DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
	The amendment filed September 19 2022 has been entered. Applicant amended claims 1, 10, and 18; cancelled claim 9. Accordingly, claims 1-8 and 10-20 remain pending.

Response to Arguments
Applicant's arguments filed September 19 2022 have been fully considered but they are not persuasive. 
On pages 8-9, Applicant alleges “…that Briscoe in view of White, in further view of Man, at least does not teach or suggest, ‘determining whether the request for information comprises private user data’ and/or ‘generating an audit log comprising the request for information and information related to the response, wherein the request for information and the information related to the response do not comprise the private user data’… as recited in independent Claim 1, and the similar recitations of independent claims 10 and 18”. This is not persuasive. White reveals in paragraph 57 and Figure 5, step 512 “Receive Requested Data” and step 514 further recites “Data Contains Sensitive Data?”. Paragraph 57 of White provides more details regarding the step 514 in recites the system determines whether the requested data contains sensitive data. Thus, White provides the teachings of  a computer-implemented  method of “determining whether the request for information comprises private user data” as recited in the independent claims. Furthermore, White reveals in paragraphs 43-44 and in Figure 3, operation 306, that the data privacy module of the application sends the user request to the cloud platform; the request is then sent to a back-end module. The back-end module provides data in response to the requested data. At operation 310, the data is returned to the cloud platform from the back end module, responding to the request; and at operation 312, the data privacy module determines/checks to see if the data has sensitive data. Therefore, White further provides the teachings of a computer-implemented method of “determining whether the response comprises private user data” as recited in the independent claims. 
White further provides the teachings that an audit log is provided and reviewed in paragraphs 15 and  27-28. Said paragraphs discuss that the data access platform can track all data requests and maintain trails, allowing customers and administrators to access histories via audit logs. Briscoe further provides the teachings of the method of “ generating an audit log that comprises the request for information and information related to the response”, please see Figure 5, step 512 which recites “Log the request and the first medical research data set into an audit log”.
Briscoe in view of White lack the teachings of the information in audit log do not comprise the private data. This information in the log is the request for information and the information related to the response as taught by Briscoe.
Therefore, the Mann reference was applied to provide the teaching of masking private data in the log which result in the audit log to not comprise private data. Please see paragraphs 14-15 and Figure 2 of Mann which reveal that the private information in the data log is masked, such that the log does not comprise the private data. Therefore, it is obvious to one skill in the art to modify Briscoe in view of Mann’s audit log with the teachings of Mann’s to masked private data in the log, such the log does not comprise the private data. This allows for the identification of the private data to be masked and thus, not accessible by the reviewer (paragraph 2 of Mann).

On page 9, Applicant states “…Briscoe is silent to, and does not teach or suggest ‘determining whether the request for information comprises private user data’ and/or ‘generating an audit log comprising the request for information and information related to the response, wherein the request for information and the information related to the response do not comprise the private user data’…” This is not persuasive, Briscoe teaches, as stated above, in Figure 5 step 512 and in paragraph 75 the method of generating an audit log that comprises of the request and the information related to the response. The information in the log related to the response in step 512 of Figure 5 is the logging of the first medication research data set.
In response to Applicant’s remarks of Briscoe failing to teach “determining whether the request for information comprises private user data’ and/or….wherein the request for information and the information related to the response [in the audit log] do not comprise the private user data”, Briscoe was not relied upon to  teach those limitations. Please see the paragraphs above, wherein White in view of Mann references were relied upon to teach those limitations.
In response to applicant's arguments against the references individually, one cannot show non-obviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).

On pages 9-10, Applicant alleges, “White does not overcome the shortcomings of Briscoe….White…is silent to any determination as to whether the request itself includes any private or sensitive data. Therefore, Applicant respectfully submits that White is also silent to, and thus does not teach or suggest “determining whether the request for information comprises private user data’ and/or ‘generating an audit log comprising the request for information and information related to the response, wherein the request for information and the information related to the response do not comprise the private user data’.” This is not persuasive, both Briscoe (paragraph 39) in view of White (paragraphs 14-16) teaches data request using a cloud computing environment via mobile/computer application interface. Furthermore, as stated above, White indeed teaches  “determining whether the request for information comprises private user data”, for paragraph 57 explicitly states “at operation 514, it is determined whether the requested data contains sensitive data”. 
In response to Applicant’s remarks of White failing to teach “….wherein the request for information and the information related to the response [in the audit log] do not comprise the private user data”, White was not relied upon teaching those limitations. Please see the paragraphs above, wherein Mann reference was relied upon to teach those limitations.
In response to applicant's arguments against the references individually, one cannot show non-obviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).

