DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant's arguments filed 3/23/2026 have been fully considered but they are not persuasive.
As to Applicant’s argument that, “the Office does not identify at least one additional machine learning model that is pretrained to determine a relevancy of at least a portion of the session data before prompt generation, nor does the Office identify generation of a prompt based on a relevant portion of the session data as opposed to the broader session data generally. Instead, the Office maps the current claims at a higher level to prompt generation and LLM analysis of session data and context data” (Remarks, p. 11), the Examiner respectfully disagrees. In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). The combined references explicitly state the use of multiple machine learning models each assigned different tasks, “The computing device may include one, two, three, or more machine learning models that are trained for different tasks” (White, [0030]) and “The engine includes one or more machine learning models that are trained various data” (Desai, [0200]). The combined references also preprocess the raw session data to filter out noise from the session data to produce “relevant” session data for further processing (Desai, [0174]) and preprocessing the raw session data to separate/extract, for example, audio, video, or shared content components to allow for specialized monitoring and processing each separated/extracted session data for specialized processing (White, [0025]). It is pointed out that using specific types of machine learnings, large language models, artificial intelligence, neural networks and other models are not patentably distinct and reflect a choice made by the users as suggested by the Applicant (Specification, at least [0077, 0082, and 0086]). Therefore, the rejection is maintained.
Response to Amendment
Claims 7, 8, and 17 have been cancelled.
Claims 1-3, 9, 10, 13, 16, 21, 22, 25, and 27-29 have been amended.
Claims 1-6, 9-16, and 18-30 are pending.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-9, 11, 12, and 15-29 are rejected under 35 U.S.C. 103 as being unpatentable over US PG Pub. No. 2024/0114205 to White in view of US PG Pub. No. 2023/0370495 to Desai, et al. (hereinafter Desai) in view of “Prompt Engineering in Large Language Models” by Marvin et al.
As to claims 1 and 21, White teaches:
Identifying a recorded managed session between a network identity and a target resource (monitoring a conferencing session for training a conference system) (White, [0019]).
White teaches operations (accessing data, active participation during conferencing session) (White, at least [0034]), but does not explicitly recite that those operations are privileged. However, in an analogous art, Desai teaches wherein the managed session includes access by the network identity using an access management system configured to record the managed session (White, [0056]) to perform at least one privileged operation at the privileged target resource (identity of session) between participants and a server (target resource)) (zero trust environment ensures that only authenticated/privileged users are able to access resources) (Desai, at least [0038, 0040, 0044, and 0103 and fig. 15]).
Therefore, one of ordinary skill in the art at before the effective filing date of the claimed invention would have been motivated to implement the monitoring/processing of communication sessions with machine learning models of White with the zero-trust architecture of Desai in order to better protect resources from malicious intent as suggested by Desai (Desai, [0038]).
White as modified further teaches:
Performing a reviewal process for the recorded managed session, the reviewal process comprising identifying session data associated with the managed session (machine learning model looks for inconsistencies in the session data between the presenter and the participant) (White, [0030] and Desai, [0026]), wherein the session data reflects one or more actions performed by the network identity associated with the at least one privileged operation (session metadata is used to maintain security throughout the session) (Desai, [0088]).
Accessing context data clustered from a plurality of data sources associated with the network identity (machine learning uses contextual data in the monitoring of communication sessions) (White, [0030-0031]), the context data being associated with at least one previous managed session associated with the network identity (machine learning model trained on previous sessions (Desai, [0199]).
d. Preprocessing the session data by providing the session data to at least one additional machine learning model having been pretrained to determine a relevancy of at least a portion of the session data (raw session data is processed to extract noise and to separate the raw session data into its constituent components for specialized analyses) (Desai, [0174] and White, [0025]).
White as modified teaches using contextual data as inputs to machine learning models but does not explicitly recite the generation of prompts including model instructions. However, in an analogous art, Marvin teaches:
e. Generating, after preprocessing the session data, a prompt, the prompt comprising a relevant portion of the session data, text-based context data, and a text-based model instruction for at least one large language model (providing instructions and context in the form of text-based prompts to large language models) (Marvin, Sec. 2: Prompt Engineering).
