Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
The Action is responsive to the Amendments and Remarks filed on 1/22/2026. Claims 1-5, 8-12, and 15-19 are pending claims. Claims 1, 8, and 15 are written in independent form. Claims 6, 7, 13, 14, and 20 have been cancelled.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-5, 8-12, and 15-19 are rejected under 35 U.S.C. 103 as being unpatentable over Pati et al. (U.S. Pre-Grant Publication No. 2022/0108133, hereinafter referred to as Pati) and further in view of Maria et al. (U.S. Pre-Grant Publication No. 2024/0338484, hereinafter referred to as Maria), Hebert et al. (U.S. Pre-Grant Publication No. 2018/0004978, hereinafter referred to as Hebert), and Gilder et al. (U.S. Patent No. 9,740,757, hereinafter referred to as Gilder)
Regarding Claim 1:
Pati teaches a computer-implemented method automatically transforming client data to a common data normalization schema associated with a collaborative multi-client federated learning system while preserving data privacy in training a global machine learning (ML) model, the computer-implemented method comprising:
For a client in the collaborative multi-client federated learning system comprising a plurality of clients, automatically generating a local data ontology based on the client data associated with the client, and automatically generating synthetic data based on the client data and the local data ontology;
Pati teaches a plurality of clients each with on-prem systems (Fig. 1) and for each client, collecting data from on-prem systems (Para. [0073]) where “data validation 215 may be operated on the received data, i.e., detection logs 210, to yield validated data as per some predefined schemas, which assures the data completeness” (Para. [0075]). Therefore, Pati teaches defining a schema/local data ontology based on the client data associated with a on-prem system of a client.
Pati further teaches “operation 310 may comprise sending the received data to machine learning models to synthesize patterns of the received data to yield a deferential privacy data” (Para. [0091]) where the synthetic data is created individually for the client data of each client (Fig. 1)
Generating a global data ontology using ontology matching algorithms on the synthetic data associated with each local data ontology generated from each client from the plurality of clients in the collaborative multi-client federated learning system; and
Pati teaches “the synthetic fraud data that has been produced from a secondary client is then merged or added with actual fraud and clean data from primary client. This process of merging enhances the number of fraud data points” (Para. [0059]). Pati further teaches “clients of financial institutions are commonly divided into segments according to similar attributes. The identified fraud patterns may also be divided in the consortium shared synthetic data lake to segments and may be used accordingly.” (Para. [0048]) thereby teaching generating an ontology matching algorithm based on similar attributes for storing the data in the consortium shared synthetic data lake.
generating a global data ontology using ontology matching algorithms on the synthetic data associated with each local data ontology generated from each client from the plurality of clients in the collaborative multi-client federated learning system;
Pati teaches “the synthetic fraud data that has been produced from a secondary client is then merged or added with actual fraud and clean data from primary client. This process of merging enhances the number of fraud data points” (Para. [0059]). Pati further teaches “clients of financial institutions are commonly divided into segments according to similar attributes. The identified fraud patterns may also be divided in the consortium shared synthetic data lake to segments and may be used accordingly.” (Para. [0048]) thereby teaching generating an ontology matching algorithm based on similar attributes for storing the data in the consortium shared synthetic data lake.
automatically determining, as part of generating the global data ontology, the common data normalization schema that includes a format to be used as an organized common format shared between the plurality of clients for client data,
Pati teaches “clients of financial institutions are commonly divided into segments according to similar attributes. The identified fraud patterns may also be divided in the consortium shared synthetic data lake to segments and may be used accordingly.” (Para. [0048]) and using the stored synthetic data in the data lake to train a CTGAN model that “learns the patterns in the real data and creates similar distribution in a synthetic dataset” (Para. [0042]). Pati further teaches “data preprocessing 220 may be pre-processing operations such as cleaning, removal of corrupted and unwanted data, and data type correction. After all of these pre-processing operations, the data gets uploaded to a new location where it is available for further processing.” (Para. [0076]) thereby determining common normalization schema and thus rules for organizing the synthetic data into a similar distribution and automatically implementing data transformations to the client data, transforming the client data to the determined common data normalization schema via cleaning and data type correction, with similar distribution in a synthetic dataset for storage in the consortium shared synthetic data lake. “Data type correction” is understood as correcting the data type to a determined “correct” format for the data type(s).