On pages 10-11, Applicant alleges “Mann…is silent to the application data including any user request for information or any determination as to whether the request itself includes any private or sensitive data. Therefore, Applicant respectfully submits that Man is silent to, and this does not teach or suggest “determining whether the request for information comprises private user data’ and/or ‘generating an audit log comprising the request for information and information related to the response, wherein the request for information and the information related to the response do not comprise the private user data…”. Again, this is not persuasive. Briscoe in view of White were relied upon to teach “determining whether the request for information comprises private user data’ and/or ‘generating an audit log comprising the request for information and information related to the response”, as stated in the paragraphs above. Thus, Briscoe in view of White provides the teaches of an audit log that comprises the request for information and the information related to the response. Briscoe in view of White lacks the teaches of wherein the data in the audit log does not comprise the private user data. Therefore, the examiner applied the Mann reference. Mann teaches a method where a system receives/collects/ log data from an application (abstract), while the application(s) is running . From Briscoe(paragraph 39)  in view of White(paragraphs 14-16), this application can be from a mobile/computer application, that sends/receives data requests and information related to the response. Thus, Mann solved the deficiencies that Briscoe in view of White lacks, which involves masking the private data in the audit log such that the log does not contains private data. Mann provides this teaching in Figure 2, reference number 220. Masking the private data involves converting the private data into another form, such that the private data is no longer present/viewed.
In response to applicant's arguments against the references individually, one cannot show non-obviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).

On page 11, Applicant further states “[a]pplicant respectfully submits that the combination of Briscoe in view of White, in further view of Mann, does not render obvious the claimed embodiments. Thus, Applicant respectfully, submits that independent Claims 1, 10, and 18 overcome the rejection under 35 USC 103, and that these claims are thus in an condition for allowance. Therefore, Applicant respectfully, submits that claims 4 and 6-8 that depend from independent claims 1 and claims 13 and 15-17 that depend from independent claim 10 also overcome the rejection under 35 USC 103, and are in a condition for allowance as being dependent on an allowable base claim.” This is not persuasive, please see Examiner’s response in the paragraphs above. 

On pages 11-12, Applicant also states “Applicant has reviewed the asserted art and respectfully submit that the embodiments recited in claims 2, 3, 11, 12, 19, and 20 are patentable over Briscoe in view of White in further view of Mann, yet in further view of Tang, for at least the following rationale. Claims 2 and 3 are dependent on independent claims 1 and include the recitations of independent claim 1. Claims 11 and 12 are dependent on independent claim 10 and include the recitations of independent claim 10, and claims 19 and 20 are dependent on independent claim 19 and include the recitations of independent claims 18. Hence, by demonstrating that independent claims 1, 10, and 18 are patentable over Briscoe in view of White, in further view of Mann, yet in further view of Tang, it is also demonstrated that Briscoe in view of White, in further view of Mann, yet in further view of Tang, does not show it suggest the embodiments of clams 2, 3, 11, 12, 19, and 20”. This is not persuasive, please see Examiner’s response in the paragraphs above. 

On page 12, Applicant further allege, “Applicant respectfully submits that the rejection of the claims is improper as rejections of claims 1, 10, and 18  does not satisfy the requirement of a prima facie case of obviousness as claims embodiments are not taught or suggested by the asserted art. Applicant respectfully submits that Briscoe in view of White, in further view of Mann, yet in further view of Tang does not render obvious the claimed embodiments in the manner set for the in independent claims 1, 10, and 18.” This is not persuasive, please see Examiner’s response in the paragraphs above. It is understood that the combination of Briscoe in view of White, Mann, and Tang teaches the recited features of the Applicant’s claims, as discussed above. 
In response to applicant's argument that does not satisfy the requirement of a prima facie case of obviousness, the test for obviousness is not whether the features of a secondary reference may be bodily incorporated into the structure of the primary reference; nor is it that the claimed invention must be expressly suggested in any one or all of the references.  Rather, the test is what the combined teachings of the references would have suggested to those of ordinary skill in the art.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981).

On page 12, Applicant also alleges “…Briscoe in view of White, in further view of Mann, at least does not teach or suggest, ‘determining whether the request for information comprises private user data’ and/or ‘generating an audit log comprising the request for information and information related to the response, wherein the request for information and the information related to the response do not comprise the private user data’… as recited in independent Claim 1, and the similar recitations of independent claims 10 and 18”. This is not persuasive. Applicant repeated this argument on pages 8-10 , and the examiner respectfully directs the applicant to see the paragraphs above.

