Prosecution Insights
Last updated: April 18, 2026
Application No. 18/678,586

MANAGING USE OF INFERENCE MODELS TRAINED TO REDUCE RECONSTRUCTABILITY OF INPUT FEATURES

Non-Final OA §DP
Filed
May 30, 2024
Examiner
BAZNA, JUDY
Art Unit
2495
Tech Center
2400 — Computer Networks
Assignee
DELL PRODUCTS, L.P.
OA Round
1 (Non-Final)
67%
Grant Probability
Favorable
1-2
OA Rounds
3y 1m
To Grant
90%
With Interview

Examiner Intelligence

Grants 67% — above average
67%
Career Allow Rate
16 granted / 24 resolved
+8.7% vs TC avg
Strong +23% interview lift
Without
With
+22.9%
Interview Lift
resolved cases with interview
Typical timeline
3y 1m
Avg Prosecution
19 currently pending
Career history
43
Total Applications
across all art units

Statute-Specific Performance

§101
4.6%
-35.4% vs TC avg
§103
77.2%
+37.2% vs TC avg
§102
9.7%
-30.3% vs TC avg
§112
5.9%
-34.1% vs TC avg
Black line = Tech Center average estimate • Based on career data from 24 resolved cases

Office Action

§DP
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Information Disclosure Statement The information disclosure statement (IDS) submitted by applicant dated 05/30/2024 and 10/01/2025 have been considered by the examiner. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13. The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer. Claims 1-4, 6-9, 12, 14, 15, 17, 18 rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1, 2, 8, 9-11, 13-17, 19 of U.S. Patent No. 18678569. A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over the earlier claim. In re Langi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). "ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001 ). Current Application No. 18678586 Reference Patent No. 18678569 Claim 1: A method for managing use of inference models, the method comprising: identifying an occurrence of an inference model deployment event for a location; based on the occurrence, making a determination regarding whether the location is trustworthy; in a first instance of the determination in which the location is not trustworthy: selecting, from a model repository, an input data attack resistant inference model, the input data attack resistant inference model being based, at least in part, on a training process that comprises a weight freezing process based on levels of reconstruct ability of input features based on inferences generated by the input data attack resistance inference model; initiating deployment of a prediction head portion of the input data attack resistant inference model to the location and a shared body portion of the input data attack resistant inference model to a second location that is trustworthy; obtaining, at the location, an inference model result using the prediction head portion and the shared body portion; and providing computer-implemented services based on the inference model result. Claim 1: A method for managing use of inference models, the method comprising: identifying an occurrence of an inference model deployment event for a location; based on the occurrence, making a determination regarding whether the location is trustworthy; in a first instance of the determination in which the location is not trustworthy: selecting, from a model repository, an input data attack resistant inference model, the input data attack resistant inference model being trained to impart reconstruction resistance to, at least, input features during inference generation based on a schema for weighting, at least, the input features for reconstruction resistance; initiating deployment of a prediction head portion of the input data attack resistant inference model to the location and a shared body portion of the input data attack resistant inference model to a second location that is trustworthy; obtaining, at the location, an inference model result using the prediction head portion and the shared body portion; and providing computer-implemented services based on the inference model result. Claim 2: The method of claim 1, wherein the weight freezing process during the training process is for a portion of weights with respect to the shared body portion, and is performed when a training cycle of the training process tempers an impact of a previously performed untraining cycle of the training process. Claim 2: The method of claim 1, wherein the schema for weighting, at least, the input features for reconstruction resistance indicates a reconstruction score threshold for an input feature of the input features based on a level of sensitivity for the input feature, the level of sensitivity being based on a level of impact of undesired access to the input feature. Claim 3: The method of claim 1, further comprising: prior to identifying the occurrence of the inference model deployment event: obtaining a multipath inference model comprising: a first inference generation path comprising the prediction head portion and the shared body portion; and a second inference generation path comprising a reconstruction head portion and the shared body portion, the second inference generation path being trained to infer input features ingested by the second inference generation path; performing an untraining process for the second inference generation path to reduce an ability of the second inference generation path to infer input features and to update the shared body portion; performing a first training process for the first inference generation path while the updated shared body portion is frozen to obtain an updated prediction head portion; and treating the updated prediction head portion and the updated shared body portion as the input data attack resistant inference model. Claim 8: The method of claim 1, further comprising: prior to identifying