DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-30 have been examined.
Response to Arguments
Regarding Double Patenting rejection and 35 U.S.C. 112 rejection, the rejections are withdrawn in response to Amendment filed on 3/26/26.
Regarding 35 U.S.C. 103 rejection, Applicant’s arguments with respect to claims 1-30 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Specifically, new prior art of record, Dattatri et al. U.S. 2020/0026877, is relied upon for disclosure of amended limitations.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-4, 7-15 and 28-30 are rejected under 35 U.S.C. 103 as being unpatentable over Su et al. U.S. Pat. No. 11997059 (hereinafter Su) in view of Shmukler et al. U.S. 12,197,483 (hereinafter Shmukler) and further in view of Dattatri et al. U.S. 2020/0026877 (hereinafter Dattatri).
As per claim 1, Su discloses a computer-implemented method comprising:
receiving, by a first analysis engine executing in a model environment, data characterizing a prompt for ingestion by a generative artificial intelligence (GenAI) model, the GenAI model executing in the model environment (Su: figure 3A; column 11 lines 32-65: receive prompts for AI chatbot/generative AI);
determining, by the first analysis engine using the received data, whether the prompt comprises personally identifiable information (PII) or elicits PII from the GenAI model, the analysis engine using pattern recognition to identify PII entities in the prompt (Su: figure 3A; column 11 lines 49-57: determine if the prompts solicit personally identifiable information or violate certain compliance policy; column 17 lines 26-32: analyzer is able to identify non-compliant items); and
providing data characterizing the determination by the second analysis engine to a consuming application or process, the consuming application or process configured to initiate one or more remediation actions based on the determination (Su: column 12 lines 40-54: determination is provided with respect to whether prompts violates compliance metrics; column 17 lines 46-62: take protective actions including blocking the request).
Su does not explicitly disclose use of multiple analysis engine in different environment to analyze whether content contains sensitive data; specifically, transmitting, by the first analysis engine in response to the determination that the prompt comprises PII or elicits PII, the prompt to a second analysis engine executing in a monitoring environment, the monitoring environment being separate and distinct from the model environment; and determining, by the second analysis engine using the received data, whether the prompt comprises personally identification information (PII) or elicits PII from the GenAI model.
Shmukler, in the same field of endeavor, discloses using machine learning models to analyze content/files to detect PII, wherein the analysis can be done partially locally and partially remotely at a remote server (Shmukler: col. 21 line 62 – col. 22 line 2; Figs. 2C-3 and corresponding paragraphs). It would have been obvious to one having ordinary skill in the art to utilize local and remote analysis to identify PII or sensitive information because Su and Shmukler are analogous art that identifies data that matches certain criteria through pattern recognition/matching. The motivation to combine would be perform different types or levels of analysis based on resource availability.
Su as modified does not explicitly disclose the first analysis engine providing computationally efficient local screening of the prompt using lightweight models, the transmitting being triggered by based on the first analysis engine determining that the prompt requires further analysis, the second analysis engine executing more computationally expensive models than the first analysis engine, the more computationally expensive models comprising an ensemble of models. However, Dattatri discloses analyzing data locally for PII/sensitive data using computationally efficient before triggering request to remote server for further analysis using more computationally expensive models comprising plurality of other models (Dattatri: [0023]-[0026]: each computing device may include PII detector and the dictionary to detect PII locally… the server may receive the data from one of the computing devices to perform longer and deeper analysis based on more computing resources, including algorithms/models). It would have been obvious to one having ordinary skill in the art to locally perform fast and efficient scan for PII first before transmitting the data for further analysis by remote analysis engine because they are analogous art. The motivation to combine would be that use of lightweight models allows detection of PII using low priority process without slowing down primary activities of the computing device before requesting further analysis by remote device (Dattatri: [0026]).
As per claim 2, Su as modified discloses the method of claim 1. Su further discloses further comprising: classifying identified PII entities as one of a plurality of entity types (Su: column 16 lines 36-67: classify different types of information that require different security measures).
As per claim 3, Su as modified discloses the method of claim 2. Su further discloses wherein the classifying utilizes at least one machine learning model (Su: column 16 lines 1-13: the manager categorizes noncompliant items; column 18 lines 28-42: the manager and adjuster are able to categorize noncompliant items… implement one or more machine learning models).
