DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Action is responsive to the Application filed on 8/5/2024. Claims 1-20 are pending in the case.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-3, 7-11, and 15-19 are rejected under 35 U.S.C. 103 as being unpatentable over Opedal (US 20250291929 A1) in view of Goel et al. (US 20260017462 A1, hereinafter Goel) and further in view of Stockert et al. (US 20250217695 A1, hereinafter Stockert).
As to independent claim 1, Opedal teaches a system for configuring data using advanced computational models for data analysis and automated processing (computing system 400), the system comprising:
a processing device (Fig. 4, processor 402, paragraph 0035);
a non-transitory storage device containing instructions when executed by the processing device (a storage medium 426, paragraph 0035), causes the processing device to perform the steps of:
train a large language model (LLM), wherein training the LLM comprises using system-specific data (“One or more of the LLMs described herein can be trained or fine-tuned using training data that includes logfiles as input and a desired output, such as instances of vulnerability identified in the logfiles.” Paragraph 0019, last sentence) comprising feed data, process run logs, historical events, code base, existing permissions, and data classification rules (“Examples of the obfuscated log files include, but are not limited to, logs generated based on interactions between a user device and the application, server logs saved in the log storage of the communications network, codebase of the application, or source files of the application.” Paragraph 0028);
determine prone data, wherein the prone data comprises a log file comprising sensitive information, and wherein the prone data is determined via a prone module (“In some implementations, the vulnerability detection and mitigation system 105 prompts the LLM to determine contents stored in the first set of obfuscated log files or identify a security issue or a vulnerability in the first set of obfuscated log files… Examples of security and/or vulnerability issues include, but are not limited to, login information, identification information associated with users accessing one or more applications when the logfiles were generated, unique customer numbers, social security numbers, or other personal identifiable information that are identified in the first set of obfuscated log files.” Paragraph 0030);
Opedal does not appear to expressly teach configure the prone data using a generative artificial intelligence (GenAI) module, wherein the GenAI module configures the prone data by masking the sensitive information using a masking procedure; and
determine the masking procedure via a decentralized autonomous organization (DAO).
Goel teaches configure the prone data using a generative artificial intelligence (GenAI) module, wherein the GenAI module configures the prone data by masking the sensitive information using a masking procedure (“Returning to FIG. 1, the sanitization system 106 sends the sanitized prompt to one of the generative AI systems 124. For example, the sanitization system 106 can select one of the LLMs A-C 126a-c from the generative AI systems 124 to which the sanitized prompt should be sent. The sanitization system 106 can receive, in response, a sanitized response from the selected LLM. The user interface 200b in FIG. 2B depicts an example of a sanitized response 206b. Since the sanitized prompt 204b included replacement phrases for potentially sensitive phrases, the sanitized response 206b similarly includes the replacement phrases along with other content for the sanitized response 206b.” Paragraph 0075-0076).
Accordingly, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Opedal to comprise configure the prone data using a generative artificial intelligence (GenAI) module, wherein the GenAI module configures the prone data by masking the sensitive information using a masking procedure. One would have been motivated to make such a combination for enhancing data security system and preventing data leakage.
Stockert teaches determine the
Accordingly, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Opedal to comprise determine the masking procedure via a decentralized autonomous organization (DAO). One would have been motivated to make such a combination to provide for improving efficiency and minimizing the potential for errors.
As to dependent claim 2, Opedal teaches the system of claim 1, Opedal further teaches wherein the GenAI module configures the prone data by: ingesting the system-specific data; understanding, via the prone module, the sensitive data within the prone data via a natural language processing module; and configuring the prone data, the log file, and the sensitive information using masking procedure (“The security and/or vulnerability issues can include, but are not limited to, login information, identification information associated with users accessing one or more applications when the logfiles were generated, and sensitive personal identifiable information such as unique customer numbers and social security numbers. One or more of the LLMs described herein can be trained or fine-tuned using training data that includes logfiles as input and a desired output, such as instances of vulnerability identified in the logfiles.” Paragraph 0019,0026).
