PROTECTING SENSITIVE DATA IN TEXT-BASED GEN-AI SYSTEM

§101 §103 §112

DETAILED ACTION This Office action is in response to a non-provisional utility patent application filed by Applicant on 11/18/2024. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Rejections - 35 USC § 101 The present application, as claimed, satisfies the requirements for patent-eligible subject matter under 35 U.S.C. 101. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claim 10 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claim 10 recites, “detecting … a first data value that was misidentified by the first proxy agent compute node”, which is unclear. It cannot be determined based upon the claim language how a determination can be made that a first data value was misidentified. There is no indication as to what it means to be “misidentified”. This could mean that the value was a false positive, such that data was identified as sensitive when it is not, or that sensitive data was identified as not being sensitive when it really is sensitive, i.e. a false negative. There are also implications from the specification that discrepancies could occur when there are differing policies that might contradict each other leading to “misidentification” depending on a certain perspective. (See Spec. ¶ 143.) Without more clarification in the claim, definiteness cannot be reached. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1–4, 8, 11–13, 16–18 rejected under 35 U.S.C. 103 as being unpatentable over Moktali (NPL: Moktali, Amruta; "Generative Al Data Privacy with Skyflow LLM Privacy Vault" [online] Skyflow, May 18, 2023) in view of Cui (US 2008/0077806 A1, published Mar. 27, 2008). Regarding claims 1, 11, and 16, Moktali discloses: a method performed to selectively encrypt data for a generative artificial intelligence (GenAI) application, the method comprising: implementing, by a management compute node, a first proxy agent compute node in electrical communication with one or more input data sources configured to provide a set of input data and a large language model (LLM) or a retrieval-augmented generation (RAG) system (policy-based sensitive data protection from being shared though LLM interactions. Moktali p. 1–2.), wherein the management compute node transmits a set of access control policies to the first proxy agent compute node; identifying, at the first proxy agent compute node, a set of data values in the input data that include sensitive information as defined in the set of access control policies (security policy defines sensitive data for protection, such as project names, dates of birth, or social security numbers, that must be protected (tokenized or replaced) prior to storage or sharing with the LLM. Moktali p. 1–2.); for each data value in the identified set of data values: encrypting the data value (sensitive data elements are identified and prevents these data elements from leaking into LLMs by converting them into tokens. Moktali “De-identification of Sensitive Data” p. 4.); forwarding a remaining portion of the input data to the LLM or the RAG system as training data to train the LLM or the RAG system (tokenized data is provided to the LLM by means of prompt responses, files, or other content. Moktali “De-identification of Sensitive Data” p. 4.); implementing a second proxy agent compute node in electrical communication with a user device and a GenAI application in communication with the LLM or the RAG system; obtaining, at the second proxy agent compute node, a prompt from the user device (users provide prompt data and training data to LLM-based AI systems. Moktali p. 2.); identifying an access level for the user device according to the set of access control policies; obtaining, at the second proxy agent compute node, a response to the prompt from the GenAI application (only authorized users are permitted based on the fine-grained access controls. Moktali p. 4.); decrypting all or a portion of the encrypted data values in the response to the prompt based on the access level for the user device (only authorized users are permitted to detokenize sensitive data that’s included in the LLM’s response because of the fine-grained access controls. Moktali p. 4.); and transmitting, by the second proxy agent compute node, the response to the prompt to the user device with the decrypted data values (LLM responses are returned to the user with sensitive information replaced based upon the defined data governance policies. Moktali p. 7.). Moktali does not disclose: storing the encrypted data value with metadata at a database. However, Cui does disclose: storing the encrypted data value with metadata at a database (storing encryption data and associated metadata. Cui ¶¶ 27–28.). Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the policy-based sensitive data protection from being shared though LLM interactions of Moktali with storing encrypted data values and metadata in a database based upon the teachings of Cui. The motivation being to ensure data is properly decrypted and accessed by only permitted users. Cui ¶¶ 27–28. Regarding claims 2, 12, and 17, Moktali in view of Cui discloses the limitations of claims 1, 11, and 16, respectively, wherein any of the first proxy agent compute node and the second proxy agent compute node connects to a database that is part of the input data sources via a database native communication protocol, the first proxy agent compute node and the second proxy agent compute node connects to a file transfer server that is part of the input data sources via a secure file transfer protocol (SFTP), and wherein the first proxy agent compute node and the second proxy agent compute node connects to a cloud-based server that is part of the input data sources via hypertext transfer protocol secure (HTTPS) (Examiner takes Official Notice that the use of HTTPS is well known in the art for securely connecting a client with a server, the basis of which is the necessity of securing communication over public networks, protecting data integrity, ensuring confidentiality and preventing unauthorized third parties from eavesdropping, tamping with data, or launching man-in-the-middle attacks, as is the case in protecting sensitive information from exposure in artificial intelligence engine interactions.). Regarding claims 3, Moktali in view of Cui discloses the limitations of claim 1, wherein the set of access control policies include defined classification labels for each type of data values that are to be encrypted (security policy defines sensitive data for protection, such as project names, dates of birth, or social security numbers, that must be protected (tokenized or replaced) prior to storage or sharing with the LLM. Moktali p. 1–2.). Regarding claims 4, 13, and 18, Moktali in view of Cui discloses the limitations of claims 3, 11, and 16, respectively, wherein each of the identified set of data values in the input data that include sensitive information include any of: a universally unique identifier (UUID) for each data value, an encryption key for encrypting the data value, a pre-encryption data type for the data value, a defined classification label for the data value, a LLM type, and a vector representation of the data value (Cui ¶¶ 27–28.). Regarding claim 8, Moktali in view of Cui discloses the limitations of claim 4, wherein the UUID and defined classification label for the data value create an address for each data value for the set of access control policies, wherein the second proxy agent compute node is configured use the address for each data value to provide a decrypted data value in the response to the prompt (record identifiers and key identifiers associated with the database table allow management of encrypted data and the respective keys accounting for categories of data fields and data flags. Cui ¶¶ 28 and 30–31.). Claim 5 rejected under 35 U.S.C. 103 as being unpatentable over Moktali in view of Cui in view of Bhattacharya (US 2017/0118041 A1, published Apr. 27, 2017). Regarding claim 5, Moktali in view of Cui discloses the limitations of claim 1. Moktali in view of Cui does not disclose: wherein the metadata for each data value is arranged in a tag-length-value format that arranges multiple metadata elements of varying lengths. However, Bhattacharya does disclose: wherein the metadata for each data value is arranged in a tag-length-value format that arranges multiple metadata elements of varying lengths (applying TLV formatting for matching and responding in database environments. Bhattacharya ¶ 404.). Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the policy-based sensitive data protection from being shared though LLM interactions of Moktali with arranging data in a tag-length-value format in various lengths based upon the teachings of Bhattacharya. The motivation being to simplify the handling query matching within the database using a known protocol. Bhattacharya ¶¶ 404–405. Claim 6–7, 14, 19 rejected under 35 U.S.C. 103 as being unpatentable over Moktali in view of Cui in view of Zhang (US 2023/0245418 A1, published Aug. 3, 2023). Regarding claim 6, Moktali in view of Cui discloses the limitations of claim 1. Moktali in view of Cui does not disclose: wherein the input data received at the first proxy agent compute node comprises a full text corpus, and wherein the first proxy agent compute node generates a position vector for each data value in the identified set of data values, wherein the position vector comprises a mathematical representation of the data value. Howevewr, Zhang does disclose: wherein the input data received at the first proxy agent compute node comprises a full text corpus, and wherein the first proxy agent compute node generates a position vector for each data value in the identified set of data values, wherein the position vector comprises a mathematical representation of the data value (using position vectors to tokenize or encode query text. Zhang). Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the policy-based sensitive data protection from being shared though LLM interactions of Moktali with encoding text using position vectors for each identified data values to be protected based upon the teachings of Zhang. The motivation being to categorize and distinguish between words communicating different meanings based upon the query context. Zhang ¶ 66. Regarding claim 7, Moktali in view of Cui in view of Zhang discloses the limitations of claim 6, wherein the first proxy agent compute node stores the position vector for each data value in the database that comprises a vector database (Zhang ¶ 21.). Regarding claims 14 and 19, Moktali in view of Cui discloses the limitations of claims 11 and 16, respectively. Moktali in view of Cui does not disclose: wherein the input data received at the first proxy agent compute node comprises a full text corpus, and wherein the first proxy agent compute node generates a position vector for each data value in the identified set of data values, wherein the position vector comprises a mathematical representation of the data value, wherein the first proxy agent compute node stores the position vector for each data value in the database that comprises a vector database. However, Zhang does disclose: wherein the input data received at the first proxy agent compute node comprises a full text corpus, and wherein the first proxy agent compute node generates a position vector for each data value in the identified set of data values, wherein the position vector comprises a mathematical representation of the data value, wherein the first proxy agent compute node stores the position vector for each data value in the database that comprises a vector database(using position vectors to tokenize or encode query text. Zhang). Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the policy-based sensitive data protection from being shared though LLM interactions of Moktali with encoding text using position vectors for each identified data values to be protected based upon the teachings of Zhang. The motivation being to categorize and distinguish between words communicating different meanings based upon the query context. Zhang ¶ 66. Claim 9 rejected under 35 U.S.C. 103 as being unpatentable over Moktali in view of Cui in view of Ratica (US 2024/0348444 A1, published Oct. 17, 2024). Regarding claim 9, Moktali in view of Cui discloses the limitations of claim 1. Moktali in view of Cui does not disclose: wherein the encrypted data value and the metadata are encrypted using a keyed cryptographic hash. However, Ratica does disclose: wherein the encrypted data value and the metadata are encrypted using a keyed cryptographic hash (tokenization where tokens are generated using a one-way cryptographic hash function based upon a user identifier. Ratica ¶ 41.). Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the policy-based sensitive data protection from being shared though LLM interactions of Moktali with generating encrypted values using a keyed cryptographic hash based upon the teachings of Ratica. The motivation being to store sensitive data securely. Ratica ¶ 43. Claims 10, 15 rejected under 35 U.S.C. 103 as being unpatentable over Moktali in view of Cui in view of McTeggart (US 12,118,048 B1, issued Oct. 15, 2024). Regarding claims 10 and 15, Moktali in view of Cui discloses the limitations of claims 1 and 11, respectively. Moktali in view of Cui does not disclose: further comprising: detecting, by a detection engine in communication with the second proxy agent compute node, a first data value that was misidentified by the first proxy agent compute node; and encrypting or masking the first data value according to the set of access control policies. However, McTeggart does disclose: further comprising: detecting, by a detection engine in communication with the second proxy agent compute node, a first data value that was misidentified by the first proxy agent compute node; and encrypting or masking the first data value according to the set of access control policies (discrepancies between applications and clients and users with varying levels of privileges of access permissions can lead to difficulties in reconciling proper access control policies. McTeggart 4:65 – 5:8.). Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the policy-based sensitive data protection from being shared though LLM interactions of Moktali with identifying a discrepancy between sensitive data identification and protecting data based upon the teachings of McTeggart. The motivation being to reconcile discrepancies between different application access control policies to make the network safer. Claim 20 rejected under 35 U.S.C. 103 as being unpatentable over Moktali in view of Cui in view of Dailly (US 2017/0019413 A1, published Jan. 19, 2017). Regarding claim 20, Moktali in view of Cui discloses the limitations of claim 16. Moktali in view of Cui does not disclose: further comprising: determining whether the set of access control policies are within a set of compliance parameters; and adding the set of access control policies and the determination of whether the set of access control policies are within the set of compliance parameters to a compliance report. However, Dailly does disclose: further comprising: determining whether the set of access control policies are within a set of compliance parameters; and adding the set of access control policies and the determination of whether the set of access control policies are within the set of compliance parameters to a compliance report (checking the validity of the data via access entitlement and checking compliance of the access control policies. Dailly ¶ 18). Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the policy-based sensitive data protection from being shared though LLM interactions of Moktali with determining access control policies are within compliance parameters and declaring access valid if compliance is satisfied based upon the teachings of Dailly. The motivation being to verify the scope of the access control and verify authenticity of requests to the system. Dailly ¶ 15–20. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to VANCE M LITTLE whose telephone number is (571) 270-0408. The examiner can normally be reached on Monday - Friday 9:30am - 5:30pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung (Jay) Kim can be reached on (571) 272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /VANCE M LITTLE/Primary Examiner, Art Unit 2493