the occurrence of the inference model deployment event: obtaining a multipath inference model comprising: a first inference generation path comprising the prediction head portion and the shared body portion; and a second inference generation path comprising a reconstruction head portion and the shared body portion, the second inference generation path being trained to infer input features ingested by the second inference generation path; obtaining, using the schema, a set of reconstruction score thresholds associated with at least the input features; performing, based on the set of the reconstruction score thresholds, an untraining process for the second inference generation path to reduce an ability of the second inference generation path to infer the input features and to update the shared body portion; performing a first training process for the first inference generation path while the updated shared body portion is frozen to obtain an updated prediction head portion; and using the updated prediction head portion and the updated shared body portion as the input data attack resistant inference model. Claim 4: The method of claim 3, wherein obtaining the multipath inference model comprises: freezing the shared body portion; and while the shared body portion is frozen: performing a second training process using a second training data set to obtain the second inference generation path. Claim 9: The method of claim 8, wherein obtaining the multipath inference model comprises: freezing the shared body portion; and while the shared body portion is frozen: performing a second training process using a second training data set to obtain the second inference generation path. Claim 6: The method of claim 3, wherein while the shared body portion is frozen, values of weights of hidden layers of the updated shared body portion are not modified during the first training process. Claim 10: The method of claim 9, wherein while the shared body portion is frozen, values of weights of hidden layers of the shared body portion are not modified during the second training process. Claim 7: The method of claim 6, wherein the values of the weights of the hidden layers of the updated shared body portion are set during a previously performed training process completed prior to the updated shared body portion being frozen and the previously performed training process using a first training data set to obtain the first inference generation path. Claim 11: The method of claim 10, wherein the values of the weights of the hidden layers of the shared body portion are set during a previously performed training process completed prior to the shared body portion being frozen and the previously performed training process using a first training data set to obtain the first inference generation path. Claim 8: The method of claim 4, wherein performing the untraining process comprises: performing a third training process using a second training data set to obtain a second shared body portion and to reduce the ability of the second inference generation path to infer input features; freezing the second shared body portion; and while the second shared body portion is frozen: performing a fourth training process using the second training data set to increase the ability of the second inference generation path to infer the input features and obtain an updated reconstruction head portion. Claim 13: The method of claim 8, wherein performing the untraining process comprises: performing a third training process using a second training data set to obtain an updated shared body portion and to reduce the ability of the second inference generation path to infer, at least, the input features; freezing the updated shared body portion; and while the updated shared body portion is frozen: performing a fourth training process using the second training data set to increase the ability of the second inference generation path to infer, at least, the input features and obtain an updated reconstruction head portion. Claim 9: The method of claim 8, wherein performing the untraining process further comprises: making a determination, using the second shared body portion and the updated reconstruction head portion, regarding whether a level of reconstruct ability of an input feature exceeds a reconstruct ability threshold; and in an instance of the determination in which the level of reconstruct ability of the input feature exceeds the reconstruct ability threshold: modifying the multipath inference model to disallow training based on the input feature and to obtain the updated shared body portion. Claim 14: The method of claim 13, wherein performing the untraining process further comprises: making a determination, using the updated shared body portion and the updated reconstruction head portion, regarding whether a reconstruction score for a first input feature of the input features falls below a reconstruction score threshold associated with the first input feature; in an instance of the determination in which the reconstruction score falls below the reconstruction score threshold: concluding that the updated shared body portion is to be used to update the first inference generation path. Claim 12: The method of claim 1, wherein the second location has access to input data for the input data attack resistant inference model and the location does not have access to the input data. Claim 15: The method of claim 1, wherein the second location has access to input data for the inference model and the location does not have access to the input data. Claim 14: The method of claim 1, wherein the model repository comprises: at least one input data attack resistant inference model; and at least one inference