Loading...
xail Patent Portfolio / Application 6
← Back to Portfolio Sign out
Application 6 · Privacy-Preserving AI Inference

Privacy-Preserving AI Inference

Multi-layer client-side entity extraction with cascading span tracking, automatic sensitivity-based tier routing, streaming response reinjection, and information-theoretically secure entity map protection via XorIDA/GF(2) threshold sharing.

20 Claims Filed 4 Independent 16 Dependent 26 Method 4 System/CRM
20
claims filed
4
independent
16
dependent
9
figures
4
layers
GF(2)
entity vault
Filing Strategy: Claims are organized into filing groups. Group A (20 claims) files now. Group B (14 claims) is reserved for a continuation application using the same specification. All claims are supported by the current specification.
GROUP A · FILING NOW · 20 claims · 4 independent · 16 dependent Multi-layer extraction + proxy inference + entity vault + system
Independent Claim 1 · Method

Multi-Layer Cascading Entity Extraction

Four-layer cascading extraction pipeline with span tracking. Each layer operates only on uncovered character spans. L1 regex with checksum validation, L2 schema variants with coreference tracking, L3 NER on remaining spans, L4 optional local LLM. Produces typed semantic placeholders and entity map.

L1 Pattern / Regex Extraction SSN, credit card, phone, email — checksum validation Conf ≥ 0.95 Covered spans tracked L2 Schema / Coreference Extraction Schema variants, name coreference, address normalization Conf ≥ 0.85 Uncovered spans only L3 NER Extraction (compromise.js) Named entity recognition on remaining spans By entity type Optional deep scan L4 Local LLM (optional) Pronoun + oblique reference resolution On-device only
Independent Claim 2 · Method

Privacy-Preserving Proxy Inference

Client extracts entities, produces redacted prompt with typed semantic placeholders. Only redacted prompt sent to remote provider. Response reinjected with original values on client. Entity map NEVER leaves client device.

USER Raw Prompt EXTRACT + REDACT 4-layer pipeline [PERSON_1], [SSN_1] LLM PROVIDER Sees only redacted No PII, no entity map RESPONSE Contains [PERSON_1]... REINJECT Restore original values FINAL Complete response ENTITY MAP NEVER LEAVES DEVICE Stored locally, optionally protected via XorIDA vault
Independent Claim 4 · Method

Entity Map Protection via XorIDA Threshold Sharing

Serialize entity map, pad with PKCS#7, generate HMAC-SHA256 integrity tag, split via XorIDA/GF(2) into N shares. K shares reconstruct, fewer than K reveal zero information. Shares distributed across separate storage locations. HMAC verified before any processing.

ENTITY MAP Key-value pairs SERIALIZE + PKCS#7 pad HMAC-SHA256 Integrity tag XorIDA SPLIT GF(2) K-of-N <K = zero information SHARE 1 Encrypted DB SHARE 2 Remote Store SHARE N HSM RECONSTRUCT Collect K shares Verify HMAC → Deserialize → Entity Map
Independent Claim 7 · System

Privacy-Preserving AI Inference System

Client computing device with cascading multi-layer extraction pipeline, entity map in local memory, sensitivity classification, inference tier routing, reinjection engine, and optional entity map protection via threshold sharing over GF(2).

CLIENT COMPUTING DEVICE PIPELINE 4-Layer Extraction ENTITY MAP Local memory Never sent CLASSIFIER Sensitivity 3 tiers TIER ROUTER Route by level Auto-select path REMOTE PROVIDER Redacted prompt only LOCAL MODEL Maximum sensitivity SPLIT INFERENCE XorIDA K-of-N
Claim 9 · Dependent on Claim 1

Fourth Layer: Local LLM Extraction

Optional fourth extraction layer activated when average confidence falls below threshold or deep scan enabled. Local LLM receives redacted text + known entity list, returns pronouns and oblique references linked to entities.

Claim 14 · Dependent on Claim 1

Numeric Confidence Scoring

Every entity scored 0.0-1.0. L1 checksum-validated: ≥0.99, L1 pattern-only: ≥0.95, L2 exact: ≥0.95, L2 variant: ≥0.85, L2 coreference: ≥0.70, L3 NER: by entity type.

Claim 31 · Dependent on Claim 7

TEE Inference Subsystem

Nonce-based attestation, enclave hash + vendor ID verification, ephemeral ECDH key exchange, HKDF-SHA256 session key, AES-256-GCM encrypted inference with counter-mode IV. Session key reused within configurable TTL.

CLIENT TEE NODE 1. SEND NONCE 2. ATTESTATION REPORT Enclave hash + vendor ID 3. ECDH KEY EXCHANGE 4. HKDF-SHA256 SESSION KEY 5. AES-256-GCM REQUEST 6. AES-256-GCM RESPONSE Counter-mode IV, configurable TTL
Claim 32 · Dependent on Claim 7

MPC Inference with Vendor Diversity

MPC nodes from ≥2 different hardware vendors, parallel attestation, share distribution via XorIDA, binary-to-arithmetic conversion at node boundaries, collaborative computation, response reconstruction from output shares.

CLIENT XorIDA Split Input NODE A Intel SGX Share 1 + attestation Binary → arithmetic NODE B AMD SEV Share 2 + attestation Binary → arithmetic NODE C ARM TZ Share 3 + attestation Binary → arithmetic MPC COLLABORATIVE COMPUTATION RECONSTRUCT RESPONSE
GROUP B · CONTINUATION 1 · 14 claims · 4 independent · 10 dependent Tier routing + streaming reinjection + normalization + CRM
Independent Claim 3 · Method CONTINUATION 1

Automatic Sensitivity-Based Tier Routing

Three-tier classification: Maximum (classified/weapons/biometric → local only), High (PII/medical/legal → redact+proxy), Standard (no sensitive patterns → split via XorIDA K-of-N). Pattern-based, stateless, sub-millisecond.

INPUT PROMPT Raw user text SENSITIVITY CLASSIFIER Pattern-based, stateless, sub-ms MAXIMUM LOCAL ONLY Classified, weapons, biometric data HIGH REDACT + PROXY PII, medical, legal Entity map stays local STANDARD XorIDA K-N No sensitive patterns Split across N nodes
Independent Claim 5 · Method CONTINUATION 1

Streaming Reinjection State Machine

Processes SSE chunks from inference provider. Buffer scans for complete placeholder patterns, replaces with original values. Partial placeholders retained for next chunk. Stream termination flushes buffer. Post-stream leak detection scans for original values.

SSE CHUNK From provider BUFFER Accumulate SCAN Match [TYPE_N] Complete placeholders REPLACE Restore values OUT PARTIAL Retain for next chunk STREAM END → FLUSH LEAK DETECTION SCAN
Independent Claim 6 · Method CONTINUATION 1

Five-Stage Evasion-Resistant Normalization

Five sequential stages entirely on client: (1) strip zero-width Unicode, (2) NFC normalization, (3) decode HTML entities, (4) replace homoglyphs (Cyrillic→Latin, fullwidth→ASCII), (5) collapse space-padded sequences.

Independent Claim 8 · CRM CONTINUATION 1

Non-Transitory Computer-Readable Medium

Complete system claim on CRM: multi-layer extraction pipeline, typed semantic placeholders, sensitivity classification, tier routing, inference response reinjection, optional entity map protection via threshold sharing over GF(2).