Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Note on Prior art
There are no prior art rejections for claims 4-8, 11-15 and 17-21.
With respect to claims 4-7, 11-14 and 17-19, the prior art or record does not teach or make obvious “receiving, by the client device from the server system, machine learning model evaluation data that includes: the one or more machine learning models that are executable at the client device to determine whether to authorize the first operation; and the one or more encrypted input data values.”
With respect to claim 8, the prior art of record does not teach or make obvious “a first value of the encrypted input data values is encrypted using a first encryption algorithm, and wherein a second value of the encrypted input data values is encrypted using a second encryption algorithm.”
With respect to claim 15, the prior art of record does not teach or make obvious “a first value of the encrypted input data values is encrypted using a first cryptographic key, and wherein a second value of the encrypted input data values is encrypted using a second, different cryptographic key.”
With respect to claim 20, the prior art of record does not teach or make obvious “transmitting, to the server system, the model output data; and
receiving, from the server system based on the model output data, second model output data that is generated by the server system using a second, heavyweight machine learning model, wherein the second model output data is further indicative of the level of risk associated with performing the first operation, and wherein generating the response message is further based on the second model output data.”
With respect to claim 21, the prior art of record does not teach or make obvious “receiving, from the server system, code that is executable to generate additional encrypted input data for the lightweight machine learning model, wherein the lightweight machine learning model is further operable to generate the model output data based on the additional encrypted input data.”
Double Patenting
A rejection based on double patenting of the “same invention” type finds its support in the language of 35 U.S.C. 101 which states that “whoever invents or discovers any new and useful process... may obtain a patent therefor...” (Emphasis added). Thus, the term “same invention,” in this context, means an invention drawn to identical subject matter. See Miller v. Eagle Mfg. Co., 151 U.S. 186 (1894); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Ockert, 245 F.2d 467, 114 USPQ 330 (CCPA 1957).
A statutory type (35 U.S.C. 101) double patenting rejection can be overcome by canceling or amending the claims that are directed to the same invention so they are no longer coextensive in scope. The filing of a terminal disclaimer cannot overcome a double patenting rejection based upon 35 U.S.C. 101.
Claims 4, 11 and 17, are rejected under 35 U.S.C. 101 as claiming the same invention as that of claim 10 of prior U.S. Patent No. 12,242,932. This is a statutory double patenting rejection.
19/046,114
USPAT 12,242,932
10. A non-transitory, computer-readable medium having instructions stored thereon that are executable by a client device to perform operations comprising:
receiving a request to perform a first operation at the client device via a service provided by a server system;
executing, from a plurality of machine learning models stored by the client device, a first machine learning model to determine whether to authorize the first operation, wherein executing the first machine learning model includes generating model output data for the first operation based on one or more encrypted input data values that are encrypted with a cryptographic key inaccessible to the client device, and wherein the model output data corresponds to a level of risk associated with performing the first operation; and
…
(Clm 11)receiving, from the server system, machine learning model evaluation data that includes:
the one or more machine learning models that are executable at the client device to determine whether to authorize the first operation; and
the one or more encrypted input data values.
(Claim 10 cont.) generating, based on the model output data, a response message for the request that indicates whether the first operation is authorized.
10. A non-transitory, computer-readable medium having instructions stored thereon that are executable by a server system to perform operations comprising: receiving, from a client device, a request to perform a first operation via a service provided via the server system; selecting, from a plurality of machine learning models, a first machine learning model to send to the client device to determine whether to authorize the first operation, wherein the first machine learning model is executable, by the client device, to generate model output data for the first operation based on one or more encrypted input data values that are encrypted with a cryptographic key inaccessible to the client device, wherein the model output data corresponds to a level of risk associated with performing the first operation;
sending machine learning model evaluation data to the client device, wherein the machine learning model evaluation data includes: the first machine learning model; and the one or more encrypted input data values;
receiving a response message that includes the model output data, for the first operation, generated at the client device using the first machine learning model; and determining whether to authorize the first operation based on the model output data.
Claims 4 and 17 are similar enough to claim 11 that the above claim mapping also applies.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 2-21 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea of a mental concept and mathematical operation without significantly more. The claims recite the abstract idea of determining a first operation is associated with a ML model, executing a ML model to infer risk, generating a response that indicates authorization, generating encrypted input data, using different encryption algorithms, and choosing ML models based on operation type. This judicial exception is not integrated into a practical application because additional element of transmitting and receiving data and models is insignificant extra solution activity. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because additional element such as computer-readable media, memory, and processors are generic computer parts.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
Claims 13 and 16-21 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 13 recites, “The non-transitory, computer-readable medium of claim 11, further comprising: generating…” It is supposed to claim medium of claim 11, “wherein the operations further comprise…” See claim 11. This is unclear because computer-readable medium do not comprise method steps, CRM have instructions executable to perform operations comprising method steps.
