DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In view of the Appeal Brief filed on 04/15/2026, PROSECUTION IS HEREBY REOPENED. The new ground of rejection is set forth below.
To avoid abandonment of the application, appellant must exercise one of the following two options:
(1) file a reply under 37 CFR 1.111 (if this Office action is non-final) or a reply under 37 CFR 1.113 (if this Office action is final); or,
(2) initiate a new appeal by filing a notice of appeal under 37 CFR 41.31 followed by an appeal brief under 37 CFR 41.37. The previously paid notice of appeal fee and appeal brief fee can be applied to the new appeal. If, however, the appeal fees set forth in 37 CFR 41.20 have been increased since they were previously paid, then appellant must pay the difference between the increased fees and the amount previously paid.
A Supervisory Patent Examiner (SPE) has approved of reopening prosecution by signing below:
/AJAY M BHATIA/ Supervisory Patent Examiner, Art Unit 2156
Status of the claims
Claims 1-20 were pending, claims 1-8 and 15 have been amended. Therefore, claims 1-20 are currently pending for examination.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1-3 and 7, 15-17 and 20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Ho et al. (US 20250112768, hereafter Ho).
Regarding claim 1, Ho discloses: A computer implemented method comprising:
receiving a prompt (Ho [0040] discloses: receive user prompts );
generating a query based on the prompt (Ho [0061] discloses: the method 200 may include generating 210 a response to the user prompt using the Generative AI);
accessing a first data source having original data with different classifications to obtain first data source data responsive to the query (Ho [0036] discloses: the system 100 may include a retriever 112 that accesses the index 110 to obtain context information. The retriever 112 may be a software or hardware component that retrieves data from the data stores 106 based on the index 110; [0042] discloses: different levels of access to different users based on their roles as defined in the RBAC policies, the levels of access may be associated with labels applied to the encrypted data in the data stores 106);
processing the obtained first data source data to remove sensitive data to generate curated data (Ho [0042] discloses: replacing the sensitive data with a placeholder or other non-sensitive data for unauthorized users. The selective masking may provide an additional layer of protection for sensitive data, ensuring that unauthorized users cannot access the sensitive data even if they are able to bypass other security measures. In some aspects, the levels of access may be associated with labels applied to the encrypted data in the data stores 106);
providing the curated data and prompt to a large language model (Ho [0038; 0047] discloses: The LLM 114 may generate responses based on the provided prompts and context, which may include the encrypted and labeled data, based on an authorization level of a user associated with the prompt); and
receiving a first language response from the large language model based on the curated data and the prompt (Ho [0058 discloses: generate responses based on provided prompts and context, which may include and/or reference the encrypted and labeled data. In some cases, the LLM 114 may interact with the encrypted data in a way that allows it to generate meaningful responses without revealing the sensitive data).
Regarding claim 2, Ho as modified discloses: The computer implemented method of claim 1 wherein processing the obtained first data source data to generate curated data is performed based on application of differential privacy and the different classifications of the original data (Ho [0042; 0043] discloses: selectively mask sensitive data in the responses based on the user authorization. This may involve replacing the sensitive data with a placeholder or other non-sensitive data for unauthorized users. The selective masking may provide an additional layer of protection for sensitive data, ensuring that unauthorized users cannot access the sensitive data even if they are able to bypass other security measures. In some aspects, the levels of access may be associated with labels applied to the encrypted data in the data stores 106).
Regarding claim 3, Ho as modified discloses: The computer implemented method of claim 1 wherein processing the obtained first data source data to generate curated data is performed based on role based access control of a user associated with the query (Ho [0043] discloses: The RBAC enforcement 116 may use these frameworks to determine the level of access for each user or group of users. This may allow the system 100 to provide different levels of access to sensitive data for specific users, thereby ensuring that sensitive data is controlled and protected at all times).
