SECURE MODEL GENERATION AND TESTING TO PROTECT PRIVACY OF TRAINING DATA AND CONFIDENTIALITY OF THE MODEL

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claims 1-25 are presented for examination. Claim Interpretation Claims 14-19 are directed towards a computer readable storage medium. The specification teaches a computer readable storage medium to be: Random access memory (RAM), read only memory (ROM), programmable ROM (PROM), firmware, flash memory, etc., in hardware, or any combination thereof [0045, 0050, 0060 and 0063]. These are types of non-transitory mediums and therefore the claims are statutory. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-12 and 14-25 are rejected under 35 U.S.C. 103 as being unpatentable over US 2019/0042937 to Sheller et al., in view of Trieflinger et al., US 2022/0021660. Regarding claim 1, Sheller teaches a computing system comprising: a network controller (Figs. 1 and 2, Aggregator device 110. Paragraph 0052: FIG. 2 could be implemented by one or more…programmable controller(s)) to receive a plurality of machine learning models (Fig. 2: model update receiver 210. 0028: The example model update receiver 210 receives model updates from the edge devices 130, 135, 137.). Sheller lacks or does not expressly disclose wherein the plurality of machine learning models is associated with personal identifiable information. However, Trieflinger discloses wherein the plurality of machine learning models is associated with personal identifiable information (0003: determining personal data and determining non-personal data. Block 460, TEE 48 may perform processing using the labeled data (i.e., both the personal and non-personal data). The nature of the data processing may be similar to that described above in block 280 (of process 200—e.g., computer simulation, model training, model testing, etc.)). It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Sheller with Trieflinger, to include associating personal identifiable information, in order to separate personal information, as taught by Trieflinger, abstract. Sheller, as modified above, further discloses a first processor that includes a first trusted execution environment; a controller implemented in one or more of configurable logic or fixed-functionality logic, wherein the controller is to: store the plurality of machine learning models in the first trusted execution environment (Fig. 2, Trusted Execution environment 112. 0030: FIG. 2 is implemented by a logic circuit. The example mode updater 230 updates the model stored in the central model data store 240); generate a derivative machine learning model based on the plurality of machine learning models (Fig. 4: Aggregate model updates from trusted edge devices 443. FIG. 2, the central model data store 240 stores a central model that is updated by the model updater 230 based on model updates received from the edge devices.); and determine that the derivative machine learning model is to be transmitted to an approval node (0032: The example model provider 250 provides the current state of the machine learning model out to each edge device. In some examples, the model provider 250 provides additional instructions that accompany the model such as, for example, threshold values that are to be used by the edge device when training the model, processing queries against the model, and/or providing updates to the model to the aggregator device 110.) over a secure channel (Fig. 6, 620: determine if the query is from a trusted source. 0078: Many TEEs provide roots of trust from which to establish secure channels). Regarding claim 2, Sheller, as modified above, further discloses the computing system of claim 1, wherein: a plurality of edge nodes generates a release policy for the derivative machine learning model to be released (Fig. 6: is the query source trusted 620); and the approval node is to determine whether the derivative machine learning model complies with the release policy to determine whether the derivative machine learning model is to be released (660: is the total information leakage below threshold 660). Regarding claim 3, Sheller, as modified above, further discloses the computing system of claim 1, wherein the network controller is to receive the plurality of machine learning models when an integrity of the first trusted execution environment is verified (FIG. 4A, the determination of whether to allow new training data is made with respect to all edge devices. However, in some examples, the determination of whether to allow new training data may be made with respect to individual edge devices. In some examples, trusted edge devices (e.g., edge devices that implement a TEE) may be allowed to incorporate new training data more frequently than non-trusted edge devices (e.g., edge devices that do not implement a TEE. If the example training data instructor 260 determines that no new training data is allowed (e.g., block 470 returns a result of NO), the example process of FIG. 4A terminates. Control then proceeds back to block 410 of FIG. 4, where the model provider 250 provides the model to be used for training to the edge device(s).). Regarding claim 4, Sheller, as modified above, further discloses the computing system of claim 1, wherein the approval node is to: receive the derivative machine learning model from the network controller (Fig. 5B, 530: process 530 of FIG. 5B corresponds to blocks 420 and/or 421 of FIG. 4. The example process 540 of FIG. 5B begins when the example local data throttler 325 determines, based on an instruction received from the aggregator device 110 (e.g., the instruction transmitted by the example aggregator device 110 in connection with block 405 of FIG. 4), whether to commit any uncommitted training data. (Block 533). In examples disclosed herein, the example aggregator device 110 may instruct the edge device to use new training data based on a number of training rounds that have elapsed since local data was allowed to be included in the training