CTNF 19/083,803 CTNF 86666 DETAILED ACTION This Office Action is in response to the application 19/083803 filed on 03/19/2025. 07-03-aia AIA 15-10-aia The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA. As per the Preliminary Amendment filed on 04/07/2025, claims 1-20 have been examined and are pending in this application. Claims 1, 10, and 19 are independent. Priority/Continuity This application is a continuation of PCT Application No. PCT/CN2023/118186, filed on 09/12/2023, which has foreign priority of CN202211145581.9, filed on 09/20/2022. Information Disclosure Statement The information disclosure statement (IDS), submitted on 04/23/2025 and 11/26/2025, are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the Examiner. Claim Rejections - 35 USC § 103 07-20-aia AIA The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 07-20-02-aia AIA This application currently names joint inventors. In considering patentability of the claims the Examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the Examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. 07-21-aia AIA Claim s 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Metha et al (“Metha,” US 2019/0258783, published on 08/22/2019), in view of Chang (“Chang,” US 2023/0325627, filed on 04/07/2022) . As to claim 1, Metha teaches a model processing method (Metha: pars 0002-0005, method, apparatus, and program product for monitoring and identifying machine learning model in use by an entity other than the entity that developed the machine learning model, and any machine learning model that gets stolen) , comprising: obtaining a first computation graph, wherein the first computation graph indicates execution logic of an artificial intelligence (AI) model, and the first computation graph comprises at least one operator (Metha: pars 0002-0005, 0018-0019, 0032; Fig 2, 3, the system creates analysis and processing path [i.e. first computation graph], generate a signature for the target machine. Using learning model data points and corresponding labels, generates both the original signature and the target signature are taken from the same locations in both the original machine learning model and the target machine learning model. The system then compares the signatures from the original machine learning model and the target machine learning model to determine if there is any overlap between the signatures. If the overlap reaches a particular threshold, the system can identify the machine learning model as possibly stolen) ; generating a second computation graph based on the first computation graph, wherein the second computation graph comprises at least one computation branch (Metha: pars 0002-0005, 0018-0019, 0032; Fig 2, 3, the system generates the original signature, along with the signature for the target machine, from the same locations in the original machine learning model [i.e. second computation graph]. The system then compares the signatures from the original machine learning model and the target machine learning model to determine if there is any overlap between the signatures. If the overlap reaches a particular threshold, the system can identify the machine learning model as possibly stolen) . Metha does not explicitly teach at least one obfuscation branch, and a first expression, an output of the first expression indicates to execute a branch in the at least one computation branch or a branch in the at least one obfuscation branch, the at least one operator is comprised in the at least one computation branch, and the at least one computation branch has different computation logic from the at least one obfuscation branch; and generating execution code corresponding to the Al model based on the second computation graph, wherein target code in the execution code is configured with encrypted protection, and the target code is code related to the first expression. However, in an analogous art, Cheng teaches at least one obfuscation branch, and a first expression, an output of the first expression indicates to execute a branch in the at least one computation branch or a branch in the at least one obfuscation branch (Chang: abstract, pars 0037, 0040; Fig 2-5, teaches of the protection of access to artificial neural network (ANN) models in outsourcing deep learning computations. Where artificial neural network model can be split into a plurality of model parts to obscure the artificial neural network model in outsourced data) , the at least one operator is comprised in the at least one computation branch, and the at least one computation branch has different computation logic from the at least one obfuscation branch (Chang: abstract, pars 0037, 0040; Fig 2-5, each part of the is separately obscured and processed with sperate process and computation that is different from another part’s computation result) ; and generating execution code corresponding to the Al model based on the second computation graph, wherein target code in the execution code is configured with encrypted protection, and the target code is code related to the first expression (Chang: abstract, pars 0037, 0040; Fig 2-5, applied an offset operation and/or encrypted to generate modified parts for outsourcing, as an option) . Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Cheng with the method/system of Metha to include the limitation(s), at least one obfuscation branch, and a first expression, an output of the first expression indicates to execute a branch in the at least one computation branch or a branch in the at least one obfuscation branch, the at least one operator is comprised in the at least one computation branch, and the at least one computation branch has different computation logic from the at least one obfuscation branch; and generating execution code corresponding to the Al model based on the second computation graph, wherein target code in the execution code is configured with encrypted protection, and the target code is code related to the first expression, where one would have been motivated for the benefit of protecting the a machine learning model from any potential stealing by splitting in to two or more parts and obscuring each part for protection of the whole model data as over overall machine learning model (Chang: abstract, pars 0037, 0040) . As to claim 2, the combination of Metha and Chang teaches the method according to claim 1, Chang further teaches wherein the second computation graph comprises only one computation branch; and the output of the first expression indicates to execute the computation branch and the at least one obfuscation branch (Chang: abstract, pars 0037, 0040; Fig 2-5, each part of the is separately obscured and processed with sperate process and computation that is different from another part’s computation result) . As to claim 3, the combination of Metha and Chang teaches the method according to claim 1, Chang further teaches wherein the second computation graph comprises a plurality of computation branches, and the second computation graph further comprises a second expression; the output of the first expression indicates to execute one of the plurality of computation branches and the at least one obfuscation branch; and the second expression is connected to the plurality of computation branches and the at least one obfuscation branch, and the second expression indicates a quantity of times the first expression is cyclically executed (Chang: abstract, pars 0037, 0040; Fig 2-5, each part of the is separately obscured and processed with sperate process and computation that is different from another part’s computation result, and can be retrieved as a whole as whole maintaining proper security feature) . As to claim 4, the combination of Metha and Chang teaches the method according to claim 3, Chang further teaches wherein an input to the second expression is related to a branch executed last time, and an output of the second expression is used to determine whether to cyclically execute the first expression (Chang: abstract, pars 0037, 0040; Fig 2-5, teaches of the protection of access to artificial neural network (ANN) models in outsourcing deep learning computations. Where artificial neural network model can be split into a plurality of model parts to obscure the artificial neural network model in outsourced data) . As to claim 5, the combination of Metha and Chang teaches the method according to claim 1, Chang further teaches wherein an initial input to the first expression comprises a first value, and the first value is configured with encrypted protection (Chang: abstract, pars 0037, 0040; Fig 2-5, applied an offset operation and/or encrypted to generate modified parts for outsourcing, as an option) . As to claim 6, the combination of Metha and Chang teaches the method according to claim 1, Chang further teaches wherein the target code is configured to be run in a trusted execution environment, and/or the target code is configured to perform code obfuscation (Chang: abstract, pars 0037, 0040; Fig 2-5, applied an offset operation and/or encrypted to generate modified parts for outsourcing of the artificial neural network model) . As to claim 7, the combination of Metha and Chang teaches the method according to claim 1, Chang further teaches wherein the target code is configured with encrypted protection by using an encryption algorithm (Chang: abstract, pars 0037, 0040; Fig 2-5, applied an offset operation and/or encrypted to generate modified of the artificial neural network model) . As to claim 8, the combination of Metha and Chang teaches the method according to claim 1, Chang further teaches wherein the method further comprises: obtaining a third computation graph, wherein the third computation graph indicates the execution logic of the AI model, and the third computation graph comprises a first operator; and generating a fourth computation graph based on the third computation graph, wherein the fourth computation graph comprises a second operator and a third expression, a weight parameter of the second operator is obtained after a weight parameter of the first operator is modified, an input to the third expression comprises an output of the second operator, and an output of the third expression is the same as an output of the first operator when the first operator uses a same input as the second operator; and the generating execution code corresponding to the AI model based on the second computation graph comprises: generating the execution code corresponding to the AI model based on the second computation graph and the fourth computation graph (Chang: abstract, pars 0037, 0040; Fig 2-5, teaches of the protection of access to artificial neural network (ANN) models in outsourcing deep learning computations. Where artificial neural network model can be split into a plurality of model parts to obscure the artificial neural network model in outsourced data, including a third parts and it processing) . As to claim 9, the combination of Metha and Chang teaches the method according to claim 8, Chang further teaches wherein the weight parameter of the second operator is obtained after the weight parameter of the first operator is modified based on a second value, the input to the third expression comprises the second value, and the second value is configured with encrypted protection (Chang: abstract, pars 0037, 0040; Fig 2-5, applied an offset operation and/or encrypted to generate modified parts for outsourcing of the artificial neural network model. Each part of the is separately obscured and processed with sperate process and computation that is different from another part’s [i.e., applied weight parameter] computation result) . As to claim 10, Metha teaches the model-based data processing method (Metha: pars 0002-0005, method, apparatus, and program product for monitoring and identifying machine learning model in use by an entity other than the entity that developed the machine learning model, and any machine learning model that gets stolen) , comprising: obtaining a second