Prosecution Insights
Last updated: July 17, 2026
Application No. 18/987,173

METHOD AND APPARATUS FOR IDENTIFYING PERSONAL INFORMATION FROM TEXT USING A MULTI-STAGE DETECTION APPROACH

Non-Final OA §101§103
Filed
Dec 19, 2024
Priority
Dec 13, 2024 — RE 10-2024-0186173
Examiner
DUGDA, MULUGETA TUJI
Art Unit
2653
Tech Center
2600 — Communications
Assignee
S2W Inc.
OA Round
1 (Non-Final)
81%
Grant Probability
Favorable
1-2
OA Rounds
1y 4m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 81% — above average
81%
Career Allowance Rate
42 granted / 52 resolved
+18.8% vs TC avg
Strong +23% interview lift
Without
With
+22.9%
Interview Lift
resolved cases with interview
Typical timeline
2y 11m
Avg Prosecution
17 currently pending
Career history
74
Total Applications
across all art units

Statute-Specific Performance

§101
5.1%
-34.9% vs TC avg
§103
91.1%
+51.1% vs TC avg
§102
3.8%
-36.2% vs TC avg
Black line = Tech Center average estimate • Based on career data from 52 resolved cases

Office Action

§101 §103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claims 1 - 10 are pending and claims 1, 9 and 10 are independent claims. Priority Receipt is acknowledged of certified copies of papers required by 37 CFR 1.55. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claim 10 is drawn to a “signal” per se as recited in the preamble and as such is non-statutory subject matter. On paragraph 146 of the Published Specification, the term “Computer readable storage medium" is not defined as to what the scope of the term is meant to encompass. Hence, one of ordinary skilled in the art can interpret such term to include transitory signals and non-transitory signals. It does not appear that a claim reciting a signal encoded with functional descriptive material falls within any of the categories of patentable subject matter set forth in § 101. First, a claimed signal is clearly not a "process" under § 101 because it is not a series of steps. The other three § 101 classes of machine, compositions of matter and manufactures "relate to structural entities and can be grouped as 'product' claims in order to contrast them with process claims." 1 D. Chisum, Patents § 1.02 (1994). The Applicant' s Specification presents a broad definition as to what the “Computer readable storage medium” covers and is being made to include transitory and non-transitory signals. The Applicant' s Published Specification in paragraph 146, refers to the “storage medium”. Hence, it appears that the claims appear to be drawn towards transitory signals, which is not subject matter eligible. In order to overcome the present rejection, the Applicant is advised to amend the claims by using the following terminology: "non-transitory computer readable storage medium." Such example terminology has been also found in the Official Gazette 1351 OG 212. Claims 1-10 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The independent claims 1, 9 and 10 recite “receiving …, performing … to determine …, allowing … determined, and performing …,” as drafted cover an abstract idea of data analysis/retrieval and mental steps. More specifically, the “receiving identification target data including text, performing a first detection to determine whether personal information is non- existent in the identification target data based on pattern matching, allowing the identification target data to pass when it is determined in the first detection that the personal information is non-existent, and performing a second detection to determine whether personal information exists in the identification target data using a large language model (LLM) when it is determined in the first detection that the personal information is not non-existent” which requires just data analysis / retrieval step and mental process and just an additional element. For instance, one can receive an identification target data/information including text from a document/paper. One can mentally perform a determination if a personal information is non-existent in the identification target data or not. A person can also mentally decide to allow passing the identification target data when one determines that there is no personal information is non-existent in the data. If it was determined that the first mental determination/detection/ step indicated that the personal information is not non-existent, a second detection step will be performed to determine if a personal information exists in the identification target data using a large language model (LLM), which can be considered as just an additional element. Moreover, a human can perform this step mentally. The additional element of large language model (LLM) implemented in here can be considered as a generalized LLM or a publicly available LLM. This is because the indicated “LLM” is a general-purpose language model capable of performing a natural language processing (NLP) task (Spec para 44) and there is no specific training procedure or scheme provided in the claim(s) that might make their claimed invention novel. The claimed invention is, therefore, directed to an abstract idea and a mental process without significantly more and thus, claims 1, 9 and 10 are rejected under 35 U.S.C. 101. Similarly, the dependent claims 2-9 recite similar claim language as in claims 1, 9 and 10. Claim 2 recites “performing post-processing for security on the personal information when it is determined that the personal information is included in the identification target data according to a result of the second detection,” which requires just a mental step of performing post-processing for security on the personal information. As an example of a mental step for performing post-processing for security involves evaluating, sanitizing, and destroying data once its primary use is complete. This mental step of checklist ensures personal information doesn't fall into the wrong hands. This mental step can be performed when it is determined that the personal information is included in the identification target data in the second detection stage. Thus, claim 2 is directed to an abstract idea. Claim 3 recites “performing of the first detection includes applying a probabilistic language model to the identification target data to determine whether personal information is non-existent in the identification target data,” which requires just a mental step of performing of the first mental determination/detection. This step may involve applying a probabilistic language model to the identification target data to determine whether personal information is non-existent in the identification target data and the probabilistic language