DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 4, 6-10, 13, 15-18 are rejected under 35 U.S.C. 103 as being unpatentable over Briscoe et al US 20190188410 (hereinafter Briscoe) in view of White et al US 20180020001 (hereinafter White) in further view of Mann et al US 20210165907 (hereinafter Mann).

As to claim 1, Briscoe teaches a computer-implemented method for generating a privacy compliant audit log for a conversational interface (Figure 5 discloses a method, wherein the generated audit log is in step 512; paragraph 50 discloses the method is executed on a computing system that has a communication interface), the method comprising: 
receiving a request for information from a user at a conversational interface (Figure 5, step 502 “Receive a request for first medical research data from a first user”); generating a response to the request for information, the response comprising data responsive to the request for information(step 508 “…Identify the first medical research data set that is responsive to the request…”);and generating an audit log comprising information related to the response (Figure 5, step 512 “Log the request and the first medical research data set into an audit log”).
Briscoe does not teach determining whether the response comprises private user data; and Briscoe is silent in disclosing generating an audit log wherein the information does not comprise the private user data.
	White teaches receiving a request for information from a user (Figure 5, Step 512 “Receive requested data”); and determining whether the response comprises private user data (Figure 5, Step 514 “Data contains sensitive data”; see also paragraph 57 which recites “at operation 514, it is determined whether the requested data contains sensitive data”).
	It would have been obvious to one having ordinary skill in the art to modify Briscoe’s method with White’s teachings of determining whether the response comprises private user data to preserve the security and privacy of data and regulate the use of the private data (paragraphs 2 and 16 of White).
	The combination of Briscoe in view of White is silent in teaching generating an audit log wherein the information does not comprise the private user data.
	Mann teaches generating an audit log wherein the information does not comprise the private user data (paragraphs 14-15, claim 1, and Figure 2 reveals a system that output log data wherein the private data in the log is masked).
It would have been obvious to one having ordinary skill in the art to modify Briscoe’s method in view of White’s teachings of determining whether the response comprises private user data with Mann’s teachings of masking the private data such that computing resources are minimally impacted and/or identification of the data to be masked is configurable (paragraph 2 of Mann).

As to clam 4, the combination of Briscoe in view of White and Mann teach wherein the determining whether the response comprises private user data (White: Figure 5, Step 514 “Data contains sensitive data”; see also paragraph 57 which recites “at operation 514, it is determined whether the requested data contains sensitive data”) comprises: determining a response type of the response (White: paragraph 24 discloses the response type is achieve via tagging the sensitive data. The data is tagged when it comprises sensitive data, and thus the tagged piece of data indicate that the data is potentially sensitive; paragraph 21 also discloses the  sensitive data is tagged whereas the non-sensitive data is depicted as clean and is not tagged, see also paragraph 44); and provided the response type is indicated as private, determining that the data responsive to the request comprises private user data (White: paragraph 44 discloses the data module receives data responsive to the request and checks to see if the data is tagged as sensitive  and thus have private user data; paragraph 20 disclose the sensitive/private data may include PII data).
It would have been obvious to one having ordinary skill in the art to modify Briscoe’s method in view of Mann’s teachings of masking the private data with White’s teachings of determining whether the response comprises private user data to preserve the security and privacy of data and regulate the use of the private data (paragraphs 2 and 16 of White).

As to claim 6, the combination of Briscoe in view of White and Mann teach wherein the data responsive to the request for information is retrieved from a system comprising public data and private user data (White: paragraph 44 discloses the data responsive to the request comprises public data which is passed to the application that the user is using, the private data is passed to the data access platform where the user authenticate credentials to access the data, this authentication is described in  paragraphs 19-20).
It would have been obvious to one having ordinary skill in the art to modify Briscoe’s method in view of Mann’s teachings of masking the private data with White’s teachings of data responsive to the request comprises public data and private data to regulate the use of the private and public data appropriately (paragraphs 2 and 16 of White).

As to claim 7, the combination of Briscoe in view of White and Mann teach wherein the system comprising public data and private user data is an enterprise system(White: paragraph 44 discloses the data responsive to the request comprises public and private data; paragraph 14 discloses the system is an enterprise computing system such as a cloud service linked to mobile services; paragraph 17 disclose the mobile service cloud platform is the HANA Cloud platform mobile service which provides capabilities for enterprise systems; Briscoe: paragraph 39 provides further details on method used in an enterprise computing environment).
It would have been obvious to one having ordinary skill in the art to modify Briscoe’s method in view of Mann’s teachings of masking the private data with White’s teachings of data responsive to the request comprises public data and private data to regulate the use of the private and public data appropriately (paragraphs 2 and 16 of White).

