DETAILED ACTION
Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.


Priority
Receipt is acknowledged of papers submitted under 35 U.S.C. 119(a)-(d), which papers have been placed of record in the file.


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1 are rejected under 35 U.S.C. 102(a)(1) as being clearly anticipated by Costa.

With respect to independent claim 1, Costa discloses a machine learning training method, applied to a machine learning controller in a server, comprising:
acquiring training data uploaded by a terminal {para. 0038: “data center then receives secure data uploads 306 over the secure channel(s). The uploaded data comprises training data and/or test data for use with the machine learning code”}.
creating a trusted execution environment in response to a machine learning training request from the terminal {paras. 0036-0037: “data center receives 300 a data-oblivious machine learning request, for example, from server A” and then “it creates at least one trusted execution environment”}.
performing machine learning training based on the trusted execution environment and the training data {para. 0039: “The trusted execution environment executes the machine learning code in a data-oblivious manner”}.

With respect to dependent claim 2, Costa discloses:
wherein the training data is encrypted training data encrypted with an encryption key at the terminal {para. 0038: “The uploaded data is secure, for example by being encrypted by a secret key generated by the entity making the data available for upload”}.
performing the machine learning training based on the trusted execution environment and the training data comprises:
establishing a trusted communication link between the terminal and the trusted execution environment {para. 0038: “data center establishes 304 a secure channel with the entities (such as server A) associated with the data-oblivious machine learning request”}, wherein the trusted communication link is configured to transmit the encryption key of the terminal to a key manager in the trusted execution environment, the key manager being configured to manage the encryption key {para. 0038: “The secret key is shared with the trusted execution environment which receives 308 the key using the secure channel”}.
decrypting the encrypted training data according to the encryption key and performing the machine learning training on decrypted training data based on the trusted execution environment {para. 0039: “The trusted execution environment decrypts the data 310 using the key(s) it received and executes 312 machine learning training or test phase processes according to the code uploaded by the code-loader. The trusted execution environment executes the machine learning code in a data-oblivious manner”}.

With respect to claim 10, a corresponding reasoning as given earlier in this section with respect to claim 1 applies, mutatis mutandis, to the subject matter of claim 10; therefore, claim 10 is rejected, for similar reasons, under the grounds as set forth for claim 1.

With respect to claims 13-14, a corresponding reasoning as given earlier in this section with respect to claims 1-2 applies, mutatis mutandis, to the subject matter of claims 13-14; therefore, claims 13-14 are rejected, for similar reasons, under the grounds as set forth for claims 1-2.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 3, 11, 12, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Costa et al. (US Pre-Grant Publication No. 20170372226-A1, hereinafter “Costa”) in view of Gu et al. (US Pre-Grant Publication No. 20190392305-A1, hereinafter “Gu”).

With respect to dependent claim 3, although Costa teaches a privacy-preserving machine learning system that uses a trusted execution environment, Costa does not explicitly disclose authentication of the parties; however, Gu discloses before establishing the trusted communication link between the terminal and the trusted execution environment, further comprising:
sending information to be authenticated of the server and the trusted execution environment to the terminal, and enabling the terminal to perform remote authentication on the trusted execution environment through a remote authentication server of the trusted execution environment based on the information to be authenticated {para. 0048: “TEE 230 (e.g., SGX enclave) can prove to the end user that it is running on top of a trusted hardware platform with legitimate code/data from a trusted cloud service provider using a standard attestation protocol. Alternatively, a Transport Layer Security (TLS) session may be instantiated directly between the end user's client computing device and the TEE 230”}.
executing an operation of establishing the trusted communication link when the authentication is successful {para. 0049: “After creating a secure Transport Layer Security (TLS) communication channel, the end user, via the client computing device, can provision symmetric keys (ENCLAVE_GET_KEYS at line 5 of FIG. 1) directly into the TEE 230”}.

Costa and Szeto are analogous art because they are from the same field of endeavor or problem-solving area of an enhanced privacy deep learning system framework.  Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Costa and Szeto before him or her, to modify/develop the secure channel establishment of Costa’s system to utilize authentication of the trusted execution environment.  The suggestion and/or motivation for doing so would have been because it is merely combining prior art elements according to known methods to yield predictable results, i.e. providing assurance to the client that the ensuring that the trusted execution environment is secure (e.g. Szeto [0048]).  Therefore, it would have been obvious to combine the secure channel establishment in Costa’s system with authentication of the trusted execution environment to obtain the invention as specified in the instant claim(s).  The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims.

With respect to dependent claim 11, Chandran discloses wherein uploading the training data to the machine learning controller in the server comprises:
encrypting the training data in blocks using an encryption key to obtain encrypted training data, wherein the encrypted training data comprises at least one encrypted data block {para. 0028: “the illustrative embodiments may leverage an authenticated encryption mechanism, such as the Galois Counter Mode (GCM)”}.
uploading the encrypted training data to the machine learning controller in the server in blocks sequentially {para. 0067: “use the Transmission Control Protocol/Internet Protocol (TCP/IP) suite of protocols to communicate”}.

