Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This non-final action is responsive to application filed on 09/27/2024. Claims 1-21 are pending, with claims 1, 8 and 15 being independent.
Priority
The present application claims priority to US Provisional Patent Application No.
63/540,779, filed on September 27, 2023.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-6, 8-13 and 15-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
Claims 1-6 are directed to a method (process). Claims 8-13 are directed to a system (machine). Claims 15-20 are directed to a manufacture (an article produced from materials). Thus, each of the claims is directed to one of the statutory categories of invention.
Claims 1, 8 and 15 recite generating, via a semantic search machine learning model, a sensitivity score for the prompt based on a relevant of the prompt to a sensitive enterprise data. This is mental process that are practically performed in the human mind by a human using observations, evaluations, judgments, and opinions to generate the score. Accordingly, the claim recites a judicial exception.
This judicial exception is not integrated into a practical application. In particular, the claims recite additional elements receiving a prompt to a target machine learning model. Receiving a prompt is mere data transferring, and thus is insignificant extra-solution activity. Accordingly, these additional elements do not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea.
The claims as a whole do not amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, data transferring is recited at a high level of generality, which are well understood, routine, and conventional in the field. Thus, the claims are not patent eligible.
Depending claims 2-6, 8-13 and 15-20 are having the same issues as shown above. The claims do not recite additional elements that integrate the abstract idea into a practical application, or amount to significantly more than the abstract idea. Accordingly, the claims are not patent eligible.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-2, 4-5, 7-9, 11-12, 14-16, 18-19 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Harinath et al. (US 2025/0086309, provisional filed Sep. 11, 2023) and Croteau et al. (US 2023/0153427, published May 18, 2023).
As per claim 1, Harinath discloses a method of providing privacy-aware semantic searching (Harinath Fig. 9), the method comprising:
receiving a prompt to a target machine learning model (Harinath Fig. 9, Receive, from a client and at an interface for accessing a large language model, a prompt for a response from the large language model at 905); and
[determining sensitive information] for the prompt based on a relevant of the prompt to a sensitive enterprise data (Harinath par. 33, the masking model 230 may be configured to process the input prompt, determine that the input prompt contains one or more elements of sensitive information... Sensitive information may include PII, PCI information, PHI, and/or information flagged by the cloud client 105 (e.g., the configuration parameters associated with the cloud client 105) as being sensitive or restricted. The masking model 230 may be configured to implement various techniques to identify the elements for sensitive information, such as named entity recognition (NER) techniques, regular expressions (regex), and other information extraction or identification techniques; Harinath par. 17, a cloud client 105 may be operated by a user that is part of a business, an enterprise, a non-profit, a startup, or any other organization type; Harinath par. 19, The interaction 130 may be a business-to-business (B2B) interaction or a business-to-consumer (B2C) interaction).
Harinath discloses determining sensitive information for the prompt, but does not explicitly disclose generating, via a semantic search machine learning model, a sensitivity score for the prompt.
Croteau teaches:
generating, via a semantic search machine learning model, a sensitivity score for the sensitive information (Croteau par. 82-86, Following identification of the potential sensitive information via the REGEXs 210 and the individual names or personal identifiers 212 by the machine learning… Following the precise correlation analysis 214, a sensitivity score can be determined based on the weight of the sensitive information identified with each REGEX 210 and its level of correlation with identified names or user identifiers 212).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify the method of Harinath with the teaching of Croteau to incorporate sensitivity score feature for generating, via a semantic search machine learning model, a sensitivity score for the prompt based on a relevant of the prompt to a sensitive enterprise data. One of ordinary skilled in the art would have been motivated because it offers the advantage of quantifying the level of sensitivity of the prompt for managing security risk of the system.
As per claim 2, Harinath as modified discloses the method of claim 1, wherein the sensitivity score is integrated into a semantic search application (Croteau par. 10, determine the sensitivity score indicative of the level of sensitivity of the extracted data; Croteau par. 48, The configuration module 52 of the central platform 52 can also be used to define sensitivity parameters of the system 10 (i.e. to define the level of sensitive data which can be identified by the system 10 without being considered by the system 10 as a potential security threat and/or without generating a security warning)). The same rationale as in claim 1 applies.