On page 12, Applicant further alleges, “…Tang does not overcome the shortcomings of Briscoe in view of White, in further view of Mann….Tang does not teach or suggest determining whether the request for information comprises private user data’ and/or ‘generating an audit log comprising the request for information and information related to the response, wherein the request for information and the information related to the response do not comprise the private user data’… as recited in independent Claim 1, and the similar recitations of independent claims 10 and 18” This is not persuasive, because Tang was not relied upon to teach the limitations presented in the Applicant’s remarks. Briscoe in view of White and Mann were relied upon to teach said limitations, please see paragraphs above. 
In response to applicant's arguments against the references individually, one cannot show non-obviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).

On page 13, Applicant repeats arguments stating “…the combination of Briscoe in view of White, in further view of Mann, in further view of Tang, does not render obvious the claimed embodiments. Thus, Applicant respectfully submits that independent claims 1, 10, and 18 overcome the rejection under 35 USC 103, and that these claims are thus in a condition for allowance. Therefore, Applicant respectfully submits that claims 2 and 3 dependent on independent claims 1, claims 11 and 12 are on independent claims 10, and claims 19 and 20 dependent on independent claim 18, also overcome the rejection under 35 USC 103, and are in a condition for allowance as being dependent on an allowable base claim.” This is not persuasive, because Briscoe in view of White and Mann were relied upon to teach said limitations in claims 1, 10, and 18, please see paragraphs above. 

On page 13, Applicant alleges “[c]laim 4 is dependent on independent claim 1 and includes the recitations of independent claim 1 and claim 15 is dependent on independent claim 10 and include the recitations of independent claims 10. Hence, by demonstrating that independent claims 1 and 10 are patentable over Briscoe in view of White, in further view of Mann, yet in further view of Lewis, it is also demonstrated that Briscoe in view of White, in further view of Mann, yet in further view of Lewis does not show or suggest the embodiments of claims 4 and 15.” This is not persuasive. Please see examiner’s remarks in the paragraphs above concerning Briscoe in view of White and Mann teachings the limitations recited in claims 1 and 15. Furthermore, with respect to claim 4, White  teaches in paragraphs 24-25 determining a response type of the response and provided the response type is indicative as private, determining that the data responsive to the request comprises private user data. Paragraphs 24-25 of White reveal a determination is made on whether the response type of the returned data is sensitive or non-sensitive data. The data privacy module recognize/determine the data response being sensitive/private and reacts accordingly in processing the data.  With respect to claim 15, White teaches wherein the data responsive to the request for information is retrieved from a system comprising public data and private data. Again, paragraphs 24-25 of White teach a determination is made on whether the response type of the returned data is sensitive or non-sensitive data. The data privacy module recognize/determine the data response being sensitive/private and reacts accordingly in processing the data.

On pages 13-14, Applicant alleges, “Applicant respectfully submits that the rejection of the claims is improper as rejections of claims 1 and 10  does not satisfy the requirement of a prima facie case of obviousness as claims embodiments are not taught or suggested by the asserted art. Applicant respectfully submits that Briscoe in view of White, in further view of Mann, yet in further view of Lewis does not render obvious the claimed embodiments in the manner set for the in independent claims 1 and 10.” This is not persuasive, please see Examiner’s response in the paragraphs above. It is understood that the combination of Briscoe in view of White, Mann, and Lewis teaches the recited features of the Applicant’s claims as discussed above. 
In response to applicant's argument that does not satisfy the requirement of a prima facie case of obviousness, the test for obviousness is not whether the features of a secondary reference may be bodily incorporated into the structure of the primary reference; nor is it that the claimed invention must be expressly suggested in any one or all of the references.  Rather, the test is what the combined teachings of the references would have suggested to those of ordinary skill in the art.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981).

On page 14, Applicant also alleges “…Briscoe in view of White, in further view of Mann, at least does not teach or suggest, ‘determining whether the request for information comprises private user data’ and/or ‘generating an audit log comprising the request for information and information related to the response, wherein the request for information and the information related to the response do not comprise the private user data’… as recited in independent Claim 1, and the similar recitations of independent claim 10 ”. This is not persuasive. Applicant repeated this argument on pages 8-10 , and the examiner respectfully directs the applicant to see the paragraphs above.

