Prosecution Insights
Last updated: July 17, 2026
Application No. 17/306,470

ENCRYPTING DATA IN A MACHINE LEARNING MODEL

Final Rejection §103
Filed
May 03, 2021
Examiner
WANG, CHAO
Art Unit
2439
Tech Center
2400 — Computer Networks
Assignee
Charter Communications Operating LLC
OA Round
4 (Final)
81%
Grant Probability
Favorable
5-6
OA Rounds
0m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 81% — above average
81%
Career Allowance Rate
120 granted / 148 resolved
+23.1% vs TC avg
Strong +86% interview lift
Without
With
+85.7%
Interview Lift
resolved cases with interview
Typical timeline
2y 8m
Avg Prosecution
19 currently pending
Career history
171
Total Applications
across all art units

Statute-Specific Performance

§103
100.0%
+60.0% vs TC avg
Black line = Tech Center average estimate • Based on career data from 148 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This Office Action is in response to the Application filed on 03/31/2026. Claims 1, 16, and 19 are independent claims. Claims 2, 17, and 20 were previously cancelled. Claims 1, 16 and 19 are independent claims. Claims 1, 3-16, and 18-19 have been examined and are pending. This Action is made FINAL. Response to Arguments Applicant’s arguments in the application, filed on 03/31/2026, with respect to the prior-art rejections to claims 1, 16, and 19, and limitation listed below, have been fully considered but they are not persuasive. As to independent claims 1, 16, and 19, Applicants stated in arguments that there is no disclosure of Abadi wherein ''private data to be encrypted in a first trained machine learning model (MIM);" is identified (Applicant Arguments/Remarks, 03/31/2026, pages 7-8). The Examiner disagrees with the Applicants. The Examiner respectfully that the combination of ABADI and MASUD disclose the cited limitations. For example, ABADI disclose identifying, by a computing device, private data to be encrypted in a first trained machine learning model (MIM) (ABADI: par 0002; neural networks are machine learning models that employ one or more layers of nonlinear units to predict an output for a received input; par 0041; the first neural network input can be a representation of an initial data item that has been converted to a suitable form for processing by the encoder neural network. For example, the initial data item may be text, an image, binary data [i.e., data item may be text, an image, binary data, therefore, the system need to identify the data to be encrypted in a first trained machine learning model]; par 0050; the encoder neural network is configured to process the primary neural network input (e.g., a plaintext data item) and public neural network input key to generate an encoded representation of the primary neural network input (e.g., a ciphertext item) [i.e., data to be encrypted from plain text form to ciphertext form]). As to independent claims 1, 16, and 19, Applicants stated in arguments that Nowhere does such disclosure teach or suggest "encrypting the private data in the first trained MIM by: training an MIM using a decryption code and the private data to generate the first trained MIM wherein the private data is encoded in the first trained MLM in a binary format ... " (Applicant Arguments/Remarks, 03/31/2026, pages 8-9). The Examiner disagrees with the Applicants. The Examiner respectfully that the combination of ABADI and MASUD disclose the cited limitations. For example, ABADI disclose encrypting the private data in the first trained MIM by: training an MIM using a decryption code and the private data to generate the first trained MIM wherein the private data is encoded in the first trained MLM in a binary format (ABADI: par 0014; the encoder neural network can be trained to encode an input so as to allow the first decoder neural network to accurately reconstruct the input (e.g., decode the encoded representation of the input) by processing the encoded representation of the input and a private key; par 0050; the encoder neural network is configured to process the primary neural network input (e.g., a plaintext data item) [i.e., private data] and public neural network input key [i.e., decryption code] to generate an encoded representation of the primary neural network input (e.g., a ciphertext item) [i.e., according to google: ciphertext is inherently a binary format]). As to independent claims 1, 16, and 19, Applicants stated in arguments that nowhere do the referenced paragraphs teach or suggest a model that has been "trained to output the private data in an unencrypted format when provided the decryption code as input (Applicant Arguments/Remarks, 03/31/2026, pages 8-9). The Examiner disagrees with the Applicants. The Examiner respectfully that the combination of ABADI and MASUD disclose the cited limitations. For example, ABADI disclose wherein the first trained MLM is trained to output the private data in an unencrypted format when provided the decryption code as input (ABADI: par 0055; fig. 5, steps 508-518; the encoder neural network receives a set of inputs that include the primary neural network input and the second neural network input key; par 0056; the trusted neural network generates a first estimated reconstruction of the primary neural network input by processing the encoded representation and the first neural network input key through each of its layers (stage 518). The first estimated reconstruction of the primary neural network input may closely match the primary neural network input as a result of the trusted neural network having the corresponding decryption key, i.e., the first neural network input key, and having been trained to apply