Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Amendments
This action is in response to amendments filed September 22nd, 2025, in which Claims 1 and 11 are amended. Claims 9 and 19 have been cancelled. Claims 21 and 22 have been added. The amendments have been entered, and Claims 1-8, 10-18, and 20-22 are currently pending.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-8 and 10, and 11-18 and 20-22 are rejected under 35 U.S.C. 103 as being unpatentable over Kurniawan, US Patent 11,449,797, in view of Breckenridge, US PG Pub 2012/0191630; and further in view of Maurer, US PG Pub 2024/0179192 (with a filing date of November 30th, 2022); Kozlowski, US PG Pub 2023/0135256; Bottaro, US PG Pub 2021/0097187; and Vandeventer, US Patent 11,811,818.
Regarding Claim 1, Kurniawan teaches an apparatus for training a machine learning model to generate an output using sequestered information (Kurniawan, title, “Secure machine learning workflow automation using isolated resources”) wherein the apparatus comprises: at least a computing device, wherein the computing device is comprised of: a memory, wherein the memory stores instructions; and a processor, communicatively coupled to the memory, wherein the processor is configured (Kurniawan, Fig. 10) to: train a machine learning model on a first corpus (Kurniawan, column 4, lines 11-14, “a data scientist or engineer may generate an initial or preliminary version of the machine learning model using a secondary data set (e.g. a synthetic data set) which does not have security requirements … An indication of a set of training-related artifacts … may be obtained at the SMLAS’ (secure machine learning automation service) “via one or more programmatic interactions”) collect a second corpus, wherein the second corpus includes sequestered information (Kurniawan, Abstract, “a machine learning model to be trained with an input data set having an access restriction … deployed to a computing platform within an isolated resource group which satisfies the access restriction” also see Fig. 7, elements 701, 704) instantiate the machine learning model in a sequestered enclave (Kurniawan, Fig. 5, element 501 & Fig. 7, element 713, “Configure or identify a secure computing platform for training the model … within an isolated virtual network”) retrain the machine learning model in the sequestered enclave using the second corpus (Kurniawan, Fig. 7, element 716, “generate at least one trained version of M1 using the training artifacts included in SEE1” & Fig. 5, element 514 & column 5, lines 7-10, “The IVN within which the computing platform(s) to be used for training the model using the input data set with the stringent security requirement are set up”) … generate an output as a function of [] input using the retrained machine learning model (Kurniawan, Fig. 7, element 731, “Run deployed version of M1 to obtain inferences/predictions and perform corresponding actions (e.g. transmit results to ML output consumers)”).
While Kurniawan generates inferences using the final machine learning model, Kurniawan does not explicitly teach to receive an input from a client device, [use that input to generate an output with the ML model], and to display the output using a display device. However, Breckenridge, also in the field of machine-learning-as-a-service, teaches to receive an input from a client device, generate an output as a function of the input using [a] machine learning model, and display the output using a display device (Breckenridge, [0049], “In some implementations, where the client computing system is provided with a URL to access the trained predictive model, input data and a request to the URL can be embedded … the input data can be packaged into a request that is sent in a request to the URL for a predictive output … the input data is input to the trained predictive model and a predictive output is generated … in response to receiving the predictive output, cause to display on the customer’s computer [the results]”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to allow a client to access the trained model and receive and display the outputs generated by the trained model, as does Breckenridge, on the securely-trained model of Kurniawan. The motivation to do so is to allow remote users (e.g. users of a web page) to access or benefit from the model’s predictions (Breckenridge, [0049]).
Kurniawan and Breckenridge do not relate particular details of the purpose of the models that are trained using their methods. However, Maurer does teach wherein the first corpus comprises a plurality of documents that the machine learning model uses to generate associations between a plurality of language elements (Maurer, [0014], “machine learning models may be trained and used to determine … topics a user frequently discusses or may be knowledgeable in … a user’s prior interactions (described as interaction data) may include … posts, documents, etc.” & [0182], “training the machine learning model based at least in part by inputting prior interaction data and prior representative data” & [0155], “machine-learning models may receive data associated with public interactions”) and determine a significant of a category based on the associations generated between the plurality of language elements using a diagnostic engine (Maurer, [0155], “machine-learning models may be trained to recognize and extract keywords or key-phrase from private messages in order to help generate one or more representative channels, users, and/or topics to associate with a user account”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention use the public-private training system of Kurniawan/Breckenridge to train the natural-language topic-recognition models of Maurer. The motivation to do so is that Kurniawan trains models on public and private data, and keeps the private data secure, and Maurer also trains models on public and private data, and would benefit from keeping the private data secure.
