USER INTERACTION DATA MANAGEMENT

§101 §103 §112

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Introductory Remarks In response to communications filed on 16 October 2025, claims 1, 3-4, 7-8, 10-11, 14-15, and 17-18 are amended per Applicant's request. No claims were cancelled. No claims were withdrawn. No new claims were added. Therefore, claims 1-20 are presently pending in the application, of which claims 1, 8, and 15 are presented in independent form. The previously raised 112 rejection of claims 7 and 14 is withdrawn in view of the amendments to the claims. The previously raised 101 rejection of the pending claims is maintained. The previously raised 103 rejection of the pending claims is withdrawn in view of the amendments to the claims. A new ground(s) of rejection has been issued. Response to Arguments Applicant’s arguments filed 16 October 2025 with respect to the 112 rejection of claims 7 and 14 (see Remarks, p. 11-12) have been fully considered and are persuasive. The 112 rejection has been accordingly withdrawn. Applicant’s arguments filed 16 October 2025 with respect to the rejection of the claims under 35 U.S.C. 101 (see Remarks, p. 11) have been fully considered but are not persuasive. Applicant argues that “modifying a software product is not directed to a judicial exception, and is in particular not a mental process because software modification cannot be practically performed in the human mind” (see Remarks, p. 11) is not persuasive. At best, this is nothing more than mere instructions to apply the judicial exception (which is treated at the subsequent Step 2A, Prong 2). However, even at Step 2A, Prong 1, this falls under certain methods of organizing human activity, another form of a judicial exception. Thus, for at least the aforementioned reasons and those set forth in the 101 rejection below, the 101 rejection has been maintained. Applicant’s arguments filed 16 October 2025 with respect to the rejection of the claims under 35 U.S.C. 103 (see Remarks, p. 12-14) have been fully considered but are not persuasive. Applicant argues that the amended claim language overcomes the prior art. However, the 103 rejection has been modified below to conform to the amended claim language (i.e., a new grounds of rejection has been issued). See the 103 rejection below for further details. A Note on Intended Use The Examiner notes there are multiple elements in the claims that will be interpreted as intended use. A recitation directed to the manner in which a claimed apparatus is intended to be used does not distinguish the claimed apparatus from the prior art, if the prior art has the capability to so perform, see MPEP 2114 (II) and Ex parte Masham, 2 USPQ2d 1647 (Bd. Pat. App. & Inter. 1987). “Language that suggest or makes optional but does not require steps to be performed does not limit a claim to a particular structure, nor limits the scope of a claim or claim limitation”, see MPEP 2111.04. The Examiner notes the recited prior art has the capability to perform the limitations indicated as intended use. An incomplete list of the limitations that could be interpreted as intended use is as follows: Claim 1 recites “obtaining and storing, at the first software product, data from the first record to perform a data analysis at the first software product in accordance with the specified purpose of use”. Claim Objections Claim 1 is objected to because of the following informalities: portions of the claim language appear in both underlined and strikethrough, which was not language previously presented. This is not in line with 37 CFR 1.121, which specifies how markups to claim language should be presented, which should either be in underline or strikethrough. The claim has nonetheless been examined on the merits, in which language that appears both underlined and struck through have been treated as struck through. Claim 1 is objected to because of the following informalities: the claim recites “one or more software product”. This should be “one or more software products”. Appropriate correction is required. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 3-4 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claim 3 recites the limitation “the prospective application-oriented use case for the software product”. Firstly, there is no mention of “prospective application-oriented use case” in independent claim 1, which claim 3 depends upon. Secondly, there is no singular “software product”, but rather “first software product” in independent claim 1. There is insufficient antecedent basis for this limitation in the claim. Claim 4 is rejected for at least by virtue of its dependency on claim 3, and for failing to cure the deficiencies of claim 3. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-20 are rejected under 35 U.S.C. 101 because the claims are directed to a judicial exception (i.e., an abstract idea) without significantly more. Independent Claims 1, 8, and 15 recite managing a collection of records, the collection of records obtained according to relevant compliance policies for the data storage defined correspondingly for a set of software products; receiving a request for data management in relation to a first record of the collection of records, wherein the request specifies a purpose of use / prospective application-oriented use case for a software product enabled by the first record, the purpose of use being associated with a first software product of the set of software products (claim 1); in response to receiving a request for data management in relation to a first record of the collection of records, determining a relevant compliance policy for the first record, the relevant compliance policy being associated with the (first) software product, wherein the relevant compliance policy defines one or more allowed purposes of use / application-oriented use cases for the respective software product enabled by the first record by one or more software products of the set of software products; in response to determining that the purpose of use is in the one or more allowed purposes of use, providing access to the first record in response to the request; and obtaining and storing, at