As to dependent claim 3, Opedal teaches the system of claim 1, Opedal further teaches wherein the masking procedure comprises creating a generalized message, wherein the generalized message configures the prone data by replacing the sensitive information with the generalized message (“After determining that the security and/or vulnerability issues identified in the logfile 225A exists in the logfile 225B, the vulnerability detection and mitigation system 105 can be configured to notify a network node or an administrator within the communications network responsible for storing the logfile 225B or handling the application that generated the logfile 225B.” paragraph 0026).
As to dependent claim 7, Opedal teaches the system of claim 1, Opedal does not appear to expressly teach wherein the DAO comprises:
executing a smart contract, wherein the smart contract transmits the masking procedure to one or more stakeholders;
receiving an approval from the one or more stakeholders, wherein the approval approves the masking procedure; and
implementing the masking procedure into a production-level GenAI module.
Stockert teaches executing a smart contract, wherein the smart contract transmits the
receiving an approval from the one or more stakeholders, wherein the approval approves the
implementing the
Accordingly, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Opedal to comprise wherein the DAO comprises: executing a smart contract, wherein the smart contract transmits the masking procedure to one or more stakeholders; receiving an approval from the one or more stakeholders, wherein the approval approves the masking procedure; and implementing the masking procedure into a production-level GenAI module. One would have been motivated to make such a combination to provide for improving efficiency and minimizing the potential for errors.
As to dependent claim 8, Opedal teaches the system of claim 1, Opedal does not appear to expressly teach wherein the DAO comprises:
executing a smart contract, wherein the smart contract transmits the masking procedure to one or more stakeholders;
receiving a rejection from the one or more stakeholders, wherein the rejection rejects the masking procedure;
generating one or more reports detailing the rejection of the masking procedure;
refining the masking procedure via the LLM to create an updated masking procedure; and
configuring, via the GenAI module, the prone data by masking the sensitive data using the updated masking procedure.
Stockert teaches executing a smart contract, wherein the smart contract transmits the
receiving a rejection from the one or more stakeholders, wherein the rejection rejects the
generating one or more reports detailing the rejection of the
Accordingly, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Opedal to comprise executing a smart contract, wherein the smart contract transmits the masking procedure to one or more stakeholders; receiving a rejection from the one or more stakeholders, wherein the rejection rejects the masking procedure;
generating one or more reports detailing the rejection of the masking procedure. One would have been motivated to make such a combination to provide for improving efficiency and minimizing the potential for errors.
Goel teaches refining the masking procedure via the LLM to create an updated masking procedure; and configuring, via the GenAI module, the prone data by masking the sensitive data using the updated masking procedure (“the sanitization model can determine whether to update a response received from an external generative AI system. This determination can be made since some messages might be sent to an external generative AI system without any sanitization,” Paragraph 0124)
Accordingly, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Opedal to comprise the masking procedure via the LLM to create an updated masking procedure; and configuring, via the GenAI module, the prone data by masking the sensitive data using the updated masking procedure. One would have been motivated to make such a combination for enhancing data security system and preventing data leakage.
Claims 9-11, 15-19 are substantially the same as claims 1-3 and 7-8 and are therefore rejected under similar rationale as above.
Claims 4, 6, 12, 14, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Opedal in view of Goel et al., Stockert et al. and further in view of Nadav (US 20250036809 A1).
As to dependent claim 4, Opedal teaches the system of claim 1, Opedal does not appear to expressly teach wherein the masking procedure comprises concealing the sensitive information of the prone data by replacing the sensitive information with one or more symbols.
