wherein each record in the collection of records is subject to a respective retention period (Bohrer, [0049] and [0064-0076], where data in the authorization dataset includes retention 305, which specifies the length of time information is retained, where a data subject can specify/control the retention), and wherein managing the collection of records comprises: determining that a respective retention period for a second record in the collection of records has expired; and in response, deleting the second record that has the expired respective retention period. Sarferaz teaches determining that a respective retention period for a second record in the collection of records has expired; and in response, deleting the second record that has the expired respective retention period (Sarferaz, [0024], where retention period 120 for a business partner data record determines when that business partner data should be erased form the database or archived. See Sarferaz, [0055-0056], where process 500 destroys (business partner personal) data from the database after determining expiration of the retention time, and process 600 destroys personal data in the archive file system as well). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have combined the teachings of Chandra as modified and Sarferaz with the motivation of ensuring that privacy and sensitivity of data is respected2, and automatically complying with data privacy laws (see, e.g., Sarferaz, [0002]). Regarding claim 9: Claim 9 recites substantially the same claim limitations as claim 2, and is rejected for the same reasons. Regarding claim 16: Claim 16 recites substantially the same claim limitations as claim 2, and is rejected for the same reasons. Claims 4, 11, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Chandra et al. (“Chandra”) (US 2024/0419781 A1), in view of Bohrer et al. (“Bohrer”) (US 2003/0088520 A1), in further view of Kong et al. (“Kong”) (US 2017/0032143 A1). Regarding claim 4: Chandra as modified teaches The method of claim 3, but does not appear to explicitly teach wherein for the first record, the one or more allowed use cases defined in the relevant compliance policy comprise modifying different functionalities of the first software product based on analyzing the first record. Kong teaches wherein for the first record, the one or more allowed use cases defined in the relevant compliance policy comprise modifying different functionalities of the first software product based on analyzing the first record (Kong, [0094], where application privacy recommendation 336 includes a discrepancy in user’s settings or actions involving different fields, recipients, functions, applications, etc. See, e.g., Kong, [0156], where different devices have additional or specific functions compared to other devices. See Chandra in claim 1 above with respect to “one or more allowed use cases defined in the relevant compliance policy”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have combined the teachings of Chandra as modified and Kong with the motivation of improving privacy protection for the user (Kong, [0021]) while also enabling customization of various application functionality according to the custom privacy settings of the user. Regarding claim 11: Claim 11 recites substantially the same claim limitations as claim 4, and is rejected for the same reasons. Regarding claim 18: Claim 18 recites substantially the same claim limitations as claim 4, and is rejected for the same reasons. Claims 7 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Chandra et al. (“Chandra”) (US 2024/0419781 A1), in view of Bohrer et al. (“Bohrer”) (US 2003/0088520 A1), in further view of Chu et al. (“Chu”) (US 11,132,179 B1). Regarding claim 7: Chandra as modified teaches The method of claim 1, but does not appear to explicitly teach comprising: analyzing interaction data from the collection of records to provide insight into an execution of a computerized process through two or more software products of the set of software products, wherein the computerized process is a cross-product computerized process that involves multiple software products and multiple users interacting with the multiple software products. Chu teaches analyzing interaction data from the collection of records to provide insight into an execution of a computerized process through two or more software products of the set of software products, wherein the computerized process is a cross-product computerized process that involves multiple software products and multiple users interacting with the multiple software products (Chu, [14:20-64], where user activity analysis operation 4000 identifies and detects user interaction sequences within one or more applications. User activity analysis operation 4000 functions as a background process that monitors interactions between users and their applications on an ongoing basis (i.e., “multiple users interacting with the multiple software products”), where actions may be performed by a single application or multiple applications (“cross-application correlation tree”) (Chu, [8:28-51]) (i.e., “a cross-product computerized process that involves multiple software products”). After the relevant data is stored, a determination can be made with respect to whether the observed user liaisons to a second application, where a “liaison point” refers to a user action that forms a link between functionalities provided by one or more underlying applications (Chu, [8:52-67]-[9:1-2]) (i.e., “a computerized process through two or more software products of the set of software products”)). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have combined the teachings of Chandra as modified and Chu with the motivation of providing insights for developers into particular actions that applications could (or should) provide, thereby enabling a streamlining of application development processes by making them less reliant on intuition, judgment, and/or subject assumptions (Chu, [5:61-67]-[6:1-15]), which may ultimately lead to improved user experience and productivity (Chu, [7:48-67]-[8:1-2]). Regarding claim 14: Claim 14 recites substantially the same claim limitations as claim 7, and is rejected for the same reasons. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure. See the enclosed 892 form. Brannon et al. (US 2021/0200902 A1) is cited to show at least one reason as to why one of ordinary skill in the art would have been motivated to collect data in accordance with compliance policies (see, e.g., Brannon et al., [0492]). Ananthanarayanan et al. US 2006/0143464 A1 is cited to show at least one reason as to why one of ordinary skill in the art would have been motivated to including retention periods (see, e.g., Ananthanarayanan et al., [0002]). The prior art should be considered to define the claims over the art of record. Any inquiry concerning this communication or earlier communications from the examiner should be directed to IRENE BAKER whose telephone number is (408)918-7601. The examiner can normally be reached M-F 8-5PM PT. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Boris Gorney can be reached at (571) 270-5626. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /IRENE BAKER/Primary Examiner, Art Unit 2154 4 June 2026 1 Brannon et al. US 2021/0200902 A1 at [0492]. 2 Ananthanarayanan et al. US 2006/0143464 A1 at [0002].
Read full office action

Prosecution Timeline

Nov 27, 2024
Application Filed
Jul 23, 2025
Non-Final Rejection mailed — §101, §103, §112
Oct 16, 2025
Response Filed
Feb 04, 2026
Final Rejection mailed — §101, §103, §112
May 04, 2026
Request for Continued Examination
May 06, 2026
Response after Non-Final Action
Jun 09, 2026
Non-Final Rejection mailed — §101, §103, §112 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12657181
FENCING MECHANISM OF STATEMENTS FOR DISTRIBUTED MULTI-VERSION CONCURRENCY CONTROL
3y 1m to grant Granted Jun 16, 2026
Patent 12632440
METHOD AND DEVICE FOR DETECTING ANOMALY IN LOG DATA
1y 6m to grant Granted May 19, 2026
Patent 12602368
ANOMALY DETECTION DATA WORKFLOW FOR TIME SERIES DATA
2y 0m to grant Granted Apr 14, 2026
Patent 12591890
CONCURRENT STATE MACHINE PROCESSING USING A BLOCKCHAIN
1y 3m to grant Granted Mar 31, 2026
Patent 12566880
SEAMLESS UPDATING AND RECONCILIATION OF DATABASE IDENTIFIERS GENERATED BY DIFFERENT AGENT VERSIONS
2y 4m to grant Granted Mar 03, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
54%
Grant Probability
81%
With Interview (+27.1%)
3y 5m (~1y 10m remaining)
Median Time to Grant
High
PTA Risk
Based on 244 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month