DETAILED ACTION

1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

 2.	Applicant’s response filed April 20, 2021 have been considered. Claims 1, 8, and 16 have been amended. Claims 1-20 are pending.  
  
Claim Rejections - 35 USC § 103

3.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

4.	Claims 1-6, 8-13, and 15-20  are rejected under 35 U.S.C. 103 as being unpatentable over Masoud et al. (U.S. 2016/0330573 A1), hereinafter “Masoud”, in view of Ioannidis et al. (U.S. 2016/0004874 A1), hereinafter “Ioanndis”, in view of Gentry (U.S. 8,515,058 B1), further in view of Moffat (U.S. 2013/0318347 A1).
Referring to claims 1, 8, 16:
	i.	Masoud teaches:
                      A computer-implemented method for protecting study participant data for aggregate analysis, the method comprising (see Masoud, fig. 8A):
           sending, by a processor, a broker encryption key to a plurality of research participant modules, each of the plurality of research participant modules separately having an isomorphic  a data key having been received from associated with a researcher module, the isomorphic data key being separate from the broker encryption key, the plurality of research participant modules being associated with different participants (see Masoud, fig. 8A, item 10 ‘temporary key [i.e., the broker encryption key ]’, item 200 ‘portable device [i.e., the broker ], item 100 ‘sensor device [i.e., a plurality of a plurality of users of one or more sensor devices [i.e., a plurality or research participants ].’);
                      receiving, by the processor, double-encrypted subject data from the plurality of research participant modules, the double-encrypted subject data having been encrypted by both the isomorphic data key and the broker encryption key (see Masoud, fig. 8B, ‘Double Encrypted Sensor Data’);
            decrypting, by the processor, the double-encrypted subject data with a broker decryption key to generate single-encrypted subject data for the plurality of research participant modules (see Masoud, fig. 8B, ‘Single Encrypted Sensor Data’; [0063] ‘the portable device 200 may receive the double encrypted physiological data and/or device data from the sensor device 100 (e.g., encrypted by the long term encryption key 161 and the data secret 159, etc.).  The decryption module 268 may perform a first decryption on the double encrypted data using the long term encryption key 161 determined jointly by the sensor device 100 and the portable device 200.  The communication module 256 may then send single decrypted data to the remote server 300 for a second decryption and data analysis.’; [0069] ‘data secret’ ‘data key’);
           aggregating, by the processor, the single-encrypted subject data for the plurality of research participants to generate an aggregated single encrypted data set having encryption with the isomorphic data key associated with the researcher module (see Masoud, fig. 6, item 270 ‘Aggregation Module’); 
            	sending, by the processor, the aggregated single-encrypted data set to a researcher module (see Masoud, fig. 8B, ‘Single Encrypted Sensor Data’, item 300 ‘remote server [i.e., the researcher module ]’; [0063] ‘The communication module 256 may then send single decrypted data to the remote server 300 for a second decryption and data analysis.’).
	Masoud further discloses the random number (see Masoud, [0079] ‘random number’).	However, Masoud does not explicitly disclose canceling out a plurality of random factors.

	Masoud does not explicitly disclose the garbled circuit protocol.
Masoud does not disclose the isomorphic encryption.
	Masoud disclose the data key is associated with the researcher module (see Masoud, fig. 8A, item (1) ‘data secret’ [i.e., the data key for a research participant module ] is associated with (3) ‘data key’ for 300 ‘remote server [i.e., a researcher module ]’). However, Masou does not disclose the data key is from the researcher module. 
ii.	Ioannidis disclose canceling out a plurality of random factors (see Ioannidis, [0058] ‘Upon receiving M ratings from users--recalling that the encryption is 
partially homomorphic--the RecSys obscures them with random masks [i.e., where ‘random masks’ corresponding to ‘a plurality of random factors’ ] c=.sym..eta., where .eta.  is a random or pseudo-random variable and .sym. is an XOR operation.’; [0008] ‘unmasking [i.e., where unmasking corresponding to canceling out the plurality of random factors ] the decrypted-masked records inside the garbled circuit prior to processing them.’).
             Ioannidis further disclose homomorphic encryption (see Ioannidis, [0008] ‘homomorphic encryption’).
            Ioannidis further disclose garbled circuit protocol (see Ioannidis, [0008] ‘garbled circuit’). 
	 	It would have been obvious to one of the ordinary skilled in the art, before the effective filing date of the claimed invention, to apply the teaching of Ioannidis into the system of Masoud to utilize canceling out a plurality of random factors, homomorphic encryption, and garbled circuit protocol.  Masoud teaches "a method for wireless communication between an implantable medical device, a mobile user device, and a remote server.” (see Masoud, [0006]).  Therefore, Iaonnidis’s teaching could enhance the system of Masoud, because Ioannidis teaches a method for “performing a collaborative filtering technique known as matrix factorization securely, in a privacy-preserving fashion in order to profile items.” (see Ioannidis, [0002])
	iii.  Gentgry discloses isomorphic encryption(see Gentry, col. 54, line 26 ‘isomorphic’).