computation graph based on execution code of an (AI) model, wherein the second computation graph comprises at least one computation branch (Metha: pars 0002-0005, 0018-0019, 0032; Fig 2, 3, the system generates the original signature, along with the signature for the target machine, from the same locations in the original machine learning model [i.e. second computation graph]. The system then compares the signatures from the original machine learning model and the target machine learning model to determine if there is any overlap between the signatures. If the overlap reaches a particular threshold, the system can identify the machine learning model as possibly stolen) . Metha does not explicitly teach at least one obfuscation branch, and a first expression, an output of the first expression indicates to execute a branch in the at least one computation branch or a branch in the at least one obfuscation branch, the at least one computation branch comprises at least one operator in the AI model, the at least one computation branch has different computation logic from the at least one obfuscation branch, target code in the execution code is configured with encrypted protection, and the target code is code related to the first expression; obtaining input data of the AI model; and processing the input data based on the second computation graph, to obtain output data of the AI model. However, in an analogous art, Cheng teaches at least one obfuscation branch, and a first expression, an output of the first expression indicates to execute a branch in the at least one computation branch or a branch in the at least one obfuscation branch (Chang: abstract, pars 0037, 0040; Fig 2-5, teaches of the protection of access to artificial neural network (ANN) models in outsourcing deep learning computations. Where artificial neural network model can be split into a plurality of model parts to obscure the artificial neural network model in outsourced data) , the at least one computation branch comprises at least one operator in the AI model, the at least one computation branch has different computation logic from the at least one obfuscation bran (Chang: abstract, pars 0037, 0040; Fig 2-5, each part of the is separately obscured and processed with sperate process and computation that is different from another part’s computation result) ; target code in the execution code is configured with encrypted protection, and the target code is code related to the first expression; obtaining input data of the AI model; and processing the input data based on the second computation graph, to obtain output data of the AI model (Chang: abstract, pars 0037, 0040; Fig 2-5, applied an offset operation and/or encrypted to generate modified parts for outsourcing, as an option) . Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Cheng with the method/system of Metha to include the limitation(s), at least one obfuscation branch, and a first expression, an output of the first expression indicates to execute a branch in the at least one computation branch or a branch in the at least one obfuscation branch, the at least one computation branch comprises at least one operator in the AI model, the at least one computation branch has different computation logic from the at least one obfuscation branch, target code in the execution code is configured with encrypted protection, and the target code is code related to the first expression; obtaining input data of the AI model; and processing the input data based on the second computation graph, to obtain output data of the AI model, where one would have been motivated for the benefit of protecting the a machine learning model from any potential stealing by splitting in to two or more parts and obscuring each part for protection of the whole model data as over overall machine learning model (Chang: abstract, pars 0037, 0040) . As to claims 11-18, the claims are similar to the claims 2-9, and therefore, rejected for the same reason set forth above for claims 2-9. As to claim 19, the claim is directed to a program product, the scope of the claim limitations is similar to the method claim 1, and therefore, rejected for the same reason set forth above for claim 1. As to claim 20, the scope of the claim limitations is similar to the claim 2, and therefore, rejected for the same reason set forth above for claim 2. Conclusion 07-101 Any inquiry concerning this communication or earlier communications from the Examiner should be directed to Jahangir Kabir whose telephone number is (571) 270-3355. The Examiner can normally be reached on 9:00- 5:00 Mon-Thu. If attempts to reach the Examiner by telephone are unsuccessful, the Examiner’s supervisor, Luu Pham can be reached on (571) 270-5002. The fax number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from Patent Center and the Private Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from Patent Center or Private PAIR. Status information for unpublished applications is available through Patent Center and Private PAIR for authorized users only. Should you have questions about access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) Form at https://www.uspto.gov/patents/uspto-automated- interview-request-air-form. /JAHANGIR KABIR/ Primary Examiner, Art Unit 2439 Application/Control Number: 19/083,803 Page 2 Art Unit: 2439 Application/Control Number: 19/083,803 Page 3 Art Unit: 2439 Application/Control Number: 19/083,803 Page 4 Art Unit: 2439 Application/Control Number: 19/083,803 Page 5 Art Unit: 2439 Application/Control Number: 19/083,803 Page 6 Art Unit: 2439 Application/Control Number: 19/083,803 Page 7 Art Unit: 2439 Application/Control Number: 19/083,803 Page 8 Art Unit: 2439 Application/Control Number: 19/083,803 Page 9 Art Unit: 2439 Application/Control Number: 19/083,803 Page 10 Art Unit: 2439 Application/Control Number: 19/083,803 Page 11 Art Unit: 2439 Application/Control Number: 19/083,803 Page 12 Art Unit: 2439 Application/Control Number: 19/083,803 Page 13 Art Unit: 2439