Kurniawan is silent regarding, but Kozlowski teaches, wherein the sequestered enclave comprises a trusted platform module configured to perform an integrity measurement, wherein the integrity measurement is configured to enable a query of integrity status using at least an attestation challenge (Kozlowski, [0088-0089], “trusted computing may include … a Trusted Platform Module (TPM) … TPM may be capable of … integrity measurement [which is] a technique to enable a party to query the integrity status of software running on a platform, e.g. through attestation challenges”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the trusted platform module of Kozlowski in the secure computing environment/sequestered enclave of Kurniawan. The motivation to do so is to securely enable a user and/or process access to the private data (Kozlowski, [0089]), a function needed by Kurniawan.
The combination further does not teach, but Bottaro does teach, understanding an intent of the input (Bottaro, [0012], “a digital content item that contains a candidate entry is identified as having a semantic similarity to a target entity” where “semantic similarity” denotes understanding an intent) as a function of a context of the input (Bottaro, [0023], “in response to user input (e.g. entering of text and section of a graphical button” & [0060], “the content item and …target entity are input to a set of digital models”); predicting the output (Bottaro, [0012], “to determine whether to link entities”) wherein predicting the output comprises: identifying a nature of a potential risk associated with the output (Bottaro, [0081], “a particular implementation may have a preference to filter out content items that relate to certain sensitive topics, such as personal medical issues … the topic analysis classifier(s) can be trained to recognize content items that are associated with the sensitive topics … a corresponding threshold can be adjusted by content risk tuning component 422, in order to filter out content items associated with sensitive topics”) comparing the potential risk to the risk threshold …; and filtering the output as a function of the risk threshold (Bottaro, [0054], “recommendation component 244 may compare each risk score and confidence value to a corresponding threshold value and determine to recommend that the matching entities be linked only if all risk scores and the confidence values exceed the corresponding threshold values”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to train the semantic linking model of Bottaro using the machine learning service of Kurniawan/Breckenridge/Maurer/Kozlowski. The motivation to do so is that Bottaro indicates that their system can be run by a server (Bottaro, [0023], [0027]) and the invention of Bottaro includes some kinds of private data (Bottaro, [0081], “content items that relate to certain sensitive topics, such as personal medical issues”).
Finally, while the combination teaches comparing the potential risk to a risk threshold, the combination does not teach wherein the risk threshold includes a fuzzy set comparison to identify risk scores and risk thresholds. However, Vandeventer, in the same context of the claimed invention of identifying a potential risk, teaches a fuzzy set comparison to identify risk scores and risk thresholds (Vandeventer, column 22, lines 1-28, “Where first fuzzy set 504 and second fuzzy set 516 have a region 528 that overlaps … intersect at a point representing a probability … A probability at 528 and/or 562 maybe be compared to a threshold … Threshold 540 may, in a non-limiting example, represent a degree of match between first fuzzy set 504 and second fuzzy set 516 … each threshold may be tuned … a degree of match between fuzzy sets may be used to classified cyber profile category risk data and risk assessment category data” where the “probability” is a risk score and both the risk score/probability and risk threshold were identified by the fuzzy set comparison procedure). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to use a fuzzy comparison, as does Vandeventer, for risk assessment, rather than the hard threshold of Bottaro, in the combination. The motivation to do so is that the fuzzy procedure allows a comparison of uncertain categories and provides a degree of matching (Vandeventer, column 10, line 49-column 11, line 12).