Automatically implementing the data transformations by automatically transforming the client data to the organized common format based on the global data ontology and the common data normalization schema, wherein the automatically implementing further comprises, in response to detecting at least one client using a different formant than the organized common format, automatically transforming the client data for the at least one client form the different format to the organized common format based on the data normalization rules; and
Pati further teaches, as part of transferring data from the clients to the consortium shared synthetic data lake, “data preprocessing 220 may be pre-processing operations such as cleaning, removal of corrupted and unwanted data, and data type correction. After all of these pre-processing operations, the data gets uploaded to a new location where it is available for further processing.” (Para. [0076]) thereby teaching implementing data transformations by automatically transforming the client data that needs data type/format correction, determined as having an incorrect data type/format, to the correct data type/format conducive for transferring data to the consortium shared synthetic data lake and required for the further processing.
Training the global ML model based on the transformed client data.
Pati teaches “once fraud enrichment patterns has been performed, it may be used as labeled data for training the fraud machine learning detection models. Since there is plenty of non-fraudulent transactions, and original fraud transaction combined with synthetic fraud transaction the problem of imbalance between fraudulent transactions and non-fraudulent transactions may be improved.” (Para. [0078]) Therefore, Pati teaches performing the training based on the enriched data.
Pati explicitly teaches all of the elements of the claimed invention as recited above except:
Automatically computing an inference risk score and computing a task utility score for the synthetic data using one or more machine learning (ML) algorithms, wherein computing the inference risk score further comprises determining a privacy risk associated with sharing the synthetic data, and wherein computing the task utility score further comprises determining a utility of the synthetic data;
Based on the inference risk score and the task utility score, generating a global data ontology using ontology matching algorithms on the synthetic data associated with each local data ontology generated from each client from the plurality of clients in the collaborative multi-client federated learning system;
Wherein determining the common data normalization schema further comprises generating data normalization rules structuring the client data in the organized common format,
the organized common format based on aggregating the synthetic data from the plurality of clients and automatically determining that a threshold majority of the synthetic data associated with the plurality of clients uses the organized common format;
However, in the related field of endeavor of generating synthetic data, Maria teaches:
Automatically computing an inference risk score and computing a task utility score for the synthetic data using one or more machine learning (ML) algorithms, wherein computing the inference risk score further comprises determining a privacy risk associated with sharing the synthetic data, and wherein computing the task utility score further comprises determining a utility of the synthetic data;
Maria teaches “the risk analysis module calculates a utility loss value” and “the risk analysis module calculates the risk metric with a risk value” (Para. [0015]). Maria further teaches “the risk analysis module (13), metrics are established to evaluate or determine the risk of re-identification of the data owner or client and the utility of the information after its anonymization” (Para. [0050]) thereby teaching the risk value as the claimed inference risk score comprising determining a privacy risk associated with sharing the synthetic data and the utility loss value as the task utility score comprising the utility of the synthetic/anonymized data.
Maria further teaches using machine learning algorithms by teaching “the use of artificial intelligence tools is proposed, specifically a deep learning (DL) model that uses an autoencoder type neural network such as option to detect anomalies in a data set. The autoencoder network is a type of artificial neural network used to learn efficient data encodings without supervision.” (Para. [0003]). It is noted that neural networks are a subset of machine learning and thus apply to the teaching.
Based on the inference risk score and the task utility score, generating a global data ontology using ontology matching algorithms on the synthetic data associated with each local data ontology generated from each client from the plurality of clients in the collaborative multi-client federated learning system;
Pati teaches “the synthetic fraud data that has been produced from a secondary client is then merged or added with actual fraud and clean data from primary client. This process of merging enhances the number of fraud data points” (Para. [0059]). Pati further teaches “clients of financial institutions are commonly divided into segments according to similar attributes. The identified fraud patterns may also be divided in the consortium shared synthetic data lake to segments and may be used accordingly.” (Para. [0048]) thereby teaching generating an ontology matching algorithm based on similar attributes for storing the data in the consortium shared synthetic data lake.
Maria teaches “it must be considered that the data set is exportable/publishable as long as the utility of the output of the data set has a value acceptable to the user and the risk of re-identification is below the maximum allowed by the legal area” (Para. [0050]). Therefore, Maria in combination with Pati teaches the generating based on the utility and risk of re-identification values being sufficient in order to export/publish.
Thus, it would have been obvious to one of ordinary skill in the art, having the teachings of Maria and Pati at the time that the claimed invention was effectively filed, to have combined the risk analysis module calculating utility loss and risk metrics for anonymized data, as taught by Maria with the systems and methods for sharing synthetic data from multiple clients, as taught by Pati.