On page 14, Applicant further alleges, “…Lewis also does not teach or suggest ‘determining whether the request for information comprises private user data’ and/or ‘generating an audit log comprising the request for information and information related to the response, wherein the request for information and the information related to the response do not comprise the private user data’… as recited in independent Claim 1, and the similar recitations of independent claims 10. ” This is not persuasive, because Lewis was not relied upon to teach the limitations presented in the Applicant’s remarks. Briscoe in view of White and Mann were relied upon to teach said limitations, please see paragraphs above. 
In response to applicant's arguments against the references individually, one cannot show non-obviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).

On page 14, Applicant alleges “…the combination of Briscoe in view of White, in further view of Mann, in further view of Lewis, does not render obvious the claim embodiments. Thus, Applicant respectfully submits that independent claims 1 and 10 overcome the rejection under 35 USC 103, and that these claims are thus in a condition for allowance. Therefore, Applicant respectfully, submits that claim 4 dependent on independent clam 1 and claim 15 are independent claim 10, also overcome the rejection under 35 USC 103, and are in a condition for allowance as being dependent on an allowable base claim.” This is not persuasive. Again, please the examiner’s remarks above regarding Briscoe in view of White and Mann teaching the limitations presented in the Applicant’s remarks regarding the independent clams. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 4, 6-8, 10, 13, 15-18 are rejected under 35 U.S.C. 103 as being unpatentable over Briscoe et al US 20190188410 (hereinafter Briscoe) in view of White et al US 20180020001 (hereinafter White) in further view of Mann et al US 20210165907 (hereinafter Mann).

As to claim 1, Briscoe teaches a computer-implemented method for generating a privacy compliant audit log for a conversational interface (Figure 5 discloses a method, wherein the generated audit log is in step 512; paragraph 50 discloses the method is executed on a computing system that has a communication interface), the method comprising: 
receiving a request for information from a user at a conversational interface (Figure 5, step 502 “Receive a request for first medical research data from a first user”); generating a response to the request for information, the response comprising data responsive to the request for information(step 508 “…Identify the first medical research data set that is responsive to the request…”);and generating an audit log comprising the request for information and information related to the response, wherein the request for information and the information related to the response [are present in the log] (Figure 5, step 512 “Log the request and the first medical research data set into an audit log”, wherein “the request” is the request for information and “the first medical research data” is the information related to the response, see also paragraph 75).
Briscoe does not teach determining whether the request for information comprises private data; determining whether the response comprises private user data; and Briscoe is silent in disclosing generating an audit log wherein the information do not comprise the private user data.
	White teaches receiving a request for information from a user (Figure 5, Step 512 “Receive requested data”); determining whether the request for information comprises private data (Figure 5, step 512 “Receive Requested Data” and further step 514 “Data Contains Sensitive Data?”. Paragraph 57 provides more details that it is determined whether the requested data contains sensitive data) and determining whether the response comprises private user data (paragraphs 43-44 and Figure 3, operation 306, the data privacy module of the application sends the request to the cloud platform, which is sent to the back-end module, which is the provider of the requested data. At operation 310, the data response is returned to the cloud platform from the back end module, responding to the request.; and at operation 312, the data privacy module determines/checks to see if the data response has sensitive data); providing an audit log (paragraphs 15 and  27-28 discuss that the data access platform can track all data requests and maintain trails, allowing customers and administrators to access histories via audit logs).
	It would have been obvious to one having ordinary skill in the art to modify Briscoe’s method with White’s teachings of determining whether the response comprises private user data to preserve the security and privacy of data and regulate the use of the private data (paragraphs 2 and 16 of White).
	The combination of Briscoe in view of White is silent in teaching generating an audit log wherein the information do not comprise the private user data.
	Mann teaches generating an audit log wherein the information does not comprise the private user data (paragraphs 14-15, claim 1, and Figure 2 reveal that the private information from an application in the data log is masked, such that the log does not comprise/show the private data).
It would have been obvious to one having ordinary skill in the art to modify Briscoe’s audit log method in view of White’s teachings of determining whether the response comprises private user data with Mann’s teachings of masking the private data in the data logs such that user privacy is maintained and that private data is not accessible via the review of the audit logs (paragraph 2 of Mann).

As to clam 4, the combination of Briscoe in view of White and Mann teach wherein the determining whether the response comprises private user data (White: Figure 5, Step 514 “Data contains sensitive data”; see also paragraph 57 which recites “at operation 514, it is determined whether the requested data contains sensitive data”) comprises: determining a response type of the response (White: paragraph 24 discloses the response type is achieve via tagging the sensitive data. The data is tagged when it comprises sensitive data, and thus the tagged piece of data indicate that the data is potentially sensitive; paragraph 21 also discloses the  sensitive data is tagged whereas the non-sensitive data is depicted as clean and is not tagged, see also paragraph 44; Per paragraphs 24-25, the data privacy module recognizes/determines the data response being sensitive/private and reacts accordingly in processing the data); and provided the response type is indicated as private, determining that the data responsive to the request comprises private user data (White: Per paragraphs 24-25, the data privacy module recognizes/determines the data response being sensitive/private and reacts accordingly in processing the data; paragraph 44 discloses the data module receives data responsive to the request and checks to see if the data is tagged as sensitive  and thus have private user data; paragraph 20 disclose the sensitive/private data may include PII data).