model that is not an input data attack resistant inference model. Claim 16: The method of claim 1, wherein the model repository comprises: at least one input data attack resistant inference model; and at least one non-input data attack resistant inference model. Claim 15: A non-transitory machine-readable medium having instructions stored therein, which when executed by a processor, cause the processor to perform operations for managing use of inference models, the operations comprising: identifying an occurrence of an inference model deployment event for a location; based on the occurrence, making a determination regarding whether the location is trustworthy; in a first instance of the determination in which the location is not trustworthy: selecting, from a model repository, an input data attack resistant inference model, the input data attack resistant inference model being based, at least in part, on a training process that comprises a weight freezing process based on levels of reconstruct ability of input features based on inferences generated by the input data attack resistance inference model; initiating deployment of a prediction head portion of the input data attack resistant inference model to the location and a shared body portion of the input data attack resistant inference model to a second location that is trustworthy; obtaining, at the location, an inference model result using the prediction head portion and the shared body portion; and providing computer-implemented services based on the inference model result. Claim 17: A non-transitory machine-readable medium having instructions stored therein, which when executed by a processor, cause the processor to perform operations for managing use of inference models, the operations comprising: identifying an occurrence of an inference model deployment event for a location; based on the occurrence, making a determination regarding whether the location is trustworthy; in a first instance of the determination in which the location is not trustworthy: selecting, from a model repository, an input data attack resistant inference model, the input data attack resistant inference model being trained to impart reconstruction resistance to, at least, input features during inference generation based on a schema for weighting, at least, the input features for reconstruction resistance; initiating deployment of a prediction head portion of the input data attack resistant inference model to the location and a shared body portion of the input data attack resistant inference model to a second location that is trustworthy; obtaining, at the location, an inference model result using the prediction head portion and the shared body portion; and providing computer-implemented services based on the inference model result. Claim 17: The non-transitory machine-readable medium of claim 15, wherein the operations further comprise: prior to identifying the occurrence of the inference model deployment event: obtaining a multipath inference model comprising: a first inference generation path comprising the prediction head portion and the shared body portion; and a second inference generation path comprising a reconstruction head portion and the shared body portion, the second inference generation path being trained to infer input features ingested by the second inference generation path; performing an untraining process for the second inference generation path to reduce an ability of the second inference generation path to infer input features and to update the shared body portion; performing a first training process for the first inference generation path while the updated shared body portion is frozen to obtain an updated prediction head portion; and treating the updated prediction head portion and the updated shared body portion as the input data attack resistant inference model. Claim 8: The method of claim 1, further comprising: prior to identifying the occurrence of the inference model deployment event: obtaining a multipath inference model comprising: a first inference generation path comprising the prediction head portion and the shared body portion; and a second inference generation path comprising a reconstruction head portion and the shared body portion, the second inference generation path being trained to infer input features ingested by the second inference generation path; obtaining, using the schema, a set of reconstruction score thresholds associated with at least the input features; performing, based on the set of the reconstruction score thresholds, an untraining process for the second inference generation path to reduce an ability of the second inference generation path to infer the input features and to update the shared body portion; performing a first training process for the first inference generation path while the updated shared body portion is frozen to obtain an updated prediction head portion; and using the updated prediction head portion and the updated shared body portion as the input data attack resistant inference model. Claim 18: A data processing system, comprising: a processor; and a memory coupled to the processor to store instructions, which when executed by the processor, cause the processor to perform operations for managing use of inference models, the operations comprising: identifying an occurrence of an inference model deployment event for a location; based on the occurrence, making a determination regarding whether the location is trustworthy; in a first instance of the determination in which the location is not trustworthy: selecting, from a model repository, an input data attack resistant inference model, the input data attack resistant inference model being based, at