DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of claims
The present Office Action is responsive to communications received 06/08/2021. Claims 1-20 are pending. Claims 1-6, 10-16 and 20 are amended. 

Response to Arguments
Applicant’s remarks received 06/08/2021 are addressed as follows:
Applicant’s amendment to the claims are considered.
In view of the amended claims with respect to the 112 issues, the previous 112 rejection is withdrawn.
Regarding 103 rejections:

Applicant’s Arguments:
	Applicant respectfully asserts that the cited art does not teach or suggest computing the rank of a set of values by homomorphically adding the encrypted comparison results. The applicant further states that the independent claim 1 has been amended to recite “determining, by the server, a ciphertext encrypting a rank of each client’s data value by homomorphically adding the encrypted comparison results” and independent claims 11 and 14 have been amended to recite similar limitations. Applicant notes that support for the amendment can be found at least at ¶ [0053] of the Specification.
	Applicant argues that Becher does not teach or suggest homomorphic addition for determining the rank and so Becher cannot be relied upon to teach the added limitation of homomorphically adding 
	Applicant further argues that Veugen does not teach or suggest ranking the received data values and so it cannot be relied upon to teach the limitations of the instant claims, as amended.
	Applicant further extends the argument by stating that the other cited references also fail to teach the limitation of homomorphically adding the received data values to determine the ciphertext encrypting the rank. 
	Applicant further extends the argument by stating how each of the prior art Raisaro, Lee, Veugen2, Joye and Diaz does not teach or suggest each of the limitations of the claims as amended.

Examiner’s Response:
Applicant’s arguments are respectfully considered but not persuasive. In response to applicant's arguments against the references individually, one cannot show non-obviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). Applicant individually takes each reference of Veugen, Raisaro, Lee, Veugen2, Joye and Diaz do not teach the limitation of ranking of the data values. Applicant does state that Becher does compute the ranking of encrypted data values but does not teach the limitation of homorphically adding the data values. As the examiner stated above, that the non-obviousness cannot be shown by attacking individual references. Therefore, when the references are combined then the limitations of the claims are taught by combined references. Becher discloses how the server receives encrypted comparison results and determines a ciphertext encrypting a rank of each client’s data value (Becher, page 4 col. 2 lines 1-10, by using OT protocol, each player receives encrypted values, which the client rerandomises and sends the encrypted values to the server. The values are encrypted using the common key using E() function. Becher, page 4-5, Table 1 step 2, distributing encrypted results of the sum and encrypted random value to each of the clients). Becher, however, does not teach the newly added feature and limitation of homomorphically adding the received received results. Examiner combines Becher and Veugen with reference Ahmed that teaches homomorphically adding the encrypted results to perform homomorphic comparison. See Claim Rejections - 35 USC § 103 below.

Applicant’s Arguments:
	Applicant respectfully argues that any modification of Becher-Veugen to teach determining a ciphertext encrypting the rank of data values by homomorphically adding the encrypted comparison results would impermissibly change the principle of operation of Becher. Applicant respectfully submits that it would be improper to modify Becher-Veugen combination as it would require a substantial reconstruction and redesign of the elements in Becher as well as change in the basic principle under which Becher was designed to operation. Applicant states how Becher computes rank by comparing two values in a list and how Becher requires additional step of transmitting the ciphertexts to each player and receiving the modified encrypted values back to the server to determine the statistical measures via selection. Becher does not involve homomorphically addition to determine the ciphertext encrypting the rank, rather Becher involves utilizing selection to determine statistical measures. By contrast, embodiments of the claimed invention do not involve computing the difference between values in the dataset to determine the rank and using selection to determine statistical measures such as the median. Further, the present invention only requires the comparison results for determining the rank of the encrypted data values to determine the median via homomorphic addition.
	Modifying Becher-Veugen with the teachings of another reference disclosing homomorphic addition to determine the ciphertext encrypting the rank of the received encrypted data values would require substantially redesigning Becher's system to determine statistical measures without using selection. In other words, modifying Becher's system in this way would effectively require completely 