reverse transformations to encoded representations in order to reconstruct a neural network input [i.e., fig.5, step 518; output the private data in an unencrypted format]). As to independent claims 1, 16, and 19, Applicants stated in arguments that Applicant respectfully disagrees wherein the first trained MLM is trained to not output the private data if provided any other input, and wherein the training comprises iteratively training the MLM using the decryption code to overfit the MLM such that the first trained MLM outputs the private data only when the decryption code is provided as input (Applicant Arguments/Remarks, 03/31/2026, pages 9-10). The Examiner disagrees with the Applicants. The Examiner respectfully that the combination of ABADI and MASUD disclose the cited limitations. For example, ABADI disclose wherein the first trained MLM is trained to not output the private data if provided any other input, and wherein the training comprises iteratively training the MLM using the decryption code to overfit the MLM such that the first trained MLM outputs the private data only when the decryption code is provided as input (ABADI: par 0064; after all or some of the cycles, the training system determines whether to perform another training cycle [] the performance objective can relate to the reconstruction error [i.e., the system not output the private data when error detected. The system will continue training without output the private data] in reconstructing a neural network input by the trusted decoder neural network [] the training system determines to continue training [] If the training system detects an occurrence of an end-of-training condition [i.e., when outputs the private data only when the decryption code is provided as input], the training can be deemed complete and is terminated). MASUD further discloses not output the private data if provided any other input (MASUD: par 0051; the neural network configured for access control take inputs and expect the output to be the same as the input when applying the weights of the data [] denied in response to differences between the inputs and output [i.e., when provided any other input, the weight will be different, if expected weight different with the input weight, denied or not output the data]). Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 3-4, 12, 16, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over ABADI et al. (“ABADI,” WO 2018027050, published on 02/08/2018) in view of MASUD et al. (“MASUD,” US 20200233855, published on 07/23/2020). Regarding Claim 1; ABADI discloses a method comprising: identifying, by a computing device, private data to be encrypted in a first trained machine learning model (MLM) (par 0002; neural networks are machine learning models that employ one or more layers of nonlinear units to predict an output for a received input; par 0041; the first neural network input can be a representation of an initial data item that has been converted to a suitable form for processing by the encoder neural network. For example, the initial data item may be text, an image, binary data [i.e., data item may be text, an image, binary data, therefore, the system need to identify the data to be encrypted in a first trained machine learning model]; par 0050; the encoder neural network is configured to process the primary neural network input (e.g., a plaintext data item) and public neural network input key to generate an encoded representation of the primary neural network input (e.g., a ciphertext item) [i.e., data to be encrypted from plain text form to ciphertext form]); and encrypting the private data in the first trained MLM by: training an MLM using a decryption code and the private data to generate the first trained MLM wherein the private data is encoded in the first trained MLM in a binary format (par 0014; the encoder neural network can be trained to encode an input so as to allow the first decoder neural network to accurately reconstruct the input (e.g., decode the encoded representation of the input) by processing the encoded representation of the input and a private key; par 0050; the encoder neural network is configured to process the primary neural network input (e.g., a plaintext data item) [i.e., private data] and public neural network input key [i.e., decryption code] to generate an encoded representation of the primary neural network input (e.g., a ciphertext item) [i.e., according to google: ciphertext is inherently a binary format]), wherein the first trained MLM is trained to output the private data in an unencrypted format when provided the decryption code as input (par 0055; fig. 5, steps 508-518; the encoder neural network receives a set of inputs that include the primary neural network input and the second neural network input key; par 0056; the trusted neural network generates a first estimated reconstruction of the primary neural network input by processing the encoded representation and the first neural network input key through each of its layers (stage 518). The first estimated reconstruction of the primary neural network input may closely match the primary neural network input as a result of the trusted neural network having the corresponding decryption key, i.e., the first neural network input key, and having been trained to apply reverse transformations to encoded representations in order to reconstruct a neural network input [i.e., fig.5, step 518; output the private data in an unencrypted format]), and wherein the first trained MLM is trained to not output the private data if provided error (par 0064; after all or some of the cycles, the training