Regarding claim 7, Ho as modified discloses: The computer implemented method of claim 1 and further comprising:
receiving additional knowledge data for training the large language model (Ho [0032] discloses: the system 100 may analyze the data stores 106 to identify potential sensitive information. The system 100 may employ natural language processing (NLP) algorithms to scan text and recognize patterns that could indicate sensitive data, such as social security numbers, credit card information, or personal health details. Machine learning models may be trained on large datasets of known sensitive information to recognize similar patterns in new data);
processing the additional knowledge data to generate curated additional knowledge data with different classifications (Ho [0042] disclose: the RBAC enforcement 116 may also selectively mask sensitive data in the responses based on the user authorization. This may involve replacing the sensitive data with a placeholder or other non-sensitive data for unauthorized users. The selective masking may provide an additional layer of protection for sensitive data, ensuring that unauthorized users cannot access the sensitive data even if they are able to bypass other security measures. In some aspects, the levels of access may be associated with labels applied to the encrypted data in the data stores 106.) ; and
training the large language model on the curated additional knowledge data (Ho [052] discloses: the LLM may be trained on the protected data, learning patterns and relationships without having access to the raw, sensitive information. The training process may utilize techniques such as federated learning or differential privacy to further enhance data protection during model training).
Regarding claim 15, Ho discloses: A device comprising:
a processor (Ho [0077]): and
a memory device coupled to the processor and having a program stored thereon for execution by the processor to perform operations comprising (Ho [0068]):
receiving a prompt (Ho [0040] discloses: receive user prompts );
generating a query based on the prompt (Ho [0061] discloses: the method 200 may include generating 210 a response to the user prompt using the Generative AI);
accessing a first data source having original data with different classifications to obtain first data source data responsive to the query (Ho [0036] discloses: the system 100 may include a retriever 112 that accesses the index 110 to obtain context information. The retriever 112 may be a software or hardware component that retrieves data from the data stores 106 based on the index 110; [0042] discloses: different levels of access to different users based on their roles as defined in the RBAC policies, the levels of access may be associated with labels applied to the encrypted data in the data stores 106);
processing the obtained first data source data to generate curated data (Ho [0042] discloses: replacing the sensitive data with a placeholder or other non-sensitive data for unauthorized users. The selective masking may provide an additional layer of protection for sensitive data, ensuring that unauthorized users cannot access the sensitive data even if they are able to bypass other security measures. In some aspects, the levels of access may be associated with labels applied to the encrypted data in the data stores 106);
wherein the processing comprises applying at least one of differential privacy, role-based access control, and classification filtering to enforce privacy and access policies (Ho [0042] discloses: applying different levels of access to different users based on their roles as defined in the RBAC policies. In some aspects, the RBAC enforcement 116 may also selectively mask sensitive data in the responses based on the user authorization);
providing the curated data and prompt to a large language model (Ho [0038; 0047] discloses: The LLM 114 may generate responses based on the provided prompts and context, which may include the encrypted and labeled data, based on an authorization level of a user associated with the prompt.); and
receiving a first language response from the large language model based on the curated data and the prompt (Ho [0058 discloses: generate responses based on provided prompts and context, which may include and/or reference the encrypted and labeled data. In some cases, the LLM 114 may interact with the encrypted data in a way that allows it to generate meaningful responses without revealing the sensitive data).
Regarding claim 16, Ho discloses: The device of claim 15 wherein processing the obtained first data source data to generate curated data is performed based on application of differential privacy and the different classifications of the original data (Ho [0044] discloses: the system 100 may utilize field level encryption 104 configured to encrypt sensitive data fields at a field level in the data stores 106 ; [0052; 0053] discloses: The sanitized dataset may then be utilized to train 160 the LLM. During this phase, the LLM may be trained on the protected data, learning patterns and relationships without having access to the raw, sensitive information. The training process may utilize techniques such as federated learning or differential privacy to further enhance data protection during model training).
Regarding claim 17, Ho discloses: The device of claim 15 wherein processing the obtained first data source data to generate curated data is performed based on role based access control of a user associated with the query (Ho [0043] discloses: The RBAC enforcement 116 may use these frameworks to determine the level of access for each user or group of users. This may allow the system 100 to provide different levels of access to sensitive data for specific users, thereby ensuring that sensitive data is controlled and protected at all times).