As to claim 6, the combination of Briscoe in view of White and Mann teach wherein the data responsive to the request for information is retrieved from a system comprising public data and private user data (White: paragraph 44 discloses the data responsive to the request comprises public data which is passed to the application that the user is using, the private data is passed to the data access platform where the user authenticate credentials to access the data, this authentication is described in  paragraphs 19-20).

As to claim 7, the combination of Briscoe in view of White and Mann teach wherein the system comprising public data and private user data is an enterprise system(White: paragraph 44 discloses the data responsive to the request comprises public and private data; paragraph 14 discloses the system is an enterprise computing system such as a cloud service linked to mobile services; paragraph 17 disclose the mobile service cloud platform is the HANA Cloud platform mobile service which provides capabilities for enterprise systems; Briscoe: paragraph 39 provides further details on method used in an enterprise computing environment).

As to claim 8, the combination of Briscoe in view of White and Mann teach wherein the information related to the response comprises a data type of the private user data(White: paragraph 44 discloses the data responsive to the request comprises  a tag which denotes the data is private data; paragraph 20 discloses the sensitive information can incorporate any type of sensitive data).


As to claim 10, Briscoe teaches a non-transitory computer readable storage medium (Figure 4, reference number 412 “Memory”) having computer readable program code stored (paragraph 80 discloses the program code is executed on a computer) thereon for causing a computer system (Figure 4, reference number 414 “Processor”) to perform a method for generating a privacy compliant audit log for a conversational interface(Figure 5 discloses a method, wherein the generated audit log is in step 512; paragraph 50 discloses the method is executed on a computing system that has a communication interface), the method comprising: 
receiving a request for information from a user at a conversational interface(Figure 5, step 502 “Receive a request for first medical research data from a first user”); generating a response to the request for information, the response comprising data responsive to the request for information(Figure 5, step 508 “…Identify the first medical research data set that is responsive to the request”);and generating an audit log comprising the request for information and the request and information related to the response, wherein the request for information and the information related to the response [are in the log(Figure 5, step 512 “Log the request and the first medical research data set into an audit log”, wherein “the request” is the request for information and “the first medical research data” is the information related to the response, see also paragraph 75).
Briscoe does not teach determining whether the request for information comprises private data; determining whether the response comprises private user data; and Briscoe is silent in disclosing generating an audit log wherein the information do not comprise the private user data.
White teaches receiving a request for information from a user (Figure 5, Step 512 “Receive requested data”); determining whether the request for information comprises private data (Figure 5, step 512 “Receive Requested Data” and further step 514 “Data Contains Sensitive Data?”. Paragraph 57 provides more details that it is determined whether the requested data contains sensitive data) and determining whether the response comprises private user data (paragraphs 43-44 and Figure 3, operation 306, the data privacy module of the application sends the request to the cloud platform, which is sent to the back-end module, which is the provider of the requested data. At operation 310, the data response is returned to the cloud platform from the back end module, responding to the request.; and at operation 312, the data privacy module determines/checks to see if the data response has sensitive data); providing an audit log (paragraphs 15 and  27-28 discuss that the data access platform can track all data requests and maintain trails, allowing customers and administrators to access histories via audit logs).
	It would have been obvious to one having ordinary skill in the art to modify Briscoe’s method with White’s teachings of determining whether the response comprises private user data to preserve the security and privacy of data and regulate the use of private data (paragraphs 2 and 16 of White).
	The combination of Briscoe in view of White is silent in teaching generating an audit log wherein the information do not comprise the private user data.
	Mann teaches generating an audit log wherein the information does not comprise the private user data (paragraphs 14-15, claim 1, and Figure 2 reveal that the private information from an application in the data log is masked, such that the log does not comprise/show the private data).
It would have been obvious to one having ordinary skill in the art to modify Briscoe’s audit log method in view of White’s teachings of determining whether the response comprises private user data with Mann’s teachings of masking the private data in the data logs such that user privacy is maintained and that private data is not accessible via the review of the audit logs (paragraph 2 of Mann).