Examiner’s Response:
Applicant’s arguments are respectfully considered but not persuasive. In response to Becher computes rank by comparing two values in a list and that Becher does not involve homomorphic addition to determine the ciphertext encrypting the rank, applicant’s arguments are moot in view of the new prior art U.S. Pat. Appl. Publ'n No. 20190036678 to Ahmed hereinafter (“Ahmed”). Ahmed teaches and suggests homomorphic addition of encrypted results to perform homomorphic comparison.
Examiner also states that the limitation of claim 1 does not recite how the rank computation of encrypted comparison results is performed. The limitation rather recites determining of the ciphertext that encrypts a rank value and this determining of the ciphertext is done by homomorphically adding the comparison results. The claim further recites computing a ciphertext encrypting a median of the received encrypted data values. So the applicant’s argument about how Becher differs from the claimed invention in computing a rank is inconsistent with what is being claimed.
In response to the applicant’s argument about modifying Becher-Veugen with the teachings of another reference disclosing homomorphic addition to determine the ciphertext Related Work, Fully Homomorphic Encryption page 3. Becher does note that fully homomorphic encryption that involves homomorphic addition to perform multiparty computation locally without learning anything about the secret inputs of the players or about the result. But because of the performance requirements, Becher uses an adapted protocol of privacy-preserving benchmarking protocol.
In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  In this case, Ahmed’s homomorphic addition of encrypted results provides clear motivation to have more scalable, rapid, inexpensive and semantically secure way of performing fully homomorphic encryption which is also suggested by Becher but not used by Becher.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 3, 4, and 14 are rejected under 35 U.S.C. 103 as being unpatentable over source An Enhanced Approach to Cloud-based Privacy-preserving Benchmarking to Becher et al. hereinafter (“Becher”) provided in IDS, in view of U.S. Pat. Appl. Publ’n No. 20180373882 A1 to Veugen hereinafter (“Veugen”), and further in view of U.S. Pat. Appl. Publ'n No. 20190036678 to Ahmed hereinafter (“Ahmed”)

Regarding claim 1, Becher teaches:
A computer-implemented method (Becher, page 5, section B. Implementation, prototype implemented in a database and client application which may be computer implemented) comprising: 
 	receiving (Becher, page 3, section E, players P.sub.i providing input to the server P.sub.s), by a server (Becher, page 3, section E, server P.sub.s) from each of a plurality of clients (Becher, page 3, section E, plurality of clients are defined as participants P.sub.i where i is a value from 1 to n), a corresponding data value encrypted using a common … public key; (Becher, page 3, section IV. Design, K.sub.ENC is public key known to all clients and the server, used to encrypt the value of P.sub.i using E() function sent to server P.sub.s. Also see page 5, Table 1 step 1) 
(Becher, page 4-5, Table 1 step 2, distributing encrypted results of the sum and encrypted random value to each of the clients); 
 	receiving, by the server, encrypted comparison results from each of the plurality of clients in response to the distribution of the received encrypted data values, the encrypted comparison results being encrypted using the common … public key; (Becher, page 4 col. 2 lines 1-10, by using OT protocol, each player receives encrypted values, which the client rerandomises and sends the encrypted values to the server. The values are encrypted using the common key using E() function.)
 	determining, by the server, a ciphertext encrypting a rank of each client's data value by … the encrypted comparison results; (Becher, page 4, equation 8, computation of rank using comparison results of equation 7 where the values are stored in the vector. Determining of the ciphertext is done in equation 9)
	sorting the received encrypted data values by the encrypted rank of each client’s data value (Becher, page 4, left column para 3 of Adapted Protocol section, Rank computation yields rank of a value x.sub.i in a sorted list in ascending order. The rank computation is done for calculation of median, min and max of the sorted list.);
 	computing a ciphertext encrypting a median of the received encrypted data values; (Becher, page 4, col. 2, lines 1-10 where computing of the ciphertext of xØ(i) is done which encrypts the statistical measure including median); and 
 	initiating, by the server using the plurality of clients, a … decryption to generate a final result. (Becher, page 4, col. 2 lines 15-50, server P.sub.s initiates the decryption by blinding the result with a random number and sends the ciphertext to the players. Each player decrypts the blinded result and sends plaintext along with MAC to the server. see Table 1 steps 14-30C page 5 col. 2 )
Becher does not teach the limitation of threshold encryption and threshold decryption. Veugen, Fig. 1, public encryption key e is a common public key in a threshold homomorphic cryptosystem that is shared by client devices, key information of client devices 110.sub.1..n) and threshold decryption (Veugen, Fig. 3A-3B, ¶[0085-0086], aggregator server initiates decryption to calculate final sum of the selected number of clients from which the data is received and performs decryption using threshold homomorphic mechanism for threshold decryption). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Becher with the teachings of Veugen to have threshold based encryption and decryption with the motivation of using threshold based homomorphic encryption mechanism for big data analytics applications for processing of financial data of commercial and institutional organizations since all selected t clients have the guarantee that the data they sent to the server will be used in the combination to calculate final result while the privacy of individual client devices is guaranteed. Also, no computational and communication intensive zero-knowledge-proofs are required in order to provide proof that the private data are taken in to account by the server. (Veugen, ¶ [0023-0024])
The combination of Becher and Veugen does not teach the limitation of homomorphically adding the encrypted results. Ahmed remedies and teaches homomorphically adding the encrypted results to perform homomorphic comparison (Ahmed, ¶ [0285-0289], fast homomorphic addition performed as a lookup table Table Z generated for a key as part of the encryption process. Also see ¶ [0501-0506] where the encrypted values of x and y are homomorphically added for comparing the ciphertexts, see ¶ [0503-0504]). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Becher and Veugen with the teachings of Ahmed to perform homomorphic addition of the encrypted values with the motivation to provide speed and (Ahmed, ¶ [0010])

