COMPOSITION IN RECYCLING DIFFERENTIAL PRIVACY

§101 §102 §112

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Information Disclosure Statement The information disclosure statement (IDS) submitted on 28 July 2025 has been considered by the examiner. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 1-8 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claim 1 recites the limitation "determining a privacy loss distribution for the BR-DP framework following T-fold composition of computed results on a same dataset". The term, “same dataset” in this limitation is unclear and indefinite. It is unclear what it is the same as. This issue is repeated in claims 7 and 13. Claims 2, 8, and 14 have a generating step followed by an applying step, but does not use the word “and” prior to the final step. This renders the claims indefinite as it is unclear if the applying step is actually the final step of the claims, or if there is a missing final step. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1–18 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (an abstract idea) and does not amount to significantly more than the exception itself. Claims 1, 7 and 13 Applying the Alice1/Mayo 2framework: Step 1 – Statutory category Claims 1 and 2–6 are drawn to a method, which is a “process” and thus a statutory category under 35 U.S.C. 101. Claim 7 and claims 8–12 are drawn to a system including a user device and one or more computers, which is a “machine” and thus a statutory category under 35 U.S.C. 101. Claim 13 and claims 14–18 are drawn to one or more computer-readable storage media encoded with instructions, which are “manufactures” and thus statutory subject matter under 35 U.S.C. 101. Accordingly, all pending claims satisfy Step 1 and are evaluated under Step 2A and Step 2B for judicial-exception analysis. Step 2A, Prong One – Whether the claim recites a judicial exception Independent claim 1 is directed to a method that includes, in summary, (i) determining a privacy loss distribution for a budget recycling-differential privacy (BR-DP) framework, (ii) determining a privacy loss distribution for the BR-DP framework following T-fold composition of computed results on a same dataset, (iii) using that privacy loss distribution after composition to determine a privacy leakage of the BR-DP framework under composition, and (iv) adjusting one or more privacy parameters based on the determined privacy leakage. Independent claims 7 and 13 recite, respectively, a system and a computer-readable storage medium with instructions configured to perform substantially the same operations.​ The limitations of determining a privacy loss distribution for the BR-DP framework, determining a privacy loss distribution for the BR-DP framework following T-fold composition of computed results, and using the privacy loss distribution following T-fold composition to determine a privacy leakage each recite mathematical concepts, namely mathematical relationships and calculations involving privacy loss distributions, probability distributions, and composition analysis. These steps are, under their broadest reasonable interpretation, directed to mathematical relationships and formulas regardless of whether they are implemented by a computer. Mathematical relationships, formulas, and calculations fall within the “mathematical concepts” grouping of abstract ideas identified in the USPTO’s subject matter eligibility guidance. Accordingly, claims 1, 7, and 13 each recite a judicial exception, namely an abstract idea in the form of mathematical concepts, under Step 2A, Prong One. Because claims 2–6 depend from claim 1, claims 8–12 depend from claim 7, and claims 14–18 depend from claim 13, these claims also recite the same abstract idea. Step 2A, Prong Two – Whether the claim as a whole integrates the exception into a practical application In Step 2A, Prong Two, the claim is analyzed to determine whether the additional elements, considered individually and in combination, integrate the recited abstract idea into a practical application. For claim 1, beyond the abstract-idea limitations identified above, the additional element is “adjusting one or more privacy parameters based on the determined privacy leakage.” Under a broadest reasonable interpretation, this limitation merely uses the result of the mathematical analysis (the determined privacy leakage) to adjust the values of mathematical privacy parameters (such as ε, δ, or other privacy-budget variables) in the same mathematical privacy framework. The claim does not recite any particular data-processing architecture, hardware configuration, or specific manner in which a computer or other technology is improved by these adjusted parameters; instead, it generally covers using the calculated leakage to change parameter values. Claims 7 and 13 recite, respectively, a system comprising “a user device and one or more computers configured to interact with the user device” and “one or more computer-readable storage media encoded with instructions” that perform the same abstract-idea calculations and parameter adjustment. The system and storage-medium elements are recited at a high level of generality as generic computers and generic computer-readable media performing the same mathematical steps. The specification likewise describes the computing environment in generic terms (e.g., a general-purpose computing system executing software instructions) without indicating that the claimed PLD- and composition-based leakage analysis improves the functioning of the computer itself, changes the computer’s architecture, or effects a specific improvement to another technical field beyond implementing the mathematical privacy accounting. The claims therefore: Do not reflect an improvement to the functioning of a computer or to another technology or technical field, but instead use generic computers as tools to perform the abstract mathematical analysis and parameter adjustment. Do not apply the abstract idea with or by use of a particular machine in a way that imposes meaningful limits on the exception; the “user device” and “one or more computers” are recited generically and perform only basic data processing. Do not effect a transformation of an article to a different state or thing in the sense contemplated by the eligibility guidance. Do not add any other meaningful limitations beyond generally linking the use of the mathematical concepts to the field of