model can be just another additional element of language probability model as a matching model or algorithm. The probabilistic language model is just an additional element. Thus, claim 3 is directed to an abstract idea. Claim 4 recites “applying of the probabilistic language model to the identification target data to determine whether personal information is non-existent in the identification target data includes: calculating an evaluation index for a next word based on the context up to a current word of the identification target data using the probabilistic language model, the evaluation index being an evaluation index related to linguistic probability, and identifying the next word as personal information when the evaluation index exceeds a predetermined threshold,” which requires just a step of applying of the probabilistic language model to the identification target data to determine whether personal information is non-existent in the identification target data. Then one can apply a mathematical step of calculating an evaluation index for the next word based on the context up to a current word of the identification target data with the probabilistic language model. Then one can mentally identify or determine that the next word is personal information if the evaluation index exceeds a predetermined threshold. The step of the application of the probabilistic language model may require just making use of the evaluation index when it exceeds the predetermined threshold that may be implemented using a conventional/generic (general-purpose) computer (the published Spec. para 144) or a simple calculator. The probabilistic language model is just an additional element. Thus, claim 4 is directed to an abstract idea. Claim 5 recites “applying of the probabilistic language model to the identification target data to determine whether personal information is non-existent in the identification target data includes setting the next word as the current word when the evaluation index does not exceed the predetermined threshold,” which requires just a mental step of applying of the probabilistic language model to the identification target data to determine whether personal information is non-existent in the identification target data. This step requires a mental step of setting the next word as the current word when the evaluation index does not exceed the predetermined threshold. The step of the application of the probabilistic language model may require just making use of the evaluation index which does not exceed the predetermined threshold that may be implemented using a conventional/generic (general-purpose) computer (the published Spec. para 144) or a simple calculator. The probabilistic language model is just an additional element. Thus, claim 5 is directed to an abstract idea. Claim 6 recites “the evaluation index is perplexity in the probabilistic language model,” which requires just a mathematical step of perplexity as the evaluation index in the probabilistic language model. The perplexity basically measures the model's statistical uncertainty when predicting the next word in the sequence. The probabilistic language model is just an additional element. Thus, claim 6 is directed to an abstract idea. Claim 7 recites “the performing of the first detection further includes determining whether personal information is non-existent in the identification target data using a regular expression-based rule,” which requires just a mental step in which the performing of the first mental determination/detection further includes determining whether personal information is non-existent in the identification target data using a regular expression-based rule. This regular expression-based rule is just a procedure of conditional instruction that uses a search pattern to validate, filter, or extract text data, and instead of checking for exact words, those rules look for structural patterns like specific arrangements of numbers, letters, or symbols, which can be performed mentally. Thus, claim 7 is directed to an abstract idea. Claims 8 recites “the determining of whether personal information exists in the identification target data using a regular expression-based rule includes: pre-setting the regular expression-based rule, determining whether a substring corresponding to a predetermined rule exists in the identification target data, and identifying the substring as personal information when it is determined that the substring exists in the identification target data,” which requires just a mental step of determining if personal information exists in the identification target data using a regular expression-based rule. Such a rule also involves a mathematical step or procedure or implementing an algorithm of pre-setting the regular expression-based rule, determining whether a substring corresponding to a predetermined rule exists in the identification target data, and identifying the substring as personal information when it is determined that the substring exists in the identification target data. Thus, claim 8 is directed to an abstract idea. Thus, claims 1-10 as drafted cover a mental process and abstract idea of data gathering/retrieval and analysis/processing steps, and they are mental processes directed to an abstract idea of implementing mathematical formulae for data processing and data analysis using a conventional/generic (general-purpose) computer (the published Spec. para 144) as well and thus, all the claims are directed to an abstract idea. This judicial exception is not integrated into a practical application. In particular, claims 9 and 10 recite additional element of “processor,” “memory,” “computer-readable storage medium” and “large language model (LLM)” as per the independent claims. Similarly, claims 3-6 recite the additional element of “probabilistic language model” as per the dependent claims. Accordingly, these additional elements do not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea. Thus, taken alone, the additional elements do not amount to significantly more than the above-identified judicial exception (the abstract idea). Looking at the limitations as an ordered combination adds nothing that is not already present when looking at the elements taken individually. There is no indication that the combination of elements improves the functioning of a computer or improves any other technology. Their collective functions merely provide conventional general purpose computer implementation. Claims 1-10, are therefore not drawn to patent eligible subject matter as they are directed to an abstract idea without significantly more. Thus, the claimed invention is directed to an abstract idea and a mental process without significantly more and thus, claims 1-10 are rejected under 35 U.S.C. 101. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to the integration of the abstract idea into a practical application, the additional element of using a computer is noted as a general computer as noted. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept (Spec., para 144). Further, the additional limitation in the claims noted above are directed towards insignificant solution activity. The claims are not patent eligible. Dependent claims 2-8 are also directed toward an abstract idea and do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements when considered both individually and as an ordered combination do not amount to significantly more than the abstract idea. Therefore, claims 1-10 do not contain patent eligible subject matter that has been identified by the courts. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 9 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over Du et al. Pat App No. CN-114398528 A (Du) in view of Yeon et al. Pat App No. KR 102680336 B1 (Yeon). Regarding Claim 1, A text-based personal information identification method utilizing multi-stage detection (Du, 3rd page, 10th -11th para… detection of personal information … the data type comprises text type), comprising: receiving identification target data including text (Du, 2nd page, 4th para, collecting personal information; Alternatively, Du, 4th page, 7th para, personal information data item, obtaining the data type as the short text type); performing a first detection to determine whether personal information is non- existent in the identification target data based on pattern matching (Du, 8th page, 1st para, calculating the matching degree, respectively, calculating the name matching degree of each field and each candidate personal information data item corresponding to each field, entity recognition degree and numerical fingerprint matching degree, and according to the name matching degree, entity matching recognition and numerical fingerprint matching degree, calculating the final matching degree of each field and each candidate personal information); allowing the identification target data to pass when it is determined in the first detection that the personal information is non-existent (Du, 9th page, 2nd para, if the data stored in the database belongs to the short text type, and the candidate personal information data item to be matched belongs to the named entity, then the matching degree between the field and the candidate personal information data item is measured from the predicted score of the entity recognition otherwise, the matching degree value of the entity is 0.That is, for the data type is not short text type of field, the data type is a short text type field but the corresponding candidate personal information data item does not belong to the named entity capable of being recognition, then directly the entity recognition the field and the corresponding candidate personal information data item is set as 0). Du does not specifically disclose performing a second detection to determine whether personal information exists in the identification target data using a large language model (LLM) when it is determined in the first detection that the personal information is not non-existent. However, Yeon, in the same field of endeavour, discloses performing a second detection to determine whether personal information exists in the identification target data using a large language model (LLM) when it is determined in the first detection that the personal information is not non-existent (Yeon, 9th page, 2nd – 13th para, According to one embodiment, when the OTP management server 107a fails to transmit an OTP authentication mail for a specific parameter, it sends a mail transmission failure response to the APIM of the server 101 that manages the API of the OTP management server 107a. (427), and the server101 may transmit (429) a message indicating failure in OTP authentication mail transmission to the user device 100. FIG. 5 is a sequence diagram illustrating an operation in which a chatbot operation server (e.g., server101 of FIG. 1) automatically performs an in-house SSO account initialization function through an RPA processing server, according to various embodiments. The following operations can be performed using the method described in operations 201 to 207 of FIG. 2. According to one embodiment, when the SSO account for accessing the in-house system is locked, the user of the user device 100 may transmit (501) a first message requesting initialization of the SSO account to the server 101. According to one embodiment, the server 101 may determine whether the first message is valid in response to receiving the first message, and if the first message is valid, the server 101 may determine a specific message through the API of the server 105. A first message containing a request for a function (eg, SSO account initialization) may be delivered (503) to the server (105). According to one embodiment, when a request for SSO account initialization is included in the first message, the server 105 sends a first response including a system code (e.g., type(RPA)_code1)corresponding to SSO account initialization. A message can be created (505). According to one embodiment, the LLM server 105 may transmit (507) the first response message to the server 101 through the API of the LLM server 105. According to one embodiment, the server 101 may parse (509) the system code area in the first reply message to determine whether a predetermined system code exists from the first reply message… the server 101 can confirm personal identification information from the parameter response message received from the user device 100, and the identification information of the user device 100 (e.g., personal identification information) previously stored in the server 101. By determining whether the personal identification information (email address or personal mobile phone number) matches, user authentication of the user device 100 can be performed (515). According to one embodiment, when user authentication of the user device 100 is successful, the server 101 sends a specific parameter to the RPA processing server 107b through the API of the RPA processing server 107b corresponding to a predetermined system code; [i.e., “the identification information of the user device 100 (e.g., personal identification information) previously stored in the server 101” as “it is determined in the first detection (i.e., previously