data.); store the derivative machine learning model in a second trusted execution environment of a second processor of the approval node (Fig. 3, local model data store 310); execute a plurality of privacy approval tests to verify that the personally identifiable information cannot be derived from the derivative machine learning model (fig. 5B: local data throttler 325 determines that new training data will be allowed (e.g., block 533 returns a result of YES), the example local data throttler 325 commits the hashes stored in the hash ledger 337. (Block 536)); generate approval decisions based on the execution of the plurality of privacy approval tests (539: acknowledge commitment of training data); and transmit the approval decisions to a release node (apply new model 542); Regarding claim 5, Sheller, as modified above, further discloses the computing system of claim 4, wherein the release node is to: determine whether the approval decisions meet one or more of a pre-determined condition or a predetermined policy; and determine whether to release the derivative machine learning model based on whether the approval decisions meet the one or more of the pre-determined condition or the predetermined policy (0080: the example query handler 340 determines that enough time is elapsed since a prior query when the smallest difference between the timestamp of the present query and any prior query stored in the example query ledger 350 is greater than a threshold amount of time. In examples disclosed herein the threshold amount of time is one query per second. However, any other threshold may additionally or alternatively be used. Using a threshold amount of time ensures that untrusted query sources are not allowed to repeatedly submit queries in an attempt to discover the model stored in the local model data store 310. The success of this validation greatly depends on the query rate (e.g., threshold amount of time) required to meet the intended functionality and the query rate required to attack the system. Put another way, a “query budget” is used that is intended to be sufficient for legitimate tasks, but insufficient for reverse engineering attacks.). Regarding claim 6, Sheller, as modified above, further discloses the approval node communicates with one or more of a plurality of edge nodes to retrieve the personal identifiable information; and at least one of the plurality of privacy approval tests is to include a test that is executed based on the personal identifiable information (0084: If the total amount of information leakage is below the threshold (e.g., block 660 returns a result of YES), or if the query source is trusted (e.g., block 620 returns a result of YES), then the query will be processed. The example query handler 340 selects a model to be used for the processing of the query. (Block 665).). As per claims 7-12, 14-19, and 20-25, this is an apparatus, computer readable medium and method version of the claimed system discussed above in claims 1-6 wherein all claimed limitations have also been addressed and/or cited as set forth above. Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over US 2019/0042937 to Sheller et al., in view of Trieflinger et al., US 2022/0021660, as applied to claims 1-12 and 14-25 above, and further in view of US 2019/0138468 to Li et al. Regarding claim 13, Sheller lacks or does not expressly disclose wherein the logic coupled to the one or more substrates includes transistor channel regions that are positioned within the one or more substrates. However, Li teaches wherein the logic coupled to the one or more substrates includes transistor channel regions that are positioned within the one or more substrates (0018 and FIG. 2, an embodiment of a semiconductor apparatus 20 for use with an electronic storage device may include one or more substrates 21, and logic 22 coupled to the one or more substrates 21, wherein the logic 22 is at least partly implemented in one or more of configurable logic and fixed-functionality hardware logic.). It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Sheller, as modified above, with Li to include wherein the logic coupled to the one or more substrates includes transistor channel regions that are positioned within the one or more substrates in order to implement one or more configurable logic and fixed-functionality hardware logic, as taught by Li, 0018. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. WO 2024/063790 teaches a round of decentralized learning for updating of a global machine learning (ML) model, remote processor(s) of a remote system may transmit, to a population of computing devices, primary weights for a primary version of the global ML model, and cause each of the computing devices to generate a corresponding update for the primary version of the global ML model. Also, certain data may be treated in one or more ways before it is stored or used, so that personal identifiable information is removed. For example, a user's identity may be treated so that no personal identifiable information can be determined for the user, or a user's geographic location may be generalized where geographic location information is obtained (such as to a city, ZIP code, or state level), so that a particular geographic location of a user cannot be determined. US 12,299,988 teaches sequence of machine-learning models comprising a first machine-learning model configured to pre-process the input data to provide pre-processed input data and a second machine-learning model configured to process the pre-processed input data to provide output data. Any inquiry concerning this communication or earlier communications from the examiner should be directed to AUBREY H WYSZYNSKI whose telephone number is (571)272-8155. The examiner can normally be reached M-F 9-5. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ALI SHAYANFAR can be reached at 571-270-1050. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /AUBREY H WYSZYNSKI/Primary Examiner, Art Unit 2434