As per claim 4, Su as modified discloses the method of claim 2. Su further discloses further comprising: initiating at least one remediation action corresponding to the entity to modify or block the prompt (Su: column 17 lines 46-62: take protective actions including blocking the request).
As per claim 7, Su as modified discloses the method of claim 1. Su further discloses wherein the GenAI model comprises a large language model (Su: column 9 lines 21-39).
As per claim 8, Su as modified discloses the method of claim 1. Su further discloses wherein the consuming application or process allows the prompt to be input into the GenAI model upon a determination that the prompt does not comprise or elicit PII (Su: column 12 lines 49-61: prompts that do not violate compliance metrics are sent to the AI interface).
As per claim 9, Su as modified discloses the method of claim 1. Su further discloses wherein the consuming application or process prevents the prompt from being input into the GenAI model upon a determination that the prompt comprises or elicits PII (Su: column 17 lines 46-62: take protective actions including blocking the request).
As per claim 10, Su as modified discloses the method of claim 1. Su further discloses wherein the consuming application or process flags the prompt as comprising PII for quality assurance upon a determination that the prompt comprises or elicits PII (Su: column 17 lines 55-62: notifies an alert agent to review and verify the identified noncompliant).
As per claim 11, Su as modified discloses the method of claim 1. Su further discloses wherein the consuming application or process modifies the prompt to remove or redact the PII upon a determination that the prompt comprises or elicits PII and causes the modified prompt to be ingested by the GenAI model (Su: column 17 line 62 – column 18 line 16: rephrase or modify prompt to comply with rules).
As per claim 12, Su as modified discloses the method of claim 1. Su further discloses determining, using a blocklist, whether the prompt comprises or elicits undesired behavior from the GenAI model (Su: column 17 lines 6-18).
As per claim 13, Su as modified discloses the method of claim 12. Su further discloses preventing the prompt from being ingested by the GenAI model when it is determined that the prompt comprises or elicits undesired behavior from the GenAI model (Su: column 17 lines 6-18).
As per claim 14, Su as modified discloses the method of claim 13. Su further discloses modifying the prompt to be benign when it is determined that the prompt comprises or elicits undesired behavior from the GenAI model (Su: column 17 line 62 – column 18 line 16: identify potential compliant information and modify the prompt); and causing the modified prompt to be ingested by the GenAI model (Su: column 17 line 62 – column 18 line 16: rephrase or modify prompt to comply with rules).
As per claim 15, Su as modified discloses the method of claim 1. Su as modified further discloses wherein the analysis engine uses natural language processing to identify and extract strings belonging to specific entity types likely to comprise PII (Su: column 16 lines 1-13: the manager categorizes noncompliant items; column 18 lines 28-42: the manager and adjuster are able to categorize noncompliant items… implement one or more machine learning models).
As per claim 28, Su discloses a computer-implemented method comprising:
receiving, by a proxy executing in a model environment, data characterizing a prompt for ingestion by an artificial intelligence (AI) model, the AI model executing in the model environment (Su: figure 3A; column 11 lines 32-65: receive prompts for AI chatbot/generative AI);
determining, using pattern recognition, whether the prompt comprises personally identifiable information (PII) (Su: figure 3A; column 11 lines 49-57: determine if the prompts solicit personally identifiable information or violate certain compliance policy; column 17 lines 26-32: analyzer is able to identify non-compliant items);
blocking the prompt for ingestion by the AI model when it is determined that the prompt comprises PII (Su: column 17 lines 46-62: take protective actions including blocking the request);
receiving, an output of the AI model response to the prompt, when it is determined that the prompt does not comprise PII (Su: column 12 lines 49-61: prompts that do not violate compliance metrics are sent to the AI interface to generate output);
Su as modified does not explicitly disclose, but Bosnjakovic discloses:
determining, using pattern recognition, whether the output comprises PII (Bosnjakovic: column 10 lines 13-18: sensitive information includes personal identifiable information; column 9 lines 26-56: evaluating the response based on tokens or vectors for text string comparisons);
allowing the output to be transmitted to a requesting user if it is determined that the output does not comprise PII (Bosnjakovic: column 3 lines 42 – column 4 line 14: implies outputting if it doesn’t contain sensitive language or terms; column 10 lines 47-62: include determining if the information contains PII such as social security number); and
preventing the output from being transmitted to a requestor when it is determined that the output comprises PII (Bosnjakovic: column 10 lines 19-62: provide determination of whether the answer from the generative AI contains sensitive information; column 15 lines 12-38: provide the confidence metric/determination to manager to prevent response from being provided). It would have been obvious to one having ordinary skill in the art to monitor input as well as output of generative AI model to ensure they do not elicit or produce sensitive information because they are analogous art. The motivation to combine would be to prevent disclosure of personal information.