Regarding claim 20, Ho discloses: The device of claim 15 wherein the operation further comprise:
receiving additional knowledge data for training the large language model (Ho [0032] discloses: the system 100 may analyze the data stores 106 to identify potential sensitive information. The system 100 may employ natural language processing (NLP) algorithms to scan text and recognize patterns that could indicate sensitive data, such as social security numbers, credit card information, or personal health details. Machine learning models may be trained on large datasets of known sensitive information to recognize similar patterns in new data);
processing the additional knowledge data to generate curated additional knowledge data with different classifications (Ho [0042] disclose: the RBAC enforcement 116 may also selectively mask sensitive data in the responses based on the user authorization. This may involve replacing the sensitive data with a placeholder or other non-sensitive data for unauthorized users. The selective masking may provide an additional layer of protection for sensitive data, ensuring that unauthorized users cannot access the sensitive data even if they are able to bypass other security measures. In some aspects, the levels of access may be associated with labels applied to the encrypted data in the data stores 106) ; and
training the large language model on the curated additional knowledge data (Ho [052] discloses: the LLM may be trained on the protected data, learning patterns and relationships without having access to the raw, sensitive information. The training process may utilize techniques such as federated learning or differential privacy to further enhance data protection during model training).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 4-6 and 8-14, 18 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Ho et al. (US 20250112768, hereafter Ho) in view of Gharibi et al. (US 20250103746, hereafter Gharibi).
Regarding claim 4, Ho didn’t disclose, but Gharibi discloses: The computer implemented method of claim 1 and further comprising redacting the first language response based on a role-based access control (RBAC) level of a user associated with the prompt (Gharibi [0061] discloses: detects any sensitive information that should not be shared with the prompter and redacts it before sending the response. One preferred embodiment to implement this feature is by using role-based access control systems (RBAC)).
Ho and Gharibi are analogous art because they are in the same field of endeavor, a method of managing information provided to a machine learning model. It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Ho, to include the teaching of Gharibi, in order to provide a privacy monitor, a comprehensive system designed to manage the privacy risks associated with prompting any machine learning model. The suggestion to combine is for redacting and augmenting the prompt and a post-processing model for inserting or modifying the output to ensures that the final model does not “leak” private data.
Regarding claim 5, Ho as modified discloses: The computer implemented method of claim 1 and further comprising:
redacting the first language based response on a role-based access control (RBAC) level of a user associated with the prompt and classification levels of original data included in the first language response (Gharibi [00061] discloses: the privacy monitor re-introduce the redacted information to provide a comprehensive response to the prompter. In an additional implementation, the generated response also goes through a privacy monitor such as the second privacy monitor 104B that detects any sensitive information that should not be shared with the prompter and redacts it before sending the response. One preferred embodiment to implement this feature is by using role-based access control systems (RBAC));
adding the curated data (Gharibi [0054] discloses: the system involves pre-processing the prompt to remove the sensitive information and send the sanitized prompt to the LLM 114. The model owner will not see the sensitive information, but the LLM 114 will still produce a useful response. The response can then be post-processed via the second privacy monitor 104B to add the sensitive information back in for the prompter); and
providing the redacted and curated data as an output (Gharibi [0093] discloses: obtaining an output of the machine learning model based on the redacted prompt and introducing the redacted information into the output of the machine learning model to obtain a revised output).
Ho and Gharibi are analogous art because they are in the same field of endeavor, a method of managing information provided to a machine learning model. It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Ho, to include the teaching of Gharibi, in order to provide a privacy monitor, a comprehensive system designed to manage the privacy risks associated with prompting any machine learning model. The suggestion to combine is for redacting and augmenting the prompt and a post-processing model for inserting or modifying the output to ensures that the final model does not “leak” private data.
Regarding claim 6, Ho as modified discloses: The computer implemented method of claim 1 and further comprising redacting the first language response based on a differential privacy associated with a user associated with the prompt (Gharibi [0044] discloses: Differential privacy ensures the distribution of an output of an algorithm. For example, model training or finetuning does not depend “too much” on any particular sample in the training data. This property ensures that the final result (for example, the model) does not “leak” the data on which it was trained. Differentially private stochastic gradient descent (DP-SGD) is a method to train, or finetune, a model in a differentially private way).