Regarding Claim 2, the Kurniawan/Breckenridge/Mauer/Kozlowski/Bottaro/Vandeventer combination of Claim 1 teaches the apparatus of Claim 1 (and thus the rejection of Claim 1 is incorporated). The combination has not yet been shown to teach wherein the machine learning model further comprises a large language model, but Maurer teaches this limitation (Maurer, [0044], “In some examples, the machine learning model(s) 130 may include Generative Pre-trained Transformer 3”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to train/augment a large language model, such as that of Maurer, using the private machine learning service of the Kurniawan/Breckenridge/Maurer combination. The motivation to do so is to train the model while maintaining data privacy of Maurer’s private data.
Regarding Claim 3, the Kurniawan/Breckenridge/Mauer/Kozlowski/Bottaro/Vandeventer combination of Claim 2 teaches the apparatus of Claim 2 (and thus the rejection of Claim 2 is incorporated). The combination has already been shown to teach, via Maurer, wherein the large language model includes a GPT (Maurer, [0044], “In some examples, the machine learning model(s) 130 may include Generative Pre-trained Transformer 3”).
Regarding Claim 4, the Kurniawan/Breckenridge/Mauer/Kozlowski/Bottaro/Vandeventer combination of Claim 1 teaches the apparatus of Claim 1 (and thus the rejection of Claim 1 is incorporated). Kurniawan further teaches wherein the sequestered information comprises: user credentials to third party applications; and user-specific information from third party applications (Kurniawan, column 15, lines 58-65, “A client 630 may submit an InputDataSetInfo message 602 … to provide details about an input data set for training a machine learning model …[including] credentials usable to access the objects ,,, the input data set may be stored at a storage service of a provider network” where client-submitted data is user-specific information and “a provider network” is a third party application).
Regarding Claim 5, the Kurniawan/Breckenridge/Mauer/Kozlowski/Bottaro/Vandeventer combination of Claim 1 teaches the apparatus of Claim 1 (and thus the rejection of Claim 1 is incorporated). Kurniawan further teaches instantiating a virtual representation (Kurniawan, Fig. 5, element 556, “trained versions of model” are in a “virtualized computing service 510” ) generating a virtual environment (Kurniawan, Fig. 5, “virtualized computing service 510”) and instantiating a sequestered enclave (Kurniawan, Fig. 5, “secure isolated virtual network 512”).
Kurniawan is not explicit regarding instantiating a user profile, but Breckenridge teaches this limitation (Breckenridge, [0025], “the trained model [can be] made available to users who have access…using any conventional techniques for user authorization and authentication” where any technique indicating a user has authorization thus includes a user profile). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to use a user profile in the invention of Kurniawan/Breckinridge/Maurer. The motivation to do so is to allow access to the trained model only to specific users.
Regarding Claim 6, the Kurniawan/Breckenridge/Mauer/Kozlowski/Bottaro/Vandeventer combination of Claim 1 teaches the apparatus of Claim 1 (and thus the rejection of Claim 1 is incorporated). Kurniawan further teaches to operate a virtual representation within a sequestered enclave, wherein operating the virtual representation further comprises: generating at least one virtual representation within the sequestered enclave (Kurniawan, Fig. 5, element 514, “Model and result exploration” are within sequestered enclave/“Secure isolated virtual network 512” and thus virtual representations) thereby isolating the sequestered enclave from direct communication with the first corpus (Kurniawan, Fig. 5, element 512, “with no access to public internet”) executing at least one virtual representation within the sequestered enclave (Kurniawan, Fig. 5, element 514, “Model and result exploration” generates “results” element 556).
Regarding Claim 7, the Kurniawan/Breckenridge/Mauer/Kozlowski/Bottaro/Vandeventer combination of Claim 1 teaches the apparatus of Claim 1 (and thus the rejection of Claim 1 is incorporated). Kurniawan further teaches executing at least one virtual representation within the sequestered enclave (Kurniawan, Fig. 5, element 514, “Model and result exploration” are within sequestered enclave/“Secure isolated virtual network 512”) wherein executing at least one virtual representation comprises: classifying a plurality of sequestered information as confidential or non-confidential (Kurniawan, column 19, lines, 4-12, “a sanitation operation may comprise searching for specific types of objects in the artifacts and trained models, such as image files, numeric strings that resemble addresses, phone number, financial account information and the like, and removing such objects” ) and storing the plurality of sequestered information as confidential or non-confidential (Kurniawan, column 19, lines 9-12, “The trained and sanitized version of M1 may be deployed to a destination environment … outside the IVN in various embodiments” where “outside the IVN” denotes non-confidential).