Su does not explicitly disclose use of multiple analysis engine in different environment to analyze whether content contains sensitive data. However, Shmukler discloses using machine learning models to analyze content/files to detect PII, wherein the analysis can be done partially locally and partially remotely at a remote server (Shmukler: col. 21 line 62 – col. 22 line 2; Figs. 2C-3 and corresponding paragraphs). It would have been obvious to one having ordinary skill in the art to utilize local and remote analysis to identify PII or sensitive information because Bosnjakovic and Shmukler are analogous art that identifies data that matches certain criteria through pattern recognition/matching. The motivation to combine would be perform different types or levels of analysis based on resource availability.
Su as modified does not explicitly disclose the first analysis engine providing computationally efficient local screening of the prompt using lightweight models, the transmitting being triggered by based on the first analysis engine determining that the prompt requires further analysis, the second analysis engine executing more computationally expensive models than the first analysis engine, the more computationally expensive models comprising an ensemble of models. However, Dattatri discloses analyzing data locally for PII/sensitive data using computationally efficient before triggering request to remote server for further analysis using more computationally expensive models comprising plurality of other models (Dattatri: [0023]-[0026]: each computing device may include PII detector and the dictionary to detect PII locally… the server may receive the data from one of the computing devices to perform longer and deeper analysis based on more computing resources, including algorithms/models). It would have been obvious to one having ordinary skill in the art to locally perform fast and efficient scan for PII first before transmitting the data for further analysis by remote analysis engine because they are analogous art. The motivation to combine would be that use of lightweight models allows detection of PII using low priority process without slowing down primary activities of the computing device before requesting further analysis by remote device (Dattatri: [0026]).
As per claim 29, Su as modified discloses the method of claim 28. Su as modified further discloses relaying, by a proxy intermediate to the AI model and a plurality of client devices, received queries to the monitoring environment prior to ingestion by the AI model; analyzing, by the second analysis engine, the relayed queries to make an assessment as to whether the queries are indicative of being malicious and whether the queries comprise or elicit PII from the AI model; and causing, by a remediation engine forming part of the monitoring environment, data to be transmitted to the proxy which causes the query to be blocked before ingestion by the AI model or modified to remove PII prior to ingestion by the AI model (Dattatri: [0022]-[0026]). It would have been obvious to one having ordinary skill in the art to combine the teaching of Dattatri within the system Su as modified to allow deeper additional analysis using more complex computationally resources while prioritizing other tasks at local model environment.
As per claim 30, Su as modified discloses the method of claim 28. Su as modified further discloses relaying, by the proxy, the output of the AI model to the monitoring environment prior to transmission to a client device; analyzing, by the second analysis engine in the monitoring environment, the relayed output to make an assessment as to whether the output is indicative of being malicious based on a combination of the prompt and the output, and whether the output comprises PII; transmitting, by a remediation engine forming part of the monitoring environment, data to the proxy which causes the output to be modified to remove PII prior to transmission to a requesting client device, the second analysis engine utilizing at least one blocklist leveraging historical outputs of the AI model that are indicative of being part of a malicious attack to determine whether the output contains information indicative of undesired behavior (Dattatri: [0022]-[0026]). It would have been obvious to one having ordinary skill in the art to combine the teaching of Dattatri within the system Su as modified to allow deeper additional analysis using more complex computationally resources while prioritizing other tasks at local model environment.
Claims 5 and 6 are rejected under 35 U.S.C. 103 as being unpatentable over Su in view of Shmukler and further in view of Dattatri and further in view of Bosnjakovic.