Regarding claim 8, as modified discloses: A machine-readable storage device having instructions for execution by a processor of a machine to cause the processor to perform operations to perform a method, the operations comprising (Ho [0079]):
receiving a prompt (Ho [0040] discloses: receive user prompts );
generating a query based on the prompt (Ho [0061] discloses: the method 200 may include generating 210 a response to the user prompt using the Generative AI);
accessing a first data source having original data with different classifications to obtain first data source data responsive to the query (Ho [0036] discloses: the system 100 may include a retriever 112 that accesses the index 110 to obtain context information. The retriever 112 may be a software or hardware component that retrieves data from the data stores 106 based on the index 110; [0042] discloses: the levels of access may be associated with labels applied to the encrypted data in the data stores 106); (Ho [0036] discloses: the system 100 may include a retriever 112 that accesses the index 110 to obtain context information. The retriever 112 may be a software or hardware component that retrieves data from the data stores 106 based on the index 110; [0042] discloses: different levels of access to different users based on their roles as defined in the RBAC policies, the levels of access may be associated with labels applied to the encrypted data in the data stores 106);
processing the obtained first data source data to generate curated data (Ho [0042] discloses: replacing the sensitive data with a placeholder or other non-sensitive data for unauthorized users. The selective masking may provide an additional layer of protection for sensitive data, ensuring that unauthorized users cannot access the sensitive data even if they are able to bypass other security measures. In some aspects, the levels of access may be associated with labels applied to the encrypted data in the data stores 106);
providing the curated data and prompt to a large language model (Ho [0038; 0047] discloses: The LLM 114 may generate responses based on the provided prompts and context, which may include the encrypted and labeled data, based on an authorization level of a user associated with the prompt); and
receiving a first language response from the large language model based on the curated data and the prompt (Ho [0058 discloses: generate responses based on provided prompts and context, which may include and/or reference the encrypted and labeled data. In some cases, the LLM 114 may interact with the encrypted data in a way that allows it to generate meaningful responses without revealing the sensitive data).
Ho didn’t disclose, but Gharibi discloses: redacting the first language response based on a differential privacy associated with a user associated with the prompt (Gharibi [0033] discloses: This process may include redacting a prompt but could also include augmenting a prompt to make it more robust relative to the machine learning model to improve the output. For example, a prompt could be both redacted relative to private information and augmented to improve the prompt for processing by the machine learning model, and then the output of the model might be augmented for consistency with the prompt such as inserting previously-redacted private terms; [0043; 0044] discloses: Differentially private stochastic gradient descent (DP-SGD) is a method to train, or finetune, a model in a differentially private way).
Ho and Gharibi are analogous art because they are in the same field of endeavor, a method of managing information provided to a machine learning model. It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Ho, to include the teaching of Gharibi, in order to provide a privacy monitor, a comprehensive system designed to manage the privacy risks associated with prompting any machine learning model. The suggestion to combine is for redacting and augmenting the prompt and a post-processing model for inserting or modifying the output to ensures that the final model does not “leak” private data.
Regarding claim 9, Ho as modified discloses: The device of claim 8 wherein processing the obtained first data source data to generate curated data is performed based on application of differential privacy and the different classifications of the original data (Ho [0044] discloses: the system 100 may utilize field level encryption 104 configured to encrypt sensitive data fields at a field level in the data stores 106 ; [0052; 0053] discloses: The sanitized dataset may then be utilized to train 160 the LLM. During this phase, the LLM may be trained on the protected data, learning patterns and relationships without having access to the raw, sensitive information. The training process may utilize techniques such as federated learning or differential privacy to further enhance data protection during model training).
Regarding claim 10, Ho as modified discloses: The device of claim 8 wherein processing the obtained first data source data to generate curated data is performed based on role based access control of a user associated with the query (Ho [0043] discloses: The RBAC enforcement 116 may use these frameworks to determine the level of access for each user or group of users. This may allow the system 100 to provide different levels of access to sensitive data for specific users, thereby ensuring that sensitive data is controlled and protected at all times).
Regarding claim 11, Ho as modified discloses: The device of claim 8 wherein the operations further comprise redacting the first language response based on a role-based access control (RBAC) level of a user associated with the prompt (Gharibi [0061] discloses: detects any sensitive information that should not be shared with the prompter and redacts it before sending the response. One preferred embodiment to implement this feature is by using role-based access control systems (RBAC).).