least in part, on a training process that comprises a weight freezing process based on levels of reconstruct ability of input features based on inferences generated by the input data attack resistance inference model; initiating deployment of a prediction head portion of the input data attack resistant inference model to the location and a shared body portion of the input data attack resistant inference model to a second location that is trustworthy; obtaining, at the location, an inference model result using the prediction head portion and the shared body portion; and providing computer-implemented services based on the inference model result. Claim 19: A data processing system, comprising: a processor; and a memory coupled to the processor to store instructions, which when executed by the processor, cause the processor to perform operations for managing use of inference models, the operations comprising: identifying an occurrence of an inference model deployment event for a location; based on the occurrence, making a determination regarding whether the location is trustworthy; in a first instance of the determination in which the location is not trustworthy: selecting, from a model repository, an input data attack resistant inference model, the input data attack resistant inference model being trained to impart reconstruction resistance to, at least, input features during inference generation based on a schema for weighting, at least, the input features for reconstruction resistance; initiating deployment of a prediction head portion of the input data attack resistant inference model to the location and a shared body portion of the input data attack resistant inference model to a second location that is trustworthy; obtaining, at the location, an inference model result using the prediction head portion and the shared body portion; and providing computer-implemented services based on the inference model result. Claim 20: The data processing system of claim 18, wherein the operations further comprise: prior to identifying the occurrence of the inference model deployment event: obtaining a multipath inference model comprising: a first inference generation path comprising the prediction head portion and the shared body portion; and a second inference generation path comprising a reconstruction head portion and the shared body portion, the second inference generation path being trained to infer input features ingested by the second inference generation path; performing an untraining process for the second inference generation path to reduce an ability of the second inference generation path to infer input features and to update the shared body portion; performing a first training process for the first inference generation path while the updated shared body portion is frozen to obtain an updated prediction head portion; and treating the updated prediction head portion and the updated shared body portion as the input data attack resistant inference model. Claim 8: The method of claim 1, further comprising: prior to identifying the occurrence of the inference model deployment event: obtaining a multipath inference model comprising: a first inference generation path comprising the prediction head portion and the shared body portion; and a second inference generation path comprising a reconstruction head portion and the shared body portion, the second inference generation path being trained to infer input features ingested by the second inference generation path; obtaining, using the schema, a set of reconstruction score thresholds associated with at least the input features; performing, based on the set of the reconstruction score thresholds, an untraining process for the second inference generation path to reduce an ability of the second inference generation path to infer the input features and to update the shared body portion; performing a first training process for the first inference generation path while the updated shared body portion is frozen to obtain an updated prediction head portion; and using the updated prediction head portion and the updated shared body portion as the input data attack resistant inference model. Claims 1, 2, 8, 9-11, 13-17, 19 of the patent US20250371142A1 contains every element of claims 1-4, 6-9, 12, 14, 15, 17, 18 of the instant application and as such anticipates 1-4, 6-9, 12, 14, 15, 17, 18 of the instant application - the claim matching is similar to matched limitations stated above table. Allowable Subject Matter The following claims are allowable over the prior art of record, but are rejected on the ground of nonstatutory double patenting. Claims 1-4, 6-9, 12, 14, 15, 17, 18 would be allowable if rewritten or amended to overcome the rejection(s) under nonstatutory double patenting rejection. Claims 5, 10, 11, 13, 16, 19, 20 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. The following is an examiner’s statement of reasons for allowance for claims are stated below: The closet prior arts made of record art: Liu (US 12216758 B2) teaches a technique for training data protection in an artificial intelligence model execution environment are disclosed. For example, a method comprises executing a first portion of an artificial intelligence model within a trusted execution area of an information processing system and a second portion of the artificial intelligence model within an untrusted execution area of the information processing system, wherein data at least one of obtained and processed in the first portion of the artificial intelligence model is inaccessible to the second portion of the artificial intelligence model. Data obtained in the trusted execution area may comprise one or more data samples