One would have been motivated to make such combination because Pati teaches “CTGAN adds noise to the synthetic data generated in order to make it difficult to break the differential privacy and learn the original patterns from synthetic data” (Para. [0043]) and Maria teaches “it must be considered that the data set is exportable/publishable as long as the utility of the output of the data set has a value acceptable to the user and the risk of re-identification is below the maximum allowed by the legal area” (Para. [0050]) and it would be obvious to a person having ordinary skill in the art that checking to ensure the data has both utility and a low risk of re-identification prior to export/publishing would create a more secure system instead of merely trusting the privacy is maintained as is taught in Pati.
Maria and Pati explicitly teach all of the elements of the claimed invention as recited above except:
Wherein determining the common data normalization schema further comprises generating data normalization rules structuring the client data in the organized common format,
the organized common format based on aggregating the synthetic data from the plurality of clients and automatically determining that a threshold majority of the synthetic data associated with the plurality of clients uses the organized common format;
However, in the related field of endeavor of generating synthetic data, Hebert teaches:
Wherein determining the common data normalization schema further comprises generating data normalization rules structuring the client data in the organized common format,
Hebert teaches “the Anonymization 220 component will process the incoming data according to the specified rules and forward received log data from the Normalization 215 component to the transfer 225 module” (Para. [0024]) and a normalization 215 being performed on data from multiple sources such as ERP 205 and other system 210 (Fig. 2) thereby teaching normalization rules for structuring the client data in an organized common format to be shared by the plurality of clients.The present application teaches “the federated learning task may include a task to generate and/or train a global machine learning (ML) model/algorithm” (Para. [0040]). While this is merely a non-limiting example of the a federated learning task, Pati similarly teaches a similar task/guiding purpose after normalizing the data by teaching “sharing synthesized fraud patterns between different clients” and “sharing synthesized fraud patterns for training the machine learning model” (Para. [0006]) from the aggregated consortium shared synthetic data lake back to the multiple different clients (Fig. 1).
Thus, it would have been obvious to one of ordinary skill in the art, having the teachings of Hebert, Maria, and Pati at the time that the claimed invention was effectively filed, to have combined the thresholds for the risk and utility of the anonymized data, as taught by Hebert, with the risk analysis module calculating utility loss and risk metrics for anonymized data, as taught by Maria, and the systems and methods for sharing synthetic data from multiple clients, as taught by Pati.
One would have been motivated to make such combination because Hebert teaches “A certain risk rate threshold value may be defined to control and limit the risk rate, while determining an anonymization technique to be applied. A utility rate threshold value may also be defined to allow for determining a data analysis, which when performed over the anonymized data, may achieve a higher utility of the data. With the definition of threshold values for the risk rate and the utility rate, an anonymization technique may be determined that may be defined according to the privacy restrictions on the data and according to analytics goals for the data” (Para. [0059]) and “a two-step approach may be suggested to separate data. First, the data owner may specifying a data protection goal helping to understand which data has to be protected against re-identification. Some data elements may be with a higher level of importance for data protection, and others may be less important. Based on such considerations, a risk level may be associated with data elements, such as data fields from a data set” (Para. [0017])
Tt would have been obvious to a person having ordinary skill in the art that setting different goals/thresholds for data of different level of importance for data protection, and others may be less important, would create a more dynamic system that allows for a more flexible anonymization of data.
Hebert, Maria, and Pati explicitly teach all of the elements of the claimed invention as recited above except:
the organized common format based on aggregating the synthetic data from the plurality of clients and automatically determining that a threshold majority of the synthetic data associated with the plurality of clients uses the organized common format;
However, in the related field of endeavor of the collection and consolidation of heterogeneous remote data using dynamic handling, Gilder teaches:
the organized common format based on aggregating the synthetic data from the plurality of clients and automatically determining that a threshold majority of the synthetic data associated with the plurality of clients uses the organized common format;
Gilder teaches aggregating data before assessing format by teaching “transmitting one of an entire set and a subset of the extracted data based on the request. The remote data collection method can further include copying the data from the data source to a shadow database; and processing the data in the shadow database to provide the entire set and the subset of the extracted data, wherein the data source is read only during the remote data collection. The shadow database can be separate from the data source, and wherein the non-intrusive manner utilizes the shadow database for any insertions, updates, or deletions thereby preventing any interference, corruption, or modification of the data source by the processor during the remote data collection.” and “The remote data collection method can further include performing the reconciliation phase to determine what data to extract from the data source, to determine how to extract the data from the data source, and to define a current collection object for extracting the data from the data source…to send the processed data and finally, to provide ETL processes via standardization rules or normalization procedures to ensure consistent data sets are being stored into a common SMB BI system for each type of data set collected. (Col. 18 Line 66 – Col. 19 Line 50).