As per claim 4, Harinath as modified discloses the method of claim 1. Harinath discloses wherein the sensitivity [information] influences a retrieval and presentation of enterprise data related to the prompt (see Harinath Fig. 9), but does not explicitly disclose the sensitivity score influences a retrieval and presentation of enterprise data related to the prompt.
Croteau teaches:
the sensitivity score and sensitivity parameters (Croteau par. 10, determine the sensitivity score indicative of the level of sensitivity of the extracted data; Croteau par. 48, The configuration module 52 of the central platform 52 can also be used to define sensitivity parameters of the system 10 (i.e. to define the level of sensitive data which can be identified by the system 10 without being considered by the system 10 as a potential security threat and/or without generating a security warning)).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify the method of Harinath with the teaching of Croteau to incorporate sensitivity score and parameter feature for defining a sensitivity level for processing the prompt (i.e., the sensitivity score influences a retrieval and presentation of enterprise data related to the prompt). One of ordinary skilled in the art would have been motivated because it offers the advantage of quantifying the level of sensitivity of the prompt for managing security risk of the system.
As per claim 5, Harinath as modified discloses the method of claim 1, wherein the semantic search machine learning model is trained specifically to identify sensitive or confidential information (Croteau par. 82-86, Following identification of the potential sensitive information via the REGEXs 210 and the individual names or personal identifiers 212 by the machine learning) in the sensitive enterprise data (Harinath par. 17, a cloud client 105 may be operated by a user that is part of a business, an enterprise, a non-profit, a startup, or any other organization type; Harinath par. 19, The interaction 130 may be a business-to-business (B2B) interaction or a business-to-consumer (B2C) interaction. The same rationale as in claim 1 applies.
As per claim 7, Harinath as modified discloses the method of claim 1. Harinath discloses further comprising:
modifying, based on [the sensitive information], the prompt to generate a modified prompt (Harinath Fig. 9, Replace the one or more elements of sensitive information with one or more respective masking elements at 920) ; and
transmitting the modified prompt to the target machine learning model (Harinath Fig. 9, Transmit, to the large language model via a model interface, the modified prompt at 925).
Harinath discloses modifying the prompt based on the sensitive information, but does not explicitly disclose modifying the prompt based on the sensitivity score.
Croteau teaches:
the sensitivity score and sensitivity parameters (Croteau par. 10, determine the sensitivity score indicative of the level of sensitivity of the extracted data; Croteau par. 48, The configuration module 52 of the central platform 52 can also be used to define sensitivity parameters of the system 10 (i.e. to define the level of sensitive data which can be identified by the system 10 without being considered by the system 10 as a potential security threat and/or without generating a security warning)).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify the method of Harinath with the teaching of Croteau to incorporate sensitivity score and parameter feature for defining a sensitivity level for processing the prompt (i.e., modifying the prompt based on the sensitivity score). One of ordinary skilled in the art would have been motivated because it offers the advantage of quantifying the level of sensitivity of the prompt for managing security risk of the system.
Claims 8-9, 11-12 and 14 do not teach or further define over the limitations in claims 1-2, 4-5 and 7 respectively. As such, claims 8-9, 11-12 and 14 are rejected for the same reasons as set forth in claims 1-2, 4-5 and 7, respectively.
Claims 15-16, 18-19 and 21 do not teach or further define over the limitations in claims 1-2, 4-5 and 7 respectively. As such, claims 15-16, 18-19 and 21 are rejected for the same reasons as set forth in claims 1-2, 4-5 and 7, respectively.
Claims 3, 10 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Harinath et al. (US 2025/0086309, provisional filed Sep. 11, 2023), Croteau et al. (US 2023/0153427, published May 18, 2023) and Zimmermann et al. (US 2018/0027006, published Jan. 25, 2018).
As per claim 3, Harinath as modified discloses the method of claim 1, but does not explicitly disclose further comprising:
dynamically adjusting the semantic search machine learning model based on real-time human-in-the-loop feedback.