Claim 16 says, “to perform operation comprising…” It should say perform operations comprising.
The term “lightweight” in claims 16, 19 and 21 is a relative term which renders the claim indefinite. The term “lightweight” is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention. The specification says that lightweight models may “use less data and/or run faster than the heavy models” (Spec. 12.), but the claim doesn’t have a comparative baseline, threshold, model size, latency, memory use, FLOPS, accuracy tradeoff, or any other explanation about the relationship to a heavyweight model. If lightweight means any kind of model, then lightweight should be deleted. If lightweight has some other definition, that definition should appear in the specification and claims.
The term “heavyweight” in claim 20 is a relative term which renders the claim indefinite. The term “heavyweight” is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 2, 3, 9, 10 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over US20210234848A1 to Harris et al and US20220414235A1 to Rohloff et al.
Harris teaches claims 2, 10 and 16. A method, comprising:
receiving, by a client device, a request to perform a first operation at the client device (Harris para 113 “An initial request 701 to execute a controlled action may be generated at a user device upon indication by a user.”)
determining, by the client device, that the first operation is associated with one or more machine learning models that are executable at the client device to determine whether to authorize the first operation; (Harris para 117 “a decision 715 for determining if a risk score is required may be evaluated. For example, a risk score may be evaluated if the behavior tree 714 specifies that an action relating to financial accounts may be require a risk score. A risk analysis 716 may be performed if risk scoring is required.” The risk analysis model is the local model. Determining that the operation is associated with a model is taught by Harris determining that a risk score model 721 is needed for an operation.)
executing, by the client device, at least one of the one or more machine learning models to generate model output data for the first operation based on (Harris para 117 “The risk analysis 716 may utilize data for a local machine learning model of learning database 717, such as a graph learning model comprising one or more relevant user community groups.”
generating, by the client device based on the model output data, a response message for the request that indicates whether the first operation is authorized. (Harris para 118 “An assessment 719 for a potential issue may be generated based on the risk analysis, in which either an authorization 720 or restriction 711 of the requested action can then be implemented.”)
Harris doesn’t teach that the input data is encrypted with a key inaccessible to the client.
However, Rohloff teaches how to via a service provided by a server system… generate model output data for the first operation based on one or more encrypted input data values that are encrypted with a cryptographic key inaccessible to the client device. (Rohloff para 45 “receiving … at least one encrypted incidence vector (Step 201).” Rohloff para 47 “In some embodiments, a public key is received. The public key may be associated with a secret key that is not received.” Rohloff para 48 “The incidence vector may include data which is indicative of an occurrence of data point within specific ranges of data.” Rohloff para 52 “determining… an inner product operation between each generalized weight table and each encrypted incidence vector to obtain at least one encrypted inner product…” Rohloff para 58 “the summed at least one encrypted inner product to an application to be used as the basis for a risk score (Step 205). The summed at least one encrypted inner product can be decrypted to obtain the risk score.”)
Rohloff, Harris and the claims all offload computation to determine risk. It would have been obvious to a person having ordinary skill in the art, at the time of filing, to pass encrypted data to the client without the private key because “it may be desirable to compute risk scores and perform risk categorization on secret data without exposing the underlining secret data to an untrusted party.” Rohloff para 8.
Harris teaches claim 3. The method of claim 2, further comprising:
transmitting, by the client device (Harris para 118 “An assessment 719 for a potential issue may be generated based on the risk analysis, in which either an authorization 720 or restriction 711 of the requested action can then be implemented.” Implementing authorization involves transmission, at least to another component in the system.)
Rohloff teaches transmitting, by the client device to the server system, the response message
(Rohloff encrypted result 613 is sent back to the data provider (server) 601 from the client computation server 602. Rohloff para 58 “the summed at least one encrypted inner product to an application to be used as the basis for a risk score (Step 205). The summed at least one encrypted inner product can be decrypted to obtain the risk score.”)
Harris teaches claim 9. The method of claim 2, wherein the executing the at least one of the one or more machine learning models is based on one or both of an operation type of the first operation and a device type of the client device. (Harris para 117 “Upon performing the action lookup 713, a decision 715 for determining if a risk score is required may be evaluated. For example, a risk score may be evaluated if the behavior tree 714 specifies that an action relating to financial accounts may be require a risk score.”)
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Austin Hicks whose telephone number is (571)270-3377. The examiner can normally be reached Monday - Thursday 8-4 PST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Mariela Reyes can be reached at (571) 270-1006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/AUSTIN HICKS/ Primary Examiner, Art Unit 2142