Nadav teaches wherein the masking procedure comprises concealing the sensitive information of the prone data by replacing the sensitive information with one or more symbols The terms mask or masked, as used herein, refers to text (such as a word or a number) that is concealed in some way. In the case of a word that is sensitive information, the word is masked such that the sensitive aspect of the word is eliminated. For example, to mask a word from a string of text, the word can be simply deleted from the string. For instance, the string of text “the cat belongs to John Smith of the United Kingdom” is replaced with “the cat belongs to of the United Kingdom”. In another example of masking, a masked word such as “John” or “Smith” is replaced with one or more characters that hide what the word was, such as “XXXX”.” paragraph 0023).
Accordingly, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Opedal to comprise wherein the masking procedure comprises concealing the sensitive information of the prone data by replacing the sensitive information with one or more symbols. One would have been motivated to make such a combination for enhancing data security system and preventing data leakage.
As to dependent claim 6, Opedal teaches the system of claim 1, Opedal further teaches wherein the masking procedure comprises:
analyzing the prone data to determine the sensitive information (“In some implementations, the vulnerability detection and mitigation system 105 prompts the LLM to determine contents stored in the first set of obfuscated log files or identify a security issue or a vulnerability in the first set of obfuscated log files… Examples of security and/or vulnerability issues include, but are not limited to, login information, identification information associated with users accessing one or more applications when the logfiles were generated, unique customer numbers, social security numbers, or other personal identifiable information that are identified in the first set of obfuscated log files.” Paragraph 0030);
structuring the prone data (“Examples of security and/or vulnerability issues include, but are not limited to, login information, identification information associated with users accessing one or more applications when the logfiles were generated, unique customer numbers, social security numbers, or other personal identifiable information that are identified in the first set of obfuscated log files.” Paragraph 0030).
Opedal does not appear to expressly teach concealing the sensitive information of the prone data by replacing the sensitive information with one or more symbols.
Nadav teaches concealing the sensitive information of the prone data by replacing the sensitive information with one or more symbols (“For example, to mask a word from a string of text, the word can be simply deleted from the string. For instance, the string of text “the cat belongs to John Smith of the United Kingdom” is replaced with “the cat belongs to of the United Kingdom”. In another example of masking, a masked word such as “John” or “Smith” is replaced with one or more characters that hide what the word was, such as “XXXX”.” paragraph 0023).
Accordingly, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Opedal to comprise concealing the sensitive information of the prone data by replacing the sensitive information with one or more symbols. One would have been motivated to make such a combination for enhancing data security system and preventing data leakage.
Claims 12, 14, and 20 are substantially the same as claims 4 and 6 and are therefore rejected under similar rationale as above.
Claims 5 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Opedal in view of Goel et al., Stockert et al. and further in view of Nainar et al (US 2024/0346180 A1, hereinafter Nainar).
As to dependent claim 5, Opedal teaches the system of claim 1, Opedal does not appear to expressly teach wherein the masking procedure comprises transferring the prone data to a secured location, wherein the secured location comprises permission-based access restrictions.
Nainar teaches wherein the masking procedure comprises transferring the prone data to a secured location, wherein the secured location comprises permission-based access restrictions (“the service provider computing device 108 is configured to detect sensitive data included within an email communication, store any detected sensitive data in a remote (and secure) memory location at a data store 114 of a data host provider 116, and replace the sensitive data with a reference to the memory location.” Paragraph 0023).
Accordingly, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Opedal to comprise wherein the masking procedure comprises transferring the prone data to a secured location, wherein the secured location comprises permission-based access restrictions. One would have been motivated to make such a combination One would have been motivated to make such a combination for enhancing data security system and preventing data leakage.
Claim 13 is substantially the same as claim 5 and is therefore rejected under similar rationale as above.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Crume et al. US 20250086308 A1 Data Leakage Protection Using Generative Large Language Models.
Fu et al. US 20260037365 A1 Risk and Anomaly Detection using Large Language Model.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAHELET SHIBEROU whose telephone number is (571)270-7493. The examiner can normally be reached Monday-Friday 9:00 AM-5:00 PM Eastern Time.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kieu Vu can be reached at 571-272-4057. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MAHELET SHIBEROU/Primary Examiner, Art Unit 2171