DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

1. The following is a Final Office Action in response to applicant’s arguments filed on October 14, 2020
Claims 1, 3-5, 7-9, and 11-15 are amendedClaims 16-20 are newClaims 4 and 19 are objected toClaims 1-20 are pending
Examiner’s Note: The term, “processor”, is defined in paragraph 0059 of the specification as being a CPU, microprocessor, or any other hardware device suitable for executing instructions. Therefore, it is interpreted that the term, “processor”, as used in the claim language, is hardware.
 


Response to Arguments
1.) Applicant’s remarks filed on 10/14/202 regarding 35 U.S.C. 103 rejection of claims 1-12, 14, and 15 have been fully considered, but are not persuasive. 	In the remarks, applicant argues:
a) The combination of DeCristofaro and Kamara do not teach a server that receives or provides data. Instead, the server only provides the labels and the key for the data.
b) The combination DeCristofaro and Kamara do not teach the amended limitation of encrypting, by the server computing device, the data objects of the server computing device using a symmetric key and encrypting the server elements using an asymmetric key.c) The combination DeCristofaro and Kamara do not teach encrypting, by the server computing device, the set of server elements and the set of data objects of the server computing device using the homomorphic encryption schemeThe examiner respectfully disagrees with the applicant. In regards to argument “a”, by the broadest reasonable interpretation, a data element may be reasonable interpreted to consist of any information that may be utilized by a system for performing a prescribed function. Consequently, the information consisting of the label, identifier, and key portions may broadly be interpreted as data.