the first software product, data from the first record in accordance with the specified purpose of use (claim 1); and modifying the software product based on analyzing data records that comprise the first record (claims 8 and 15). These encompass an evaluation, observation, and/or judgment (i.e., the determining steps), which falls under the “Mental processes” grouping of abstract ideas. Additionally, and with respect to the rest of the other limitations cited here, the claims encompass managing personal behavior or relationships or interactions between people, which falls under the “Certain methods of organizing human activity” grouping of abstract ideas. Dependent Claims 2, 9, and 16 recite wherein each record in the collection of records is subject to a respective retention period, and wherein managing the collection of records comprises: determining that a respective retention period for a second record in the collection of records has expired, and in response, deleting the second record that has the expired respective retention period. Similarly, this encompasses an evaluation, observation, and/or judgment (i.e., the determining steps), which falls under the “Mental processes” grouping of abstract ideas. Additionally, and with respect to the rest of the other limitations cited here, the claims encompass managing personal behavior or relationships or interactions between people, which falls under the “Certain methods of organizing human activity” grouping of abstract ideas. Dependent claims 3, 10, and 17 recite that the prospective application-oriented use case for the software product comprises modifying a functionality of the software product based on analyzing the first record, and dependent claims 4, 11, and 18 recite that for the first record, the one or more allowed application-oriented use cases defined in the relevant compliance policy comprise modifying different functionalities of the software product based on analyzing the first record. These encompass both an evaluation, observation, and/or judgment, which falls under the “Mental Processes” grouping of abstract ideas, as well as managing personal behavior or relationships or interactions between people, which falls under the “Certain methods of organizing human activity” grouping of abstract ideas. Dependent Claims 5, 12, and 19 recite collecting the interaction data comprises determining a relevant policy for storing the interaction data for the first software product. This encompasses both an evaluation, observation, and/or judgment, which falls under the “Mental processes” grouping of abstract ideas, as well as managing personal behavior or relationships or interactions between people, which falls under the “Certain methods of organizing human activity” grouping of abstract ideas. Dependent Claims 6, 13, and 20 recite wherein a record of the first set of records associated with the first software product is obtained and managed based on rules defined in the relevant compliance policy for the first software product and for a first user associated with interaction data from the record. This encompasses both an evaluation, observation, and/or judgment, which falls under the “Mental processes” grouping of abstract ideas, as well as managing personal behavior or relationships or interactions between people, which falls under the “Certain methods of organizing human activity” grouping of abstract ideas. Because the claims recite “Mental processes” as well as “Certain methods of organizing human activity”, the claims accordingly recite an abstract idea. The claims do not recite additional elements that amount to significantly more than the judicial exception. The claimed computing elements are recited at a high level of generality and recited so generically that they represent no more than mere instructions to apply the judicial exception on a computer (see MPEP 2106.05(f)). These limitations can also be viewed as nothing more than an attempt to generally link the use of the judicial exception to the technological environment of a computer (see MPEP 2106.05(h)). The claims further recite that the software products are defined at a platform solution (see, e.g., independent claims 1, 8, and 15, and dependent claims 3, 10, and 17). This is nothing more than an attempt to limit the claims to a particular technological environment, describing only a context rather than a particular manner of achieving the claimed result. Similarly, dependent claims 6, 13, and 20 recite that wherein the collection of records includes sets of records per software product of the set of software products, wherein a first set of records for a first software product is associated with one or more users. Dependent claims 7 and 14 recite that the insight is for a process execution through two or more software products of the set of software products, wherein the process execution is a cross-product process execution associated with multipole software products and multiple users interacting with the multiple software products. These are nothing more than insignificant field-of-use limitations, describing the context rather than a particular manner of achieving the result. Dependent Claims 5, 12, and 19 recite collecting interaction data. This is nothing more than an insignificant pre-solution activity of, e.g., gathering data. Furthermore, that the data is collected at a “centralized storage space from a first software product from the set of software products defined at a platform solution” is nothing more than an attempt to limit the claims to a particular technological field, and does nothing more than provide an insignificant field-of-use limitation that describes only the context rather than a particular manner of achieving the result. Lastly, independent Claims 1, 8, and 15 recite that the obtaining and storing is for performing a data analysis at the first software product. Dependent Claims 7 and 14 recite analyzing interaction data from the collection of records to provide insight. These represent nothing more than mere instructions to “apply” the judicial exception in a generic way, and thus do not integrate the mental analysis step into a practical