As per claim 5, Su as modified discloses the method of claim 1. Su as modified does not explicitly disclose tokenizing the data characterizing the prompt to result in a plurality of tokens; and wherein the analysis engine uses the tokens for the determining. However, Bosnjakovic teaches or at least suggests tokenizing the data characterizing the output to result in a plurality of tokens; and wherein the analysis engines uses the tokens for the determining (Bosnjakovic: column 9 lines 26-56: evaluating the response based on tokens or vector for text string comparison). It would have been obvious to one having ordinary skill in the art to determine output of generative AI model by analyzing tokenized and/or vectorized information because Su and Bosnjakovic are analogous art that monitors input/output of generative AI models. The motivation to combine would be allow efficient similarity search to identify terms containing specified known sensitive information.
As per claim 6, Su as modified discloses the method of claim 1. Su as modified does not explicitly disclose vectorizing the data characterizing the prompt to result in one or more vectors; generating one or more embeddings based on the one or more vectors, the embeddings having a lower dimensionality than the one or more vectors; and wherein the analysis engine utilizes the generated one or more embeddings for the determining. However, Bosnjakovic discloses vectorizing the data characterizing the output to result in one or more vectors; generating one or more embeddings based on the one or more vectors, the embeddings having a lower dimensionality than the one or more vectors; and wherein the analysis engine utilizes the generated one or more embeddings for the determining (Bosnjakovic: column 9 lines 26-56: evaluating the response based on tokens and vectors for text string comparison to evaluate answer/ouput/responses). Same rationale applies here as above in rejecting claim 5.
Claims 16-27 are rejected under 35 U.S.C. 103 as being unpatentable over Bosnjakovic et al. U.S. Pat. No. 11875130 (hereinafter Bosnjakovic) in view of Shmukler and further in view of Dattatri.
As per claim 16, Bosnjakovic discloses a computer-implemented method comprising:
receiving, by an analysis engine, data characterizing an output of a generative artificial intelligence (GenAI) model responsive to a prompt (Bosnjakovic: column 8 line 65 – column 9 line 14: generative AI model that retrieves result/output in response to a prompt);
determining, by the analysis engine using the received data, whether the output comprises personally identifiable information (PII), the analysis engine using pattern recognition to identify PII entities in the output (Bosnjakovic: column 10 lines 13-18: sensitive information includes personal identifiable information); and
providing data characterizing the determination to a consuming application or process (Bosnjakovic: column 10 lines 19-62: provide determination of whether the answer from the generative AI contains sensitive information; column 15 lines 12-38: provide the confidence metric/determination to manager to prevent response from being provided); and
a remediation engine initiating one or more remediation actions in response to a determination that the output comprises PII, the remediation comprises at least one of: blocking the output, modifying the output to remove PII, or flagging the output for quality assurance (Bosnjakovic: column 3 lines 42 – column 4 line 14: prevent output that contains sensitive language implies outputting if it doesn’t contain sensitive language or terms; column 10 lines 47-62: include determining if the information contains PII such as social security number).
Bosnjakovic does not explicitly disclose use of multiple analysis engines in different environment to analyze whether content contains sensitive data. However, Shmukler discloses using machine learning models to analyze content/files to detect PII, wherein the analysis can be done partially locally and partially remotely at a remote server (Shmukler: col. 21 line 62 – col. 22 line 2; Figs. 2C-3 and corresponding paragraphs). It would have been obvious to one having ordinary skill in the art to utilize local and remote analysis to identify PII or sensitive information because Bosnjakovic and Shmukler are analogous art that identifies data that matches certain criteria through pattern recognition/matching. The motivation to combine would be perform different types or levels of analysis based on resource availability.
Bosnjakovic as modified does not explicitly disclose the monitoring environment being separate and distinct from the model environment, and the first analysis engine providing computationally efficient local screening using lightweight models and the second analysis engine executing more computationally expensive models comprising an ensemble of models; the determination by the first analysis engine triggering transmission of data characterizing the output to the monitoring environment when the first analysis engine determines that further analysis is required. However, Dattatri discloses analyzing data locally for PII/sensitive data using computationally efficient before triggering request to remote server for further analysis using more computationally expensive models comprising plurality of other models (Dattatri: [0023]-[0026]: each computing device may include PII detector and the dictionary to detect PII locally… the server may receive the data from one of the computing devices to perform longer and deeper analysis based on more computing resources, including algorithms/models). It would have been obvious to one having ordinary skill in the art to locally perform fast and efficient scan for PII first before transmitting the data for further analysis by remote analysis engine because they are analogous art. The motivation to combine would be that use of lightweight models allows detection of PII using low priority process without slowing down primary activities of the computing device before requesting further analysis by remote device (Dattatri: [0026]).