detected and stored) that the personal information is not non-existent”]). Therefore, it would have been obvious for one having ordinary skill in the art before the effective filing date of the claimed invention to incorporate the method of Du in the method of Yeon because this would enable to perform user authentication of the user device (Yeon, 9th page, 12th para). Regarding Claim 9, Du discloses a text-based personal information identification apparatus (Du, 3rd page, 10th -11th para… detection of personal information … the data type comprises text type), comprising: at least one processor (Du, 6th page, 10th para, a processor); and a memory configured to store instructions (Du, 11th page, 4th para, the computer readable storage medium which is stored with a computer program), wherein the instructions, when individually or collectively executed by the at least one processor (Du, 2nd page, 12th para, when the program is executed by a processor), cause the processor to: receive identification target data including text (Du, 2nd page, 4th para, collecting personal information; Alternatively, Du, 4th page, 7th para, personal information data item, obtaining the data type as the short text type); perform a first detection to determine whether personal information is non- existent in the identification target data based on pattern matching (Du, 8th page, 1st para, calculating the matching degree, respectively, calculating the name matching degree of each field and each candidate personal information data item corresponding to each field, entity recognition degree and numerical fingerprint matching degree, and according to the name matching degree, entity matching recognition and numerical fingerprint matching degree, calculating the final matching degree of each field and each candidate personal information); allow the identification target data to pass when it is determined in the first detection that the personal information is non-existent (Du, 9th page, 2nd para, the data type is a short text type field but the corresponding candidate personal information data item does not belong to the named entity capable of being recognition, then directly the entity recognition the field and the corresponding candidate personal information data item is set as 0). Du does not specifically disclose perform a second detection to determine whether personal information exists in the identification target data using an LLM when it is determined in the first detection that the personal information is not non-existent. However, Yeon, in the same field of endeavour, discloses perform a second detection to determine whether personal information exists in the identification target data using an LLM when it is determined in the first detection that the personal information is not non-existent (Yeon, 9th page, 2nd – 13th para, According to one embodiment, when the OTP management server 107a fails to transmit an OTP authentication mail for a specific parameter, it sends a mail transmission failure response to the APIM of the server 101 that manages the API of the OTP management server 107a. (427), and the server101 may transmit (429) a message indicating failure in OTP authentication mail transmission to the user device 100. FIG. 5 is a sequence diagram illustrating an operation in which a chatbot operation server (e.g., server101 of FIG. 1) automatically performs an in-house SSO account initialization function through an RPA processing server, according to various embodiments. The following operations can be performed using the method described in operations 201 to 207 of FIG. 2. According to one embodiment, when the SSO account for accessing the in-house system is locked, the user of the user device 100 may transmit (501) a first message requesting initialization of the SSO account to the server 101. According to one embodiment, the server 101 may determine whether the first message is valid in response to receiving the first message, and if the first message is valid, the server 101 may determine a specific message through the API of the server 105. A first message containing a request for a function (eg, SSO account initialization) may be delivered (503) to the server (105). According to one embodiment, when a request for SSO account initialization is included in the first message, the server 105 sends a first response including a system code (e.g., type (RPA)_code1) corresponding to SSO account initialization. A message can be created (505). According to one embodiment, the LLM server 105 may transmit (507) the first response message to the server 101 through the API of the LLM server 105. According to one embodiment, the server 101 may parse (509) the system code area in the first reply message to determine whether a predetermined system code exists from the first reply message… the server 101 can confirm personal identification information from the parameter response message received from the user device 100, and the identification information of the user device 100 (e.g., personal identification information) previously stored in the server 101. By determining whether the personal identification information (email address or personal mobile phone number) matches, user authentication of the user device 100 can be performed (515). According to one embodiment, when user authentication of the user device 100 is successful, the server 101 sends a specific parameter to the RPA processing server 107b through the API of the RPA processing server 107b corresponding to a predetermined system code; [i.e., “the identification information of the user device 100 (e.g., personal identification information) previously stored in the server 101” as “it is determined in the first detection (i.e., previously detected and stored) that the personal information is not non-existent”]). Therefore, it would have been obvious for one having ordinary skill in the art before the effective filing date of the claimed invention to incorporate the method of Du in the method of Yeon because this would enable to perform user authentication of the user device (Yeon, 9th page, 12th para). Regarding Claim 10, A computer-readable storage medium in a storage medium that stores computer-readable instructions, wherein the instructions, when executed by a computing device (Du, 2nd page, 12th para, a computer readable storage medium which is stored with a computer program, when the program is executed by a processor, realizing the method), cause the computing device to perform operations of: receiving identification target data including text (Du, 2nd page, 4th para, collecting personal