application. See, e.g., MPEP § 2106.05(f) (“Mere Instructions to Apply an Exception”). Accordingly, the claims are not integrated into a practical application of the idea. The claims do not recite additional elements that amount to significantly more than the judicial exception. As discussed above with respect to the integration of the abstract idea into a practical application, the additional elements of various computing hardware components, which amount to no more than mere instructions to apply the exception using generic computer components. Mere instructions to apply an exception using generic computer components cannot provide an inventive concept. Dependent Claims 5, 12, and 19 recite collecting (i.e., receiving) data. This is an insignificant extra-solution activities that are well-understood, routine, and conventional. See MPEP 2106.05(d)(II) (“Receiving or transmitting data over a network, e.g., using the Internet to gather data”). Even as an ordered combination, the claimed elements do not add anything that is not already present when the steps are considered separately. The claims recite a series of abstract steps at a high level of generality, and reciting the generic factors that were involved in managing the data collection, data access, and retention. See, e.g., Affinity Labs of Texas LLC v. DirecTV., 838 F.3d 1266 (Fed. Cir. 2016) at p. 7-8 (“At that level of generality, the claims do no more than describe a desired function or outcome, without providing any limiting detail that confines the claim to a particular solution to an identified problem. The purely functional nature of the claim confirms that it is directed to an abstract idea, not to a concrete embodiment of that idea”); and Elec. Power Grp., LLC v. Alstom S.A., 830 F.3d 1350 (Fed. Cir. 2016), slip op. 12 (“[The] essentially result-focused, functional character of claim language has been a frequent feature of claims held ineligible under § 101”). Thus, despite the claims’ attempt to narrow the claims to particular types of information, such limitations do not move the claims outside the realm of abstract ideas. See, e.g., SAP America, Inc. v. InvestPic, LLC, 890 F.3d 1016, 126 USPQ2d 1638 (Fed. Cir. 2018) at p. 12) (finding that the claimed limitations attempting to narrow the claimed statistical methods to bootstrap, jackknife, and cross-validation were all particular methods of resampling, thus doing no more than simply providing further narrowing of what were still mathematical operations, and added nothing outside the abstract realm). In other words, at this level of generality, the claims do no more than describe a desired function or outcome, and without providing any limiting detail that confines the claims to a particular solution to an identified problem. The purely functional nature of the claims confirm that they are directed to an abstract idea, not to a concrete embodiment of the idea. A desired goal (i.e., result or effect), absent of structural or procedural means for achieving that goal, is an abstract idea. In this case, the claims are directed to an abstract idea for failing to describe how—by what particular process or structure—the goal is accomplished. Even with the additional elements, the claimed limitations fail to restrict how the goal is accomplished. Thus, for at least the aforementioned reasons, the claims are rejected under 35 U.S.C. 101 for being directed to a judicial exception (i.e., an abstract idea) without significantly more. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-2 and 5-6 are rejected under 35 U.S.C. 103 as being unpatentable over Ananthanarayanan et al. (“Anan”) (US 2006/0143464 A1), in view of Bonat et al. (“Bonat”) (US 2020/0380171 A1), in further view of Brannon et al. (“Brannon”) (US 2021/0200902 A1). Regarding claim 1: Anan teaches A computer-implemented method, comprising: managing a collection of records associated with interactions of users with one or more of a set of software products … (Anan, [0035], where the disclosed system pertains to content management and enforcing obligation of the content. See, e.g., Anan, [0041-0042] and [0052-0053] for more details as to the management of the collection of records. Although Anan does not appear to explicitly state that the type of information relates to interactions of users with one or more of a set of software products, the claimed invention does not distinguish over the prior art because the differences in the claim limitations and the prior art’s disclosure are only found in the nonfunctional descriptive material and are not functionally involved in the steps recited. The management, retrieval, and providing access to the records would have been performed the same, regardless of the specific data involved (i.e., interactions of users with one or more of a set of software products, or some other data). Thus, this descriptive material will not distinguish the claimed invention from the prior art in terms of patentability. See In re Gulack, 703 F.2d 1381, 1385, 217 USPQ2d 401, 404 (Fed. Cir. 1983); In re Lowry, 32 F.3d 1579, 32 USPQ2d 1031 (Fed. Cir. 1994). Therefore, it would have been obvious to a person of ordinary skill in the art to have referred to Anan’s teachings in making the claimed invention, because such data does not functionally relate to the steps in the method claimed and because the subjective interpretation of the data does not patentably distinguish the claimed invention over the prior art); receiving a request for data management in relation to a first record of the collection of records, wherein the request specifies a purpose of use of the first record (Anan, [0050], where a user requests data from the repository via the request interceptor 370, which typically comprises specification of the data requested, the purpose of the request, and the intended action), … and in response to receiving the request for data management in relation to the first record of the collection of records, determining a relevant compliance policy for the first record …; and in response to determining that the purpose of use is in the one or more allowed purposes of use, providing access to the first record in response to the