SYSTEMS AND METHODS FOR DEFENDING AGAINST PROMPT LEAKAGE ATTACKS

§101 §103

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Detailed Action Office Action is in response to the instant Application 13/589,785 filed on 8/20/2012 and response to Election Restriction on 12/8/2025. Claim 20 has been cancelled. Claims 1-19 are pending. This Office Action is Non-Final. Information Disclosure Statement The information disclosure statement (IDS), submitted on 10/30/2024, is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Election/Restrictions Applicant’s election without traverse of Group I (Claims 1-19) in the reply filed on 12/8/2025 is acknowledged. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Regarding claims 1 and 11, the claims are directed to an abstract idea as reciting the limitations “retrieving…,” “determining…,” “converting, …, the user input…” and “generating, …, an output….” The aforementioned steps are “mental process/mathematical calculation” as broadly interpreted said steps could be performed in the human mind. Therefore, the claim recites an abstract idea. Said abstract idea and/or judicial exception is not integrated into a practical application as the claim does not recite any other active steps that utilize determination result into a practical application. It’s noted that the claims recites the operations “receiving, …, a user input.” However, said operations are not sufficient to consider that the abstract idea is being interpreted into a practical application. Said operations are recited at a high level of generality in gathering/processing information, which are a form of insignificant extra-solution activity. It’s also noted that the claims recite additional elements (i.e., processor/memory, computing system). However, said additional elements are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function of quantifying, obtaining, generating, propagating, assessing, and aggregating operation etc.,) such that it amounts no more than mere instructions to apply the exception or abstract idea using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements when considered both individually and as an ordered combination do not amount to significantly more than the abstract idea. As mentioned above, although the claims recite additional elements, said elements taken individually or as a combination, do not result in the claim amounting to significantly more than the abstract idea because as the additional elements perform generic computer content distributing functions routinely used in information technology field. See US Applications 2013/0254535, 2015/0156194 and 2011/0154027. As discussed above, the additional elements recited at a high-level of generality such that they amount no more than mere instructions to apply the exception using a generic computer component. Therefore, the claim is directed to non-statutory subject matter. Regarding claims 2-10 and 12-20; the dependent claims are also rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter for the same reasons addressed above as the claims recite an abstract idea without being integrated into a practical application or significantly more. It’s noted that claims 3, 4, 6, 13, 14 and 16 recites the limitations: “storing information…,” Said steps are either directed to mental processes and/or in a form of insignificant extra-solution activities; It’s also noted that claims 9-10 and 19 recite the limitation “transmitting/receiving [] the user input.” Said steps are in a form of insignificant extra solution activities for data garthering. The aforementioned steps are not sufficient to consider that the abstract idea is being integrated into a practical application or significantly more. Therefore, claims 3, 4, 6, 13, 14 and 16 are also rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claim(s) 1-4, 6, 8-14, 16, 18 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Natili et al. (US 2024/0111891) in view of Singh et al. (US 11,693,637). As per claim 1, Natili teaches a method of protecting data privacy of a neural network system, the method comprising: receiving, via a data interface, a user input (Natili, Paragraph 0099 recites “In some embodiments, the action may comprise a user action (e.g., requesting to store, create, and/or transmit data). For example, the system may receive a user input to transmit the first data instance. The system may then determine to query the remote server for the first version of the machine learning model based on receiving the user input. Additionally or alternatively, the system may receive a user input to store the first data instance on the mobile device. The system may determine to query the remote server for the first version of the machine learning model based on receiving the user input. Additionally or alternatively, the system may receive a user input launching the data sanitization application. The system may then determine to query the remote server for the first version of the machine learning model based on receiving the user input.”); retrieving one or more pre-stored contextual information artifacts from a database based on the user input (Natili, Paragraphs 0078-0079 recites “At step 606, process 600 (e.g., using one or more components described above) inputs the first feature input into a machine learning model. For example, the system may input the first feature input into a machine learning model, wherein the machine learning model is trained to classify data instances in locally-stored datasets in order to sanitize the locally-stored datasets. By doing so, the system may power a data sanitization application utilizing a machine learning model as opposed to a data sanitization application utilizing a conventional regex routine. As described above, using a data sanitization application utilizing a machine learning model provides numerous advantages with respect to accuracy as well as limits the requirements (e.g., memory, processing power, etc.) of the local device. At step 608, process 600 (e.g., using one or more components described above) receives a first output from the machine learning model. For example, the system may receive a first output from the machine learning model, wherein the first output comprises a first classification of the first data instance. The system may output an indication of whether or not content in the data instance requires sanitization. Furthermore, by determining the classification type, the system may apply sanitization routines that are specific to the classification type and/or category of data. By doing so, the system