Regarding claim 3, Becher in view of Vegen teaches:
	The method of claim 1, wherein the threshold decryption comprises:
	transmitting, by the server, an encrypted evaluation result to each of … clients wherein ...; (Becher, page 4 col. 2, server P.sub.s sends result v evaluated in previous steps and encrypted with E(v + r) to clients P.sub.i)
	receiving, by the server, a partial decryption of the transmitted encrypted evaluation result from each of the … clients; (Becher, each player decrypts the result to v + r and sends it back to the server with MAC. V + r being partially decrypted result since the result is blinded with random value r) and 
	combining the partial decryption of the transmitted encrypted evaluation result from each of the … clients to result in the final result (Becher, page 6 col. 1 lines 1-20, server P.sub.s concatenates the values received from each player P.sub.i).
	Becher does not teach the limitation of t clients, wherein t represents a number of the plurality of clients, transmitting to the server and server using t values from t clients to combine for the final result. Veugen remedies and teaches each of t clients transmitting to the server and server uses t values from t clients for the final result (Veugen, ¶ [0085-0086], aggregator server aggregates the data received from each of t clients to determine final result of the sum). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Becher with the teachings of Veugen to have threshold based (Veugen, ¶ [0023-0024])

Regarding claim 4, Becher in view of Veugen teaches:
	The method of claim 3 further comprising:
	transmitting the final result to each of the plurality of clients. (Becher, page 4-5 Round 3 P.sub.s sends unblinded statistical measures to each of the players)
	
Regarding claim 14, Becher teaches:
A system comprising: 
at least one data processor; and  
NAI-1506507310v131memory storing instructions which, when executed by the at least one data processor, result in operations (Becher, Fig. 1, page 6 Implementation, the protocol is implemented in Java client and server application that runs on Cloud Foundry application platform and a PostgreSQL database all of which requires a processor and memory to execute the instructions) comprising: 
receiving (Becher, page 3, section E, players P.sub.i providing input to the server P.sub.s), by a server (Becher, page 3, section E, server P.sub.s) from each of a plurality of clients (Becher, page 3, section E, plurality of clients are defined as participants P.sub.i where i is a value from 1 to n), a corresponding data value encrypted using a common … public key; (Becher, page 3, section IV. Design, K.sub.ENC is public key known to all clients and the server, used to encrypt the value of P.sub.i using E() function sent to server P.sub.s. Also see page 5, Table 1 step 1)
distributing, by the server, the received encrypted data values to each of the plurality of clients for evaluating comparison of values; (Becher, page 4-5, Table 1 step 2, distributing encrypted results of the sum and encrypted random value to each of the clients)
receiving, by the server, encrypted comparison results from each of the plurality of clients in response to the distribution of the received encrypted data values, the encrypted comparison results being encrypted using the common … public key; (Becher, page 4 col. 2 lines 1-10, by using OT protocol, each player receives encrypted values, which the client rerandomises and sends the encrypted values to the server. The values are encrypted using the common key using E() function)
determining, by the server, a ciphertext encrypting the rank of each client's data value … the encrypted comparison results; (Becher, page 4, equation 8, computation of rank using comparison results of equation 7 where the values are stored in the vector. Determining of the ciphertext is done in equation 9)
sorting the received encrypted data values by the encrypted rank of each client’s data values (Becher, page 4, left column para 3 of Adapted Protocol section, Rank computation yields rank of a value x.sub.i in a sorted list in ascending order. The rank computation is done for calculation of median, min and max of the sorted list.);
computing a ciphertext encrypting a median of the received encrypted data values; (Becher, page 4, col. 2, lines 1-10 where computing of the ciphertext of xØ(i) is done which encrypts the statistical measure including median) and 
initiating, by the server using the plurality of clients, a … decryption to generate a final result. (Becher, page 4, col. 2 lines 15-50, server P.sub.s initiates the decryption by blinding the result with a random number and sends the ciphertext to the players. Each player decrypts the blinded result and sends plaintext along with MAC to the server. see Table 1 steps 14-30C page 5 col. 2 )
Becher does not teach the limitation of threshold encryption and threshold decryption. Veugen remedies and teaches threshold encryption (Veugen, Fig. 1, public encryption key e is a common public key in a threshold homomorphic cryptosystem that is shared by client devices, key information of client devices 110.sub.1..n) and threshold decryption (Veugen, Fig. 3A-3B, ¶[0085-0086], aggregator server initiates decryption to calculate final sum of the selected number of clients from which the data is received and performs decryption using threshold homomorphic mechanism for threshold decryption). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Becher with the teachings of Veugen to have threshold based encryption and decryption with the motivation of using threshold based homomorphic encryption mechanism for big data analytics applications for processing of financial data of commercial and institutional organizations since all selected t clients have the guarantee that the data they sent to the server will be used in the combination to calculate final result while the privacy of individual client devices is guaranteed. Also, no computational and communication intensive zero-knowledge-proofs are required in order to provide proof that the private data are taken in to account by the server (Veugen, ¶ [0023-0024]).
The combination of Becher and Veugen does not teach the limitation of homomorphically adding the encrypted results. Ahmed remedies and teaches homomorphically (Ahmed, ¶ [0285-0289], fast homomorphic addition performed as a lookup table Table Z generated for a key as part of the encryption process. Also see ¶ [0501-0506] where the encrypted values of x and y are homomorphically added for comparing the ciphertexts, see ¶ [0503-0504]). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Becher and Veugen with the teachings of Ahmed to perform homomorphic addition of the encrypted values with the motivation to provide speed and processing efficiency for homomorphic addition and comparison of encrypted values. Additionally, it provides homomorphic transformation of encrypted data that is more scalable, rapid, inexpensive, difficult to invert or break, enables various types of key generation protocols and is semantically secure (Ahmed, ¶ [0010])