As per claim 17, Bosnjakovic as modified discloses the method of claim 16. Bosnjakovic as modified further discloses classifying identified PII entities as one of a plurality of entity types (Bosnjakovic: column 10 lines 48-62: social security number or other types of confidential information).
As per claim 18, Bosnjakovic as modified discloses the method of claim 17. Bosnjakovic as modified further disclose wherein the classifying utilizes at least one machine learning model (Shmukler: col. 4 lines 24-67: machine learning model to classify data). Use of machine learning model for data classification is well known in the art.
As per claim 19, Bosnjakovic as modified discloses the method of claim 17. Bosnjakovic as modified further discloses initiating at least one remediation action corresponding to the entity to modify or block the output (Bosnjakovic: column 15 lines 12-38: provide the confidence metric/determination to manager to prevent response from being provided).
As per claim 20, Bosnjakovic as modified discloses the method of claim 16. Bosnjakovic as modified further discloses tokenizing the data characterizing the output to result in a plurality of tokens; and wherein the analysis engines uses the tokens for the determining (Bosnjakovic: column 9 lines 26-56: evaluating the response based on tokens or vectors for text string comparisons).
As per claim 21, Bosnjakovic as modified discloses the method of claim 16. Bosnjakovic as modified further discloses vectorizing the data characterizing the output to result in one or more vectors; generating one or more embeddings based on the one or more vectors, the embeddings having a lower dimensionality than the one or more vectors; and wherein the analysis engine utilizes the generated one or more embeddings for the determining (Bosnjakovic: column 9 lines 26-56: evaluating the response based on tokens and vectors for text string comparison to evaluate answer/output/responses).
As per claim 22, Bosnjakovic as modified discloses the method of claim 16. Bosnjakovic as modified further discloses wherein the GenAI model comprises a large language model (Bosnjakovic: column 9 lines 26-56: large language model/LLM).
As per claim 23, Bosnjakovic as modified discloses the method of claim 16. Bosnjakovic as modified further discloses wherein the consuming application or process allows the output to be transmitted to a requestor upon a determination that the output does not comprise PII (Bosnjakovic: column 3 lines 42 – column 4 line 14: prevent output that contains sensitive language implies outputting if it doesn’t contain sensitive language or terms; column 10 lines 47-62: include determining if the information contains PII such as social security number).
As per claim 24, Bosnjakovic as modified discloses the method of claim 16. Bosnjakovic as modified further discloses wherein the consuming application or process prevents the output to be transmitted to a requestor upon a determination that the output comprises PII (Bosnjakovic: column 3 lines 42 – column 4 line 14: prevent output that contains sensitive language implies outputting if it doesn’t contain sensitive language or terms; column 10 lines 47-62: include determining if the information contains PII such as social security number).
As per claim 25, Bosnjakovic as modified discloses the method of claim 16. Bosnjakovic as modified further discloses wherein the consuming application or process flags the output as comprising PII for quality assurance upon a determination that the output comprises PII (Bosnjakovic: column 10 lines 19-62: provide determination of whether the answer from the generative AI contains sensitive information; column 15 lines 12-38: provide the confidence metric/determination to manager to prevent response from being provided).
As per claim 26, Bosnjakovic as modified discloses the method of claim 16. Su as modified further discloses wherein the consuming application or process modifies the output to remove or redact the PII upon a determination that the output comprises PII (Bosnjakovic: column 3 lines 42 – column 4 line 14: prevent output that contains sensitive language at least suggests outputting if it doesn’t contain sensitive language or terms; column 10 lines 47-62: include determining if the information contains PII such as social security number).
As per claim 27, Bosnjakovic as modified discloses the method of claim 16. Bosnajakovic as modified further discloses wherein the analysis engine uses natural language processing to identify and extract strings belonging to specific entity types likely to comprise PII (Bosnajakovic: col. 9 lines 26-67; col. 10 lines 48-62).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHIN HON (ERIC) CHEN whose telephone number is (571)272-3789. The examiner can normally be reached Monday to Thursday 9am- 7pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached at 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SHIN-HON (ERIC) CHEN/Primary Examiner, Art Unit 2431