may more efficiently sanitize data, but may also generate sanitized data that appears authentic. This synthetic data may be used for future training of machine learning models (without any privacy concerns related to the use of actual user data) as well as provide another barrier to unauthorized use of actual user data.”); determining, via a detection model, at least one of: a likelihood that the user input contains a leak request, or a sensitivity of the one or more retrieved contextual information artifacts (Natili, Paragraph 0080 recites “At step 610, process 600 (e.g., using one or more components described above) selects a first sanitization operation. For example, the system may select a first sanitization operation from a plurality of sanitization operations for performing on the first data instance based on the first classification. For example, the system may determine whether to sanitize, mask, ignore, etc. particular data. By doing so, the system may transmit non-sensitive data, but also invoke more intelligent analysis of the data. For example, the model may determine whether to sanitize detected sensitive data (e.g., if it meets a first threshold) or simply mask the data (e.g., if it meets a second threshold) before sending the data to the data scrubbing application residing on a remote server.”); converting, via a first neural network based model in response to the determining, the user input to a sanitized user input removing words relating to the leak request (Natili, Paragraph 0090 recites “At step 612, process 600 (e.g., using one or more components described above) generates a first sanitized data instance. For example, the system may generate a first sanitized data instance based on the first sanitization operation. The sanitized data may remove portions of the data instances that include sensitive data. By doing so, the system may ensure that sensitive data is not put at risk.”). But fails to teach generating, via a second neural network based model, an output based on the one or more retrieved contextual information artifacts, and the sanitized user input. However, in an analogous art Singh teaches generating, via a second neural network based model, an output based on the one or more retrieved contextual information artifacts, and the sanitized user input (Singh, Col. 26 Lines 14-29 recites “In some implementations, a method implemented by one or more processors is provided that includes identifying a base source code snippet that is programmed in a base higher-level programming language, and processing the base source code snippet, using a first neural network model, to generate a first sequence of first outputs. The method further includes generating, based on the first sequence of the first outputs, a natural language description of the base source code snippet, and processing the natural language description, using a second neural network model, to generate a second sequence of second outputs. The method further includes generating, based on the second sequence of the second outputs, a predicted target source code snippet in the target higher-level programming language, and causing the predicted target source code snippet to be rendered as output of a software development application.”). It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Singh’s Using Natural Language Latent Representation In Automated Conversion Of Source Code From Base Programming Language To Target Programming Language with Natili’s Systems and methods for sanitizing sensitive data and preventing data leakage using on-demand artificial intelligence models because it offers the advantage of processing data output to yield a more refined output. As per claim 2, Natili in combination with Singh teaches the method of claim 1, Natili further teaches wherein the determining the sensitivity of the one or more retrieved contextual information artifacts is based on a flag associated with the one or more retrieved contextual information artifacts (Natili, Paragraph 0080 recites “At step 610, process 600 (e.g., using one or more components described above) selects a first sanitization operation. For example, the system may select a first sanitization operation from a plurality of sanitization operations for performing on the first data instance based on the first classification. For example, the system may determine whether to sanitize, mask, ignore, etc. particular data. By doing so, the system may transmit non-sensitive data, but also invoke more intelligent analysis of the data. For example, the model may determine whether to sanitize detected sensitive data (e.g., if it meets a first threshold) or simply mask the data (e.g., if it meets a second threshold) before sending the data to the data scrubbing application residing on a remote server.”). As per claim 3, Natili in combination with Singh teaches the method of claim 1, Natili further teaches further comprising: storing a list of sensitive document categories, wherein the determining the sensitivity of the one or more retrieved contextual information artifacts is based on the one or more retrieved contextual information artifacts belonging to a category in the list of sensitive document categories (Natili, Paragraph 0125 recites “At step 812, process 800 (e.g., using one or more components described above) transmits the first sanitized data instance and the first output. For example, the system may transmit the first sanitized data instance, the first classification, and the first confidence metric to a remote server, wherein the remote server uses the first classification and the first confidence metric to measure an accuracy of the machine learning model. For example, the system may transmit the first sanitized data instance to a remote server, wherein the remote server comprises a data scrubbing application. For example, the remote server may participate in a second phase of a bifurcated sanitization process. By doing so, the system may provide a more efficient and secure method of data sanitization that leverages artificial intelligence to sanitize sensitive data and prevent the data from leaving the mobile device and/or being exposed to unauthorized third parties. For example, the remote server may continuously receive training data indicating previously classified data instances (as well as classification decisions and confidence metrics) and continuously training current versions of the machine learning model based on the training data. The system may simultaneously transmit one or more confidence metrics.”). As per claim 4, Natili in