As to claim 8, the combination of Briscoe in view of White and Mann teach wherein the information related to the response comprises a data type of the private user data(White: paragraph 44 discloses the data responsive to the request comprises  a tag which denotes the data is private data; paragraph 20 discloses the sensitive information can incorporate any type of sensitive data).
It would have been obvious to one having ordinary skill in the art to modify Briscoe’s method in view of Mann’s teachings of masking the private data with White’s teachings of tagging the private data to preserve the security and privacy of data and regulate the use of the private data (paragraphs 2 and 16 of White).

As to claim 9, the combination of Briscoe in view of White and Mann teach wherein the audit log further comprises the request(Briscoe: Figure 5, step 512 “Log the request and the first medical research data set into an audit log”).

As to claim 10, Briscoe teaches a non-transitory computer readable storage medium (Figure 4, reference number 412 “Memory”) having computer readable program code stored (paragraph 80 discloses the program code is executed on a computer) thereon for causing a computer system (Figure 4, reference number 414 “Processor”) to perform a method for generating a privacy compliant audit log for a conversational interface(Figure 5 discloses a method, wherein the generated audit log is in step 512; paragraph 50 discloses the method is executed on a computing system that has a communication interface), the method comprising: 
receiving a request for information from a user at a conversational interface(Figure 5, step 502 “Receive a request for first medical research data from a first user”); generating a response to the request for information, the response comprising data responsive to the request for information(Figure 5, step 508 “…Identify the first medical research data set that is responsive to the request”);and generating an audit log comprising the request and information related to the response(Figure 5, step 512 “Log the request and the first medical research data set into an audit log”).
Briscoe does not teach determining whether the response comprises private user data; and Briscoe is silent in disclosing generating an audit log wherein the information does not comprise the private user data.
White teaches receiving a request for information from a user (Figure 5, Step 512 “Receive requested data”); and determining whether the response comprises private user data (Figure 5, Step 514 “Data contains sensitive data”; see also paragraph 57 which recites “at operation 514, it is determined whether the requested data contains sensitive data”).
	It would have been obvious to one having ordinary skill in the art to modify Briscoe’s method with White’s teachings of determining whether the response comprises private user data to preserve the security and privacy of data and regulate the use of private data (paragraphs 2 and 16 of White).
	The combination of Briscoe in view of White is silent in teaching generating an audit log wherein the information does not comprise the private user data.
	Mann teaches generating an audit log wherein the information does not comprise the private user data (paragraphs 14-15, claim 1, and Figure 2 reveals a system that output log data wherein the private data in the log is masked).
It would have been obvious to one having ordinary skill in the art to modify Briscoe’s method in view of White’s teachings of determining whether the response comprises private user data with Mann’s teachings of masking the private data such that compute resources are minimally impacted and/or identification of the data to be masked is configurable (paragraph 2 of Mann).

As to clam 13, the combination of Briscoe in view of White and Mann teach wherein the determining whether the response comprises private user data (White: Figure 5, Step 514 “Data contains sensitive data”; see also paragraph 57 which recites “at operation 514, it is determined whether the requested data contains sensitive data”) comprises: determining a response type of the response (White: paragraph 24 discloses the response type as a tag. The data is tagged when it comprises sensitive data, wherein the tagged piece of data indicate that the data is potentially sensitive; paragraph 21 also discloses the  sensitive data is tagged whereas the non-sensitive data is depicted as clean, see also paragraph 44); and provided the response type is indicated as private, determining that the data responsive to the request comprises private user data (White: paragraph 44 discloses the data module receives data responsive to the request and checks to see if the data is tagged as sensitive  and thus have private user data).
It would have been obvious to one having ordinary skill in the art to modify Briscoe’s method in view of Mann’s teachings of masking the private data with White’s teachings of determining whether the response comprises private user data to preserve the security and privacy of data and regulate the use of the private data (paragraphs 2 and 16 of White).

As to claim 15, the combination of Briscoe in view of White and Mann teach wherein the data responsive to the request for information is retrieved from a system comprising public data and private user data (White: paragraph 44 discloses the data responsive to the request comprises public data which is passed to the application that the user is using, the private data is passed to the data access platform where the user authenticate credentials to access the data, this authentication is described in  paragraphs 19-20).
It would have been obvious to one having ordinary skill in the art to modify Briscoe’s method in view of Mann’s teachings of masking the private data with White’s teachings of data responsive to the request comprises public data and private data to regulate the use of the private and public data appropriately (paragraphs 2 and 16 of White).