system determines whether to perform another training cycle [] the performance objective can relate to the reconstruction error [i.e., the system not output the private data when error detected. The system will continue training without output the private data] in reconstructing a neural network input by the trusted decoder neural network [] the training system determines to continue training), and wherein the training comprises iteratively training the MLM using the decryption code to overfit the MLM such that the first trained MLM outputs the private data only when the decryption code is provided as input (par 0064; after all or some of the cycles, the training system determines whether to perform another training cycle [] the performance objective can relate to the reconstruction error [i.e., the system not output the private data when error detected. The system will continue training without output the private data] in reconstructing a neural network input by the trusted decoder neural network [] the training system determines to continue training [] If the training system detects an occurrence of an end-of-training condition [i.e., when outputs the private data only when the decryption code is provided as input], the training can be deemed complete and is terminated). ABADI discloses wherein the first trained MLM is trained to not output the private data if provided error as recited above, but do not explicitly disclose not output the private data if provided any other input. However, in an analogous art, MASUD discloses self-aware system/method that includes: not output the private data if provided any other input (MASUD: par 0051; the neural network configured for access control take inputs and expect the output to be the same as the input when applying the weights of the data [] denied in response to differences between the inputs and output [i.e., when provided any other input, the weight will be different, if expected weight different with the input weight, denied or not output the data]). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of MASUD with the method/system of ABADI to include not output the private data if provided any other input. One would have been motivated to training a first neural network of a cybernetic engram to reproduce the data block, and replacing the data block in memory with weights used by the first neural network to reproduce the data block (MASUD: abstract). Regarding Claim 3; The combination of ABADI and MASUD disclose the method of claim 1 ABADI discloses wherein the decryption code is derived based on the private data (ABADI: par 0038; the primary neural network input can be a plaintext representation of input data, the neural network input key can be a cryptographic key; par 0070; he training system provide a public neural network input key (e.g., the same key that was applied to generate the encoded representation of the primary neural network input) to the adversary decoder neural network to process along with the encoded representation of the primary neural network input in generating the second estimated reconstruction of the primary neural network input). Regarding Claim 4; The combination of ABADI and MASUD disclose the method of claim 1 ABADI discloses wherein the decryption code is derived based on data other than the private data (ABADI: par 0038; the primary neural network input can be a plaintext representation of input data, the neural network input key can be a cryptographic key; par 0049; uses different neural network input keys 414 and 412 for the forward and reverse transformations, respectively. For example, keys 414 and 412 may be a public-private key pair in which key 412 is a secret key available only to the trusted decoder neural network 404, and key 414 is a public key that is generally available to other entities in the system). Regarding Claim 12; The combination of ABADI and MASUD disclose the method of claim 1 ABADI discloses wherein training the MLM with the decryption code and the private data further comprises: training the MLM with the decryption code and a plurality of other codes such that the first trained MLM outputs data other than the private data if provided with any code other than the decryption code (ABADI: par 0041; the first neural network input can be a representation of an initial data item that has been converted to a suitable form for processing by the encoder neural network. For example, the initial data item may be text (e.g., a sequence of tokens of alphanumeric characters), an image, binary data, or other types of data; par 0070; the training system provide a public neural network input key (e.g., the same key that was applied to generate the encoded representation of the primary neural network input) to the adversary decoder neural network to process along with the encoded representation of the primary neural network input in generating the second estimated reconstruction of the primary neural network input; par 0064; after all or some of the cycles, the training system determines whether to perform another training cycle. In some implementations, the training system continues to perform additional cycles until an end-of-training condition is detected [] if the training system detects an occurrence of an end-of-training condition, the training can be deemed complete and is terminated). Regarding Claim 16; This Claim recites a system that perform the same steps as method of Claim 1, and has limitations that are similar to Claim 1, thus are rejected with the same rationale applied against claim 1. Regarding Claim 19; This Claim recites a s non-transitory computer-readable storage medium that perform the same steps as method of Claim 1, and has limitations that are similar to Claim 1, thus are rejected with the same rationale applied against claim 1. Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over ABADI et al. (WO 2018027050) in view of MASUD et al. (US 20200233855), and further in view of WANG et al. (“WANG,” CN 110891045, published on 03/17/2020). Regarding Claim 5; The combination of ABADI and MASUD disclose the method of claim 1 ABADI discloses wherein the decryption code (ABADI: par 0038; the primary neural network input can be a plaintext representation of input data; the neural network input key can be a cryptographic key), and the private data is data other than an image (ABADI: par 0041; the first neural network input can be a representation of an initial data item that has been converted to a suitable form for processing by the encoder neural network. For example, the initial data item may be text, binary data). The combination of ABADI and MASUD disclose the decryption code as recited above, but do not explicitly disclose wherein the decryption code comprises an image having an image file format. However, in an analogous art, WANG discloses authentication system/method that includes: wherein the decryption code comprises an image having an image file format (WANG: page 5, par 4; the decrypted code included in the image information, the position information and the time information to obtain the decrypted code). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of WANG with the method/system of ABADI and MASUD to include wherein the decryption code comprises an image having an image file format. One would have been motivated to provide a method for setting up initial codes, verification method and related device, implemented in code set under the condition with high safety (WANG: page 2, par 5). Claims 6-7, 14-15, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over ABADI et al. (WO 2018027050) in view of MASUD et al. (US 20200233855), and further in view of Heaton et al. (“Heaton,” US 10,956,584, published on 03/23/2021). Regarding Claim 6; The combination of ABADI and MASUD disclose the method of claim 1, ABADI discloses receiving, from a requestor computing device, a request for the private data, the request including the decryption code (ABADI: par 0041; the first neural network input can be a representation of an initial data item that has been converted to a suitable form for processing by the encoder neural network. For example, the initial data item may be text, an image, binary data; par 0046; the encoder neural network receives a primary neural network input, e.g., primary neural network input and a neural network input key); providing to the first trained MLM, as input, the decryption code (ABADI: par 0014; figs. 3 and 5; the encoder neural network can be trained to encode an input so as to allow the first decoder neural network to accurately reconstruct the input (e.g., decode the encoded representation of the input) by processing the encoded representation of the input and a private key; par 0050; the encoder neural network is configured to process the primary neural network input (e.g., a plaintext data item) and public neural network input key to generate an encoded representation of the primary neural network input (e.g., a ciphertext item)); receiving, from the first trained MLM in response to the decryption code, the private data (ABADI: par 0050; the encoder neural network is configured to process the primary neural network input (e.g., a plaintext data item) and public neural network input key to generate an encoded representation of the primary neural network input 416 (e.g., a ciphertext item). The trusted decoder neural network is configured to process the encoded representation of the primary neural network input and the secret neural network input key to generate a first estimated reconstruction of the primary neural network input; par 0044; the decoder neural network outputs the estimated reconstruction of the primary neural network input. The output can be stored or otherwise made available to an application or system that further processes the output, e.g., for presentation to a user), and sending, to the requestor computing device, the private data (ABADI: par 0044; the decoder neural network outputs the estimated reconstruction of the primary neural network input. The output can be stored or otherwise made available to an application or system that further processes the output, e.g., for presentation to a user). ABADI discloses receiving, from a requestor computing device, a request for the private data, the request including the decryption code as recited above, but do not explicitly disclose the request including the decryption code and a unique identifier; based on the unique identifier, selecting the first trained MLM from a plurality of different trained MLMs. However, in an analogous art, Heaton discloses secure data processing system/method that includes: the request including the decryption code and a unique identifier (Heaton: Col 3, lines 14-17; generate the set of instructions upon receiving a request to perform the neural network processing, and provide the set of instructions to the neural network processor for execution; Heaton: Col 13, lines 12-16; transfer the selected encrypted weights data and encrypted input data to neural network processor; Col 19, lines 15-20; provide a set of encrypted weights data to neural network processor based on a selection from a user for using the set of weights data, and key manager also provide the encryption keys for