iv.	Moffat discloses the encryption key is from the server (see Moffat, claim 75 ‘receiving the DSS locker encryption key from the DSS server before the generating the doubly-encrypted key locker.’) 
           It would have been obvious to one of the ordinary skilled in the art, before the effective filing date of the claimed invention, to apply the teaching of Moffat into the system of Masoud to send the encryption key from the server. Masoud teaches "a method for wireless communication between an implantable medical device, a mobile user device, and a remote server.” (see Masoud, [0006]).  Therefore, Moffat’s teaching could enhance the system of Masoud, because Moffat teaches “A novel architecture for a data sharing system (DSS) is disclosed and seeks to ensure the privacy and security of users' personal information.” (see Moffat, abstract).
Referring to claims 2, 9, 17:
	Masoud, Ioannidis, Gentry, and Moffat further disclose:
	           isomorphic encryption(see Gentry, col. 54, line 26 ‘isomorphic’).
           It would have been obvious to one of the ordinary skilled in the art, before the effective filing date of the claimed invention, to apply the teaching of Gentry into the system of Masoud to utilize isomorphic encryption. Masoud teaches "a method for wireless communication between an implantable medical device, a mobile user device, and a remote server.” (see Masoud, [0006]).  Therefore, Gentry’s teaching could enhance the system of Masoud, because isomorphic encryption can protect data security.  
Referring to claims 3, 10, 18:
	Masoud, Ioannidis, Gentry, and Moffat further disclose:
                     wherein the double-encrypted subject data comprises data encrypted by a public-private encryption system (see Ioannidis, [0055] ‘public-key encryption’).

Referring to claims 4, 11, 19:
         Masoud, Ioannidis, Gentry, and Moffat further disclose:
                    wherein the double-encrypted subject data comprises genetic data (see Masoud, [0070] ‘The data analysis module 358 is configured to receive and analyze the 
decrypted physiological and/or device data and process the decrypted data.’).
Referring to claims 5, 12, 20:
	Masoud, Ioannidis, Gentry, and Moffat further disclose:
          		decrypting the aggregated single-homomorphically encrypted data set (see Masoud, [0007] ‘encrypted data’; [0008] ‘a first decryption.. a second decryption’).
Referring to claims 6, 13:
	Masoud, Ioannidis, Gentry, and Moffat further disclose:
                     performing a statistical analysis on the aggregated single-homomorphically encrypted data set (see Masoud, [0070] ‘The data analysis module 358 is configured to receive and analyze the decrypted physiological and/or device data and process the decrypted data.’ And, Gentry, col. 55 ‘statistical distance from the uniform distribution’).
          It would have been obvious to one of the ordinary skilled in the art, before the effective filing date of the claimed invention, to apply the teaching of Gentry into the system of Masoud to utilize statistical analysis. Masoud teaches "a method for wireless communication between an implantable medical device, a mobile user device, and a remote server.” (see Masoud, [0006]).  Therefore, Gentry’s teaching could enhance the system of Masoud, because statistical analysis is the science of collecting, exploring, and presenting large amounts of data to discover underlying patterns and trends.   
Referring to claim 15:
 	Masoud, Ioannidis, Gentry, and Moffat further disclose:

           It would have been obvious to one of the ordinary skilled in the art, before the effective filing date of the claimed invention, to apply the teaching of Ioannidis into the system of Masoud to utilize SaaS in a cloud.  Masoud teaches "a method for wireless communication between an implantable medical device, a mobile user device, and a remote server.” (see Masoud, [0006]).  Therefore, Iaonnidis’s teaching could enhance the system of Masoud, because utilizing SAAS in a cloud supports users using a thin client, e.g., via a web browser, and therefore SaaS has been incorporated into the strategy of nearly all leading enterprise software companies.  