As to claim 16, the combination of Briscoe in view of White and Mann teach wherein the system comprising public data and private user data is an enterprise system(White: paragraph 44 discloses the data responsive to the request comprises public and private data; paragraph 14 discloses the system is an enterprise computing system such as a cloud service linked to mobile services to allow customer/data providers to integrate fine grained data access controls into their mobile application without changing their source systems or data; Briscoe: paragraph 39 provides further details on method used in an enterprise computing environment).
It would have been obvious to one having ordinary skill in the art to modify Briscoe’s method in view of Mann’s teachings of masking the private data with White’s teachings of data responsive to the request comprises public data and private data to regulate the use of the private and public data appropriately (paragraphs 2 and 16 of White).

As to claim 17, the combination of Briscoe in view of White and Mann teach wherein the information related to the response comprises a data type of the private user data(White: paragraph 44 discloses the data responsive to the request comprises  a tag which denotes the data is private data; paragraph 20 discloses the sensitive information can incorporate any type of sensitive data).
It would have been obvious to one having ordinary skill in the art to modify Briscoe’s method in view of Mann’s teachings of masking the private data with White’s teachings of tagging the private data to preserve the security and privacy of data and regulate the use of the private data (paragraphs 2 and 16 of White).

As to claim 18, Briscoe teaches a computer system  (Figures 3 and 4 ) comprising: 
a data storage unit (Figure 4, reference number 412 “Memory”); and 
a processor(Figure 4, reference number 414 “Processor”)  coupled with the data storage unit(Figure 4, reference number 412 “Memory”), the processor configured to: 
receive a request for information from a user at a conversational interface(Figure 5, step 502 “Receive a request for first medical research data from a first user”; paragraph 50 discloses the method is executed on a computing system that has a communication interface); 
generate a response to the request for information, the response comprising data responsive to the request for information(Figure 5, step 508 “…Identify the first medical research data set that is responsive to the request”); and generate an audit log comprising the request and information related to the response(Figure 5, step 512 “Log the request and the first medical research data set into an audit log”).
Briscoe does not teach determining whether the response comprises private user data; and Briscoe is silent in disclosing generating an audit log wherein the information does not comprise the private user data.
White teaches receiving a request for information from a user (Figure 5, Step 512 “Receive requested data”); and determining whether the response comprises private user data (Figure 5, Step 514 “Data contains sensitive data”; see also paragraph 57 which recites “at operation 514, it is determined whether the requested data contains sensitive data”).
	It would have been obvious to one having ordinary skill in the art to modify Briscoe’s method with White’s teachings of determining whether the response comprises private user data to preserve the security and privacy of data and regulate the use of private data (paragraphs 2 and 16 of White).
	The combination of Briscoe in view of White is silent in teaching generating an audit log wherein the information does not comprise the private user data.
	Mann teaches generating an audit log wherein the information does not comprise the private user data (paragraphs 14-15, claim 1, and Figure 2 reveals a system that output log data wherein the private data in the log is masked).
It would have been obvious to one having ordinary skill in the art to modify Briscoe’s method in view of White’s teachings of determining whether the response comprises private user data with Mann’s teachings of masking the private data such that compute resources are minimally impacted and/or identification of the data to be masked is configurable (paragraph 2 of Mann).

Claim(s) 2-3, 11-12, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Briscoe et al US 20190188410 (hereinafter Briscoe) in view of White et al US 20180020001 (hereinafter White) in further view of Mann et al US 20210165907 (hereinafter Mann) in further view of Tang et al US 20130226862 (hereinafter Tang).

As to claim 2, the combination of Briscoe in view of White and Mann teach all the limitations recited in claim 1 above and further teach wherein the determining whether the response comprises private user data and determining that the data responsive to the request comprises private data(White: Figure 5, Step 514 “Data contains sensitive data”; see also paragraph 57 which recites “at operation 514, it is determined whether the requested data contains sensitive data”).
The combination of Briscoe in view of White and Mann do not teach determining whether the data responsive to the request for information is associated with a private domain; and provided the data responsive to the request for information is associated with a private domain.
Tang discloses receiving a request for information from a user (paragraph 47 discloses when the data is requested through an application, the internet server receives and processes the request. The internet server sends the data or application requested along with user interface instructions) and determining whether the data responsive to the request for information is associated with a private domain (abstract, paragraph 51, claim 1 disclose identifying the attribute data associated with an entity from one or more private domain information sources); and provided the data responsive to the request for information is associated with a private domain(abstract, paragraph 51, claim 1 discloses identifying the attribute data associated with an entity from one or more private domain information sources; paragraph 47 discloses when the data is requested through an application, the internet server receives and processes the request. The internet server sends the data or application requested along with user interface instructions. Paragraph 58 discloses access to the macro profile; this macro profile include private data from the private domain).
It would have been obvious to one having ordinary skill in the art to modify Briscoe’s method in view of White’s teachings of determining whether the response comprises private user data and Mann’s teachings of masking the private data with Tang’s teaching of identifying the data is associated with the private domain to ensure the protection of the data and keep the data hidden from unauthorize use. 