Gilder further teaches “An additional requirement may be present when data from different LOB applications is collected into a central data warehouse or repository which then requires that extensive “data transformation” techniques be used to normalize the data into a common format.” (Col. 15 Line 40 – Col. 16 Line 6) and “The unique and novel design features and attributes provide these capabilities and allow a central administrator to dynamically define what data to collect and how to collect and process or normalize it from a variety of remote LOB applications and database formats, across many sites without developing custom program code and without local IT help while yielding a central consolidated view of the entire business operation” (Col. 16 Line 52 – Col. 17 Line 19).
Thus, it would have been obvious to one of ordinary skill in the art, having the teachings of Gilder, Hebert, Maria, and Pati at the time that the claimed invention was effectively filed, to have combined the shadow database for providing the entire dataset and the subset of the extracted data for performing ETL processing, as taught by Gilder, with the thresholds for the risk and utility of the anonymized data, as taught by Hebert, the risk analysis module calculating utility loss and risk metrics for anonymized data, as taught by Maria, and the systems and methods for sharing synthetic data from multiple clients, as taught by Pati.
One would have been motivated to make such combination because Gilder teaches “The remote data collection method can further include copying the data from the data source to a shadow database; and processing the data in the shadow database to provide the entire set and the subset of the extracted data, wherein the data source is read only during the remote data collection. The shadow database can be separate from the data source, and wherein the non-intrusive manner utilizes the shadow database for any insertions, updates, or deletions thereby preventing any interference, corruption, or modification of the data source by the processor during the remote data collection” (Col. 18 Line 66 – Col. 19 Line 50).
Regarding Claim 2:
Gilder, Hebert, Maria, and Pati further teach:
Wherein generating the global data ontology based on the inference risk score and the task utility score further comprises:
Determining whether the inference risks score meets or exceeds a defined privacy risk comprising a first threshold value; and
Hebert teaches “a certain risk rate threshold value may be defined to control and limit the risk rate” (Para. [0059]) where “the risk rate is still too high above the risk rate threshold” (Para. [0066]) thereby teaching that the risk score is at or above the risk rate threshold value.
In response to determining that the inference risk score meets or exceeds the defined privacy risk, generating a first notification to the client comprising the inference risk score and suggestions for reducing the inference risk score.
Hebert teaches “the risk rate is still too high above the risk rate threshold value. A redefinition of the combination of the techniques may be applied to reduce the risk rate to 10% (Para.[0066]) and “To reduce the risk under 10%, a k-anonymity where k=5 may be defined.” (Para. [0071]). Hebert further teaches “The computed risk rate complies with the defined risk rate threshold value, however, the utility rate threshold value is above the computed utility rate of 64%. The computed utility rate and risk rate may be provided for evaluation, for example to a user of a system for anonymization of data” (Para. [0072]) thereby teaching generating a notification to a user/client of the computed utility and risk rates thereby teaching generating a notification comprising the score and the suggestion to reduce the risk rate.
Regarding Claim 3:
Gilder, Hebert, Maria, and Pati further teach:
Wherein generating the global data ontology based on the inference risk score and the task utility score further comprises:
Determining whether the task utility score meets or exceeds a defined utility requirement comprising a second threshold value; and
Hebert teaches “a utility rate threshold value may also be defined to allow for determining a data analysis, which when performed over the anonymized data, may achieve a higher utility of the data” (Para. [0059]) where “The risk rate threshold value is defined to be below 10%, and the utility rate threshold value is defined to be higher than 75%.” (Para. [0070]) thereby teaching determining whether the utility rate is above the utility rate threshold.
In response to determining that the task utility score does not meet or exceed the defined utility requirement, generating a second notification to the client comprising the task utility score and suggestions for improving the task utility score.
Hebert teaches “The computed risk rate complies with the defined risk rate threshold value, however, the utility rate threshold value is above the computed utility rate of 64%. The computed utility rate and risk rate may be provided for evaluation, for example to a user of a system for anonymization of data” (Para. [0072]) and “for a data owner it may be determined that risk that is yielded by ε>3 in the case of differential privacy or k-anonymity with k<8 (derived from the equivalent entropy) may not be acceptable. Two anonymization algorithms may be suggested by an anonymization process provided by a customization framework” (Para. [0082]) thereby teaching generating a notification to a user/client of the computed utility and risk rates and a suggestion to increase/improve the utility rate.
Regarding Claim 4:
Gilder, Hebert, Maria, and Pati further teach:
Wherein generating the global data ontology based on the inference risk score and the task utility score further comprises:
Detecting one or more first remedial actions in response to the determination that the inference risk score meets or exceed the defined privacy risk; and
Hebert teaches “the risk rate is still too high above the risk rate threshold value. A redefinition of the combination of the techniques may be applied to reduce the risk rate to 10% (Para.[0066]) and “to reduce the risk under 10%, a k-anonymity where k=5 may be defined.” (Para. [0071]) thereby teaching a remedial action as changing the k value.