request; and obtaining …, data from the first record … in accordance with the specified purpose of use (Anan, [0042], where the event handler 350 maintains information on obligations and rulings related to events that are generated by the policy translator. The event handler determines whether any obligations need to be performed, and if so, the event handler 350 marks the relevant data item as a record in the record manager 340. See Anan, [0041], where the request interceptor monitors requests for data access by users and determines whether any rules and/or obligations apply to the particular data being accessed. For each data item, the request interceptor checks with the event handler 350 whether access by the user is allowable. See Anan, [0050-0053], where more specifically, a user requests data from the repository via the request interceptor 370, which typically comprises specification of the data requested, the purpose of the request, and the intended action. For each data item in a set of results, the request interceptor 370 communicates the data item along with the user’s name, intended actions and purpose to the Event Handler 350. The Event Handler 350 determines whether the request for each particular data item is allowable based on the list of events provided by the Policy Translator 320 and communicates the result (allowed or denied) to the request interceptor 370. If allowable, the request is executed and the results are communicated back to the request interceptor (i.e., “obtaining data from the first record in accordance with the specified purpose of use” and “providing access to the first record in response to the request”)). If not allowable, the denial is communicated back). Anan does not appear to explicitly teach [wherein the data is] defined at a platform solution, wherein the collection of records is obtained according to relevant compliance policies for data storage defined correspondingly for the set of software products; the purpose of use being associated with a first software product of the set of software products; the relevant compliance policy being associated with the first software product, wherein the relevant compliance policy defines one or more allowed purposes of use of the first record by one or more software product of the set of software products; [and] storing [data] at the first software product, to perform a data analysis at the first software product [in accordance with the specified purpose of use]. Bonat teaches the purpose of use being associated with a first software product of the set of software products; the relevant compliance policy being associated with the first software product, wherein the relevant compliance policy defines one or more allowed purposes of use of the first record by one or more software product of the set of software products (Bonat, [0096-0097], where the user’s specified privacy preferences may be related to a list of possible entity actions involving PII data, e.g., use of the user’s PII, such as PII collection, PII retention, and/or PII sharing, how the user can access the user’s PII data, security used to protect the PII data, tracking activities on the PII data, alerts relating to access to the PII data, etc. See Bonat, [0103], where the entity is related to an entity’s website or application (thus, Bonat’s disclosure in [0096-0097] with respect to an entity corresponds to “with reference to [a] set of software products”)). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have combined the teachings of Anan and Bonat (hereinafter “Anan as modified”) with the motivation of quickly ascertaining (e.g., by searching and retrieving the relevant data records) as to whether a person’s personal data is being used in the manner that they had agreed to. Anan as modified does not appear to explicitly teach [wherein the data is] defined at a platform solution, wherein the collection of records is obtained according to relevant compliance policies for data storage defined correspondingly for the set of software products; [and] storing [data] at the first software product, to perform a data analysis at the first software product [in accordance with the specified purpose of use]. Brannon teaches [wherein the data is] defined at a platform solution, wherein the collection of records is obtained according to relevant compliance policies for data storage defined correspondingly for the set of software products (Brannon, [0743], where the system, at step 6410, may, in response to a request, solicit and receive consent from a particular data subject to collect one or more pieces of personal data. In response to receiving such consent, the system may acquire (e.g., collect from the data subject, request and receive from one or more data sources, etc.) the personal data. See Bonat, [0096-0097] and [0103] above with respect to “[relevant compliance policies] defined correspondingly for the set of software products”); [and] storing [data] at the first software product, to perform a data analysis at the first software product [in accordance with the specified purpose of use] (Brannon, [0743], where the system, at step 6410, may, in response to a request, solicit and receive consent from a particular data subject to collect one or more pieces of personal data. In response to receiving such consent, the system may acquire (e.g., collect from the data subject, request and receive from one or more data sources, etc.) the personal data. The system may store the collected data. See Bonat, [0103], where an entity gaining access to personal user data relates to an application or website of the entity (i.e., “for the first software product”)). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have combined the teachings of Anan as modified and Brannon (hereinafter “Anan as modified”) with the motivation of ensuring that an organization or entity is in compliance with one or more legal or industry requirements related to the collection, storage, and processing of data (see, e.g., Brannon, [0492]). The Examiner notes that “to perform a data analysis at the first software product” has been considered as an intended use/result, and is not afforded patentable weight. The Examiner notes that “A claim containing a ‘recitation with respect to the manner in which a claimed apparatus is intended to be employed does not differentiate the claimed apparatus from a prior art apparatus’ if the prior art apparatus teaches all the structural limitations of the claim.” Ex parte Masham, 2 USPQ2d 1647 (Bd. Pat. App. & Inter. 