Therefore, one of ordinary skill in the art before the effective filing date of the claimed invention would have been motivated to implement the monitoring/processing of communication sessions with machine learning models of White as modified with the use of engineered prompts including instructions and context data of Marvin in order to improve the performance of large language models and save valuable time and resources as suggested by Marvin (Marvin, Sec. 1.3: Research Objective and Motivation).
Providing the prompt as an input to the at least one large language model, (providing instructions and context in the form of text-based prompts to large language models) (Marvin, Sec. 2: Prompt Engineering).
Obtaining a text-based output from the at least one large language model, the text-based output being based on an analysis of the relevant portion of the session data and the context data (output of the machine learning model with LLM including both context data and session data) (Desai, [0044, 0088, 0203, and 0204]) and (receiving outputs based on the text-based prompts including instructions, input data, and context) (Marvin, Sec. 2: Prompt Engineering).
Determining, based on the text-based output, whether to perform a security action associated with the recorded managed session (remediation (security action) can be automatic) (Desai, [0215] and fig. 20).
As to claim 2, White as modified teaches the text-based output from the at least one large language model includes at least one indication of malicious intent by the network identity that is not associated with a rule-based security policy (threat classification can be unknown (it does not violate any rules or is unknown to violate any rules) which can result in remedial action) (Desai, [0060]).
As to claim 3, White as modified teaches receiving the context data as an output of a second additional machine learning model, the second additional machine learning model having been pre-trained on data associated with the network identity (a plurality of machine learning models is used to manage the sessions) (White, [0025 and 0030] and Desai, [0199, 0200, and 0214]).
As to claim 4, White as modified teaches the context data further includes at least one of: metadata associated with the identity, sensor data associated with the identity, or synthetic managed session data (metadata associated with the user is used to train the machine learning model) (Desai, [0026]).
As to claim 5, White as modified teaches the context data further includes historical managed session data associated with identities determined to be related or similar to the identity (the historical session data is representative of the current session) (Desai, [0199]).
As to claim 6, White as modified teaches the reviewal process includes intercepting at least a portion of the session data during the recorded managed session (the machine learning model analyzes the entire session which is seen as equivalent to “intercepting at least a portion”) (White, [0030-0031]).
As to claim 9, White as modified teaches the at least one additional machine learning model is pretrained to determine the relevancy of session data based on an active window associated with the recorded managed session (the managed session is directed toward a video conference with context data associated with live video (active window), live audio, sharing of content and document) (White, [0024]).
As to claim 11, White as modified teaches the determination whether to perform the security action occurs during a current timeframe and the session data includes session data recorded during a previous timeframe prior to the current timeframe (remediation (security action) can be automatic) (Desai, [0215] and fig. 20). It is noted that remediation does not occur before the session data timeframe, but after the session data has been processed and the remediation is executed after the session data timeframe.
As to claim 12, White as modified teaches the reviewal is performed by an agent running at a machine used by the identity (the agent can be a lightweight agent that reports back to a central management console) (Desai, [0156). The limitation is merely concerned with the location of the agent/machine learning model which does not affect the operation of the instant application.
As to claim 15, White as modified teaches determining whether to perform the security action associated with the recorded managed session is further based on feedback from at least one of: the network identity or the target resource (user feedback is integral to the success of the machine learning models) (Desai, [0216]).
As to claim 16, White as modified teaches the feedback includes at least one of: data provided by the network identity, data associated with an action performed on the target resource by the network identity, a previous determination of whether to perform the security action, or content of the security action (user feedback (user provided data) is integral to the success of the machine learning models) (Desai, [0216]).
As to claim 18, White as modified teaches the security action includes at least one of: generating an alert for the managed session or generating a report for the recorded managed session (notifying (alerting) a user of a breach) (Desai, [0107]).
As to claim 19, White as modified teaches the security action includes at least one of: pausing or terminating the recorded managed session (terminating connections in response to malicious activity) (Desai, [0044]).