As to claim 3, the combination of Briscoe in view of White, Mann, and Tang teach wherein the information related to the response comprises a data type of the private domain (Tang: paragraph 45 discloses attribute data in the private domain; White: paragraph 14 discloses the tagged data passes through data privacy service which is of the private domain; paragraph 17 discloses the system includes a mobile service cloud platform that securely connects to back-end business system and the cloud platform is the HANA cloud platform mobile service which is a private domain since the platform requires user authentication for access to secure data). 
It would have been obvious to one having ordinary skill in the art to modify Briscoe’s method in view of White’s teachings of determining whether the response comprises private user data and Mann’s teachings of masking the private data with Tang’s teaching of identifying the data is associated with the private domain to ensure the protection of the data and keep the data hidden from unauthorize use. 


As to claim 11, the combination of Briscoe in view of White and Mann teach all the limitations recited in claim 10 above and further teach wherein the determining whether the response comprises private user data and determining that the data responsive to the request comprises private data(White: Figure 5, Step 514 “Data contains sensitive data”; see also paragraph 57 which recites “at operation 514, it is determined whether the requested data contains sensitive data”).
The combination of Briscoe in view of White and Mann do not teach determining whether the data responsive to the request for information is associated with a private domain; and provided the data responsive to the request for information is associated with a private domain.
Tang discloses receiving a request for information from a user (paragraph 47 discloses when the data is requested through an application, the internet server receives and processes the request. The internet server sends the data or application requested along with user interface instructions) and determining whether the data responsive to the request for information is associated with a private domain (abstract, paragraph 51, claim 1 discloses identifying the attribute data associated with an entity from one or more private domain information sources); and provided the data responsive to the request for information is associated with a private domain(abstract, paragraph 51, claim 1 discloses identifying the attribute data associated with an entity from one or more private domain information sources; paragraph 47 discloses when the data is requested through an application, the internet server receives and processes the request. The internet server sends the data or application requested along with user interface instructions. Paragraph 58 discloses access to the macro profile; this macro profile include private data from the private domain).
It would have been obvious to one having ordinary skill in the art to modify Briscoe’s method in view of White’s teachings of determining whether the response comprises private user data and Mann’s teachings of masking the private data with Tang’s teaching of identifying the data is associated with the private domain to ensure the protection of the data and keep the data hidden from unauthorize use. 

As to claim 12, the combination of Briscoe in view of White, Mann, and Tang teach wherein the information related to the response comprises a data type of the private domain (Tang: paragraph 45 discloses attribute data in the private domain; White: paragraph 14 discloses the tagged data passes through data privacy service which is of the private domain; paragraph 17 discloses the system includes a mobile service cloud platform that securely connects to back-end business system and the cloud platform is the HANA cloud platform mobile service which is a private domain since the platform requires user authentication for access to secure data). 
It would have been obvious to one having ordinary skill in the art to modify Briscoe’s method in view of White’s teachings of determining whether the response comprises private user data and Mann’s teachings of masking the private data with Tang’s teaching of identifying the data is associated with the private domain to ensure the protection of the data and keep the data hidden from unauthorize use. 