in an encrypted form usable to train the artificial intelligence model. Sekar (US 20200059481 A1) teaches a system associated with detecting a cyber-attack and reconstructing events associated with a cyber-attack campaign, is disclosed. The system performs various operations that include receiving an audit data stream associated with cyber events. The system identifies trustworthiness values in a portion of data associated with the cyber events and assigns provenance tags to the portion of the data based on the identified trustworthiness values. An initial visual representation is generated based on the assigned provenance tags to the portion of the data. The initial visual representation is condensed based on a backward traversal of the initial visual representation in identifying a shortest path from a suspect node to an entry point node. A scenario visual representation is generated that specifies nodes most relevant to the cyber events associated with the cyber-attack based on the identified shortest path. The primary reference, Liu does disclose selecting, from a model repository, an input data attack resistant inference model, the input data attack resistant inference model being trained to impart reconstruction resistance to, at least, input features during inference generation (Claim 1); providing computer-implemented services based on the inference model result (Claim 1) but fails to disclose identifying an occurrence of an inference model deployment event for a location; based on the occurrence, making a determination regarding whether the location is trustworthy; in a first instance of the determination in which the location is not trustworthy; the input data attack resistant inference model being based, at least in part, on a training process that comprises a weight freezing process based on levels of reconstruct ability of input features based on inferences generated by the input data attack resistance inference model; initiating deployment of a prediction head portion of the input data attack resistant inference model to the location and a shared body portion of the input data attack resistant inference model to a second location that is trustworthy; obtaining, at the location, an inference model result using the prediction head portion and the shared body portion; and providing computer-implemented services based on the inference model result, as recited in claim 1. Sekar does disclose identifying an occurrence of an inference model deployment event for a location (Para [0257]); based on the occurrence, making a determination regarding whether the location is trustworthy (Para [0257]); but fails to disclose in a first instance of the determination in which the location is not trustworthy: selecting, from a model repository, an input data attack resistant inference model, the input data attack resistant inference model being based, at least in part, on a training process that comprises a weight freezing process based on levels of reconstruct ability of input features based on inferences generated by the input data attack resistance inference model; initiating deployment of a prediction head portion of the input data attack resistant inference model to the location and a shared body portion of the input data attack resistant inference model to a second location that is trustworthy; obtaining, at the location, an inference model result using the prediction head portion and the shared body portion; and providing computer-implemented services based on the inference model result, as recite in claim 1. The difference— in a first instance of the determination in which the location is not trustworthy; the input data attack resistant inference model being based, at least in part, on a training process that comprises a weight freezing process based on levels of reconstruct ability of input features based on inferences generated by the input data attack resistance inference model; initiating deployment of a prediction head portion of the input data attack resistant inference model to the location and a shared body portion of the input data attack resistant inference model to a second location that is trustworthy; obtaining, at the location, an inference model result using the prediction head portion and the shared body portion- is not disclose by either Liu or Sekar. Moreover, there is no motivation in the art to combine the teaching of Liu or Sekar to arrive at the claimed invention. Applicant claim addresses the problem of the input data attack resistant inference model being based, at least in part, on a training process that comprises a weight freezing process based on levels of reconstruct ability of input features based on inferences generated by the input data attack resistance inference model; initiating deployment of a prediction head portion of the input data attack resistant inference model to the location and a shared body portion of the input data attack resistant inference model to a second location that is trustworthy; obtaining, at the location, an inference model result using the prediction head portion and the shared body portion -a problem not addressed or solved in the cited art. Accordingly, the claimed invention as a whole would not have been obvious to one of ordinary skill in the art at the time of the invention. The feature not disclosed in the references, in combination with the lack of motivation to combine, provide a basis for allowance. Regarding independent claim 1, the Examiner found neither prior art cited in its entirety, nor based on the prior art, found any motivation to combine any of said prior art that teaches “A method for managing use of inference models, the method comprising: identifying an