information; Alternatively, Du, 4th page, 7th para, personal information data item, obtaining the data type as the short text type); performing a first detection to determine whether personal information is non- existent in the identification target data based on pattern matching (Du, 8th page, 1st para, calculating the matching degree, respectively, calculating the name matching degree of each field and each candidate personal information data item corresponding to each field, entity recognition degree and numerical fingerprint matching degree, and according to the name matching degree, entity matching recognition and numerical fingerprint matching degree, calculating the final matching degree of each field and each candidate personal information); allowing the identification target data to pass when it is determined in the first detection that the personal information is non-existent (Du, 9th page, 2nd para, the data type is a short text type field but the corresponding candidate personal information data item does not belong to the named entity capable of being recognition, then directly the entity recognition the field and the corresponding candidate personal information data item is set as 0). Du does not specifically disclose performing a second detection to determine whether personal information exists in the identification target data using an LLM when it is determined in the first detection that the personal information is not non-existent. However, Yeon, in the same field of endeavour, discloses performing a second detection to determine whether personal information exists in the identification target data using an LLM when it is determined in the first detection that the personal information is not non-existent (Yeon, 9th page, 2nd – 13th para, According to one embodiment, when the OTP management server 107a fails to transmit an OTP authentication mail for a specific parameter, it sends a mail transmission failure response to the APIM of the server 101 that manages the API of the OTP management server 107a. (427), and the server101 may transmit (429) a message indicating failure in OTP authentication mail transmission to the user device 100. FIG. 5 is a sequence diagram illustrating an operation in which a chatbot operation server (e.g., server101 of FIG. 1) automatically performs an in-house SSO account initialization function through an RPA processing server, according to various embodiments. The following operations can be performed using the method described in operations 201 to 207 of FIG. 2. According to one embodiment, when the SSO account for accessing the in-house system is locked, the user of the user device 100 may transmit (501) a first message requesting initialization of the SSO account to the server 101. According to one embodiment, the server 101 may determine whether the first message is valid in response to receiving the first message, and if the first message is valid, the server 101 may determine a specific message through the API of the server 105. A first message containing a request for a function (eg, SSO account initialization) may be delivered (503) to the server (105). According to one embodiment, when a request for SSO account initialization is included in the first message, the server 105 sends a first response including a system code (e.g., type (RPA)_code1) corresponding to SSO account initialization. A message can be created (505). According to one embodiment, the LLM server 105 may transmit (507) the first response message to the server 101 through the API of the LLM server 105. According to one embodiment, the server 101 may parse (509) the system code area in the first reply message to determine whether a predetermined system code exists from the first reply message… the server 101 can confirm personal identification information from the parameter response message received from the user device 100, and the identification information of the user device 100 (e.g., personal identification information) previously stored in the server 101. By determining whether the personal identification information (email address or personal mobile phone number) matches, user authentication of the user device 100 can be performed (515). According to one embodiment, when user authentication of the user device 100 is successful, the server 101 sends a specific parameter to the RPA processing server 107b through the API of the RPA processing server 107b corresponding to a predetermined system code; [i.e., “the identification information of the user device 100 (e.g., personal identification information) previously stored in the server 101” as “it is determined in the first detection (i.e., previously detected and stored) that the personal information is not non-existent”]). Therefore, it would have been obvious for one having ordinary skill in the art before the effective filing date of the claimed invention to incorporate the method of Du in the method of Yeon because this would enable to perform user authentication of the user device (Yeon, 9th page, 12th para). Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Du in view of Yeon, and further in view of Sung et al. Pat App No. KR 101910592 B1 (Sung). Regarding Claim 2, Du in the method of Yeon disclose the text-based personal information identification method of claim 1, further comprising: Du in the method of Yeon do not specifically disclose performing post-processing for security on the personal information when it is determined that the personal information is included in the identification target data according to a result of the second detection. However, Sung, in the same field of endeavor, discloses performing post-processing for security on the personal information when it is determined that the personal information is included in the identification target data according to a result of the second detection (Sung, 1st page, 2nd – 3rd para, The present invention relates to a personal identification information security device, and a personal identification information security device capable of detecting and securing personal identification information such as a resident registration number and a passport number. In recent years, companies and organizations have been monitoring the packets from the intra network to the Internet for the purpose of protecting the assets of enterprises and organizations. At this time, according to the data security policy defined in the enterprise, packets are blocked or deleted to prevent information leakage. At this time, the personal information protection method is performed by stopping the transmission from the network when the user terminal includes personal information among the network transmission data; [i.e., “companies and organizations have been monitoring the packets from the intra network… the personal information protection method is performed by stopping the transmission from the network when the user terminal includes personal information among the network transmission data” as “post-processing for security on the personal information”]). Therefore, it would have been obvious for one having ordinary skill in the art before the effective filing date of the claimed invention to incorporate the method of Sung in the method of Du in view of Yeon because this would enable a personally identifiable information detection for detecting personally identifiable information in a text file (Sung, Abstract). Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Du in view of Yeon, and further in view of Jalil et al. Pat App No. US 20250077714 A1 (Jalil). Regarding Claim 3, Du in the method of Yeon disclose the text-based personal information identification method of claim 1. Du in the method of Yeon do not specifically disclose wherein the performing of the first detection includes applying a probabilistic language model to the identification target data to determine whether personal information is non-existent in the identification target data. However, Jalil, in the same field of endeavor, discloses wherein the performing of the first detection includes applying a probabilistic language model to the identification target data to determine whether personal information is non-existent in the identification target data (Jalil, para 0018, The system is designed to efficiently analyse impacted data sources, identify sensitive personal information, and deduplicate identities across multiple datasets. It further determines the residency of affected individuals to ascertain applicable legal obligations and estimate potential fines. The invention integrates various technical modules, including data collection, identification, identity deduplication, residency inference, legal analysis, and automated response. These modules work together to deliver a comprehensive and accurate analysis of a data breach's impact, automating tasks that are traditionally manual and prone to errors. The BIA system employs cutting-edge technologies such as large language models, probabilistic linking, and AI-driven communication generation). Therefore, it would have been obvious for one having ordinary skill in the art before the effective filing date of the claimed invention to incorporate the method of Jalil in the method of Du in view of Yeon because this would ensure that organizations can quickly and effectively respond to breaches while maintaining compliance with legal requirements (Jalil, para 0018). Claims 7 and 8 are rejected under 35 U.S.C. 103 as being unpatentable over Du in view of Yeon, further in view of Jalil, and further in view of Sung. Regarding Claim 7, Du in the method of Yeon and Jalil disclose the text-based personal information identification method of claim 3. Du in the method of Yeon and Jalil do not specifically disclose wherein the performing of the first detection further includes determining whether personal information is non-existent in the identification target data using a regular expression-based rule However, Sung, in the same field of endeavor, discloses wherein the performing of the first detection further includes determining whether personal information is non-existent in the identification target data using a regular expression-based rule (Sung, 4th page, 3rd –6th para, if the six digits of the first six digits of the six digits to the seven digits that are detected are out of the date range of the date of birth, or if the verification digits in the seven digits of the back digits are not correct, it is judged not to be a foreign registration number and is not detected. Further, the personal identification information detecting unit 110 may receive the expression of the personal identification information from the user even if it is not a regular expression, and may detect the text file in which the personal identification information is recorded based on the inputted expression. For example, when it is desired to detect a file in which personal identification information of a company number is recorded, an expression of the company number is inputted and a text file in which the personal identification information of the company number is recorded is detected based on the inputted expression. Likewise, when it is desired to detect a file in which the individual identification information of the school class number is recorded, the text file in which the individual identification information of the school class number is recorded can be detected based on the expression inputted to the school class number; Sung, 3rd page, 10th-12th, Regular expression is a unique standard rule for displaying individual identification information. For example, in the case of a resident registration number, as shown in FIG. 3 (a), a rule for expressing 'six digits' - 'seven digits' is used. In the case of a foreign registration number, , And a ruleof expressing a six-digit number '-7 digit number'. In the case of a passport number, as shown in FIG.3 (c), it has a rule of expressing 'M' 'seven digits. As shown in FIG. 3 (d), has a rule of expressing 'twodigits' -' two digits' - 'six digits' -2 digits'. Therefore, the file is stored in the form of 'six digits' -' seven digits' or 'M' 'seven digits' in the filesstored in the personal identification information security apparatus 10, or' '-' '2 digits'' - '' 6 digits' 'Allthe files recorded in the form of' -2 digits' can be detected; [i.e., ; “not detected” as “non-existent” (in the identification target data); “Regular expression … unique standard rule for displaying individual identification information” provided with examples]). Therefore, it would have been obvious for one having ordinary skill in the art before the effective filing date of the claimed invention to incorporate the method of Sung in the method of Du in view of Yeon and Jalil because this would enable detecting and as well as securing personal identification information (PII) (Sung, Abstract). Regarding Claim 8, Du in the method of Yeon, Jalil and Sung disclose the text-based personal information identification method of claim 7. Sung further teaches: wherein the determining of whether personal information exists in the identification target data using a regular expression-based rule (Sung, 3rd page, 7th – 10th para, The personal identification information detection