differential privacy and privacy accounting. Accordingly, when the claim is considered as a whole, the additional elements merely apply or use the abstract mathematical concepts on generic computer components, and do not integrate the judicial exception into a practical application under Step 2A, Prong Two. Claims 2–6, 8–12, and 14–18 add further mathematical characterizations of the privacy loss distribution, composition, and related parameters (e.g., combinations of PLDs, linear combinations with coefficients, T-fold composition of queries on the same dataset, determining a privacy profile after composition), but these features all refine or specify the nature of the mathematical concepts and do not add any non-routine, specific technological implementation that would integrate the abstract idea into a practical application. Because the claims recite a judicial exception and do not integrate that exception into a practical application, the analysis proceeds to Step 2B.​ Step 2B – Whether the claim provides an inventive concept (significantly more than the exception) Under Step 2B, it is determined whether the claims include additional elements, individually or in combination, that amount to significantly more than the recited abstract idea, such as an improvement to computer functionality or other technology, a particular machine, a particular transformation, or other meaningful restrictions. As discussed above, the additional elements beyond the abstract mathematical concepts are limited to: The recitation of generic computer components (a user device, one or more computers, and computer-readable storage media). The generic step of “adjusting one or more privacy parameters based on the determined privacy leakage,” which uses the result of the mathematical analysis to change mathematical parameters in the same privacy framework. The specification describes these computer components as standard hardware and software performing conventional data-processing operations, such as receiving queries, computing results, sampling from probability distributions, and storing or outputting results. There is no indication in the specification that the claimed user device, computers, or storage media are specialized hardware, or that the claimed arrangement of these components departs from well-understood, routine, conventional computer architectures. Rather, they are used as generic tools to implement the underlying mathematical analysis and privacy-parameter adjustment. The additional step of adjusting privacy parameters based on the determined leakage does not, by itself, confer an inventive concept because it simply uses the mathematical result as an input to further mathematical parameter tuning, which is part of the abstract mathematical concept itself. The claims do not recite any unconventional way of implementing this adjustment in hardware or software, nor do they recite any specific technical effect on a computer system beyond the expected result of having different parameter values for subsequent privacy computations. When the additional elements are viewed individually and in combination, they amount to no more than: Mere instructions to apply the abstract mathematical concepts on a generic computer, and Insignificant extra-solution activity such as using the computed leakage to adjust parameters within the same mathematical framework. These types of limitations have been identified in the USPTO guidance and the case law as not being enough to qualify as “significantly more” than an abstract idea. The record does not include persuasive evidence or argument (e.g., via SMED or other declaration) establishing that the claimed combination of elements provides an improvement to computer capabilities or to another technology or technical field, or that any of the additional elements are not well-understood, routine, and conventional in the art of computer-implemented privacy accounting. Claims 2, 8, and 14 Claim 2 depends from claim 1 and adds “generating multiple computed results in response to respective queries applied to the same dataset” and “applying differential privacy to each of the multiple computed results according to the BR-DP framework.”​ These additional limitations merely specify that the abstract mathematical privacy-accounting method of claim 1 is applied to multiple queries on the same dataset, and that a differential privacy mechanism is applied according to the same BR-DP framework described in the specification. Under their broadest reasonable interpretation, they only narrow the field of use and the data context in which the mathematical concepts are applied, and do not add any particular machine, technical architecture, or improvement to computer functionality. Accordingly, claim 2 recites the same abstract idea as claim 1 and does not integrate the judicial exception into a practical application or add significantly more than the exception itself under Step 2A, Prong Two or Step 2B. Claims 8 and 14 recite, respectively, a system and storage media configured to perform the additional limitations of claim 2; they therefore also recite the same abstract idea and add only generic computer implementation of the same mathematical concepts, without providing an improvement to computer technology or another technical field. Claims 8 and 14 are thus ineligible for the same reasons. Claims 3, 9, and 15 Claim 3 depends from claim 1 and further recites that “the privacy loss distribution for the BR-DP framework is a combination of a privacy loss distribution for a differential privacy mechanism and a privacy loss distribution for a recycler mechanism.”​ This limitation refines the nature of the recited privacy loss distribution by specifying a particular mathematical combination of two distributions; under BRI, it is still a mathematical characterization of the abstract idea itself. It does not add any concrete hardware configuration, data structure, or specific improvement to the functioning of a computer or other technology; rather, it further defines the mathematical concept. Therefore, claim 3 continues to be directed to mathematical concepts and does not integrate the exception into a practical application or add significantly more in Step 2A, Prong Two or Step 2B. Claims 9 and 15 mirror this additional mathematical relationship in system and storage-medium form and likewise remain directed to the same abstract idea implemented on generic computer components without an inventive concept. Claims 4, 10, and 16 Claim 4 depends from claim 3 and recites that “the combination comprises a linear combination of differential privacy leakage accounting with specific coefficients.”