combination with Singh teaches the method of claim 3, Natili further teaches wherein the list of sensitive document categories includes at least one of: medical information; intellectual property; legal information; financial information; or personal identification information (Natili, Paragraph 0002 recites “For example, sensitive data may comprise confidential information (e.g., for a user or organization). Sensitive data may also include personally identifiable information (PII) or non-public personal information. These types of sensitive data may comprise information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular user, a group of users, and/or a transaction (e.g., name, address, phone number, social security number, email, etc.). As such, a key technical challenge to overcome when performing data sanitization is identifying sensitive data.”). As per claim 6, Natili in combination with Singh teaches the method of claim 1, Natili further teaches further comprising: storing a list of sensitive subject matter categories, determining a subject matter of the user input, wherein the likelihood that the user input contains a leak request is based on the subject matter of the user input belonging to a category in the list of sensitive subject matter categories (Natili, Paragraph 0125 recites “At step 812, process 800 (e.g., using one or more components described above) transmits the first sanitized data instance and the first output. For example, the system may transmit the first sanitized data instance, the first classification, and the first confidence metric to a remote server, wherein the remote server uses the first classification and the first confidence metric to measure an accuracy of the machine learning model. For example, the system may transmit the first sanitized data instance to a remote server, wherein the remote server comprises a data scrubbing application. For example, the remote server may participate in a second phase of a bifurcated sanitization process. By doing so, the system may provide a more efficient and secure method of data sanitization that leverages artificial intelligence to sanitize sensitive data and prevent the data from leaving the mobile device and/or being exposed to unauthorized third parties. For example, the remote server may continuously receive training data indicating previously classified data instances (as well as classification decisions and confidence metrics) and continuously training current versions of the machine learning model based on the training data. The system may simultaneously transmit one or more confidence metrics.”). As per claim 8, Natili in combination with Singh teaches the method of claim 1, Natili further teaches wherein the determining includes: determining one or more predetermined keywords are present in at least one of the user input or the one or more retrieved contextual information artifacts (Natili, Paragraph 0069 recites “For example, the system may parse this content to detect sensitive data. The data instance may be a portion of content such as a string of text. The system may then separate the data instance into more easily processed components (e.g., words, phrases, shorter text strings, etc.), which are analyzed for correct syntax and then attach tags that define each component. The system may then determine whether this content corresponds to content in a particular classification (e.g., sensitive data, private data, non-public data, confidential data, public data, etc.) and tag the content accordingly. Additionally, the system may determine a particular type of data and/or a field of data from which it came. For example, the system may determine if content corresponds to an address of a user. Upon doing so, the system may compare the known address of the user to determine whether the content corresponds to private information.”). As per claim 9, Natili in combination with Singh teaches the method of claim 1, Natili further teaches wherein the converting the user input to a sanitized user input includes: transmitting, to a remote server with the first neural network based model, the user input; and receiving, from the remote server, the sanitized user input (Natili, Paragraph 0091 recites “At step 614, process 600 (e.g., using one or more components described above) transmits the first sanitized data instance. For example, the system may transmit the first sanitized data instance to a remote server, wherein the remote server comprises a data scrubbing application. For example, the remote server may participate in a second phase of a bifurcated sanitization process. By doing so, the system may provide a more efficient and secure method of data sanitization that leverages artificial intelligence to sanitize sensitive data and prevent the data from leaving the mobile device and/or being exposed to unauthorized third parties. For example, the remote server may continuously receive training data indicating previously classified data instances (as well as classification decisions and confidence metrics) and continuously training current versions of the machine learning model based on the training data.”). As per claim 10, The method of claim 1, wherein the generating the output includes: transmitting, to a remote server with the second neural network based model, the one or more retrieved contextual information artifacts, and the sanitized user input; and receiving, from the remote server, the output (Natili, Paragraph 0091 recites “At step 614, process 600 (e.g., using one or more components described above) transmits the first sanitized data instance. For example, the system may transmit the first sanitized data instance to a remote server, wherein the remote server comprises a data scrubbing application. For example, the remote server may participate in a second phase of a bifurcated sanitization process. By doing so, the system may provide a more efficient and secure method of data sanitization that leverages artificial intelligence to sanitize sensitive data and prevent the data from leaving the mobile device and/or being exposed to unauthorized third parties. For example, the remote server may continuously receive training data indicating previously classified data instances (as well as classification decisions and confidence metrics) and continuously training current versions of the machine learning model based on the training data.”). Regarding claim 11, claim 11 is directed to a similar system associated with the method of claim 1 respectively. Claim 11 is similar in scope to claim 1, respectively, and are