1987); see also MPEP § 2114. The recited prior art has the capability to perform these intended use limitations, and therefore, the prior art meets the claimed limitations. See MPEP § 2111.02; see also In re Schreiber, 128 F.3d 1473, 1477, 44 USPQ2d 1429, 1431 (Fed.Cir. 1997). Because Anan as modified discloses all the claimed features, the claimed invention does not distinguish over the prior art since Anan as modified would confer the same intended use/result as claimed. Regarding claim 2: Anan as modified teaches The method of claim 1, wherein each record in the collection of records is subject to a respective retention period (Anan, [0019-0020] and [0057], where different privacy rules may define different obligations, certain of which may be related to a specific data item, where examples of such obligations include a data retention policy, e.g., “Delete the specified data 6 months after the data is accessed by a user in a particular category”, or delete the information after 1 month), and wherein managing the collection of records comprises: determining that a respective retention period for a second record in the collection of records has expired; and in response, deleting the second record that has the expired respective retention period (Anan, [0054], where the Event Handler 350 determines that an obligation is to be executed, e.g., that the data item is to be deleted after a period of 1 month. See Anan, [0029], where data item and associated obligation pairs are automatically tracked to determine when the obligations should be executed, and the obligations are automatically executed at appropriate times at step 260). Regarding claim 5: Anan as modified teaches The method of claim 1, comprising: collecting interaction data at a centralized storage space from a first software product from the set of software products defined at a platform solution (Brannon, [0743], where the system, at step 6410, may, in response to a request, solicit and receive consent from a particular data subject to collect one or more pieces of personal data. In response to receiving such consent, the system may acquire (e.g., collect from the data subject, request and receive from one or more data sources, etc.) the personal data. The system may store the collected data. See also, e.g., Brannon, [0002], where personal data may include, e.g., customers’ Internet browsing habits, purchase history, and even their preferences such as likes and dislikes provided or obtained through social media (i.e., “interaction data”). See Bonat, [0103], where an entity gaining access to personal user data relates to an application or website of the entity (i.e., “for the first software product”)), wherein collecting the interaction data comprises determining a relevant policy for storing the interaction data for the first software product (Brannon, [0744], where the system may generate and store metadata associated with each of the one or more pieces of data acquired at step 6410, where the metadata includes a period of time of authorized retention of the piece of data after the most recent use of the piece of data, a date and time of the expiration of consent associated with the piece of data, and a consent duration time period (i.e., “a relevant policy for storing the interaction data”). See Bonat, [0103], where an entity gaining access to personal user data relates to an application or website of the entity (i.e., “for the first software product”)). Regarding claim 6: Anan as modified teaches The method of claim 1, wherein the collection of records includes sets of records per software product of the set of software products, wherein a first set of records for a first software product is associated with one or more users (Bonat, [0096-0097], where the user’s specified privacy preferences may be related to a list of possible entity actions involving PII data, e.g., use of the user’s PII, such as PII collection, PII retention, and/or PII sharing, how the user can access the user’s PII data, security used to protect the PII data, tracking activities on the PII data, alerts relating to access to the PII data, etc. See Bonat, [0103], where the entity is related to an entity’s website or application. See also Bonat, [0069], where privacy policies include first party collection/use (e.g., how and why a service provider collects user information)), wherein a record of the first set of records associated with the first software product is obtained and managed based on rules defined in the relevant compliance policy for the first software product and for a first user associated with interaction data from the record (Bonat, [0026-0027], where the system may monitor the personal data leaving a mobile device being collected by a certain mobile application and comparing that to what the third-party states it is collecting, and consumers may block certain data from leaving their electronic devices. See also Bonat, [0032], where the privacy manager may implement a freeze feature if it detects a consumer’s PII is being used without authorization. See Bonat, [0069], where privacy policies include first party collection/use (e.g., how and why a service provider collects user information), data retention (e.g., how long user information is stored), third party sharing/collection (e.g., when user information may be shared with or collected by third parties), etc. See Brannon, [0749], with respect to the “management” of the data, where if a particular piece of data is expired or has been unused for too long and/or is associated with a process of system that is no longer in use, the system may delete the piece of data and any associated metadata). Claims 3-4, 8-13, and 15-20 are rejected under 35 U.S.C. 103 as being unpatentable over Ananthanarayanan et al. (“Anan”) (US 2006/0143464 A1), in view of Bonat et