Prosecution Insights
Last updated: July 17, 2026
Application No. 19/088,943

SECURITY PROTECTION METHOD FOR MODEL SERVICE AND RELATED DEVICE

Non-Final OA §103§112
Filed
Mar 24, 2025
Priority
May 15, 2024 — CN 202410606786.5
Examiner
ZHAO, DON GORDON
Art Unit
Tech Center
Assignee
Beijing Volcano Engine Technology Co., Ltd.
OA Round
1 (Non-Final)
87%
Grant Probability
Favorable
1-2
OA Rounds
10m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 87% — above average
87%
Career Allowance Rate
691 granted / 791 resolved
+27.4% vs TC avg
Strong +16% interview lift
Without
With
+16.3%
Interview Lift
resolved cases with interview
Typical timeline
2y 2m
Avg Prosecution
19 currently pending
Career history
803
Total Applications
across all art units

Statute-Specific Performance

§101
1.2%
-38.8% vs TC avg
§103
82.5%
+42.5% vs TC avg
§102
1.9%
-38.1% vs TC avg
§112
8.2%
-31.8% vs TC avg
Black line = Tech Center average estimate • Based on career data from 791 resolved cases

Office Action

§103 §112
DETAILED ACTION Claims 1-20 are presented on 03/24/2024 for examination on merits. Claims 1, 14, and 20 are independent base claims. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Examiner's Instructions for filing Response to this Office Action When the Applicant submits amendments regarding to the claims in response the Office Action, the Examiner would appreciate Applicant if a clean copy of the claims is provided to facilitate the prosecution which otherwise requires extra time for editing the marked-up claims from OCR. Please submit two sets of claims: Set #1 as in a typical filing which includes indicators for the status of claim and all marked amendments to the claims; and Set #2 as an appendix to the Arguments/Remarks for a clean version of the claims which has all the markups removed for entry by the Examiner. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (B) CONCLUSION—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA the applicant regards as the invention. The rejection(s) under 35 U.S.C. 112(b) is/are determined by the following reasons: Claims 1, 14, and 20 each recite two instances of “reply information corresponding to the first request” unclearly in the respective claims, because the failure result of the security detection should cause a different reply to the first request from the pass result. It is confusing when the second instance of the reply information is linked to the first instance. It is also noted that the claims recite optional limitations “in response to the security detection result being passed, sending the first request to the first model service, to cause the first model service to generate reply information corresponding to the first request; or in response to the security detection result being failed, acquiring first information and sending the first information to the first model service, to cause the first model service to determine the first information as the reply information corresponding to the first request.” This means when the security detection result is a failed one the pass condition does not exist, causing the recitation of “the reply information” to lack antecedent basis. The Examiner suggests using “the first reply information” and the “the second reply information” to differentiate the response to the first request in the pass and failure cases. Claims 2-13, 15-17, and 20 are also rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, because they depend from the rejected base claims 1, 14, and 20, respectively. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Claims 1, 3-4, 14, 16-17, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Kumar (US 20250086235 A1; Note that US Provisional Application US 63582171 is relied upon for the date of reference 2023-09-12) in view of O’Neal (US 20240394404 A1; US Provisional Application US 63468517 is relied upon for the date of reference 2023-05-23). As per claim 1, Kumar teaches a model service security protection method, comprising: acquiring a first request initiated to a first model service (Kumar par. 0020-0021: queries being submitted to a large language model (LLM) based on relevance of the queries to a set of topics associated with the LLM); performing [security] detection on the first request to obtain a security detection result (Kumar par. 0021: generate a relevance score for a query in relation to an LLM implemented by an enterprise based on the query's attributes. For example, a query directed to entertainment may have very little relevance to an LLM implemented by a pharmaceutical company); in response to the security detection result being passed, sending the first request to the first model service, to cause the first model service to generate reply information corresponding to the first request (par. 0021: If the ML-model-generated relevance score meets a threshold value, meaning that the detection result is a pass, the system passes the query through to the LLM to generate a response; see also par. 0038-0039: transmit natural-language queries to the LLM and receive natural-language responses.); or in response to the security detection result being failed, acquiring first information and sending the first information to the first model service, to cause the first model service to determine the first information as the reply information corresponding to the first request (Kumar par. 0021: If the relevance score does not meet the threshold value – which is a failure result, the system takes remedial action. For example, the system may refrain from passing the query through to the LLM. Additionally, or alternatively, the system may generate a notification to a user or an administrator indicating that the query appears to be irrelevant to the enterprise. See also par. 0047-0048: the LLM management platform 120 may generate a notification to one or both client application 110A and admin application 112A, indicating that the query did not meet a relevance threshold.). However, Kumar does not explicitly disclose his detection of query relevance using a score and a threshold is for security reasons – i.e., a security detection. This aspect of the claim is identified as a further difference. In a related art, O’Neal teaches: security detection being applied to the user data prompt (O’Neal, par. 0079-0080: For example, the security module 811 may apply profiles or rules on the user 801, 807 which are then applied to the user data prompt received by the message broker 810. For example, a user in the credit department may not be allowed to access specific AI systems 806, or prompt specific details, such as addresses. And executing the security control protocol on user data that may be sensitive for data protection). Kumar and O’Neal are analogous art to the claimed invention in the same field of endeavor as the claimed invention, or reasonably pertinent to the problem faced by the inventor, which may be in a different field. Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to modify Kumar’s system with O’Neal’s teachings of security detection on user input prompt. For this combination, the motivation would have been to improve the level of security with security rules applied to user inputs. As per claim 3, the references as combined above teach the method according to claim 1, wherein the security detection result being failed comprises at least one of the following (Note: optional limitations are recited here): the first request comprising performing a first operation for the first model service, the first operation comprising a deletion operation or a modification operation on the first model service (Kumar, par. 0046-0047: query analysis engine 121 provides the vector, corresponding to the encoded query, to the query relevance machine learning model 124, in which the query may be changed; par. 0071: One or more operations illustrated in FIG. 2 may be modified, rearranged, or omitted.); the first request comprising performing a second operation for the first model service, the second operation being used to cause the first model service to output a model parameter of the first model service (O’Neal, par. 0065: The control AI model 821 may use specific workflows and parameters to validate input and/or output data by using pattern detection, keyword search, and cross engine validation via profiles set by other modules); the first request comprising performing a third operation for the first model service, the third operation being used to cause the first model service to output corresponding reply information of a first request of another user (Kumar, par. 0021: the system may generate a notification to a user or an administrator indicating that the query appears to be irrelevant to the enterprise; par. 0048: generate a notification to one or both client application 110A and admin application 112A, indicating that the query did not meet a relevance threshold.); the first request comprising same information sent by a same user within a preset time interval (Note: this optional limitation is not selected for examination); performance consumption of the first model service by the first request being greater than a preset threshold (Note: this optional limitation is not selected for examination); or the first request comprising request information of a preset type, the request information of the preset type being configured to be unable to return corresponding output information to a request user of the first request (Note: this optional limitation is not selected for examination). As per claim 4, the references as combined above teach the method according to claim 1, wherein the acquiring the first request initiated to the first model service comprises: configuring at least one information input path of the first model service as a protection path for the security detection, and acquiring the first request through the protection path (O’Neal, par. 0082: providing 1008, via the message broker 810, the approved data prompt to the at least one AI system 806, via hyperlinks. For example, if an AI system 806 generates hyperlinks to external websites, then specific rules may be triggered, e.g., by the security module 811 that may dictate that hyperlinks cannot be presented to the involved user based on their profile; par. 0084: allowing users to navigate between approved suggested prompts, answers, and between different AI systems. Data including user prompt data and AI system response data can be automatically transformed, controlled, and displayed on devices in a manner that is most relevant to each user.). Regarding claims 14 and 20, they each are similar to claim 1 in view of the inventive features recited; and thus, claims 14 and 20 are rejected for the same reasons discussed above. Regarding claims 16 and 17, they are similar to claims 3 and 4 in view of the inventive features recited, respectively; and thus, claims 16 and 17 are rejected for the same reasons discussed above. Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Kumar and O’Neal, as applied to claim 1, and further in view of Campos (US 20180357552 A1). As per claim 11, the references of Kumar and O’Neal as combined above teach the method according to claim 1, but do not explicitly disclose generating and displaying statistical information of the security detection result, the statistical information of the security detection result. This aspect of the claim is identified as a further difference. In a related art, Campos teaches: further comprising: generating and displaying statistical information of the security detection result, the statistical information of the security detection result (Campos par. 0097-0099 and 0101: using statistical data analysis tools … for example, look at the statistical distribution of any data sets … output action/decision and the reason why that node reached that resultant output (e.g., what parameters dominated the decision and/or other factors that caused the node to reach that resultant output)) comprising at least one of (Note: optional limitations are recited here): a number of the first requests, a number of the first requests with the security detection result being failed, or a number of the first information being determined as the reply information (Campos par. 0102-0103: The AI engine can subsequently instantiate a number of trained AI models for the user who sends requests). Campos is analogous art to the claimed invention in the same field of endeavor as the claimed invention, or reasonably pertinent to the problem faced by the inventor, which may be in a different field. Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to modify the Kumar-O’Neal system with Campos’s teachings of instantiate a number of trained AI models for the user wherein there may be a number of the first requests to be analyzed with statistical information. For this combination, the motivation would have been to improve the level of security with statistical information. Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Kumar and O’Neal, as applied to claim 1, and further in view of Song (US 20230153460 A1). As per claim 12, the references of Kumar and O’Neal as combined above teach the method according to claim 1, but not configuring at least one attack type corresponding to the protection type. In a related art, Song teaches: further comprising at least one of (Note: optional limitations are recited here) the following: configuring at least one attack type corresponding to the protection type (Song, par. 0007 and 0016: applying, by the processor, one or more defense objectives with attribute predictor to fine-tune a target main algorithm model of the service by using a fake attacker model and pre-define attributes with annotated datasets); configuring a protection type to perform different types of security detection on the first request based on the protection type (Note: this optional limitation is not selected for examination); or configuring protection actions corresponding to different protection types (Note: this optional limitation is not selected for examination). Song is analogous art to the claimed invention in the same field of endeavor as the claimed invention, or reasonably pertinent to the problem faced by the inventor, which may be in a different field. Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to modify the Kumar-O’Neal system with Song’s teachings of configuring at least one attack type corresponding to the protection type. For this combination, the motivation would have been to improve the level of security with configurable attack type corresponding to the protection type. Allowable Subject Matter Claims 2, 5-10, 13, 15, and 18-19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Claim 2 and 15 each recite elements of “wherein performing the security detection on the first request comprises: acquiring interface access information corresponding to the first request; acquiring a target field in the interface access information and a corresponding field value of the target field, the corresponding field value of the target field comprising prompt content for the first model; sending the prompt content to a second model service to obtain the security detection result, the second model service being used for performing security detection on a user behavior in the prompt content.” These elements and the features thereof in combination with the other limitations in the claim 1, are not anticipated by, nor made obvious over the prior art of record. Claims 5-10 are allowed by virtue of their dependencies on claim 2 as they further limit the scope of the claimed invention. Claims 18-19 are allowed by virtue of their dependencies on claim 15 as they further limit the scope of the claimed invention. Claim 13 recites elements of “in response to an expand operation on a target protection type, displaying statistical information of security detection results for the target protection type within a preset time period, the statistical information comprising protected attack information corresponding to at least one attack type.” These elements and the features thereof in combination with the other limitations in the claims 1 and 12, are not anticipated by, nor made obvious over the prior art of record. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure as the prior art additionally discloses certain parts of the claim features (See “PTO-892 Notice of Reference Cited”). Any inquiry concerning this communication or earlier communications from the examiner should be directed to DON ZHAO whose telephone number is (571)272.9953. The examiner can normally be reached on Monday to Friday, 7:30 A.M to 5:00 P.M EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl G Colin can be reached on 571.272.3862. The fax phone number for the organization where this application or proceeding is assigned is 571.273.8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866.217.9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800.786.9199 (IN USA OR CANADA) or 571.272.1000. /Don G Zhao/Primary Examiner, Art Unit 2493 07/07/2026
Read full office action

Prosecution Timeline

Mar 24, 2025
Application Filed
Jul 10, 2026
Non-Final Rejection mailed — §103, §112 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12676871
Computer Security and Methods of Use Thereof
1y 9m to grant Granted Jul 07, 2026
Patent 12665919
METHOD AND SYSTEM FOR IMPLEMENTING A SERVICE THAT SIMPLIFIES NETWORK CYBER DEFENSE CAPABILITIES
3y 4m to grant Granted Jun 23, 2026
Patent 12665901
INFORMATION PROCESSING APPARATUS AND SERVICE PROVIDING SYSTEM
3y 2m to grant Granted Jun 23, 2026
Patent 12665921
RISK SCORING OF CLOUD PERMISSION ASSIGNMENTS USING SUPERVISED MACHINE LEARNING
2y 6m to grant Granted Jun 23, 2026
Patent 12665904
SECURE ASSET MANAGEMENT INFRASTRUCTURE FOR ENFORCING ACCESS CONTROL POLICIES
2y 2m to grant Granted Jun 23, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
87%
Grant Probability
99%
With Interview (+16.3%)
2y 2m (~10m remaining)
Median Time to Grant
Low
PTA Risk
Based on 791 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month