As to clam 13, the combination of Briscoe in view of White and Mann teach wherein the determining whether the response comprises private user data (White: Figure 5, Step 514 “Data contains sensitive data”; see also paragraph 57 which recites “at operation 514, it is determined whether the requested data contains sensitive data”) comprises: determining a response type of the response (White: paragraph 24 discloses the response type as a tag. The data is tagged when it comprises sensitive data, wherein the tagged piece of data indicate that the data is potentially sensitive; paragraph 21 also discloses the  sensitive data is tagged whereas the non-sensitive data is depicted as clean, see also paragraph 44); and provided the response type is indicated as private, determining that the data responsive to the request comprises private user data (White: paragraph 44 discloses the data module receives data responsive to the request and checks to see if the data is tagged as sensitive  and thus have private user data).

As to claim 15, the combination of Briscoe in view of White and Mann teach wherein the data responsive to the request for information is retrieved from a system comprising public data and private user data (White: paragraphs 24-25 teach the data privacy module recognize/determine the data response being sensitive/private and reacts accordingly in processing the data; paragraph 44 discloses the data responsive to the request comprises public data which is passed to the application that the user is using, the private data is passed to the data access platform where the user authenticate credentials to access the data, this authentication is described in  paragraphs 19-20).

As to claim 16, the combination of Briscoe in view of White and Mann teach wherein the system comprising public data and private user data is an enterprise system(White: paragraph 44 discloses the data responsive to the request comprises public and private data; paragraph 14 discloses the system is an enterprise computing system such as a cloud service linked to mobile services to allow customer/data providers to integrate fine grained data access controls into their mobile application without changing their source systems or data; Briscoe: paragraph 39 provides further details on method used in an enterprise computing environment).

As to claim 17, the combination of Briscoe in view of White and Mann teach wherein the information related to the response comprises a data type of the private user data(White: paragraph 44 discloses the data responsive to the request comprises  a tag which denotes the data is private data; paragraph 20 discloses the sensitive information can incorporate any type of sensitive data).

As to claim 18, Briscoe teaches a computer system  (Figures 3 and 4 ) comprising: 
a data storage unit (Figure 4, reference number 412 “Memory”); and 
a processor(Figure 4, reference number 414 “Processor”)  coupled with the data storage unit(Figure 4, reference number 412 “Memory”), the processor configured to: 
receive a request for information from a user at a conversational interface(Figure 5, step 502 “Receive a request for first medical research data from a first user”; paragraph 50 discloses the method is executed on a computing system that has a communication interface); 
generate a response to the request for information, the response comprising data responsive to the request for information(Figure 5, step 508 “…Identify the first medical research data set that is responsive to the request”); and generate an audit log comprising the request  for information and the information related to the response, wherein the request for information and the information related to the response [are in the log ](Figure 5, step 512 “Log the request and the first medical research data set into an audit log”, wherein “the request” is the request for information and “the first medical research data” is the information related to the response, see also paragraph 75).
Briscoe does not teach determining whether the request for information comprises private data; determining whether the response comprises private user data; and Briscoe is silent in disclosing generating an audit log wherein the information do not comprise the private user data.
	White teaches receiving a request for information from a user (Figure 5, Step 512 “Receive requested data”); determining whether the request for information comprises private data (Figure 5, step 512 “Receive Requested Data” and further step 514 “Data Contains Sensitive Data?”. Paragraph 57 provides more details that it is determined whether the requested data contains sensitive data) and determining whether the response comprises private user data (paragraphs 43-44 and Figure 3, operation 306, the data privacy module of the application sends the request to the cloud platform, which is sent to the back-end module, which is the provider of the requested data. At operation 310, the data response is returned to the cloud platform from the back end module, responding to the request.; and at operation 312, the data privacy module determines/checks to see if the data response has sensitive data); providing an audit log (paragraphs 15 and  27-28 discuss that the data access platform can track all data requests and maintain trails, allowing customers and administrators to access histories via audit logs).
	It would have been obvious to one having ordinary skill in the art to modify Briscoe’s method with White’s teachings of determining whether the response comprises private user data to preserve the security and privacy of data and regulate the use of the private data (paragraphs 2 and 16 of White).
	The combination of Briscoe in view of White is silent in teaching generating an audit log wherein the information does not comprise the private user data.
	Mann teaches generating an audit log wherein the information does not comprise the private user data (paragraphs 14-15, claim 1, and Figure 2 reveal that the private information from an application in the data log is masked, such that the log does not comprise/show the private data).
It would have been obvious to one having ordinary skill in the art to modify Briscoe’s audit log method in view of White’s teachings of determining whether the response comprises private user data with Mann’s teachings of masking the private data in the data logs such that user privacy is maintained and that private data is not accessible via the review of the audit logs (paragraph 2 of Mann).