With respect to claim 12, a corresponding reasoning as given earlier in this section with respect to claims 2-3 applies, mutatis mutandis, to the subject matter of claim 12; therefore, claim 12 is rejected, for similar reasons, under the grounds as set forth for claims 2-3.

With respect to claim 15, a corresponding reasoning as given earlier in this section with respect to claim 3 applies, mutatis mutandis, to the subject matter of claim 15; therefore, claim 15 is rejected, for similar reasons, under the grounds as set forth for claim 3.


Claims 4-9 and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over Costa et al. (US Pre-Grant Publication No. 20170372226-A1, hereinafter “Costa”) in view of Chandran et al. (US Pre-Grant Publication No. 20190228299-A1, hereinafter “Chandran”).

With respect to dependent claim 4, Costa discloses: 
wherein the training data comprises training data from a single data provider {para. 0038: “data center establishes 304 a secure channel with the entities (such as server A) associated with the data-oblivious machine learning request”}.
decrypting the encrypted training data according to the encryption key and performing the machine learning training on the decrypted training data based on the trusted execution environment comprises:
submitting the encrypted training data and preset training parameters to a data fusion manager in the trusted execution environment, and decrypting the encrypted training data by the data fusion manager according to the encryption key {para. 0039: “The trusted execution environment decrypts the data 310 using the key(s) it received and executes 312 machine learning training or test phase processes according to the code uploaded by the code-loader”}.
Although Costa teaches a privacy-preserving machine learning system that uses a trusted execution environment, Costa does not explicitly disclose an algorithm library and acquiring a machine learning model obtained after training; however, Chandran discloses:
decrypting the encrypted training data according to the encryption key and performing the machine learning training on the decrypted training data based on the trusted execution environment comprises:
triggering a target algorithm in a machine learning algorithm library in the executed execution environment, and training the decrypted training data according to the training parameters in the executed execution environment {paras. 0031 & 0046: “secure protocols for DNN training”, wherein there is a selection of “Deep Neural Network (DNN) training algorithms”}.
acquiring a machine learning model obtained after training {para. 0035: “the parties obtain shares of the learned model”}.

Costa and Chandran are analogous art because they are from the same field of endeavor or problem-solving area of an enhanced privacy deep learning system framework.  Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Costa and Chandran before him or her, to modify/develop the machine learning of Costa’s system to utilize a library of training algorithms and model generation.  The suggestion and/or motivation for doing so would have been because it is merely combining prior art elements according to known methods to yield predictable results, i.e. it enables provision of different models where no single party learns any information about the data (e.g. Chandran [0031]).  Therefore, it would have been obvious to combine the machine learning in Costa’s system with a library of training algorithms and model generation to obtain the invention as specified in the instant claim(s).  The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims.

With respect to claim 5, a corresponding reasoning as given earlier in this section with respect to claim 4 applies, mutatis mutandis, to the subject matter of claim 5; therefore, claim 5 is rejected, for similar reasons, under the grounds as set forth for claim 4 and for the reasoning set forth for the following limitations not explicitly disclosed in claim 4.  Chandran discloses:
wherein the training data comprises training data from at least two data providers {para. 0031: “multiple parties to combine their data for training”}.
decrypting the encrypted training data according to the encryption key and performing the machine learning training on the decrypted training data based on the trusted execution environment comprises:
fusing the decrypted training data according to a preset fused data format to obtain fused training data {paras. 0033-0035: “four parties run a training algorithm (such as a Deep or Convolutional Neural Network) over the joint data by executing the MPC protocol”}.

With respect to dependent claim 6, Chandran discloses wherein an operation for fusing the decrypted training data comprises: splitting data column by column and splitting data row by row {para. 0061: “dividing shares by a power of 2 is described in Algorithm 2”; although the particular structure of “rows” and “columns” are not described, the designation of rows and columns and any division thereof is an arbitrary design choice; See MPEP § 2144.04(VI)(C)}.

With respect to dependent claim 7, Chandran discloses wherein the acquired machine learning model is a model encrypted in the machine learning algorithm library in the trusted execution environment {para. 0045: “each user can simply secret share his or her data across the four parties and the parties can learn the model amongst themselves using the MPC protocol (the model learned is also secret shared among them)”}.

With respect to claims 8-9, a corresponding reasoning as given earlier in this section with respect to claim 7 applies, mutatis mutandis, to the subject matter of claims 8-9; therefore, claims 8-9 are rejected, for similar reasons, under the grounds as set forth for claim 7.

With respect to claims 16-20, a corresponding reasoning as given earlier in this section with respect to claims 4-8 applies, mutatis mutandis, to the subject matter of claims 16-20; therefore, claims 16-20 are rejected, for similar reasons, under the grounds as set forth for claims 4-8.



Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kevin Bechtel whose telephone number is (571)270-5436. The examiner can normally be reached Monday - Friday, 09:00 - 17:00 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Kevin Bechtel/Primary Examiner, Art Unit 2491