occurrence of an inference model deployment event for a location; based on the occurrence, making a determination regarding whether the location is trustworthy; in a first instance of the determination in which the location is not trustworthy: selecting, from a model repository, an input data attack resistant inference model, the input data attack resistant inference model being based, at least in part, on a training process that comprises a weight freezing process based on levels of reconstruct ability of input features based on inferences generated by the input data attack resistance inference model; initiating deployment of a prediction head portion of the input data attack resistant inference model to the location and a shared body portion of the input data attack resistant inference model to a second location that is trustworthy; obtaining, at the location, an inference model result using the prediction head portion and the shared body portion; and providing computer-implemented services based on the inference model result.”. The dependent claims 2-14 are allowable due to its dependence on independent Claim 1. Regarding independent claim 15, the Examiner found neither prior art cited in its entirety, nor based on the prior art, found any motivation to combine any of said prior art that teaches “A non-transitory machine-readable medium having instructions stored therein, which when executed by a processor, cause the processor to perform operations for managing use of inference models, the operations comprising: identifying an occurrence of an inference model deployment event for a location; based on the occurrence, making a determination regarding whether the location is trustworthy; in a first instance of the determination in which the location is not trustworthy: selecting, from a model repository, an input data attack resistant inference model, the input data attack resistant inference model being based, at least in part, on a training process that comprises a weight freezing process based on levels of reconstruct ability of input features based on inferences generated by the input data attack resistance inference model; initiating deployment of a prediction head portion of the input data attack resistant inference model to the location and a shared body portion of the input data attack resistant inference model to a second location that is trustworthy; obtaining, at the location, an inference model result using the prediction head portion and the shared body portion; and providing computer-implemented services based on the inference model result.”. The dependent claims 16-17 are allowable due to its dependence on independent Claim 15. Regarding independent claim 18, the Examiner found neither prior art cited in its entirety, nor based on the prior art, found any motivation to combine any of said prior art that teaches “A data processing system, comprising: a processor; and a memory coupled to the processor to store instructions, which when executed by the processor, cause the processor to perform operations for managing use of inference models, the operations comprising: identifying an occurrence of an inference model deployment event for a location; based on the occurrence, making a determination regarding whether the location is trustworthy; in a first instance of the determination in which the location is not trustworthy: selecting, from a model repository, an input data attack resistant inference model, the input data attack resistant inference model being based, at least in part, on a training process that comprises a weight freezing process based on levels of reconstruct ability of input features based on inferences generated by the input data attack resistance inference model; initiating deployment of a prediction head portion of the input data attack resistant inference model to the location and a shared body portion of the input data attack resistant inference model to a second location that is trustworthy; obtaining, at the location, an inference model result using the prediction head portion and the shared body portion; and providing computer-implemented services based on the inference model result.”. The dependent claim 19-20 are allowable due to its dependence on independent Claim 18. Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.” Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to JUDY BAZNA whose telephone number is (703)756-1258. The examiner can normally be reached Monday - Friday 08:30 AM-05:00 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached at (571) 272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /JUDY BAZNA/Examiner, Art Unit 2495 /FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495
Read full office action

Prosecution Timeline

May 30, 2024
Application Filed
Dec 27, 2025
Non-Final Rejection — §DP
Apr 01, 2026
Response Filed

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12585784
SYSTEM FOR COMPONENT-LEVEL THREAT ASSESSMENT IN A COMPUTING ENVIRONMENT
2y 5m to grant Granted Mar 24, 2026
Patent 12579261
MANAGING INFERENCE MODELS IN VIEW OF RECONSTRUCTABILITY OF SENSITIVE INFORMATION
2y 5m to grant Granted Mar 17, 2026
Patent 12572643
CIRCUIT AND METHOD FOR DETECTING A FAULT INJECTION ATTACK IN AN INTEGRATED CIRCUIT
2y 5m to grant Granted Mar 10, 2026
Patent 12549335
COORDINATING DATA ACCESS AMONG MULTIPLE SERVICES
2y 5m to grant Granted Feb 10, 2026
Patent 12536288
DETECTING BACKDOORS IN BINARY SOFTWARE CODE
2y 5m to grant Granted Jan 27, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

1-2
Expected OA Rounds
67%
Grant Probability
90%
With Interview (+22.9%)
3y 1m
Median Time to Grant
Low
PTA Risk
Based on 24 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month