unit 110 performs a function of detecting the individual identification information in the text file. Here, the text file includes all various files capable of recording numbers and symbols, such as a TXT file, a LOG file, and a CSV file. Also, the personal identification information may include at least one of a resident registration number, an alien registration number, a passport number, and a driver's license number as information for identifying an individual. Such detection of the individual identification information detects the individual identification information in the text file based on the regular expression of each individual identification information. Regular expression is a unique standard rule for displaying individual identification information) includes: pre-setting the regular expression-based rule (Sung, 3rd page, 3rd – 6th and 10th-12th para, The detection target can be set to multiple folders, and the condition can be set such as the folder name to be included, the file name and extension, and the modification time of the file. You can also set exception conditions for the same kind of condition… The detection target can be set to multiple folders, and the condition can be set such as the folder name to be included, the file name and extension, and the modification time of the file. You can also set exception conditions for the same kind of condition… Regular expression is a unique standard rule for displaying individual identification information. For example, in the case of a resident registration number, as shown in FIG. 3 (a), a rule for expressing 'six digits' - 'seven digits' is used. In the case of a foreign registration number, , And a ruleof expressing a six-digit number '-7 digit number'. In the case of a passport number, as shown in FIG.3 (c), it has a rule of expressing 'M' 'seven digits. As shown in FIG. 3 (d), has a rule of expressing 'twodigits' -' two digits' - 'six digits' -2 digits'. Therefore, the file is stored in the form of 'six digits' -' seven digits' or 'M' 'seven digits' in the filesstored in the personal identification information security apparatus 10, or' '-' '2 digits'' - '' 6 digits' 'Allthe files recorded in the form of' -2 digits' can be detected; [“Regular expression … unique standard rule for displaying individual identification information” provided with examples]; Alternative, 2nd page, 4th para, FIG. 5 is a diagram illustrating an example of a regular expression of personal identification information according to an embodiment of the present invention. FIG. 6 is a diagram illustrating a screen for setting a detection target condition); Yeon further teaches: determining whether a substring corresponding to a predetermined rule exists in the identification target data (Yeon, 6th page, 6th – 7th para, determine whether a predetermined system code exists from the first reply message. For example, referring to FIG. 3, the server 101 may parse (309) the system code area in the first reply message to determine whether a predetermined system code exists from the first reply message. According to one embodiment, when there is a request for a plurality of specific functions in the first message and a response message to be processed differently for each function is obtained, the server 101 enters the system code identified in the response message; Yeon, 6th page, 5th para, If included, a predetermined system code corresponding to a specific function may be included in the first response message; Yeon, 9th page, 10th – 12th para, if a predetermined system code corresponding to a specific function (e.g., SSO account initialization) exists from the first reply message, the server 101 determines a specific parameter (e.g., SSO account initialization) required to perform the specific function) and a request for personal identification information (e.g., personal email address or personal mobile phone number) may be transmitted to the user device 100 (511)… According to one embodiment, the server 101 can confirm personal identification information from the parameter response message received from the user device 100; [“predetermined system” as “predetermined rule” for a specific application, as provided in the above examples; “specific functions in the first message and a response message” as “substring”]); and identifying the substring as personal information when it is determined that the substring exists in the identification target data (Yeon, 9th page, 10th para, if a predetermined system code corresponding to a specific function (e.g., SSO account initialization) exists from the first reply message, the server 101 determines a specific parameter (e.g., SSO account initialization) required to perform the specific function. ) and are quest for personal identification information (e.g., personal email address or personal mobile phone number) may be transmitted to the user device 100 (511)). Claims 4-5 are rejected under 35 U.S.C. 103 as being unpatentable over Du in view of Yeon, further in view of Jalil, and further in view of Shumin et al. Pat App No. DE 102013105212 A1 (Shumin). Regarding Claim 4, Du in the method of Yeon and Jalil disclose the text-based personal information identification method of claim 3. Du further teaches: identifying the next word as personal information when the evaluation index exceeds a predetermined threshold (Du, 2nd page, 11th para, if the final matching degree of a field and a candidate personal information data item is maximum and greater than a preset threshold value, then taking the candidate personal information data item as the target personal information data item matched with the one field). Jalil further discloses: wherein the applying of the probabilistic language model to the identification target data to determine whether personal information is non-existent in the identification target data (Jalil, para 0030, The data identification module 120 also includes several advanced subsystems, such as the false positive filtering subsystem and the missed detection identifier. These subsystems enhance the reliability of the detection process by filtering out incorrect detections and identifying any information that might have been overlooked during initial scans. The ambiguity resolution engine addresses cases where data ambiguity exists, using probabilistic models to assign confidence scores and enable manual review when necessary) includes: Du in the method of Yeon and Jalil disclose do not specifically disclose calculating an evaluation index for a next word based on the context up to a current word of the identification target data using the probabilistic