al. (“Bonat”) (US 2020/0380171 A1), in further view of Brannon et al. (“Brannon”) (US 2021/0200902 A1), in further view of Kong et al. (“Kong”) (US 2017/0032143 A1). Regarding claim 3: Anan as modified teaches The method of claim 1, but does not appear to explicitly teach wherein the prospective application-oriented use case for the software product comprises modifying a functionality of the software product based on analyzing the first record. Kong teaches wherein the prospective application-oriented use case for the software product comprises modifying a functionality of the software product based on analyzing the first record (Kong, [0235], where the system determines the application-specific privacy setting 304 for the application 204 corresponding to the function 202 utilized by the application 204, where the computing system. See also, e.g., Kong, [0088-0089], where access privacy categorization 330 can represent categories or fields corresponding to the application 204 or utilized by the application 204, which are available to the user 110 for control through the application 204. The access privacy categorization 330 can correspond to one or more specific instances of the function 202 for the application. The category-specific rating 332 is a characterization of a degree of control or privacy corresponding to a specific instance of the access privacy categorization 330 for the application 204, in which the category-specific rating 332 can include a score or rating for a level of exposure, level of control or protection, a type of shared information, etc. See Kong, [0270-0271], where the system maps function 202 to permissions, and then collects all the permissions used by a specific instance of the application 204. See Bonat, [0096-0097] and [0103] in claim 1 above with respect to “prospective application-oriented use case for the software product”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have combined the teachings of Anan as modified and Kong (hereinafter “Anan as modified”) with the motivation of improving privacy protection for the user (Kong, [0021]) while also enabling customization of various application functionality according to the custom privacy settings of the user. Regarding claim 4: Anan as modified teaches The method of claim 3, wherein for the first record, the one or more allowed application-oriented use cases defined in the relevant compliance policy comprise modifying different functionalities of the software product based on analyzing the first record (Kong, [0094], where application privacy recommendation 336 includes a discrepancy in user’s settings or actions involving different fields, recipients, functions, applications, etc. See, e.g., Kong, [0156], where different devices have additional or specific functions compared to other devices. See Bonat, [0096-0097] and [0103] and Brannon, [0743] in claim 1 above with respect to “one or more allowed application-oriented use cases defined in the relevant compliance policy”). Regarding claim 8: Anan teaches A non-transitory, computer-readable medium storing one or more instructions executable by a computer system to perform one or more operations comprising (Anan, [Claim 30] and [0080-0085], where the disclosed system may be implemented by a system that comprises a memory unit for storing instructions to be executed by a processing unit): managing a collection of records associated with interactions of users with one or more of a set of software products … (Anan, [0035], where the disclosed system pertains to content management and enforcing obligation of the content. See, e.g., Anan, [0041-0042] and [0052-0053] for more details as to the management of the collection of records. Although Anan does not appear to explicitly state that the type of information relates to interactions of users with one or more of a set of software products, the claimed invention does not distinguish over the prior art because the differences in the claim limitations and the prior art’s disclosure are only found in the nonfunctional descriptive material and are not functionally involved in the steps recited. The management, retrieval, and providing access to the records would have been performed the same, regardless of the specific data involved (i.e., interactions of users with one or more of a set of software products, or some other data). Thus, this descriptive material will not distinguish the claimed invention from the prior art in terms of patentability. See In re Gulack, 703 F.2d 1381, 1385, 217 USPQ2d 401, 404 (Fed. Cir. 1983); In re Lowry, 32 F.3d 1579, 32 USPQ2d 1031 (Fed. Cir. 1994). Therefore, it would have been obvious to a person of ordinary skill in the art to have referred to Anan’s teachings in making the claimed invention, because such data does not functionally relate to the steps in the method claimed and because the subjective interpretation of the data does not patentably distinguish the claimed invention over the prior art); and receiving a request for data management in relation to a first record of the collection of records (Anan, [0050], where a user requests data from the repository via the request interceptor 370, which typically comprises specification of the data requested, the purpose of the request, and the intended action) …; and in response to receiving the request for data management in relation to the first record of the collection of records, determining a relevant compliance policy for the first record …; and in response to determining that the prospective application-oriented use case is in the one or more allowed … use cases, providing access to the first record in response to the request specifying the prospective … use case (Anan, [0042], where the event handler 350 maintains information on obligations and rulings related to events that are generated by the policy translator. The event handler determines whether any obligations need to be performed, and if so, the event handler 350 marks the relevant data item as a record in the record manager 340. See Anan, [0041], where the request interceptor monitors requests for data access by users and determines whether any rules and/or obligations apply to the