Regarding claim 12, Ho as modified discloses: The device of claim 8 wherein the operations further comprise redacting the first language based response on a role-based access control (RBAC) level of a user associated with the prompt and classification levels of original data included in the first language response (Gharibi [00061] discloses: the privacy monitor re-introduce the redacted information to provide a comprehensive response to the prompter. In an additional implementation, the generated response also goes through a privacy monitor such as the second privacy monitor 104B that detects any sensitive information that should not be shared with the prompter and redacts it before sending the response. One preferred embodiment to implement this feature is by using role-based access control systems (RBAC)).
Regarding claim 13, Ho as modified discloses: The device of claim 8 wherein the operation further comprise redacting the first language response based on a differential privacy associated with a user associated with the prompt (Gharibi [0044] discloses: Differential privacy ensures the distribution of an output of an algorithm. For example, model training or finetuning does not depend “too much” on any particular sample in the training data. This property ensures that the final result (for example, the model) does not “leak” the data on which it was trained. Differentially private stochastic gradient descent (DP-SGD) is a method to train, or finetune, a model in a differentially private way).
Regarding claim 14, Ho as modified discloses: The device of claim 8 wherein the operation further comprise:
receiving additional knowledge data for training the large language model (Ho [0032] discloses: the system 100 may analyze the data stores 106 to identify potential sensitive information. The system 100 may employ natural language processing (NLP) algorithms to scan text and recognize patterns that could indicate sensitive data, such as social security numbers, credit card information, or personal health details. Machine learning models may be trained on large datasets of known sensitive information to recognize similar patterns in new data);
processing the additional knowledge data to generate curated additional knowledge data with different classifications (Ho [0042] disclose: the RBAC enforcement 116 may also selectively mask sensitive data in the responses based on the user authorization. This may involve replacing the sensitive data with a placeholder or other non-sensitive data for unauthorized users. The selective masking may provide an additional layer of protection for sensitive data, ensuring that unauthorized users cannot access the sensitive data even if they are able to bypass other security measures. In some aspects, the levels of access may be associated with labels applied to the encrypted data in the data stores 106) ; and
training the large language model on the curated additional knowledge data (Ho [052] discloses: the LLM may be trained on the protected data, learning patterns and relationships without having access to the raw, sensitive information. The training process may utilize techniques such as federated learning or differential privacy to further enhance data protection during model training).
Regarding claim 18, Ho as modified discloses: The device of claim 15 wherein the operation further comprise redacting the first language response based on a role-based access control (RBAC) level of a user associated with the prompt or a user associated with the prompt and classification levels of original data included in the first language response (Gharibi [0061] discloses: detects any sensitive information that should not be shared with the prompter and redacts it before sending the response. One preferred embodiment to implement this feature is by using role-based access control systems (RBAC).).
Ho and Gharibi are analogous art because they are in the same field of endeavor, a method of managing information provided to a machine learning model. It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Ho, to include the teaching of Gharibi, in order to provide a privacy monitor, a comprehensive system designed to manage the privacy risks associated with prompting any machine learning model. The suggestion to combine is for redacting and augmenting the prompt and a post-processing model for inserting or modifying the output to ensures that the final model does not “leak” private data.
Regarding claim 19, Ho as modified discloses: The device of claim 15 wherein the operation further comprise redacting the first language response based on a differential privacy associated with a user associated with the prompt (Gharibi [0044] discloses: Differential privacy ensures the distribution of an output of an algorithm. For example, model training or finetuning does not depend “too much” on any particular sample in the training data. This property ensures that the final result (for example, the model) does not “leak” the data on which it was trained. Differentially private stochastic gradient descent (DP-SGD) is a method to train, or finetune, a model in a differentially private way).
Ho and Gharibi are analogous art because they are in the same field of endeavor, a method of managing information provided to a machine learning model. It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Ho, to include the teaching of Gharibi, in order to provide a privacy monitor, a comprehensive system designed to manage the privacy risks associated with prompting any machine learning model. The suggestion to combine is for redacting and augmenting the prompt and a post-processing model for inserting or modifying the output to ensures that the final model does not “leak” private data.
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CINDY NGUYEN whose telephone number is (571)272-4025. The examiner can normally be reached M-F 8:00-4:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Bhatia Ajay can be reached at 571-272-3906. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/CINDY NGUYEN/ Examiner, Art Unit 2156