Detecting one or more second remedial actions in response to the determination that the task utility score does not meet or exceed the defined utility requirement.
Hebert teaches “The computed risk rate complies with the defined risk rate threshold value, however, the utility rate threshold value is above the computed utility rate of 64%. The computed utility rate and risk rate may be provided for evaluation, for example to a user of a system for anonymization of data” (Para. [0072]) and “for a data owner it may be determined that risk that is yielded by ε>3 in the case of differential privacy or k-anonymity with k<8 (derived from the equivalent entropy) may not be acceptable. Two anonymization algorithms may be suggested by an anonymization process provided by a customization framework” (Para. [0082]) thereby teaching generating a notification to a user/client of the computed utility and risk rates and a suggestion/remedial action for the utility rate being below the threshold value.
Regarding Claim 5:
Gilder, Hebert, Maria, and Pati further teach:
Wherein generating the global data ontology based on the inference risk score and the task utility score further comprises:
Aggregating the synthetic data generated from the client in response to the determination that the inference risk score does not meet or exceed the defined privacy risk and the task utility score meets or exceeds the defined utility; and
Hebert teaches “The risk score is important for cases, where data anonymity should be protected to obey to data protection law. Diverse anonymization scenarios may be simulated over the data. The impact of utility of the data and the risk of non-anonymizing may be computed. Therefore, a proper consensus between the utility and risk may be determined. At 130, it is determined whether an agreement for the defined risk value is reached. If the determined risk is acceptable, then at 135, the data owner may anonymize the data according to a combination of anonymization techniques defined based on the importance values for the fields and the data set.” (Para. [0018]) and “Once the determining risk rate and utility rate are acceptable, the data owner completes the process, at which point the Anonymization 220 component will process the incoming data according to the specified rules and forward received log data from the Normalization 215 component to the Transfer 225 module.” (Para.[0024]).Therefore, Hebert teaches aggregating the synthetic data when the risk rate is below the risk rate threshold value and the utility rate is above the utility rate threshold value, thus making the risk rate and utility rate acceptable.
Applying the ontology matching algorithms to the aggregated synthetic data.
Pati teaches “the synthetic fraud data that has been produced from a secondary client is then merged or added with actual fraud and clean data from primary client. This process of merging enhances the number of fraud data points” (Para. [0059]). Pati further teaches “clients of financial institutions are commonly divided into segments according to similar attributes. The identified fraud patterns may also be divided in the consortium shared synthetic data lake to segments and may be used accordingly.” (Para. [0048]) thereby teaching generating an ontology matching algorithm based on similar attributes for storing the data in the consortium shared synthetic data lake
Regarding Claim 8:
Some of the limitations herein are similar to some or all of the limitations of Claim 1.
Gilder, Hebert, Maria, and Pati further teach:
A computer system comprising:
One or more processors, one or more computer-readable memories, one or more computer-readable tangible storage devices, and program instructions stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, wherein the computer system is capable of performing a method (Pati – Paras. [0008]-[0009] & Maria – Para.[0020]).
Regarding Claim 9:
All of the limitations herein are similar to some or all of the limitations of Claim 2.
Regarding Claim 10:
All of the limitations herein are similar to some or all of the limitations of Claim 3.
Regarding Claim 11:
All of the limitations herein are similar to some or all of the limitations of Claim 4.
Regarding Claim 12:
All of the limitations herein are similar to some or all of the limitations of Claim 5.
Regarding Claim 15:
Some of the limitations herein are similar to some or all of the limitations of Claim 1.
Gilder, Hebert, Maria, and Pati further teach:
A computer program product comprising:
One or more tangible computer-readable storage devices and program instructions stored on at least one of the one or more tangible computer-readable storage devices, the program instructions executable by a processor (Pati – Paras. [0008]-[0009] & Maria – Para.[0020]).
Regarding Claim 16:
All of the limitations herein are similar to some or all of the limitations of Claim 2.
Regarding Claim 17:
All of the limitations herein are similar to some or all of the limitations of Claim 3.
Regarding Claim 18:
All of the limitations herein are similar to some or all of the limitations of Claim 4.
Regarding Claim 19:
All of the limitations herein are similar to some or all of the limitations of Claim 5.
Response to Amendment
Applicant’s Amendments, filed on 1/22/2026 are acknowledged and accepted.