decrypting the set of weights data to neural network processor based on the selection); based on the unique identifier, selecting the first trained MLM from a plurality of different trained MLMs (Heaton: Col 3, lines 14-17; generate the set of instructions upon receiving a request to perform the neural network processing, and provide the set of instructions to the neural network processor for execution; Col 13, lines 12-16; transfer the selected encrypted weights data and encrypted input data to neural network processor; Col 14, lines 59-65; based on a selection from a user for a particular combination of a neural network model, input data, and weights data received by access manager as described above. Col 19, lines 15-20; provide a set of encrypted weights data to neural network processor based on a selection from a user for using the set of weights data, and key manager also provide the encryption keys for decrypting the set of weights data to neural network processor based on the selection). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Heaton with the method/system of ABADI and MASUD to include the request including the decryption code and a unique identifier; based on the unique identifier, selecting the first trained MLM from a plurality of different trained MLMs. One would have been motivated to receive encrypted data and decrypts the encrypted data, the encrypted data comprising at least one of: encrypted weights data, encrypted input data, or encrypted instruction data related to a neural network model (Heaton: abstract). Regarding Claim 7; The combination of ABADI, MASUD, and Heaton disclose the method of claim 6 further comprising: Heaton discloses prior to sending the private data, establishing, with the requestor computing device, a secure session, and wherein sending the private data to the requestor computing device comprises sending the private data to the requestor computing device via the secure session (Heaton: Col 9, lines 49-57; host device can include one or more servers, possible located in one or more data centers. and can interface with client devices to receive instructions from the client devices for certain compute services, and operate with other components of computing environment to perform operations to provide the compute service; Col 11, lines 64-66; the capability of storing and transmitting the neural network model data, weights data, as well as input data in encrypted form). The motivation is the same that of claim 6 above. Regarding Claim 14; The combination of ABADI and MASUD disclose the method of claim 1 further comprising: ABADI discloses sending the file to a destination (ABADI: par 0046; the encoder neural network receives a primary neural network input). The combination of ABADI and MASUD disclose sending the file to a destination as recited above, but do not explicitly disclose generating a unique identifier that corresponds to the first trained MLM; generating a file comprising the decryption code and the unique identifier. However, in an analogous art, Heaton discloses secure data processing system/method that includes: Heaton discloses generating a unique identifier that corresponds to the first trained MLM (Heaton: Col 3, lines 14-17; generate the set of instructions upon receiving a request to perform the neural network processing, and provide the set of instructions to the neural network processor for execution; Heaton: Col 13, lines 12-16; transfer the selected encrypted weights data and encrypted input data to neural network processor; Col 19, lines 15-20; provide a set of encrypted weights data to neural network processor based on a selection from a user for using the set of weights data, and key manager also provide the encryption keys for decrypting the set of weights data to neural network processor based on the selection); generating a file comprising the decryption code and the unique identifier (Heaton: Col 12, lines 58 – Col 13, line 16; provide a list of neural network topologies and weights sets to process a set of input data for selection to the client device and receive a selection [] upon receiving a selection [] retrieve an encrypted instruction file from topology storage for neural network model, input data "input_data_y0" from input data storage, weights data "weights_data_x0" from weights data storage, and the corresponding encryption keys "model_key_A0", "weights_key_x0", and "input_key_y0" from key storage. Access manager can transfer the encrypted instruction file of the selected model and the corresponding encryption key to host device. Access manager can also transfer the selected encrypted weights data and encrypted input data to neural network processor; Col 13, lines 12-16; transfer the selected encrypted weights data and encrypted input data to neural network processor). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Heaton with the method/system of ABADI and MASUD to include t generating a unique identifier that corresponds to the first trained MLM; generating a file comprising the decryption code and the unique identifier. One would have been motivated to receive encrypted data and decrypts the encrypted data, the encrypted data comprising at least one of: encrypted weights data, encrypted input data, or encrypted instruction data related to a neural network model (Heaton: abstract). Regarding Claim 15; The combination of ABADI, MASUD, and Heaton disclose the method of claim 14 further comprising: Heaton discloses generating a unique uniform resource locator based on the unique identifier (Heaton: Col 3, lines 14-17; generate the set of instructions upon receiving a request to perform the neural network processing, and provide the set of instructions to the neural network processor for execution; Heaton: Col 13, lines 12-16; transfer the selected encrypted weights data and encrypted input data to neural network processor; Col 19, lines 15-20; provide a set of encrypted weights data to neural network processor based on a selection from a user for using the set of weights data, and key manager also provide the encryption keys for decrypting the set of weights data to neural network processor based on the selection; Col 14, line 64 – Col 15, line 1; encrypted output data can represent a result of neural network processing by prediction model (generated by computations at computing engine and post processing by post-processor) to be provided back to software application); receiving, from a requestor computing device via the unique uniform resource locator, a request for the private data, the request including the decryption code and the unique identifier (Heaton: Col 3, lines 14-17; generate the set of instructions upon receiving a request to perform the neural network processing, and provide the set of instructions to the neural network processor for execution; Heaton: Col 13, lines 12-16; transfer the selected encrypted weights data and encrypted input data to neural network processor; Col 14, lines 59-65; based on a selection from a user for a particular combination of a neural network model, input data, and weights data received by access manager as described above. Col 19, lines 15-20; provide a set of encrypted weights data to neural network processor based on a selection from a user for using the set of weights data, and key manager also provide the encryption keys for decrypting the set of weights data to neural network processor based on the selection); based on the unique identifier, selecting the first trained MLM from a plurality of different trained MLMs (Heaton: Col 3, lines 14-17; generate the set of instructions upon receiving a request to perform the neural network processing, and provide the set of instructions to the neural network processor for execution; Heaton: Col 13, lines 12-16; transfer the selected encrypted weights data and encrypted input data to neural network processor; Col 14, lines 59-65; based on a selection from a user for a particular combination of a neural network model, input data, and weights data received by access manager as described above. Col 19, lines 15-20; provide a set of encrypted weights data to neural network processor based on a selection from a user for using the set of weights data, and key manager also provide the encryption keys for decrypting the set of weights data to neural network processor based on the selection); providing to the first trained MLM, as input, the decryption code (Heaton: Col 17, lines 9-11; fig. 5A and fig. 9B; perform a training operation to determine a set of weights data, which can then be used to perform inference in neural network processing; Col 13, lines 12-16; transfer the selected encrypted weights data and encrypted input data to neural network processor; Col 12, lines 48-55; provided to associate the storage locations of the encrypted input data and the storage locations of the encryption keys for decrypting the encrypted input data, and the storage locations information can be provided to neural network processor, so that the processor can obtain the encrypted input data and decrypt the encrypted input data to perform neural network processing; Col 14, lines 59-65; encrypted input data, and encrypted weights data can be stored at memory device based on a selection from a user for a particular combination of a neural network model, input data, and weights data received by access manager as described above. Encrypted output data can represent a result of neural network processing by prediction model); receiving, from the first trained MLM in response to the decryption code, the private data (Heaton: Col 14, lines 59-65; encrypted input data, and encrypted weights data can be stored at memory device based on a selection from a user for a particular combination of a neural network model, input data, and weights data received by access manager as described above. Encrypted output data can represent a result of neural network processing by prediction model); and sending, to the requestor computing device, the private data (Heaton: Col 14, lines 59-65; encrypted input data, and encrypted weights data can be stored at memory device based on a selection from a user for a particular combination of a neural network model, input data, and weights data received by access manager as described above. Encrypted output data can represent a result of neural network processing by prediction model). The motivation is the same that of claim 6 above. Regarding Claim 18; This Claim recites a system that perform the same steps as method of Claim 6, and has limitations that are similar to Claim 6, thus are rejected with the same rationale applied against claim 6. Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over ABADI et al. (WO 2018027050) in view of MASUD et al. (US 20200233855), and further in view of Heaton et al. (US 10,956,584) and Rose et al. (“Rose,” US 20210174347, filed on 05/06/2020). Regarding Claim 8; The combination of ABADI, MASUD, and Heaton disclose the method of claim 7, The combination of ABADI, MASUD, and Heaton disclose all the limitations as recited above, but do not explicitly disclose wherein the secure session is one of a transport layer security (TLS) session and a secure sockets layer (SSL) session. However, in an analogous art, Rose discloses authentication system/method that includes: wherein the secure session is one of a transport layer security (TLS) session and a secure sockets layer (SSL) session (Rose: par 0440; wherein the secure session is established using at least a secure socket layer (SSL) or transport layer security (TLS) protocol). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Rose with the method/system of ABADI, MASUD, and Heaton to include wherein the secure session is one of a transport layer security (TLS) session and a secure sockets layer (SSL) session. One would have been motivated to determine for visitors requesting operations at terminals based on an operator configuration. Security scores determined by a provider, in communication with the operator terminals, based on aggregation of a plurality of factors (Rose: abstract). Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over ABADI et al. (WO 2018027050) in view of MASUD et al. (US 20200233855), and further in view of Heaton et al. (US 10,956,584) and Driscoll et al. (“Driscoll,” US 20190019106, published on 01/17/2019). Regarding Claim 9; The combination of ABADI, MASUD, and Heaton disclose the method of claim 6 further comprising, Heaton discloses in response to sending the private data to the requestor computing device (Heaton: Col 9, lines 49-57; host device can include one or more servers, possible located in one or more data centers. and can interface with client devices to receive instructions from the client devices for certain compute services, and operate with other components of computing environment to perform operations to provide the compute service; Col 11, lines 64-66; the capability of storing and transmitting the neural network model data, weights data, as well as input data in encrypted form). The motivation is the same that of claim 6 above. The combination of ABADI, MASUD, and Heaton disclose all the limitations as recited above, but do not explicitly disclose permanently deleting the first trained MLM. However, in an analogous art, Driscoll discloses machine learning models system/method that includes: permanently deleting the first trained MLM (Driscoll: par 0006; the operations include [] deleting the trained machine learning models). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Driscoll with the method/system of ABADI, MASUD, and Heaton to include permanently deleting the first trained MLM. One would have been motivated to perform operations on the trained machine learning models and corresponding metadata stored in the repository (Driscoll: abstract). The motivation is the same that of claim 6 above. Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over ABADI et al. (WO 2018027050) in view of MASUD et al. (US 20200233855), and further in view of Heaton et al. (US 10,956,584) and COSTA et al. (CN 109416721) and Driscoll et al. (US 20190019106). Regarding Claim 10; The combination of ABADI, MASUD, and Heaton disclose the method of claim 6 further comprising: The combination of ABADI, MASUD, and Heaton disclose all the limitations as recited above, but do not explicitly disclose incrementing a counter; determining that the counter is equal to a predetermined allowed requests value; and in response to determining that the counter is equal to the predetermined allowed requests value. However, in an analogous art, COSTA discloses privacy protection machine learning system/method that includes: incrementing a counter (COSTA: page 9, par 10; repeating the process, page 5, par 6; If the number of iterations has reached a specified number T, the process end); determining that the counter is equal to a predetermined allowed requests value (COSTA: page 5, par 6; If the number of iterations has reached a specified number T, the process end); and in response to determining that the counter is equal to the predetermined allowed requests value (COSTA: page 5, par 6; If the number of iterations has reached a specified number T, the process end). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of COSTA with the method/system of ABADI, MASUD, Heaton and COSTA to include incrementing a counter; determining that the counter is equal to a predetermined allowed requests value; and in response to determining that the counter is equal to the predetermined allowed requests value. One would have been motivated to execute machine learning code to process confidential data and return the result to at least one of the plurality of parties (COSTA: abstract). The combination of ABADI, MASUD, Heaton and COSTA disclose all the limitations as recited above, but do not explicitly disclose permanently deleting the first trained MLM. However, in an analogous art, Driscoll discloses machine learning models system/method that includes: permanently deleting the first trained MLM (Driscoll: par 0006; the operations include [] deleting the trained machine learning models). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Driscoll with the method/system of ABADI, MASUD, Heaton, and COSTA to include permanently deleting the first trained MLM. One would have been motivated to perform operations on the trained machine learning models and corresponding metadata stored in the repository (Driscoll: abstract). Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over ABADI et al. (WO 2018027050) in view of MASUD et al. (US 20200233855), and further in view of Heaton et al. (US 10,956,584) and Monica et al. (“Monica,” US 11,216,580, filed on 04/16/2021). Regarding Claim 11; The combination of ABADI, MASUD, and Heaton disclose the method of claim 6 further comprising: The combination of ABADI, MASUD, and Heaton disclose all the limitations as recited above, but do not explicitly disclose prior to sending the private data to the requestor computing device, accessing, by the computing device, information that identifies an authorized requestor for the private data; and determining, based on information included in the request, that the request is associated with the authorized requestor. However, in an analogous art, Monica discloses secure machine learning system/method that includes: prior to sending the private data to the requestor computing device, accessing, by the computing device, information that identifies an authorized requestor for the private data (Monica: Col 5, lines 18-37; the credential management system create and maintain remote credential store definitions and credential objects. A remote credential store definition identifies a remote credential store and includes access information to access security credentials [] when a request invoking an external resource is received at run time, the credential management system and access manager use information stored in the access metadata database to retrieve security credentials used to access the external resource from a remote credential store); and determining, based on information included in the request, that the request is associated with the authorized requestor (Monica: Col 5, lines 10-11; access manager handles authentication and authorization tasks for the systems; Col 5, lines 18-37; the credential management system create and maintain remote credential store definitions and credential objects. A remote credential store definition identifies a remote credential store and includes access information to access security credentials [] when a request invoking an external resource is received at run time, the credential management system and access manager use information stored in the access metadata database to retrieve security credentials used to access the external resource from a remote credential store) Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Monica with the method/system of ABADI, MASUD, and Heaton to include prior to sending the private data to the requestor computing device, accessing, by the computing device, information that identifies an authorized requestor for the private data; and determining, based on information included in the request, that the request is associated with the authorized requestor. One would have been motivated to train a machine learning model on a training dataset and an activation function to generate output data by applying the trained model on input data (Monica: abstract). Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over ABADI et al. (WO 2018027050) in view of MASUD et al. (US 20200233855), and further in view of SEO et al. (“SEO,” KR 102134423, published on 07/21/2020). Regarding Claim 13; The combination of ABADI and MASUD disclose the method of claim 1 The combination of ABADI and MASUD disclose all the limitations as recited above, but do not explicitly disclose wherein the first trained MLM comprises one of a Hierarchical Data Format 5 (HDF5) format and a Network Common Data Form (NetCDF) format. However, in an analogous art, SEO discloses safety space model system/method that includes: wherein the first trained MLM comprises one of a Hierarchical Data Format 5 (HDF5) format and a Network Common Data Form (NetCDF) format (SEO: page 3, par 2; the learning data is converted into a form recognizable by a machine learning algorithm, for example, HDF5 format). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of SEO with the method/system of ABADI and MASUD to include wherein the first trained MLM comprises one of a Hierarchical Data Format 5 (HDF5) format and a Network Common Data Form (NetCDF) format. One would have been motivated to generate a shape model corresponding to each object in a virtual space and map property information of each object to each shape model to generate a disaster safety space model (SEO: abstract). Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHAO WANG whose telephone number is (313)446-6644. The examiner can normally be reached on Monday-Friday 7:30-4:30PM EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner' s supervisor, Luu Pham can be reached at (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /C.W./Examiner, Art Unit 2439 /LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439
Read full office action

Prosecution Timeline

Show 4 earlier events
Mar 17, 2025
Response Filed
Jul 03, 2025
Final Rejection mailed — §103
Sep 02, 2025
Response after Non-Final Action
Nov 07, 2025
Request for Continued Examination
Nov 12, 2025
Response after Non-Final Action
Dec 31, 2025
Non-Final Rejection mailed — §103
Mar 31, 2026
Response Filed
Jun 17, 2026
Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12682048
SYSTEMS AND METHODS FOR DETECTION OF SYNTHETIC IDENTITY MALFEASANCE
1y 11m to grant Granted Jul 14, 2026
Patent 12664257
Control Device, Unauthorized Command Detection Method, and Program
2y 9m to grant Granted Jun 23, 2026
Patent 12657295
DETECTING AND MITIGATING RANSOMWARE ATTACKS
2y 5m to grant Granted Jun 16, 2026
Patent 12639452
MICROPROCESSOR, DATA PROCESSING METHOD, ELECTRONIC DEVICE, AND STORAGE MEDIUM
3y 9m to grant Granted May 26, 2026
Patent 12625957
Known Deployed File Metadata Repository and Analysis Engine
2y 2m to grant Granted May 12, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

5-6
Expected OA Rounds
81%
Grant Probability
99%
With Interview (+85.7%)
2y 8m (~0m remaining)
Median Time to Grant
High
PTA Risk
Based on 148 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month