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


 	In regards to claim 1, De Cristofaro teaches a method for distributing data objects associated with private set intersection (PSI) from a server computing device to a client computing device, the method comprising:
Identifying, by the server computing device, a set of server elements and a set of data objects of the server computing device, each data object of the set of data objects of the server computing device being associated with at least one server element of the set of server elements(see US 20150161398, De Cristofaro, para. 0015 and 0029, where a Private Set Intersection is used to associate a client’s data set with a server’s data sets, wherein security parameters[i.e. server elements] are used for blocking[i.e. associating] sets of data);  	wherein a private set intersection (PSI) between the set of server elements and the set of client elements is inaccessible by the client computing device(see US 20150161398, De Cristofaro, para. 0052, where two organizations can define what data may/may not be shared by applying filtering rules), and a subset of the set of data objects of the server computing device that are associated with the PSI are accessible by the client computing device(see US 20150161398, De Cristofaro, para. 0052, where two organizations can define what data may/may not be shared by applying filtering rules) 	Cristofaro does not teach sending, by the server computing device, the set of  and a set of data objects, each data object of the set of data objects of the client computing device being associated with at least one client element of the set of client elements(see US 20150149763, Kamara, para. 0005, where a first client sends a label[i.e. data object] for each element, an identifier for each element[i.e. server element], the first share of a 2-share secret key to a server. The first client further sends identifier of each element[i.e. server element], encrypted data associated with each element, and the 2nd share of the 2-share key, to the second client; the server computes the intersection of the labels of the received sets and sends the label[i.e. data objects], the identifier for the elements[i.e. server element] and the 1st share of the two-share secret key), wherein the set of data objects of the client computing device are inaccessible by the server computing device(see US 20150149763, Kamara, para. 0005, where no party[i.e. 1st, 2nd clients and server] may discover[i.e. access] any of the clients’ data who have not been permission) 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of De Cristofaro with the teaching of Kamara because a user would have been motivated to improve the efficiency of data sharing between two entities by using a third party untrusted cloud server to manage data sets without having to expose sensitive information from the entities(see Kamara, para. 0002) 
(see US 20150161398, De Cristofaro, para. 0029, where the subset of data shared between the client and server such that the client learns nothing other than the set intersection and the server learns nothing beyond the client’s set size).
 	In regards to claim 3, the combination of De Cristofaro and Kamara teach the method of claim 2, wherein the subset of the set of data objects of the server computing device are associated with the subset of the set of server elements in the PSI(see US 20150161398, De Cristofaro, para. 0051-0052, where an organization may apply PSI to share a subset of data by using a merging process).
 	In regards to claim 5, the combination of De Cristofaro and Kamara teach the method of claim 1, comprising: 	receiving, by the server computing device, from the client computing device, the set of client elements that are encrypted using a homomorphic encryption scheme(see US 20150161398, De Cristofaro, para. 0014, where a Fully-Homomorphic Encryption metric may be used); 	encrypting, by the server computing device, the set of server elements and the set of data objects of the server computing device using the homomorphic encryption scheme(see US 20150161398, De Cristofaro, para. 0014 and 0049, where the data may be encrypted, wherein the encryption algorithm may be Fully-Homomorphic Encryption); and 	sending, by the server computing device, the encrypted sets of server elements and data objects of the server computing device to the client computing device(see US 20150149763, Kamara, para. 0004-0005, where data and other server information is transferred from a server to a client), 	wherein the client computing device: 	decrypts at least one set of the encrypted sets using the homomorphic encryption scheme(see US 20150149763, Kamara, para. 0005, where the encrypted data may be decrypted), 	retrieves the particular data object of the server computing device if the particular data object of the server computing device is associated with the PSI(see US 20150161398, De Cristofaro, para. 0049, where an organization may receive data), and 	retrieves a random value if the particular data object of the server computing device is not associated with the PSI(see US 20150149763, Kamara, para. 0034, where a pseudo-random permutation may be used for a plurality of protocols[e.g. non-PSI]). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of De Cristofaro with the teaching of Kamara because a user would have been motivated to improve the efficiency of data sharing between two entities by using a third party untrusted cloud (see Kamara, para. 0002)
 	In regards to claim 6, the combination of De Cristofaro and Kamara teach the method of claim 1, wherein a particular server element of the set of server elements represents a particular security indicator that comprises at least one observable, and the server computing device represents a security information sharing platform that enables sharing of security information among a plurality of users(see US 20150161398, De Cristofaro, para. 0041 and fig. 1, where a plurality of computers connected to a router may share security log information).
 	In regards to claim 7, the combination of De Cristofaro and Kamara teach the method of claim 6, wherein a particular data object of the server computing device that is associated with the particular server element comprises at least one of: a threat actor, an organization, an industry sector, a community, a domain name, a timestamp, or a level of severity of the particular security indicator(see US 20150161398, De Cristofaro, para. 0030, where the data object may be security log data that describe network security-related activity[i.e. level of severity of the particular security indicator).
In regards to claim 8, DeCristofaro teaches a non-transitory machine-readable storage medium comprising instructions executable by a processor of a computing device for distributing data objects associated with private set intersection (PSI) from a server computing device to a client computing device, the non-transitory machine-readable storage medium comprising:(see US 20150161398, De Cristofaro, para. 0015 and 0029, where a Private Set Intersection is used to associate a client’s data set with a server’s data sets, wherein security parameters[i.e. server elements] are used for blocking[i.e. associating] sets of data); and 	instructions to access a particular data object of the encrypted set of data objects of the server computing device that is associated with a private set intersection (PSI) between the encrypted set of server elements and a set of client elements without accessing the PSI(see US 20150161398, De Cristofaro, para. 0050 and 0052, where an organization may share a subset of data associated with  PSI with another organization while not allowing access to other data); 	Cristofaro does not teach instructions to receive, by the server computing device, from the server computing device, an encrypted set of server elements and an encrypted set of data objects of the server computing device, 	However, Kamara teaches instructions to receive, by the server computing device, from a server computing device, an encrypted set of server elements and an encrypted set of data objects of the server computing device(see US 20150149763, Kamara, para. 0004-0005, where data and other server information is transferred from a server to a client, where each data element may be encrypted). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of De Cristofaro with the teaching of Kamara because a user would have been motivated to improve the (see Kamara, para. 0002).
 	In regards to claim 9, the combination of De Cristofar and Kamara teach the non-transitory machine-readable storage medium of claim 8, comprising: 	instructions to determine whether a particular server element of the encrypted set of server elements belongs to the PSI(see US 20150161398, De Cristofaro, para. 0051, where organizations may negotiate to determine how data associated with a PSI is to be shared); and 	in response to determining that the particular server element belongs to the PSI, instructions to access the particular data object of the server computing device that is associated with the particular server element without accessing the particular server element(see US 20150161398, De Cristofaro, para. 0051, where in response to the negotiation between organizations, data is shared per the agreed upon process).
 	In regards to claim 10, the combination of De Cristofar and Kamara teach the non-transitory machine-readable storage medium of claim 8, wherein the PSI is inaccessible by the client computing device such that a particular encrypted server or client element in the PSI is unable to be decrypted to retrieve a value corresponding to the particular encrypted server or client element(see US 20150161398, De Cristofaro, para. 0028 and 0052, where two organizations can define what data may/may not be shared by applying filtering rules and applying privacy-preserving secure collaboration).