5.	Claims 7, and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Masoud et al. (U.S. 2016/0330573 A1), in view of Ioannidis et al. (U.S. 2016/0004874 A1), in view of Gentry (U.S. 8,515,058 B1), in view of Moffat (U.S. 2013/0318347 A1), further in view of  Deciu et al. (U.S. 2013/0288244 A1), hereinafter “Deciu”.
Referring to claims 7, 14:
	          Masoud, Ioannidis, Gentry, and Moffat do not disclose odds ratio or regression coefficients.
		Ceciu disclose odds ratio, regression coefficients (see Deciu, [0618] ‘odds ratio’, [01045] ‘regression coefficients’).   
          It would have been obvious to one of the ordinary skilled in the art, before the effective filing date of the claimed invention, to apply the teaching of Deciu into the system of Masoud to use odds ration, or regression coefficients. Masoud teaches "a method for wireless communication between an implantable medical device, a mobile user device, and a remote server.” (see Masoud, [0006]).  Therefore, Deciu’s teaching could enhance the system of Masoud, because odds ratio, regression coefficients are used in statistical analysis to find the probability, and trend.   

Response to Arguments

          Applicant’s argument directed to the new limitation are moot due to the new ground(s) of rejection in view of Moffat. 
(a)	Applicant submits:
“Second, the combination of Masoud, Ioannidis, Gentry, and Deciu fails to disclose or render obvious “receiving, by the processor, double-encrypted subject data from the plurality of research participant modules, the double-encrypted subject data having been encrypted by both the isomorphic key and the broker encryption key” recited in claim 1.” (see page 9, last par)
Examiner maintains:
Masoud, discloses in fig. 8B, ‘Single Encrypted Sensor Data’; [0063] ‘the portable device 200 may receive the double encrypted physiological data and/or device data from the sensor device 100 (e.g., encrypted by the long term encryption key 161 [i.e., the broker encryption key ] and the data secret 159, etc.).  The decryption module 268 may perform a first decryption on the double encrypted data using the long term encryption key 161 determined jointly by the sensor device 100 and the portable device 200.  The communication module 256 may then send single decrypted data to the remote server 300 for a second decryption and data analysis.’; [0069] ‘data secret’ ‘data key’
Gentgry discloses isomorphic encryption (see Gentry, col. 54, line 26 ‘isomorphic’).
Therefore, the combination of references disclose “receiving, by the processor, double-encrypted subject data from the plurality of research participant modules, the double-encrypted subject data having been encrypted by both the isomorphic key and the broker encryption key”, as claimed.
(b)	Applicant submits:
“Third, the combination of Masoud, Ioannidis, Gentry, and Deciu fails to disclose or render obvious “aggregated single-homomorphically encrypted data set having encryption with the isomorphic key associated with the researcher module” recited in claim 1.” (see page 10, 2nd par)

Masoud disclose in fig. 6, item 270 ‘Aggregation Module’; in fig. 8B, ‘Single Encrypted Sensor Data’, item 300 ‘remote server [i.e., the researcher module ]’; [0063] ‘The communication module 256 may then send single decrypted data to the remote server 300 for a second decryption and data analysis.’
Ioannidis further disclose homomorphic encryption (see Ioannidis, [0008] ‘homomorphic encryption’).
Gentry discloses isomorphic encryption (see Gentry, col. 54, line 26 ‘isomorphic’).
Therefore, the combination of references disclose “aggregated single-homomorphically encrypted data set having encryption with the isomorphic key associated with the researcher module”, as claimed. 

Conclusion

7.       The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.
 (a)	Tachikawa, Hirohide (US 20030194090 A1) disclose Access point for authenticating apparatus, communicating apparatus subjected to authentication of access point, and system having them;
(b)	Chastain; Walter Cooper et al. (US 20150149776 A1) disclose apparatus and method for secure delivery of data from a communication device;
(c)	Hopprich; John et al. (US 6792474 B1) disclose Apparatus and methods for allocating addresses in a network;
(d)	Uranaka; Sachiko et al. (US 6470085 B1) disclose Application package and system for permitting a user to use distributed application package on the term of the use thereof;
(e)	Maruyama, Toshihiro (US 20020144118 A1) disclose Authentication method in an agent system;
(f)	YANG; Yeong Joon et al. (US 20140161258 A1) disclose authentication server, mobile terminal and method for issuing radio frequency card key using authentication server and mobile terminal;
.

8.     Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
           A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.  
                      Any inquiry concerning this communication or earlier communications from the examiner should be directed to Peiliang Pan whose telephone number is (571)272-5987.  The examiner can normally be reached on Monday-Friday 8:00 am - 5:00 pm EST.
            If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571)272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
            Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the 


/PEILIANG PAN/
Examiner, Art Unit 2492



/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492