Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This final office action is prepared in response to amendments and arguments filed by Applicant on March 6, 2026 as a reply to the non-final office action mailed on December 9, 2025.
No claim has been amended or cancelled.
Claims 1-25 are pending.
Claims 1-25 are rejected.
Response to Arguments
The claim amendments and Applicant’s arguments filed on March 6, 2026 have been carefully considered but deemed unpersuasive in view of Examiner’s response below.
Regarding the rejection of claim 10 under 35 U.S.C. 102(a)(2), Applicant argued that the reference Kim did not disclose “receiving an AI request” and “offloading one or more cryptographical operations … to a HSM”.
Examiner’s position is that Kim disclosed both elements.
First Examiner would like to note that Kim’s invention is directed to “An artificial intelligence (AI) device based on a trust environment, includes a first type memory configured to transmit encrypted input data and receive encrypted output data, and a trust AI processing unit configured to operate in a trust space and perform AI computation of the encrypted input and output data.” (Kim, Abstract). In other words, Kim’s invention centers on an AI device that responds to AI computation requests.
Regarding the claim element “receiving an AI request”, Kim disclosed in paragraphs [0033] and [0073] that processor 131 may “ receive an on-demand request by the processor 135 in the process of AI computation,” which makes it clear that the “on-demand request” is an AI computation request, therefore anticipates the “AI request” in the claim.
Regarding the claim element “offloading one or more cryptographical operations … to a HSM”, Kim disclosed in paragraphs [0049] and [0077] about the offloading of the decryption and encryption of data in an AI computation to cryptographic hardware. Kim further explains in paragraph [0111] that “In the present disclosure, data encryption and decryption may be performed using cryptographic hardware, so that limited CPU resources may be fully used for DNN execution. By doing so, it is possible to fully dedicate CPU resources to the DNN execution as well as utilize the high performance of the cryptographic hardware to achieve fast DNN execution.” Here DNN stands for deep neural network, which is a type of AI models. This disclosure by Kim along with the rest of Kim’s disclosure makes it clear that the decryption and encryption operations are part of AI computation of input data in a trusted environment and they are offloaded to cryptographic hardware.
Therefore, Kim disclosed all the subject matter in claim 10.
Applicant presented similar arguments for claim 1, therefore Examiner’s response to claim 10 above applies equally as well.
Accordingly, THIS ACTION IS MADE FINAL. See MPEP 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
Claim 25 in this application is given its broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked.
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph:
(A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function;
(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function.
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function.
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claims 10-25 are rejected under 35 U.S.C. 102(a)(2) as being unpatentable over Kim et al. (U.S. 2024/0370563).
Regarding claim 10, Kim disclosed a system comprising:
receiving an artificial intelligence (AI) request from an application, (Kim disclosed in [0073] that “the cryptographic processing front-end processor 131 may receive an on-demand request by the processor 135 in the process of AI computation and accesses the first type memory 110 to import encrypted input data”),
wherein the AI request is a request to perform one or more AI related operations (Kim, [0073], “an on-demand request by the processor 135 in the process of AI computation”);
offloading one or more cryptographical operations associated with the one or more AI related operations to a hardware security module (HSM); (Kim disclosed in Fig. 11, [0049, 0077] that “The AI device based on a trust environment according to the present disclosure may utilize processor resources limited in neural network execution operations by performing offloading to cryptographic hardware and shorten an artificial neural network execution time by overlapping with data encryption and decryption through intra-layer pipelining” Kim, Fig. 1 and para. [0073] disclosed “the cryptographic processing front-end processor 131, as cryptographic hardware…” which anticipates the HSM in the claim), and
performing the one or more cryptographical operations associated with the one or more AI related operations by the HSM (Kim disclosed in [0073] that “The cryptographic processing front-end processor 131, as cryptographic hardware, may generate decrypted input data through decryption of encrypted input data and perform encryption of non-encrypted output data to generate encrypted output data.”), and
sending a result of the one or more cryptographical operations associated with the one or more AI related operations to an AI processor (Kim, [0073], “The cryptographic processing front-end processor 131 may … store a decryption input activation and decryption filter in the second type memory 133.” and in [0077] that “the processor 135 may transmit and receive data to and from the cryptographic processing front-end processor 131” which means cryptographic processing front-end processor 131 may send the decrypted data to the processor 135; Kim disclosed in Fig. 1 and [0075] “the processor 135” that “perform a neural network computation based on the decrypted input data”, therefore the processor 135 anticipates the AI processor in the claim), and
performing the one or more AI related operations by the AI processor (Kim disclosed in [0080] that “the AI device 100 may directly perform a convolution-based neural network computation through the processor 135, thereby reducing the number of accesses by the cryptographic processing front-end processor 131 to access the first type memory 110 and import the encrypted input data”).