Zimmermann teaches:
dynamically adjusting machine learning model based on real-time human-in-the-loop feedback (Zimmermann par. 563, These classification events are validate or not, such as by human feedback, and the learning model iterates (such as by adjusting weights given to different attributes), until it becomes sufficiently effective to provide an automated classification of the access type).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to further modify the method of Harinath with the teaching of Zimmermann to incorporate human feedback for dynamically adjusting the semantic search machine learning model based on real-time human-in-the-loop feedback. One of ordinary skilled in the art would have been motivated because it offers the advantage of optimizing the learning model.
Claim 10 does not teach or further define over the limitations in claim 3. As such, claim 10 is rejected for the same reasons as set forth in claim 3.
Claim 17 does not teach or further define over the limitations in claim 3. As such, claim 17 is rejected for the same reasons as set forth in claim 3.
Claims 6, 13 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Harinath et al. (US 2025/0086309, provisional filed Sep. 11, 2023), Croteau et al. (US 2023/0153427, published May 18, 2023) and Dettinger et al. (US 2005/0038788, published Feb. 17, 2005).
As per claim 6, Harinath as modified discloses the method of claim 1, discloses sensitive information, related to the sensitive enterprise data, is detected in the prompt (Harinath par. 33, the masking model 230 may be configured to process the input prompt, determine that the input prompt contains one or more elements of sensitive information; Harinath par. 17, a cloud client 105 may be operated by a user that is part of a business, an enterprise, a non-profit, a startup, or any other organization type; Harinath par. 19, The interaction 130 may be a business-to-business (B2B) interaction or a business-to-consumer (B2C) interaction), but does not explicitly disclose further comprising:
transmitting a notification to a computing device when sensitive information, related to the sensitive enterprise data, is detected in the prompt.
Dettinger teaches:
transmitting a notification to a computing device when sensitive information is detected (Dettinger pg. 8, notifying a user sensitive information has been detected).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to further modify the method of Harinath with the teaching of Dettinger for transmitting a notification to a computing device when sensitive information, related to the sensitive enterprise data, is detected in the prompt. One of ordinary skilled in the art would have been motivated because it offers the advantage of allowing user to take appropriate action regarding detected sensitive information .
Claim 13 does not teach or further define over the limitations in claim 3. As such, claim 13 is rejected for the same reasons as set forth in claim 6.
Claim 20 does not teach or further define over the limitations in claim 3. As such, claim 20 is rejected for the same reasons as set forth in claim 6.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 20240061952 A1; Identifying Sensitive Data Using Redacted Data
Disclosed embodiments pertain to identifying sensitive data using redacted data. Data entry into electronic form fields can be monitored and analyzed to detect improperly entered sensitive data. The type of sensitive data can be determined, and the sensitive data can be removed or redacted from the electronic form field. Surrounding context data, including text associated with the sensitive data, can be identified and captured. The context data and type of sensitive data can be utilized to train or update a machine learning model configured to identify sensitive data. In one instance, the machine learning model can be employed to detect improperly entered sensitive data, and context and type can be utilized to improve the performance and predictive power of the machine learning model.
US 20240022570 A1; Classifying Types Of Sensitive Events For Data Loss Prevention
Identification of an electronic communication containing specific information is provided. Content of the electronic communication may be evaluated by a machine-learning model, and based on an evaluation of the content, it may be determined that the electronic communication contains the specific information. The electronic communication may be tagged with tag information indicating that the electronic communication contains the specific information, and transmission of the electronic communication may be blocked based on the tag information.
US 11010492 B1; Real-time Detection Of Privacy Leaks Based On Linguistic Features
Methods and systems are provided for detecting privacy leakage risks in text. One example method generally includes receiving, at a computing device from a client device, a keyword and generating, by the computing device, a combined query comprising the keyword and a sensitive topic query associated with a sensitive topic. The method further includes transmitting the keyword from the computing device to a search engine and transmitting the combined query from the computing device to the search engine. The method further includes receiving, at the computing device from the search engine, a number of search results for the keyword and receiving, at the computing device from the search engine, a number of search results for the combined query. The method further includes determining, by the computing device, a confidence score and transmitting the confidence score from the computing device to the client device.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHANG DO whose telephone number is (571)270-7837. The examiner can normally be reached Monday-Friday 8:00 - 5:00 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, RUPAL DHARIA can be reached at (571) 272-3880. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/KHANG DO/Primary Examiner, Art Unit 2492