(see US 20150161398, De Cristofaro, para. 0041 and fig. 1, where a plurality of computers connected to a router may share security log information); 	instructions to receive, from the server computing device, an encrypted data object the server computing device that is associated with the particular security indicator, the particular security indicator belonging to the PSI(see US 20150161398, De Cristofaro, para. 0050, where data must be associated with a metric before being shared); and 	instructions to access the encrypted data object without accessing the particular security indicator(see US 20150161398, De Cristofaro, para. 0050 and 0052, where an organization may share a subset of data associated with  PSI with another organization while not allowing access to other data).
 	In regards to claim 12, De Cristfaro teaches a system for distributing data objects associated with private set intersection (PSI), comprising: 	a server computing device comprising a processor that: identifies a set of server elements and a set of data objects of the server computing device, each data object of the set of data objects being associated with at least one server element of the set of server elements(see US 20150161398, De Cristofaro, para. 0015 and 0029, where a Private Set Intersection is used to associate a client’s data set with a server’s data sets, wherein security parameters[i.e. server elements] are used for blocking[i.e. associating] sets of data); 	identifies a threshold condition for the set of server elements(see US 20150161398, De Cristofaro, para. 0008, where a threshold value is compared to a metric value in order to determine if data is to be shared); encrypts the set of server elements and the set of data objects of the server computing device(see US 20150161398, De Cristofaro, para. 0049, where the shared information may be encrypted); and  	wherein a private set intersection (PSI) between the set of server elements and the set of client elements is inaccessible by the client computing device(see US 20150161398, De Cristofaro, para. 0050 and 0052, where an organization may share a subset of data associated with  PSI with another organization while not allowing access to other data), and  	wherein a subset of the set of data objects of the server computing device that are associated with the PSI are accessible by the client computing device if the threshold condition is satisfied(see US 20150161398, De Cristofaro, para. 0008, where a threshold value being exceeded enables sharing of data information); 	De Cristofaro does not teach sends the encrypted set of server elements, the encrypted set of data objects of the server computing device, and the threshold condition to a client computing device that has a set of client elements 	However, Kamara teaches sends the encrypted set of server elements, the encrypted set of data objects of the server computing device, and the threshold condition to a client computing device that has a set of client elements (see US 20150149763, Kamara, para. 0004-0005, where data and other server information is transferred from a server to a client). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of De Cristofaro with the teaching of Kamara because a user would have been motivated to improve the efficiency of data sharing between two entities by using a third party untrusted cloud server to manage data sets without having to expose sensitive information from the entities(see Kamara, para. 0002)
 	In regards to claim 14, the combination of De Cristofaro and Kamara teach the system of claim 12, wherein the processor further: 	randomizes an order of the set of server elements and the set of data objects of the server computing device before sending the set of server elements and the set of data objects of the server computing device to the client computing device(see US 20150161398, De Cristofaro, para. 0067, where the system shuffles the outputs of an OPRF-based PSI) .
 	In regards to claim 15, the combination of De Cristofaro and Kamara teach the system of claim 12, wherein the processor further: 	receives a particular security indicator from the client computing device, the particular security indicator comprising at least one observable(see US 20150161398, De Cristofaro, para. 0041 and fig. 1, where a plurality of computers connected to a router may share security log information); 	identifies the particular security indicator in the set of server elements, and the threshold condition associated with the particular security indicator, the threshold (see US 20150161398, De Cristofaro, para. 0008, where a threshold value being exceeded enables sharing of data information); 	encrypts a particular data object of the server computing device that is associated with the particular security indicator(see US 20150161398, De Cristofaro, para. 0049, where data used to compute a metric may be encrypted); and 	sends the particular data object of the server computing device to the client computing device, wherein the particular data object of the server computing device is accessible by the client computing device if the threshold condition is satisfied(see US 20150161398, De Cristofaro, para. 0008, where a threshold value being exceeded enables sharing of data information). 	In regards to claim 16, the combination of DeCristofaro and Kamara teach the system of claim 12, wherein the client computing device has a set of client elements and a set of data objects, each data object of the set of data objects of the client computing device being associated with at least one client element of the set of client elements(see US 20150149763, Kamara, para. 0005, where a first client sends a label[i.e. data object] for each element, an identifier for each element[i.e. server element], the first share of a 2-share secret key to a server. The first client further sends identifier of each element[i.e. server element], encrypted data associated with each element, and the 2nd share of the 2-share key, to the second client; the server computes the intersection of the labels of the received sets and sends the label[i.e. data objects], the identifier for the elements[i.e. server element] and the 1st share of the two-share secret key), wherein the set of data objects of the client computing device are inaccessible by the server computing device(see US 20150149763, Kamara, para. 0005, where no party[i.e. 1st, 2nd clients and server] may discover[i.e. access] any of the clients’ data who have not been permission). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of De Cristofaro with the teaching of Kamara because a user would have been motivated to improve the efficiency of data sharing between two entities by using a third party untrusted cloud server to manage data sets without having to expose sensitive information from the entities(see Kamara, para. 0002)
In regards to claim 17, the combination of DeCristofaro and Kamara teach the system of claim 12, wherein the PSI comprises a subset of the set of server elements and a subset of the set of client elements, and each server element of the subset of the set of server elements has an identical client element in the subset of the set of client elements(see US 20150149763, Kamara, para. 0005 and fig. 1, steps 108 and 110, where the server computes an intersection of the labels that’s shared with the client devices, wherein the intersection indicates the identical elements shared between the parties). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of De Cristofaro with the teaching of Kamara because a user would have been motivated to improve the efficiency of data sharing between two entities by using a third party untrusted cloud (see Kamara, para. 0002)
In regards to claim 18, the combination of DeCristofaro and Kamara teach The system of claim 17, wherein the subset of the set of data objects of the server computing device are associated with the subset of the set of server elements in the PSI(see US 20150149763, Kamara, para. 0005, where the server receives, from a 1st client, identifiers and labels[i.e. server elements], where for each identifier and label sent to the server there is associated a client element). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of De Cristofaro with the teaching of Kamara because a user would have been motivated to improve the efficiency of data sharing between two entities by using a third party untrusted cloud server to manage data sets without having to expose sensitive information from the entities(see Kamara, para. 0002)
 	In regards to claim 20, the combination of DeCristofaro and Kamara teach the system of claim 12, wherein the processor further:  	receives, from the client computing device, the set of client elements that are encrypted using a homomorphic encryption scheme(see US 20150161398, De Cristofaro, para. 0014, where a Fully-Homomorphic Encryption metric may be used); 	encrypts the set of server elements and the set of data objects of the server computing device using the homomorphic encryption scheme(see US 20150161398, De Cristofaro, para. 0014 and 0049, where the data may be encrypted, wherein the encryption algorithm may be Fully-Homomorphic Encryption); and  	sends the encrypted sets of server elements and data objects of the server computing device to the client computing device, wherein the client computing device(see US 20150149763, Kamara, para. 0004-0005, where data and other server information is transferred from a server to a client); 	decrypts at least one set of the encrypted sets using the homomorphic encryption scheme(see US 20150149763, Kamara, para. 0005, where the encrypted data may be decrypted),
retrieves the particular data object of the server computing device if the particular data object of the server computing device is associated with the PSI(see US 20150161398, De Cristofaro, para. 0049, where an organization may receive data), and 	retrieves a random value if the particular data object of the server computing device is not associated with the PSI(see US 20150149763, Kamara, para. 0034, where a pseudo-random permutation may be used for a plurality of protocols[e.g. non-PSI]). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of De Cristofaro with the teaching of Kamara because a user would have been motivated to improve the efficiency of data sharing between two entities by using a third party untrusted cloud server to manage data sets without having to expose sensitive information from the entities(see Kamara, para. 0002).