Response to Arguments
On pages 13-17 of the Remarks filed on 1/22/2026, Applicant argues that none of the previously cited prior art teaches the newly amended limitations. In particular, Applicant states that “Hebert fails to specifically teach the more clearly recited limitations…as further exemplified and supported by the Applicant’s Specification” citing paragraphs [0048], [0050]-[0051] of Applicant’s Specification.Applicant’s argument is convincing that the previously cited prior art does not teach at least some of the newly amended limitations, thus necessitating the new grounds of rejection presented herein.It is noted, in light of the telephonic interview held on 1/20/2026 and upon further review of paragraph [0051] of Applicant’s Specification, that if Applicant’s intent was to recite that the organized common format for structing the client data is set as being the same format as the identified majority format after identifying the majority format of the aggregated synthetic data, this scope does not appear to be reflected in the relevant claim limitation.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Degioanni et al. (U.S. Pre-Grant Publication No. 2022/0414262) teaches “The data privacy evaluator may generate evaluation results as shown in FIG. 1, wherein the system may endorse the anonymized dataset (504-1) (shown in dotted lines) as it shows good trade-off between the privacy metric (privacy score=95%), the utility metric (utility score=78%) and the similarity metric (similarity score=70%) to give a final output value (global computation) of 90%. The final output value may vary based on the weights assigned to each metric. Further, as illustrated in FIG. 5B, the same results may be assessed by a rule engine 524 (same as rule engine 114 of FIG. 1). The rule engine 524 may permit a first set of predefined rules to be set by at least one mode such as manually i.e. customized 528 and automatically i.e. default 526. In an example embodiment, if the mode is default 526, then the first set of predefined rules may choose higher global computation (final output value) with a threshold for privacy metric as above 95% and a threshold for utility/similarity metrics (utility/similarity scores) as over 70%. In an example embodiment, if the mode is customized 528, then the first set of predefined rules may be chosen by the user manually. In an example embodiment, the user may choose a set a minimum level of threshold for each metric and may also provide a purpose of anonymization such that the processor can endorse the anonymized dataset that may best suit the first set of predefined rules. In another example embodiment, the user may specify an anonymization purpose such as, for example, data monetization, sharing to a third party, data analytics, such that the processor may recommend or use the threshold for each metric adapted to the purpose mentioned. For example, if the anonymization is done for sharing the data, the anonymization engine may suggest, for example, for academic purposes, a threshold for privacy score over 90% as privacy risk in this case may be acceptable if less than 10%. As another example, for business purpose, privacy score over 95% may be used as 5% re-identification risk may be the maximum threshold acceptable in this case.” (Para. [0036])
Segars et al. (U.S. Pre-Grant Publication No. 2024/0070439) teaches generating synthetic datasets includes receiving, via an application programming interface (API) of a remote generative database service, a generative database query for obtaining synthetic data samples statistically representative of a sensitive dataset, searching a generative model data structure comprising a plurality of generative model nexuses based on a generative model election request derived from the generative database query, wherein the searching returns a generative model for fulfilling the generative database query, generating a synthetic dataset using the generative model returned from the searching based on a plurality of generative query parameters extracted from the generative database query, and returning the synthetic dataset as a result to the generative database query.The reference further teaches “a sensitivity testing or evaluation of a target synthetic dataset, as a whole, for re-identification risk based on data membership or attributes. In this second implementation, S225 may function to perform a sensitivity assessment across multiple synthetic data samples of the target synthetic dataset to identify or compute a re-identification metric. Preferably, the re-identification metric relates to a numerical or categorical value indicating a likelihood that one or more synthetic data samples may be re-identified to a real data sample based on an association to other synthetic data samples in a dataset or target corpus. Accordingly, if the re-identification metric satisfies or exceeds a re-identification risk threshold (e.g., a maximum re-identification risk value), S225 may jettison the target synthetic dataset together with the associated generative model that produced the target synthetic dataset.” (Para. [0097])
Zhang (U.S. Pre-Grant Publication No. 2024/0020415) teaches anonymizing a multi-relational dataset. The system may comprise an interface (IN) for receiving a data table of the multi-relational dataset. An analyzer (AZ) of computing system (SYS) analyzes the data table to obtain a result describing one or more characteristics of the data table. A selector (SL) of computing system (SYS) selects, based on the result, a privacy model (PM) for the data table from plural privacy models (PMj). An anonymizer (TAY) of computing system (SYS) applies a first anonymizing operation to the data table, based on the selected privacy model to obtain an anonymized data table.The reference further teaches “Based on the privacy model, individual re-id risk scores, such as probabilities for reidentifying are established, preferably per record in the table. Table(s) whose re-id risk score is below/above a pre-defined threshold are subjected to anonymization operation. Such re-id risk score may be formulated in terms of parameter k of k-anonymity model, or in models derived or related to the k-anonymity model.” (Para. [0098]).