​ This limitation further specifies the particular mathematical form of the combination (a linear combination with coefficients), i.e., it adds additional mathematical relationships and formulas to the abstract idea already identified. It does not introduce any non-conventional computer hardware, data structure, or technical implementation beyond generic computation of the same formulas on a computer. Accordingly, claim 4 remains directed to the abstract mathematical concepts and does not integrate the exception into a practical application or add significantly more than the exception itself. Claims 10 and 16 recite the same additional mathematical limitation in the context of a system and storage media, respectively, and likewise fail to add any inventive concept beyond generic computer implementation. Claims 5, 11, and 17 Claim 5 depends from claim 1 and recites that “T-fold composition corresponds to T independent instances of queries on the same dataset for which the same differential privacy mechanism is applied to the respective computed results.”​ This limitation clarifies the meaning of T-fold composition in claim 1, but under BRI it simply narrows the mathematical scenario being analyzed (repeated independent queries with the same mechanism on the same dataset) and remains part of the mathematical concept of DP composition. It does not recite any particular hardware architecture, technical improvement, or transformation that would integrate the abstract idea into a practical application. Therefore, claim 5 is still directed to the same abstract mathematical relationships and does not add significantly more under Step 2B. Claims 11 and 17 recite the same additional composition characterization in the system and storage-media contexts, which likewise leaves them directed to the abstract idea implemented on generic computer components. Claims 6, 12, and 18 Claim 6 depends from claim 1 and further recites that “determining a privacy leakage comprises determining a privacy profile of [a] differential privacy mechanism after composition.”​ The “privacy profile” is a mathematical function or mapping that characterizes privacy leakage as a function of parameters (e.g., ε, δ) and composition, as described in the specification. Thus, this limitation simply refines how the abstract mathematical leakage quantity is expressed and computed, by specifying a type of mathematical object (a privacy profile) derived from the composition analysis. It does not add any non-conventional computer element, specific data-structure change, or other technical implementation that would meaningfully limit the abstract idea. As a result, claim 6 remains directed to mathematical concepts and does not include additional elements that integrate the exception into a practical application or amount to significantly more. Claims 12 and 18 recite corresponding system and storage-medium limitations to compute the same “privacy profile” and therefore similarly fail to add an inventive concept beyond using a generic computer as a tool to perform the abstract mathematical calculations. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claims 1-18, as best understood, are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Asoodeh et al, in “Three Variants of Differential Privacy” Lossless conversion and applications”. With regard to claims 1, 7, and 13, Asoodeh discloses a method including determining a privacy loss distribution for a budget recycling-differential privacy (BR-DP) framework for providing differential privacy to computed results (pages 2-4), determining a privacy loss distribution for the BR-DP framework following T-fold composition of computed results on a same dataset (pages 8-11), using the privacy loss distribution for the BR-DP framework following T-fold composition to determine a privacy leakage of the BR-DP framework under composition (page 10), and adjusting one or more privacy parameters based on the determined privacy leakage (pages 6-13). With regard to claims 2, 8, and 14, Asoodeh discloses the method of claim 1, as outlined above, and further discloses generating multiple computed results in response to respective queries applied to the same dataset, applying differential privacy to each of the multiple computed results according to the BR-DP framework (pages 5-11). With regard to claims 3, 9, and 15, Asoodeh discloses the method of claim 1, as outlined above, and further discloses the privacy loss distribution for the BR-DP framework is a combination of a privacy loss distribution for a differential privacy mechanism and a privacy loss distribution for a recycler mechanism (pages 7-11). With regard to claims 4, 10, and 16, Asoodeh discloses the method of claim 1, as outlined above, and further discloses the combination includes a linear combination of differential privacy leakage accounting with specific coefficients (pages 1 and 10-11). With regard to claims 5, 11, and 17, Asoodeh discloses the method of claim 1, as outlined above, and further discloses T-fold composition corresponds to T independent instances of queries on the same dataset for which the same differential privacy mechanism is applied to the respective computed results (pages 2 and 10-11). With regard to claims 6, 12, and 18, Asoodeh discloses the method of claim 1, as outlined above, and further discloses determining a privacy leakage includes determining a privacy profile of differential privacy mechanism after composition (pages 6-13). References Cited Han et al., CN 110633285 A, discloses a method of determining a privacy loss distribution for a budget recycling-differential privacy (BR-DP) framework for providing differential privacy to computed results (abstract, step 4.2). Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to JACOB LIPMAN whose telephone number is (571)272-3837. The examiner can normally be reached 5:30AM-6:00PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached at 571-272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /JACOB LIPMAN/Primary Examiner, Art Unit 2434 1 Alice Corp. Pty. Ltd. v. CLS Bank Int'l, 573 U.S. 208, 110 USPQ2d 1976 (2014)  2 Mayo Collaborative Services v. Prometheus Labs., Inc., 566 U.S. 66, 101 USPQ2d 1961 (2012)