Regarding Claim 8, the Kurniawan/Breckenridge/Mauer/Kozlowski/Bottaro/Vandeventer combination of Claim 5 teaches the apparatus of Claim 5 (and thus the rejection of Claim 5 is incorporated). While Kurniawan generates inferences using the final machine learning model, Kurniawan does not explicitly teach to receive an input from a client device and to associate the input with a user profile. However, Breckenridge teaches to receive an input from a client device (Breckenridge, [0049], “In some implementations, where the client computing system is provided with a URL to access the trained predictive model, input data and a request to the URL can be embedded … the input data can be packaged into a request that is sent in a request to the URL for a predictive output”) and to associate the input with a user profile (Breckenridge, [0025], “the trained model [can be] made available to users who have access…using any conventional techniques for user authorization and authentication” where any technique indicating a user has authorization thus includes a user profile and making the model available to accept input from only those users thus associates the input with the user profile). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to use a user profile associated with user input in the invention of Kurniawan/Breckinridge/Maurer. The motivation to do so is to allow access to the trained model only to specific users.
Regarding Claim 10, the Kurniawan/Breckenridge/Mauer/Kozlowski/Bottaro/ Vandeventer combination of Claim 1 teaches the apparatus of Claim 1 (and thus the rejection of Claim 1 is incorporated). The combination has already been shown to teach, via Breckenridge, to display the output using a display device, wherein the display device comprises a remote device (Breckenridge, [0049], “in response to receiving the predictive output, cause to display on the customer’s computer [the results]”).
Regarding Claim 21, the Kurniawan/Breckenridge/Mauer/Kozlowski/Bottaro/ Vandeventer combination of Claim 1 teaches the apparatus of Claim 1 (and thus the rejection of Claim 1 is incorporated). The combination has already been shown to teach, via the rejection of Claim 1, wherein generating the output further comprises: understanding an intent of the input as a function of the context of the input; predicting the output, wherein predicting the output comprises: identifying a potential risk associated with the output; comparing the potential risk to a risk threshold …; and filtering the output as a function of the risk threshold. Each of these limitations has already been explicitly mapped in the rejection of Claim 1. The rejection of Claim 1 has also already been shown to teach adjusting the risk threshold (Vandeventer, column 22, “each threshold may be tuned”), but the rejection has not yet demonstrated adjusting the risk threshold based on a regulatory requirement and a stakeholder expectation. However, Bottaro, when discussing risk thresholds, teaches these limitations (Bottaro, [0041], “Risk tuning interface may include a user interface that can be controlled by an input device to receive user-supplied risk tuning data” denotes adjusting a risk threshold based on a stakeholder expectation, and [0036], “the user’s consent as may be required by applicable laws, rules, or regulations” denotes “user-supplied risk tuning data” that is based on a regulatory requirement). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to allow users/stakeholders to adjust the risk threshold based on regulatory requirements allowing user consent, as does Bottaro, in the combination invention. The motivation to do so is to allow user control over the level of risk they are allowing (Bottaro, [0041]).
Claims 11-18, 20, and 22 recite precisely the method that the computing device of Claims 1-8, 10, and 21, respectively, is configured to perform, and thus are rejected for the reasons set forth in those claims, respectively.
Response to Arguments
Applicant’s arguments filed September 22nd, 2025 have been fully considered, but are not fully persuasive.
Applicant’s arguments with respect to the prior art rejections of the independent claims have been considered, but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Specifically, new reference Vandeventer is applied to teach the newly recited fuzzy comparison.
Applicant’s arguments regarding the prior art rejections of the dependent claims rely upon features recited in the independent claims, and are as such unpersuasive.
Conclusion
Applicant’s amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRIAN M SMITH whose telephone number is (469)295-9104. The examiner can normally be reached Monday - Friday, 8:00am - 4pm Pacific.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kakali Chaki can be reached on (571) 272-3719. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BRIAN M SMITH/Primary Examiner, Art Unit 2122