Middleton et al. (U.S. Pre-Grant Publication No. 2024/0119175) teaches anonymizing unstructured data. In some implementations, a server can receive unstructured data. The server can automatically detect attributes in the unstructured data using a trained machine-learning model and can determine an amount of undetected attributes and detected attributes in the unstructured data. The server can simulate additional attributes for the unstructured data according to the amount of undetected attributes. The server can analyze a risk of disclosure in the unstructured data using the detected attributes and the simulated additional attributes. The server can modify the detected attributes according to the analyzed risk of disclosure and replace the detected attributes with the modified detected attributes in the unstructured data.
The reference further teaches “masking techniques can completely obfuscate the relationship between an original and replacement value, without any consideration to preserving utility of the original value.” (Para. [0096])The reference further teaches “the server 106 can re-analyze the risk of disclosure of the anonymized unstructured data 130. The risk of disclosure in the anonymized unstructured data 130 may be re-analyzed to ensure it falls below a risk threshold value.” (Para. [0105]).
Non-Patent Literature Osorio-Marulanda et al., "Privacy Mechanisms and Evaluation Metrics for Synthetic Data Generation: A Systematic Review", June 2024, in IEEE Access, vol. 12, pp. 88048-88074, 2024, doi: 10.1109/ACCESS.2024.3417608 (Year: 2024) teaches different mechanisms have been used across different domains, including Privacy Enhancing Technologies like Synthetic Data Generation, which aim to protect user-sensitive data and prevent misuse among different domains. Then, Synthetic data has been used not only to augment datasets and balance classes but also in applications of data analysis paradigms that aim to provide useful insights in terms of utility while preserving the privacy of sensitive data. Still, there is a gap in the conceptual and state-of-the-art understanding of the level of privacy synthetic data generators can provide and how they affect various industries and fields.The reference further teaches a systematic review that attempts to address how privacy has been assessed and measured in the framework of synthetic data generation, and getting to know which metrics have been used to evaluate those mechanisms.
Non-Patent Literature Majeed, Abdul, "Attribute-Centric and Synthetic Data Based Privacy Preserving Methods: A Systematic Review", September 2023, Journal of Cybersecurity and Privacy. 2023; 3(3):638-661. https://doi.org/10.3390/jcp3030030 (Year: 2023) teaches in the past decades, a substantial number of anonymization techniques were developed based on the famous four privacy models such as k-anonymity, ℓ-diversity, t-closeness, and differential privacy. In recent years, there has been an increasing focus on developing attribute-centric anonymization methods, i.e., methods that exploit the properties of the underlying data to be anonymized to improve privacy, utility, and/or computing overheads. In addition, synthetic data are also widely used to preserve privacy (privacy-enhancing technologies), as well as to meet the growing demand for data. To the best of the authors’ knowledge, none of the previous studies have covered the distinctive features of attribute-centric anonymization methods and synthetic data based developments. To cover this research gap, this paper summarizes the recent state-of-the-art (SOTA) attribute-centric anonymization methods and synthetic data based developments, along with the experimental details.The reference further teaches innovative privacy-enhancing technologies that are used to protect the privacy of personal data enclosed in various forms and discusses the challenges and the way forward in this line of work to effectively preserve both utility and privacy.
European Patent Application Publication EP3709189 teaches the present invention relates to methods for data integration into a knowledge graph. Fusion data of a data source is obtained comprising a plurality of features, which are extracted from a schema of the data source and from data of the data source. A learnt fusion model is applied to the data, wherein the fusion model comprises a combination of a machine-learning model and a rule-based model, in order to recommend to a user mapping specifications for mapping data of the data source and the schema of the data source to the knowledge graph.
Tonkin et al. (U.S. Pre-Grant Publication No. 2017/0185674) teaches generating a mapping using ontologies, the apparatus including at least one electronic processing device that determines ontologies having respective ontology terms, determines a group of ontology terms from at least one of the ontologies, determines alignment between ontology terms in the ontologies for at least some of the group of ontology terms, the alignment being determined at least partially in accordance with an ontology term meaning of the ontology terms and generates a mapping in accordance with the alignment.The reference further teaches “the mapping may be used in transferring content from a source data store having a source data structure including a number of source data fields to a target data store having a target data structure including a number of target data fields, wherein the ontologies are associated with the source data structure and the target data structure and wherein the electronic processing device transfers content between the source data fields and target data fields using the mapping.” (Para. [0028]).