Claim 17 lists substantially the same elements as claim 10 but in system form rather than method form. Therefore, the rejection rationale for claim 10 applies equally as well to claim 17.
Regarding claims 11 and 18, Kim disclosed the subject matter of Claims 10 and 17.
Kim further disclosed wherein the HSM is a hardware component that is separate from the AI processor (Kim, [0073], “The cryptographic processing front-end processor 131, as cryptographic hardware”).
Regarding claim 19, Kim disclosed the system of Claim 17.
Kim further disclosed wherein the AI processor is a central processing unit (CPU) or a graphics pipeline unit (GPU) (Kim disclosed in Fig. 11 that the AI processing unit is a CPU).
Regarding claims 12 and 20, Kim disclosed the subject matter of Claims 10 and 17.
Kim further disclosed wherein the one or more cryptographical operations is at least one or more of encryption/decryption, digital signature and verification, authentication, auditing, secure code execution, key management, and tamper protection (Kim, [0074], “the cryptographic front-end processor 131 may encrypt and decrypt the data to ensure accuracy and security”).
Regarding claims 13 and 21, Kim disclosed the subject matter of Claims 10 and 17.
Kim further disclosed receiving data associated with the AI request in encrypted format from the application (Kim, [0073, 0042], “encrypted input data”).
Regarding claims 14 and 22, Kim disclosed the subject matter of Claims 13 and 21.
Kim further disclosed wherein the data is received by the HSM, and wherein the method further comprises: decrypting the data to form a plain data; sending the plain data to the AI processor; and performing the one or more AI related operations, by the AI processor, based on the plain data (Kim, Fig. 2 and [0079-0082], “decrypted encrypted input data”, “perform neural network computation based on decrypted input data”).
Regarding claim 15 and 23, Kim disclosed the subject matter of Claim 14 and 22.
Kim further disclosed sending a result of the processing the one or more AI related operations in an unencrypted format from the AI processor to the HSM; encrypting the result of the processing the one or more AI related operations in the unencrypted format using the HSM; and sending the encrypted result of the processing the one or more AI related operations to the application (Kim, Fig. 2 and [0079-0082] including “encrypt non-encrypted output data” and “The AI device 100 may perform encryption on the non-encrypted output data through the cryptographic processing front-end processor 310.).
Regarding claim 16 and 24, Kim disclosed the subject matter of Claim 10 and 17.
Kim further disclosed wherein the one or more AI related operations is related to an AI model (Kim, [0075], “The processor 135 may directly perform a convolution-based neural network computation”).
Claim 25 lists substantially the same elements as claim 17, also in system form but using the means-plus-function format. Therefore, the rejection rationale for claim 17 applies equally as well to claim 25.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-9 are rejected under 35 U.S.C. 103 as being unpatentable over Kim et al. (U.S. 2024/0370563) in view of Alexander et al. (U.S. 11,188,376).
Regarding claim 1, Kim disclosed a system comprising:
a hardware security module (HSM) (Kim, Fig. 1 and para. [0073] disclosed “the cryptographic processing front-end processor 131, as cryptographic hardware…”);
configured to receive an artificial intelligence (AI) request from an application (Kim disclosed in [0073] that “the cryptographic processing front-end processor 131 may receive an on-demand request by the processor 135 in the process of AI computation and accesses the first type memory 110 to import encrypted input data”),
wherein the AI request is a request to perform one or more AI related operations (Kim, [0073], “an on-demand request by the processor 135 in the process of AI computation”); and
an AI processor (Kim disclosed in Fig. 1 and [0075] “the process 135” that “perform a neural network computation based on the decrypted input data”, therefore it anticipates the AI processor in the claim)
configured to offload one or more cryptographical operations associated with the one or more AI related operations to the HSM (Kim disclosed in Fig. 11, [0049, 0077] that “The AI device based on a trust environment according to the present disclosure may utilize processor resources limited in neural network execution operations by performing offloading to cryptographic hardware and shorten an artificial neural network execution time by overlapping with data encryption and decryption through intra-layer pipelining”), and
wherein the HSM is configured to perform the one or more cryptographical operations associated with the one or more AI related operations (Kim disclosed in [0073] that “The cryptographic processing front-end processor 131, as cryptographic hardware, may generate decrypted input data through decryption of encrypted input data and perform encryption of non-encrypted output data to generate encrypted output data.”), and
wherein the HSM is configured to send a result of the one or more cryptographical operations associated with the one or more AI related operations to the AI processor (Kim, [0073], “The cryptographic processing front-end processor 131 may … store a decryption input activation and decryption filter in the second type memory 133.” and in [0077] that “the processor 135 may transmit and receive data to and from the cryptographic processing front-end processor 131” which means cryptographic processing front-end processor 131 may send the decrypted data to the processor 135), and
wherein the AI processor is configured to receive the result of the one or more cryptographical operations associated with the one or more AI related operations from the HSM (Kim, [0077], “[0077], “the processor 135 may transmit and receive data to and from the cryptographic processing front-end processor 131”), and
wherein the AI processor is configured to perform the one or more AI related operations (Kim disclosed in [0080] that “the AI device 100 may directly perform a convolution-based neural network computation through the processor 135, thereby reducing the number of accesses by the cryptographic processing front-end processor 131 to access the first type memory 110 and import the encrypted input data”).