therefore rejected under similar rationale. Regarding claim 12, claim 12 is directed to a similar system associated with the method of claim 2 respectively. Claim 12 is similar in scope to claim 2, respectively, and are therefore rejected under similar rationale. Regarding claim 13, claim 13 is directed to a similar system associated with the method of claim 3 respectively. Claim 13 is similar in scope to claim 3, respectively, and are therefore rejected under similar rationale. Regarding claim 14, claim 14 is directed to a similar system associated with the method of claim 4 respectively. Claim 14 is similar in scope to claim 4, respectively, and are therefore rejected under similar rationale. Regarding claim 16, claim 16 is directed to a similar system associated with the method of claim 6 respectively. Claim 16 is similar in scope to claim 6, respectively, and are therefore rejected under similar rationale. Regarding claim 18, claim 18 is directed to a similar system associated with the method of claim 8 respectively. Claim 18 is similar in scope to claim 8, respectively, and are therefore rejected under similar rationale. Regarding claim 19, claim 19 is directed to a similar system associated with the method of claim 9 respectively. Claim 19 is similar in scope to claim 9, respectively, and are therefore rejected under similar rationale. Claim(s) 5 and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Natili et al. (US 2024/0111891) and Singh et al. (US 11,693,637) and in further view of Seo et al. (US 2022/0405474). As per claim 5, Natili in combination with Singh teaches the method of claim 1, but fails to teach further comprising: determining, via a third neural network based model, a subject matter of the user input, wherein the likelihood that the user input contains a leak request is based on the subject matter. However, in an analogous art Seo teaches determining, via a third neural network based model, a subject matter of the user input, wherein the likelihood that the user input contains a leak request is based on the subject matter (Seo, Paragraph 0017 recites “According to one embodiment of the present invention, the feature extraction module may include a first neural network model, a second neural network model, and a third neural network model, and the feature extraction step may include: first feature information deriving step of deriving first feature information by inputting the embedding vector to the first neural network model; second feature information deriving step of deriving second feature information by inputting the first feature information to the second neural network model; third feature information deriving step of deriving third feature information by inputting the second feature information to the third neural network model; and a learning vector deriving step of deriving a learning vector based on the third feature information.”). It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Seo’s method, computing device and computer-readable medium for classification of encrypted data using neural network with Natili’s Systems and methods for sanitizing sensitive data and preventing data leakage using on-demand artificial intelligence models because it offers the advantage of processing data output to yield a more refined output. Regarding claim 15, claim 15 is directed to a similar system associated with the method of claim 5 respectively. Claim 15 is similar in scope to claim 5, respectively, and are therefore rejected under similar rationale. Claim(s) 7 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Natili et al. (US 2024/0111891) and Singh et al. (US 11,693,637) and in further view of Spain et al. (US 2023/0053322). As per claim 7, Natili in combination with Singh teaches the method of claim 1, but fails to teach wherein the determining the likelihood that the user input contains a leak request includes: determining the user input includes a substantive reiteration of a prior user input and a statement that a prior response was incorrect. However, in an analogous art Spain teaches wherein the determining the likelihood that the user input contains a leak request includes: determining the user input includes a substantive reiteration of a prior user input and a statement that a prior response was incorrect (Spain, Paragraph 0044 recites “Aspects of the disclosure include systems for training machine learning models to more accurately classify software scripts. Data leakage in training machine learning models occurs when information, for example information that is irrelevant to the task, (irrelevant to the task) is provided to a machine learning model during training that would not be expected to be provided when the model runs at inference. An example of data leakage is providing training examples from a training set, to a testing set. This may occur when training data includes a number of duplicate or near-duplicate training examples, which are split across a training set, validation set, and testing set. The accuracy of the model based on its performance in processing the data-leaked testing set can be overestimated, at least because the model was provided with examples during training that then appeared again during testing, as opposed to evaluating the model on completely new input. This makes validation function improperly, so the model can be trained too much, which reduces accuracy on completely new input. The incorrect validation can also mislead the practitioner into selecting models that are too complex, which further reduces accuracy on completely new input.”). It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Seo’s method, computing device and computer-readable medium for classification of encrypted data using neural network with Natili’s Systems and methods for sanitizing sensitive data and preventing data leakage using on-demand artificial intelligence models because it offers the advantage of processing data output to yield a more accurate training data. Regarding claim 17, claim 17 is directed to a similar system associated with the method of claim 7 respectively. Claim 17 is similar in scope to claim 7, respectively, and are therefore rejected under similar rationale. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODERICK TOLENTINO whose telephone number is (571)272-2661. The examiner can normally be reached Mon- Fri 8am-4pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached at 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. RODERICK . TOLENTINO Examiner Art Unit 2439 /RODERICK TOLENTINO/Primary Examiner, Art Unit 2439