 In regards to claim 13, the combination of De Cristofaro and Kamara teach the system of claim 12, wherein the processor further: 	sends the first and second threshold conditions to the client computing device(see US 20150161398, De Cristofaro, para. 0008, where a data set of events describing  the network events may be shared, wherein an event may include determining if a metric exceeded a threshold), 	wherein a first data object of the server computing device that is associated with the first server element is accessible by the client computing device if the first threshold condition is satisfied(see US 20150161398, De Cristofaro, para. 0008, where a threshold value being exceeded enables sharing of data information), and 	wherein a second data object of the server computing device that is associated with the second server element is inaccessible by the client computing device if the second threshold condition is not satisfied(see US 20150161398, De Cristofaro, para. 0050 and 0052, where an organization may share a subset of data associated with  PSI with another organization while not allowing access to other data); and  	The combination of De Cristofaro and Kamara do not teach the processor further:identifies a first threshold condition associated with a first server element of the PSI, and a second threshold condition associated with a second server element of the PSI (see US 20050262563, Mahone, fig. 10, steps 1007 and 1009, where a first and second threshold is applied to a set of attributes). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of De Cristofaro and Kamara with the teaching of Mahone because a user would have been motivated to protect data from malicious attacks by employing multiple threshold criteria in order to safeguard data usage(see Malone, para. 0013)

Allowable subject matter

Claims 4 and 19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

.
CONCLUSION

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP 
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GREGORY LANE whose telephone number is (571)270-7469.  The examiner can normally be reached on 571 270 7469 from 8:00 AM to 6:00 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Taghi Arani, can be reached on 571 272 3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 

/GREGORY A LANE/                                              Examiner, Art Unit 2438                                                                                                                                                          


 /TAGHI T ARANI/ Supervisory Patent Examiner, Art Unit 2438