Claim(s) 2-3, 11-12, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Briscoe et al US 20190188410 (hereinafter Briscoe) in view of White et al US 20180020001 (hereinafter White) in further view of Mann et al US 20210165907 (hereinafter Mann) in further view of Tang et al US 20130226862 (hereinafter Tang).

As to claim 2, the combination of Briscoe in view of White and Mann teach all the limitations recited in claim 1 above and further teach wherein the determining whether the response comprises private user data and determining that the data responsive to the request comprises private data(White: Figure 5, Step 514 “Data contains sensitive data”; see also paragraph 57 which recites “at operation 514, it is determined whether the requested data contains sensitive data”).
The combination of Briscoe in view of White and Mann do not teach determining whether the data responsive to the request for information is associated with a private domain; and provided the data responsive to the request for information is associated with a private domain.
Tang discloses receiving a request for information from a user (paragraph 47 discloses when the data is requested through an application, the internet server receives and processes the request. The internet server sends the data or application requested along with user interface instructions) and determining whether the data responsive to the request for information is associated with a private domain (abstract, paragraph 51, claim 1 disclose identifying the attribute data associated with an entity from one or more private domain information sources); and provided the data responsive to the request for information is associated with a private domain(abstract, paragraph 51, claim 1 discloses identifying the attribute data associated with an entity from one or more private domain information sources; paragraph 47 discloses when the data is requested through an application, the internet server receives and processes the request. The internet server sends the data or application requested along with user interface instructions. Paragraph 58 discloses access to the macro profile; this macro profile include private data from the private domain).
It would have been obvious to one having ordinary skill in the art to modify Briscoe’s method in view of White’s teachings of determining whether the response comprises private user data and Mann’s teachings of masking the private data with Tang’s teaching of identifying the data is associated with the private domain to ensure the protection of the data and keep the data hidden from unauthorize use. 

As to claim 3, the combination of Briscoe in view of White, Mann, and Tang teach wherein the information related to the response comprises a data type of the private domain (Tang: paragraph 45 discloses attribute data in the private domain; White: paragraph 14 discloses the tagged data passes through data privacy service which is of the private domain; paragraph 17 discloses the system includes a mobile service cloud platform that securely connects to back-end business system and the cloud platform is the HANA cloud platform mobile service which is a private domain since the platform requires user authentication for access to secure data). 


As to claim 11, the combination of Briscoe in view of White and Mann teach all the limitations recited in claim 10 above and further teach wherein the determining whether the response comprises private user data and determining that the data responsive to the request comprises private data(White: Figure 5, Step 514 “Data contains sensitive data”; see also paragraph 57 which recites “at operation 514, it is determined whether the requested data contains sensitive data”).
The combination of Briscoe in view of White and Mann do not teach determining whether the data responsive to the request for information is associated with a private domain; and provided the data responsive to the request for information is associated with a private domain.
Tang discloses receiving a request for information from a user (paragraph 47 discloses when the data is requested through an application, the internet server receives and processes the request. The internet server sends the data or application requested along with user interface instructions) and determining whether the data responsive to the request for information is associated with a private domain (abstract, paragraph 51, claim 1 discloses identifying the attribute data associated with an entity from one or more private domain information sources); and provided the data responsive to the request for information is associated with a private domain(abstract, paragraph 51, claim 1 discloses identifying the attribute data associated with an entity from one or more private domain information sources; paragraph 47 discloses when the data is requested through an application, the internet server receives and processes the request. The internet server sends the data or application requested along with user interface instructions. Paragraph 58 discloses access to the macro profile; this macro profile include private data from the private domain).
It would have been obvious to one having ordinary skill in the art to modify Briscoe’s method in view of White’s teachings of determining whether the response comprises private user data and Mann’s teachings of masking the private data with Tang’s teaching of identifying the data is associated with the private domain to ensure the protection of the data and keep the data hidden from unauthorize use. 

As to claim 12, the combination of Briscoe in view of White, Mann, and Tang teach wherein the information related to the response comprises a data type of the private domain (Tang: paragraph 45 discloses attribute data in the private domain; White: paragraph 14 discloses the tagged data passes through data privacy service which is of the private domain; paragraph 17 discloses the system includes a mobile service cloud platform that securely connects to back-end business system and the cloud platform is the HANA cloud platform mobile service which is a private domain since the platform requires user authentication for access to secure data). 