As to claim 20, White as modified teaches the security action includes at least one of: requiring an authentication associated with the recorded managed session, managing a secret associated with at least one of the network identity or the target resource, or managing a policy associated with at least one of the network identity or the target resource (terminating connections in response to malicious activity is part of the policy) (Desai, [0043-0044]).
As to claim 22, White as modified teaches determining, based on the text-output from the at least one large language model, an intended network action associated with the network identity (terminating connections in response to malicious activity) (Desai, [0044]).
As to claim 23, White as modified teaches the intended network action comprises at least one of: a command or a behavior (terminating connections (command) in response to malicious activity) (Desai, [0044]).
As to claim 24, White as modified teaches receiving from the network identity an indication of an intended network action (intended actions (behaviors) of the user that deviate from expected actions are indications of possible malicious activity) (Desai, [0130-0132]).
As to claim 25, White as modified teaches determining, based on the text-based output from the at least one large language model, whether the monitored session deviates from the intended network action (intended actions (behaviors) of the user that deviate from expected actions are indications of possible malicious activity) (Desai, [0130-0132]).
As to claim 26, White as modified teaches performing the security action when the monitored session deviates from the intended network action (terminating connections in response to malicious activity) (Desai, [0044]).
As to claim 27, White as modified teaches determining based on the text-based output from the at least one large language model, whether the monitored session includes an activity from a plurality of predefined suspicious network activities (terminating connections in response to malicious activity) (Desai, [0044]).
As to claim 28, White as modified teaches the plurality of predefined suspicious network activities are determined based on at least one previous output from the at least one large language model (terminating connections in response to malicious activity based on previous analyses) (Desai, [0026 and 0044]).
As to claim 29, White as modified teaches performing the security action when the monitored session includes the activity from the plurality of suspicious network activities (examples of suspicious activities) (Desai, [0102 and 0133]).
As to claim 30, White as modified teaches the plurality of data sources are different from the target resource, and wherein the context data reflects a behavior of the network identity in association with the plurality of data sources (video signal, audio signal, user presence/absence…) (White, [0026]).
Claims 10, 13, 14 are rejected under 35 U.S.C. 103 as being unpatentable over US PG Pub. No. 2024/0114205 to White in view of US PG Pub. No. 2023/0370495 to Desai, et al. (hereinafter Desai) in view of “Prompt Engineering in Large Language Models” by Marvin et al. as applied to claim 8 above, and further in view of US PG Pub. No. 2018/0349678 to Koskan et al. (hereinafter Koskan).
As to claim 10, White as modified does not expressly mention the output being a subset of the session data. However, in an analogous art, Koskan teaches an output of the at least additional machine learning model includes a selected subset of the session data (processing results in objects of interest that are in the video stream or frame capture using artificial intelligence agents) (Koskan, [0073-0076 and 0085]).
Therefore, one of ordinary skill in the art before the effective filing date of the claimed invention would have been motivated to implement the monitoring/processing of communication sessions with machine learning models of White as modified with the processing of session data that results in a subset of the session data of Koskan in order to derive useful information from the session data as suggested by Koskan (Koskan, [0001]).
As to claim 13, White as modified does not expressly mention translating session data. However, in an analogous art, Koskan teaches providing the prompt as an input to at least one large language model includes translating the session data to semantic data (extracting/translating alphanumeric text from a video frame for further processing) (Koskan, [0073]).
Therefore, one of ordinary skill in the art at the time the application was filed would have been motivated to implement the monitoring/processing of communication sessions with machine learning models of White as modified with the processing of session data that results in a subset of the session data of Koskan in order to derive useful information from the session data as suggested by Koskan (Koskan, [0001]).
As to claim 14, White as modified teaches the session data includes a video of the recorded managed session and wherein the semantic data text extracted from the video (extracting/translating alphanumeric text from a video frame for further processing) (Koskan, [0063 and 0073]).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM S POWERS whose telephone number is (571)272-8573. The examiner can normally be reached M-F 7:30-17:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L Ortiz-Criado can be reached at (571) 272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/WILLIAM S POWERS/ Primary Examiner, Art Unit 2496