particular data being accessed. For each data item, the request interceptor checks with the event handler 350 whether access by the user is allowable. See Anan, [0050-0053], where more specifically, a user requests data from the repository via the request interceptor 370, which typically comprises specification of the data requested, the purpose of the request, and the intended action. For each data item in a set of results, the request interceptor 370 communicates the data item along with the user’s name, intended actions and purpose to the Event Handler 350. The Event Handler 350 determines whether the request for each particular data item is allowable based on the list of events provided by the Policy Translator 320 and communicates the result (allowed or denied) to the request interceptor 370. If allowable, the request is executed and the results are communicated back to the request interceptor (i.e., “wherein the collection of records is obtained according to relevant compliance policies for data storage” and “providing access to the first record in response to the request specifying the prospective use case”)). If not allowable, the denial is communicated back) … . Anan does not appear to explicitly teach [wherein the data is] defined at a platform solution, wherein the collection of records is obtained according to relevant compliance policies for data storage defined correspondingly for the set of software products; the use case relating to application-oriented use cases; wherein the request specifies a prospective application-oriented use case for a software product that is enabled by the first record; the relevant compliance policy being associated with the software product specified in the request, wherein the relevant compliance policy defines one or more allowed application-oriented use cases for the respective software product that are enabled by the first record; and modifying the software product based on analyzing data records that comprise the first record. Bonat teaches the use case relating to application-oriented use cases; wherein the request specifies a prospective application-oriented use case for a software product that is enabled by the first record; the relevant compliance policy being associated with the software product specified in the request, wherein the relevant compliance policy defines one or more allowed application-oriented use cases for the respective software product that are enabled by the first record (Bonat, [0096-0097], where the user’s specified privacy preferences may be related to a list of possible entity actions involving PII data, e.g., use of the user’s PII, such as PII collection, PII retention, and/or PII sharing, how the user can access the user’s PII data, security used to protect the PII data, tracking activities on the PII data, alerts relating to access to the PII data, etc. See Bonat, [0103], where the entity is related to an entity’s website or application (thus, Bonat’s disclosure in [0096-0097] with respect to an entity corresponds to “for the respective software product that are enabled by the first record”)). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have combined the teachings of Anan and Bonat (hereinafter “Anan as modified”) with the motivation of quickly ascertaining (e.g., by searching and retrieving the relevant data records) as to whether a person’s personal data is being used in the manner that they had agreed to. Anan as modified does not appear to explicitly teach [wherein the data is] defined at a platform solution, wherein the collection of records is obtained according to relevant compliance policies for data storage defined correspondingly for the set of software products; and modifying the software product based on analyzing data records that comprise the first record. Brannon teaches [wherein the data is] defined at a platform solution, wherein the collection of records is obtained according to relevant compliance policies for data storage defined correspondingly for the set of software products (Brannon, [0743], where the system, at step 6410, may, in response to a request, solicit and receive consent from a particular data subject to collect one or more pieces of personal data. In response to receiving such consent, the system may acquire (e.g., collect from the data subject, request and receive from one or more data sources, etc.) the personal data. See Bonat, [0096-0097] and [0103] above with respect to “[relevant compliance policies] defined correspondingly for the set of software products”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have combined the teachings of Anan as modified and Brannon (hereinafter “Anan as modified”) with the motivation of ensuring that an organization or entity is in compliance with one or more legal or industry requirements related to the collection, storage, and processing of data (see, e.g., Brannon, [0492]). Anan as modified does not appear to explicitly teach modifying the software product based on analyzing data records that comprise the first record. Kong teaches modifying the software product based on analyzing data records that comprise the first record (Kong, [0235], where the system determines the application-specific privacy setting 304 for the application 204 corresponding to the function 202 utilized by the application 204, where the computing system. See also, e.g., Kong, [0088-0089], where access privacy categorization 330 can represent categories or fields corresponding to the application 204 or utilized by the application 204, which are available to the user 110 for control through the application 204. The access privacy categorization 330 can correspond to one or more specific instances of the function 202 for the application. The category-specific rating 332 is a characterization of a degree of control or privacy corresponding to a specific instance of the access privacy categorization 330 for the application 204, in which the category-specific rating 332 can include a score or rating for a level of exposure, level of control or protection, a type of shared information, etc. See Kong, [0270-0271], where the system maps function 202 to permissions, and then collects all the permissions used by a specific instance of the application 204). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have combined the teachings of Anan as modified and Kong (hereinafter “Anan as modified”) with the motivation of improving privacy protection for the user (Kong, [0021]) while also enabling customization of various application functionality according to the custom privacy settings of the user. Regarding claim 9: Claim 9 recites substantially the same claim limitations as claim 2, and is rejected for the same reasons. Regarding claim 10: Claim 10 recites substantially the same claim limitations as claim 3, and is rejected for the same reasons. Regarding claim 11: Claim 11 recites substantially the same claim limitations as claim 4, and is rejected for the same reasons. Regarding claim 12: Claim 12 recites substantially the same claim limitations as claim 5, and is rejected for the same reasons. Regarding claim 13: Claim 13 recites substantially the same claim limitations as claim 6, and is rejected for the same reasons. Regarding claim 15: Claim 15 recites substantially the same claim limitations as claim 8, and is rejected for the same reasons. Note that Anan teaches A computer-implemented system, comprising: one or more computers; and one or more computer memory devices interoperably coupled with the one or more computers and having tangible, non-transitory, machine-readable media storing one or more instructions that, when executed by the one or more computers, perform one or more operations comprising [the claimed steps] (Anan, [Claim 30] and [0080-0085], where the disclosed system may be implemented by a system that comprises a memory unit for storing instructions to be executed by a processing unit. The computer system 500 may include a computer 520, memory 550, and storage device 555 (which may be a non-volatile storage medium), where each of the components of the computer 520 is connected to a bus 530 that allow the components to communicate with each other via the bus 530). Regarding claim 16: Claim 16 recites substantially the same claim limitations as claim 2, and is rejected for the same reasons. Regarding claim 17: Claim 17 recites substantially the same claim limitations as claim 3, and is rejected for the same reasons. Regarding claim 18: Claim 18 recites substantially the same claim limitations as claim 4, and is rejected for the same reasons. Regarding claim 19: Claim 19 recites substantially the same claim limitations as claim 5, and is rejected for the same reasons. Regarding claim 20: Claim 20 recites substantially the same claim limitations as claim 6, and is rejected for the same reasons. Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Ananthanarayanan et al. (“Anan”) (US 2006/0143464 A1), in view of Bonat et al. (“Bonat”) (US 2020/0380171 A1), in further view of Brannon et al. (“Brannon”) (US 2021/0200902 A1), in further view of Chu et al. (“Chu”) (US 11,132,179 B1). Regarding claim 7: Anan as modified teaches The method of claim 1, but does not appear to explicitly teach comprising: analyzing interaction data from the collection of records to provide insight into an execution of a computerized process through two or more software products of the set of software products, wherein the computerized process is a cross-product computerized process that involves multiple software products and multiple users interacting with the multiple software products. Chu teaches analyzing interaction data from the collection of records to provide insight into an execution of a computerized process through two or more software products of the set of software products, wherein the computerized process is a cross-product computerized process that involves multiple software products and multiple users interacting with the multiple software products (Chu, [14:20-64], where user activity analysis operation 4000 identifies and detects user interaction sequences within one or more applications. User activity analysis operation 4000 functions as a background process that monitors interactions between users and their applications on an ongoing basis (i.e., “multiple users interacting with the multiple software products”), where actions may be performed by a single application or multiple applications (“cross-application correlation tree”) (Chu, [8:28-51]) (i.e., “a cross-product computerized process that involves multiple software products”). After the relevant data is stored, a determination can be made with respect to whether the observed user liaisons to a second application, where a “liaison point” refers to a user action that forms a link between functionalities provided by one or more underlying applications (Chu, [8:52-67]-[9:1-2]) (i.e., “a computerized process through two or more software products of the set of software products”)). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have combined the teachings of Anan as modified and Chu with the motivation of providing insights for developers into particular actions that applications could (or should) provide, thereby enabling a streamlining of application development processes by making them less reliant on intuition, judgment, and/or subject assumptions (Chu, [5:61-67]-[6:1-15]), which may ultimately lead to improved user experience and productivity (Chu, [7:48-67]-[8:1-2]). Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Ananthanarayanan et al. (“Anan”) (US 2006/0143464 A1), in view of Bonat et al. (“Bonat”) (US 2020/0380171 A1), in further view of Brannon et al. (“Brannon”) (US 2021/0200902 A1), in further view of Kong et al. (“Kong”) (US 2017/0032143 A1), in further view of Chu et al. (“Chu”) (US 11,132,179 B1). Regarding claim 14: Claim 14 recites substantially the same claim limitations as claim 7, and is rejected for the same reasons. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to IRENE BAKER whose telephone number is (408)918-7601. The examiner can normally be reached M-F 8-5PM PT. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, NEVEEN ABEL-JALIL can be reached at (571)270-0474. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /IRENE BAKER/Primary Examiner, Art Unit 2152 31 January 2026