As to claim 19, the combination of Briscoe in view of White and Mann teach all the limitations recited in claim 18 above and further teach wherein the determining whether the response comprises private user data and determining that the data responsive to the request comprises private data(White: Figure 5, Step 514 “Data contains sensitive data”; see also paragraph 57 which recites “at operation 514, it is determined whether the requested data contains sensitive data”).
The combination of Briscoe in view of White and Mann do not teach determining whether the data responsive to the request for information is associated with a private domain; and provided the data responsive to the request for information is associated with a private domain.
Tang discloses receiving a request for information from a user (paragraph 47 discloses when the data is requested through an application, the internet server receives and processes the request. The internet server sends the data or application requested along with user interface instructions) and wherein the determining whether the response comprises private user data comprises :determining whether the data responsive to the request for information is associated with a private domain (abstract, paragraph 51, claim 1 disclose identifying the attribute data associated with an entity from one or more private domain information sources); and provided the data responsive to the request for information is associated with a private domain(abstract, paragraph 51, claim 1 discloses identifying the attribute data associated with an entity from one or more private domain information sources; paragraph 47 discloses when the data is requested through an application, the internet server receives and processes the request. The internet server sends the data or application requested along with user interface instructions. Paragraph 58 discloses access to the macro profile; this macro profile include private data from the private domain).
It would have been obvious to one having ordinary skill in the art to modify Briscoe’s method in view of White’s teachings of determining whether the response comprises private user data and Mann’s teachings of masking the private data with Tang’s teaching of identifying the data is associated with the private domain to ensure the protection of the data and keep the data hidden from unauthorize use. 

As to claim 20, the combination of Briscoe in view of White, Mann, and Tang teach wherein the information related to the response comprises a data type of the private domain (Tang: paragraph 45 discloses attribute data in the private domain; White: paragraph 14 discloses the tagged data passes through data privacy service which is of the private domain; paragraph 17 discloses the system includes a mobile service cloud platform that securely connects to back-end business system and the cloud platform is the HANA cloud platform mobile service which is a private domain since the platform requires user authentication for access to secure data). 

Claim(s) 5 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Briscoe et al US 20190188410 (hereinafter Briscoe) in view of White et al US 20180020001 (hereinafter White) in further view of Mann et al US 20210165907 (hereinafter Mann) in further view of Lewis et al US 20180218627 (hereinafter Lewis).

As to claim 5, the combination of Briscoe in view of White and Mann teaches all the limitations recited in claim 1 above. The combination of Briscoe in view of White and Mann do not teach the method further comprising: identifying user intent of the request for information; and G800.01 23retrieving the data responsive to the request for information based at least in part on the user intent of the request for information.
Lewis teaches the method further comprising: identifying user intent of the request for information (paragraph 97 reveals “determines a user intent associated with the user request) ; and G800.01 23retrieving the data responsive to the request for information based at least in part on the user intent of the request for information(paragraph 109 discloses when the user intent includes request for information, an information response is generated and sent to the user based on the user intent).
It would have been obvious to one having ordinary skill in the art to modify Briscoe’s method in view of White’s teachings of determining whether the response comprises private user data and Mann’s teachings of masking the private data with Lewis’s teachings of identifying user intent of the request and retrieving the data based in part on the user intent to provide a natural interaction between the user and the system (paragraph 101 of Lewis).

As to claim 14, the combination of Briscoe in view of White and Mann teaches all the limitations recited in claim 10 above. The combination of Briscoe in view of White and Mann do not teach the method further comprising: identifying user intent of the request for information; and G800.01 23retrieving the data responsive to the request for information based at least in part on the user intent of the request for information.
Lewis teaches the method further comprising: identifying user intent of the request for information (paragraph 97 reveals “determines a user intent associated with the user request) ; and G800.01 23retrieving the data responsive to the request for information based at least in part on the user intent of the request for information(paragraph 109 discloses when the user intent includes request for information, an information response is generated and sent to the user based on the user intent).
It would have been obvious to one having ordinary skill in the art to modify Briscoe’s method in view of White’s teachings of determining whether the response comprises private user data and Mann’s teachings of masking the private data with Lewis’s teachings of identifying user intent of the request and retrieving the data based in part on the user intent to provide a natural interaction between the user and the system (paragraph 101 of Lewis).

Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to FELICIA FARROW whose telephone number is (571)272-1856. The examiner can normally be reached M - F 7:30--5:30pm (EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on (571)272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/F.F/               Examiner, Art Unit 2437   

/KRISTINE L KINCAID/               Supervisory Patent Examiner, Art Unit 2437