As to claim 19, the combination of Briscoe in view of White and Mann teach all the limitations recited in claim 18 above and further teach wherein the determining whether the response comprises private user data and determining that the data responsive to the request comprises private data(White: Figure 5, Step 514 “Data contains sensitive data”; see also paragraph 57 which recites “at operation 514, it is determined whether the requested data contains sensitive data”).
The combination of Briscoe in view of White and Mann do not teach determining whether the data responsive to the request for information is associated with a private domain; and provided the data responsive to the request for information is associated with a private domain.
Tang discloses receiving a request for information from a user (paragraph 47 discloses when the data is requested through an application, the internet server receives and processes the request. The internet server sends the data or application requested along with user interface instructions) and wherein the determining whether the response comprises private user data comprises :determining whether the data responsive to the request for information is associated with a private domain (abstract, paragraph 51, claim 1 disclose identifying the attribute data associated with an entity from one or more private domain information sources); and provided the data responsive to the request for information is associated with a private domain(abstract, paragraph 51, claim 1 discloses identifying the attribute data associated with an entity from one or more private domain information sources; paragraph 47 discloses when the data is requested through an application, the internet server receives and processes the request. The internet server sends the data or application requested along with user interface instructions. Paragraph 58 discloses access to the macro profile; this macro profile include private data from the private domain).
It would have been obvious to one having ordinary skill in the art to modify Briscoe’s method in view of White’s teachings of determining whether the response comprises private user data and Mann’s teachings of masking the private data with Tang’s teaching of identifying the data is associated with the private domain to ensure the protection of the data and keep the data hidden from unauthorize use. 

As to claim 20, the combination of Briscoe in view of White, Mann, and Tang teach wherein the information related to the response comprises a data type of the private domain (Tang: paragraph 45 discloses attribute data in the private domain; White: paragraph 14 discloses the tagged data passes through data privacy service which is of the private domain; paragraph 17 discloses the system includes a mobile service cloud platform that securely connects to back-end business system and the cloud platform is the HANA cloud platform mobile service which is a private domain since the platform requires user authentication for access to secure data). 
It would have been obvious to one having ordinary skill in the art to modify Briscoe’s method in view of White’s teachings of determining whether the response comprises private user data and Mann’s teachings of masking the private data with Tang’s teaching of identifying the data is associated with the private domain to ensure the protection of the data and keep the data hidden from unauthorize use. 

Claim(s) 5 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Briscoe et al US 20190188410 (hereinafter Briscoe) in view of White et al US 20180020001 (hereinafter White) in further view of Mann et al US 20210165907 (hereinafter Mann) in further view of Lewis et al US 20180218627 (hereinafter Lewis).

As to claim 5, the combination of Briscoe in view of White and Mann do not teach the method further comprising: identifying user intent of the request for information; and G800.01 23retrieving the data responsive to the request for information based at least in part on the user intent of the request for information.
Lewis teaches the method further comprising: identifying user intent of the request for information (paragraph 97 reveals “determines a user intent associated with the user request) ; and G800.01 23retrieving the data responsive to the request for information based at least in part on the user intent of the request for information(paragraph 109 discloses when the user intent includes request for information, an information response is generated and sent to the user based on the user intent).
It would have been obvious to one having ordinary skill in the art to modify Briscoe’s method in view of White’s teachings of determining whether the response comprises private user data and Mann’s teachings of masking the private data with Lewis’s teachings of identifying user intent of the request and retrieving the data based in part on the user intent to provide a natural interaction between the user and the system (paragraph 101 of Lewis).

As to claim 14, the combination of Briscoe in view of White and Mann do not teach the method further comprising: identifying user intent of the request for information; and G800.01 23retrieving the data responsive to the request for information based at least in part on the user intent of the request for information.
Lewis teaches the method further comprising: identifying user intent of the request for information (paragraph 97 reveals “determines a user intent associated with the user request) ; and G800.01 23retrieving the data responsive to the request for information based at least in part on the user intent of the request for information(paragraph 109 discloses when the user intent includes request for information, an information response is generated and sent to the user based on the user intent).
It would have been obvious to one having ordinary skill in the art to modify Briscoe’s method in view of White’s teachings of determining whether the response comprises private user data and Mann’s teachings of masking the private data with Lewis’s teachings of identifying user intent of the request and retrieving the data based in part on the user intent to provide a natural interaction between the user and the system (paragraph 101 of Lewis).



Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Miller et al US 20200134211 (hereinafter Miller).

Miller teaches the method (Figure 4) comprising: receiving a request for information from a user at a conversational interface (Figure 4, step 410 “Receive, by the computing device, a request from a user”); generating a response to the request for information, the response comprising data responsive to the request for information (Figure 4, step 430 “Generate a response to the request comprising content that is responsive to the request based on the user identity); determining whether the response comprises private user data (Figure 4, step 440; Figure 5, steps 510-530 “Determine a content privacy level for the content”) as recited in claims 1, 10, and 18.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to FELICIA FARROW whose telephone number is (571)272-1856. The examiner can normally be reached M - F 7:30--5:30pm (EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on (571)272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/F.F/              Examiner, Art Unit 2437          

/BENJAMIN E LANIER/              Primary Examiner, Art Unit 2437