language model, the evaluation index being an evaluation index related to linguistic probability. However, Shumin, in the same field of endeavor, discloses calculating an evaluation index for a next word based on the context up to a current word of the identification target data using the probabilistic language model, the evaluation index being an evaluation index related to linguistic probability (Shumin, 9th page, 4th para, the input module 106 apply a probabilistic model, such as the language model and / or the spatial model, that provides information about the spatial location of the additional touch (eg, the subsequent touch 126 ) and predicted word information to interpret the additional touch as (i) a user selection of the predicted word, (ii) a user input of a space, or (iii) a user input of a character other than the space. Interpreting the additional touch may be based, at least in part, on the spatial location of the additional touch. In addition, interpreting the extra touch may be based on an evaluation of the number of characters in the predicted word; [i.e., “predicted word” as “next word”; “apply a probabilistic model, such as the language model” as “using the probabilistic language model”] ) Therefore, it would have been obvious for one having ordinary skill in the art before the effective filing date of the claimed invention to incorporate the method of Shumin in the method of Du in view of Yeon and Jalil because this would enable providing predictive text correction and completion for text input (Shumin, Abstract). Regarding Claim 5, Du in the method of Yeon and Jalil disclose the text-based personal information identification method of claim 4. Du further teaches: setting the next word as the current word when the evaluation index does not exceed the predetermined threshold (Du, 6th page, 1st -9th para, Further, the respectively data type is the coverage of the dictionary value set of each candidate personal information data item of the data set of the field of the typical type of the enumeration word, obtaining the data type is the numerical fingerprint matching degree of the field of the typical type of enumeration word and each candidate personal information data item is specifically as follows: obtaining the data type as a field of the typical type of enumeration word; …calculating the name matching degree of each field corresponding to each candidate personal information data item, entity matching recognition and numerical finger print matching degree, and according to the name matching degree, entity recognition the matching degree and numerical fingerprint matching degree, calculating the final matching degree of each field and each candidate personal information data item, further comprising: setting the matching degree of the field of the data type not short text type and the entity recognition each candidate personal information data item to be 0; the data type is not digital type, date time type or enumeration word typical type field with each candidate personal information data item of numerical fingerprint matching degree is set to 0). Jalil further discloses: wherein the applying of the probabilistic language model to the identification target data to determine whether personal information is non-existent in the identification target data (Jalil, para 0069, The data identification module 120 is configured to scan files for personal information… identifying missed detections… with … thresholds… applying probabilistic models; [i.e., “missed detections” as “personal information is non-existent”]). Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Du in view of Yeon, further in view of Jalil, further in view of Shumin, and further in view of Lam, Maximilian, “Systems and Algorithms for Efficient, Secure and Private Machine Learning Inference.” Doctoral Dissertation, Harvard University Graduate School of Arts and Sciences, Date: 2024-04-15 (Lam). Regarding Claim 6, Du in the method of Yeon, Jalil and Shumin disclose the text-based personal information identification method of claim 4. Du in the method of Yeon, Jalil and Shumin do not specifically disclose wherein the evaluation index is perplexity in the probabilistic language model. However, Lam, in the same field of endeavor, discloses wherein the evaluation index is perplexity in the probabilistic language model (Lam, page 34, 3rd para, Language Modeling We train a model with … reaching a baseline perplexity of 93; Lam, page 39, 2nd para, Table 3.2 shows model performance (accuracy for MNIST and natural language inference, perplexity for language modeling…1-bit weights, higher precision activations reduces perplexity from 800 to 180; Lam, page 42, Figure 3.4 (b); [“Language Model” (MNIST and natural language inference) as (probabilistic) “language model”]). Therefore, it would have been obvious for one having ordinary skill in the art before the effective filing date of the claimed invention to incorporate the method of Lam in the method of Du in view of Yeon, Jalil and Shumin because this would enable the evaluation of the natural language model accuracy for an efficient, secure and private machine learning inference (Lam, page 34, 3rd para and Abstract). Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to MULUGETA T. DUGDA whose telephone number is (703)756-1106. The examiner can normally be reached Mon - Fri, 4:30am - 7:00pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Paras D. Shah can be reached at 571-270-1650. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /MULUGETA TUJI DUGDA/Examiner, Art Unit 2653 /Paras D Shah/Supervisory Patent Examiner, Art Unit 2653 06/27/2026
Read full office action

Prosecution Timeline

Dec 19, 2024
Application Filed
Jul 01, 2026
Non-Final Rejection mailed — §101, §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12670918
VOICE MODIFICATION
2y 5m to grant Granted Jun 30, 2026
Patent 12620387
VOICE GENERATION METHOD AND APPARATUS, DEVICE, AND COMPUTER READABLE MEDIUM
3y 2m to grant Granted May 05, 2026
Patent 12597424
METHOD AND APPARATUS FOR DETERMINING SKILL FIELD OF DIALOGUE TEXT
3y 6m to grant Granted Apr 07, 2026
Patent 12592244
REDUCED-BANDWIDTH SPEECH ENHANCEMENT WITH BANDWIDTH EXTENSION
3y 6m to grant Granted Mar 31, 2026
Patent 12579366
DEVELOPMENT PLATFORM FOR FACILITATING THE OPTIMIZATION OF NATURAL-LANGUAGE-UNDERSTANDING SYSTEMS
3y 10m to grant Granted Mar 17, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
81%
Grant Probability
99%
With Interview (+22.9%)
2y 11m (~1y 4m remaining)
Median Time to Grant
Low
PTA Risk
Based on 52 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month