Kim might not have explicitly disclosed
an interface configured to receive an artificial intelligence request.
However, in the same field of endeavor, Alexander disclosed an edge computing system that may be executed by a host computing device 101 as shown in Fig. 1 wherein the host computing device 101 may comprise AI accelerators 108 and Hardware Security Modules (HSM) 110 (Alexander, Fig. 1 and col. 4, lines 21-22; col. 5, lines 9-49).
In particular, Alexander disclosed
an interface configured to receive an artificial intelligence request (Alexander, col. 5, lines 32-34, “Various examples of accelerators 108 may include a network processor, and/or network interface controller (e.g., an NPU and/or NIC) …”).
One of the ordinary skill in the art, before the effective filing date of the claimed invention, would have been motivated to combine Kim and Alexander because both references disclosed computing systems for performing machine learning tasks using accelerators that comprises hardware security/cryptographic module (HSM) (Kim, Abstract and Figs. 1 and 11; Alexander, Fig. 1 and col. 5, lines 1-67).
Therefore it would have been obvious before the effective filing date of the claimed invention to combine Alexander’s teaching of the NIC interface with Kim’s disclosure of the AI processing unit 130 to realize that Kim’s AI processing unit 130 could readily include an I/O interface, such as the network interface disclosed by Alexander, for receiving on-demand AI processing requests, as an I/O interface had been an integral part of a computing system/device for decades prior to the effective filing date of the claimed invention.
Regarding claim 2, Kim and Alexander disclosed the system of Claim 1.
Kim further disclosed wherein the HSM is a hardware component that is separate from the AI processor (Kim, [0073], “The cryptographic processing front-end processor 131, as cryptographic hardware”).
Regarding claim 3, Kim and Alexander disclosed the system of Claim 1.
Kim further disclosed wherein the AI processor is a central processing unit (CPU) or a graphics pipeline unit (GPU) (Kim disclosed in Fig. 11 that the AI processing unit is a CPU).
Regarding claim 4, Kim and Alexander disclosed the system of Claim 1.
Kim further disclosed wherein the one or more cryptographical operations is at least one or more of encryption/decryption, digital signature and verification, authentication, auditing, secure code execution, key management, and tamper protection (Kim, [0074], “the cryptographic front-end processor 131 may encrypt and decrypt the data to ensure accuracy and security”).
Regarding claim 5, Kim and Alexander disclosed the system of Claim 1.
Kim further disclosed wherein the interface receives data associated with the AI request in encrypted format (Kim, [0073, 0042], “encrypted input data”).
Regarding claim 6, Kim and Alexander disclosed the system of Claim 5.
Kim further disclosed wherein the interface is configured to send the data in the encrypted format to the HSM, and wherein the HSM is configured to decrypt the data to form a plain data, and wherein the HSM is configured to send the plain data to the AI processor, wherein the plain data is used by the AI processor to process the one or more AI related operations (Kim, Fig. 2 and [0079-0082], “decrypted encrypted input data”, “perform neural network computation based on decrypted input data”).
Regarding claim 7, Kim and Alexander disclosed the system of Claim 6.
Kim further disclosed wherein the AI processor is configured to send a result of the processing the one or more AI related operations in an unencrypted format to the HSM, and wherein the HSM is configured to encrypt the result of the processing the one or more AI related operations and subsequently send the encrypted result of the processing the one or more AI related operations to the interface (Kim, Fig. 2 and [0079-0082] including “encrypt non-encrypted output data” and “The AI device 100 may perform encryption on the non-encrypted output data through the cryptographic processing front-end processor 310.).
Regarding claim 8, Kim and Alexander disclosed the system of Claim 7.
Kim further disclosed wherein the interface is configured to send the encrypted result of the processing the one or more AI related operations to the application (Kim disclosed in Fig. 2, [0081, 0087] that “The AI device 100 may output the encrypted output data to the first type memory 110” and “the DNN framework encrypts an output activation and transmit the same to the TEE through the SMC”).
Regarding claim 9, Kim and Alexander disclosed the system of Claim 1.
Kim further disclosed wherein the one or more AI related operations is related to an AI model (Kim, [0075], “The processor 135 may directly perform a convolution-based neural network computation”).
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHIRLEY X ZHANG whose telephone number is (571)270-5012. The examiner can normally be reached 8:30am - 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joon H Hwang can be reached at 571-272-4036. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SHIRLEY X ZHANG/Primary Examiner, Art Unit 2447