Li et al. (U.S. Pre-Grant Publication No. 2024/0419813) teaches “The service provider can manage an application used to provide data analytics, predictive operations, corrective operations, etc. In response to a request, by the application, for the manufacturing process data, both entities (e.g., the customer and the service provider) can allow access to the encrypted manufacturing process data by decrypting the database management system. The encrypted manufacturing process data can then be sent to the anonymizer to remove sensitive information (e.g., confidential data, proprietary data, etc.). In particular, the anonymizer can decrypt (e.g., via the private key) the encrypted manufacturing process data, and perform one or more of a heuristic-based method, a machine-learning based method, a k-source anonymity-based method, an algorithmic-based method, etc. to remove the sensitive data. The anonymizer can then normalize the data to transform the data into a normalized dataset such that the normalized dataset retains certain features from the original data without revealing actual output values. The normalized data can then be sent to the application.” (Para. [0029]).
Fokoue-nkoutche et al. (U.S. Pre-Grant Publication No. 2016/0055184) teaches embodiments virtualize data across heterogeneous formats. In one embodiment, a plurality of heterogeneous data sources is received as input. A local schema graph including a set of attribute nodes and a set of type nodes is generated for each of the plurality of heterogeneous data sources. A global schema graph is generated based on each local schema graph that has been generated. The global schema graph comprises each of the local schema graphs and at least one edge between at least one of two or more attributes nodes and two or more type nodes from different local schema graphs. The edge indicates a relationship between the data sources represented by the different local schema graphs comprising the two or more attributes nodes based on a computed similarity between at least one value associated with each of the two or more attributes nodes.Lori et al. (European Patent Application Publication EP3771992A1) teaches data ingestion for use in a large-scale database system comprises retrieving (402) a plurality of document objects from a large-scale data store (304). A corresponding plurality of feature vector representations (406) of contents of the document objects is computed (404). The feature vector representations are grouped (412) according to an unsupervised learning approach to identify one or more clusters (414) of similar documents. For each identified cluster, at least one strategy (418, 420) for transformation and/or storage of associated data within a serving data store (226) is generated (416) and stored (422). When an event comprising the arrival of one or more new document objects (504) into the large-scale data store is detected, a corresponding one or more feature vector representations (508) of contents of the new document objects is computed (506). The new document objects are classified (510) as associated with one of the identified clusters (512) according to the unsupervised learning approach. One of the stored strategies for transformation and/or storage of data content of the new document objects is retrieved (514) based upon the classification. The retrieved strategy is executed (518) for transformation and/or storage of data content of the new document objects within the serving data store.
Sundaram et al. (U.S. Pre-Grant Publication No. 2020/0372211) teaches a multi-lender architecture evaluates applicant data against lending rule sets of multiple lenders. Rule sets provided by different lenders may be expressed differently. The multi-lender architecture transforms the rules in each rule set and represents the rules in a normalization grid. The normalization grid allows a single algorithm to evaluate the rules of different lenders.
Non-Patent Literature Team Aampe, "How to Normalize Data in Excel", 2024 March 3, <https://aampe.com/blog/how-to-normalize-data-in-excel> (Year: 2024) teaches “After normalizing your data, the next step is often to consolidate it so your datasets are aligned and ready for reporting or analysis.”, “Before combining datasets, make sure they share the same structure: the same column layout, consistent data formats, matching definitions for each field”, and “Once your datasets are consolidated, preserving data integrity is critical. Best practices include: verifying that dates, numbers, and categories are formatted consistently, using Data Validation to control future inputs, applying Conditional Formatting to identify anomalies”
Non-Patent Literature Chrissy Kidd, "Data Normalization Explained: How to Normalize Data", 2022 October 28, <https://www.splunk.com/en_us/blog/learn/data-normalization.html> (Year: 2022) teaches “Data normalization can be defined as a process designed to facilitate a more cohesive form of data entry, essentially ‘cleaning’ the data. When you normalize a data set, you are reorganizing it to remove any unstructured or redundant data to enable a superior, more logical means of storing that data. The main goal of data normalization is to achieve a standardized data format across your entire system. This allows the data to be queried and analyzed more easily which can lead to better business decisions.” and “In a fundamental sense, data normalization is achieved by creating a default (standardized) format for all data in your company database. Normalization will look different depending on the type of data used.”
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ROBERT F MAY whose telephone number is (571)272-3195. The examiner can normally be reached Monday-Friday 9:30am to 6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Boris Gorney can be reached on 571-270-56265626. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ROBERT F MAY/Examiner, Art Unit 2154
3/26/2026
/BORIS GORNEY/Supervisory Patent Examiner, Art Unit 2154