Claims 2, 11 and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over source An Enhanced Approach to Cloud-based Privacy-preserving Benchmarking to Becher et al. hereinafter (“Becher”) provided in IDS, in view of U.S. Pat. Appl. Publ’n No. 2018/0373882 A1 to Veugen hereinafter (“Veugen”), further in view of U.S. Pat. Appl. Publ'n No. 20190036678 to Ahmed hereinafter (“Ahmed”), and further in view of European Pat. Appl. No. EP 3016011 A1 to Raisaro et al. hereinafter (“Raisaro”)

Regarding claim 2, Becher in view of Veugen, further in view of Ahmed teaches:
	The method of claim 1.
	The combination of Becher, Veugen and Ahmed does not teach the limitation of comparing received encrypted data values by each pair of clients using DGK comparison (Raisaro, ¶[0101-0103], Algorithm 1 shows pair of clients MC and DC together performing DGK comparison protocol of the encrypted data values). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Becher, Veugen and Ahmed with the teachings of Raisaro to compare the data values by pair of clients using DGK comparison protocol with the motivation to perform secure comparison of data values that is more efficient and optimized than other additive homomorphic protocols due to its smaller message space.

Regarding claim 11, Becher teaches:
A computer-implemented method (Becher, page 5, section B. Implementation, prototype implemented in a database and client application which may be computer implemented) comprising: 
…
receiving (Becher, page 3, section E, players P.sub.i providing input to the server P.sub.s), by the server (Becher, page 3, section E, server P.sub.s) from each … of the plurality of clients (Becher, page 3, section E, plurality of clients are defined as participants P.sub.i where i is a value from 1 to n), a corresponding data values encrypted using a common … public key; (Becher, page 3, section IV. Design, K.sub.ENC is public key known to all clients and the server, used to encrypt the value of P.sub.i using E() function sent to server P.sub.s. Also see page 5, Table 1 step 1)
determining, by the server, a ciphertext encrypting a rank of each client’s data value … (Becher, page 4, equation 8, computation of rank using comparison results of equation 7 where the values are stored in the vector. Determining of the ciphertext is done in equation 9);
determining, by the server, a median of the received encrypted data values from the encrypted rank of each client’s data values; (Becher, page 4, equation 8, Round 2 of the protocol, computation of rank using comparison results of equation 7 which is then used to calculate statistical measure including median)
sorting the received encrypted data values by the encrypted rank of each client’s data value (Becher, page 4, left column para 3 of Adapted Protocol section, Rank computation yields rank of a value x.sub.i in a sorted list in ascending order. The rank computation is done for calculation of median, min and max of the sorted list.);
homomorphically computing, by the server, a ciphertext encrypting the median of received the data values; (Becher, pages 4-5, Round 3 of the protocol where the server computes ciphertext encrypting the median value without actually decrypting its value effectively performing homomorphic computation which commonly known in the art) and 
distributing the ciphertext to each of the plurality of clients so that each … of the plurality of clients can jointly decrypt the ciphertext to determine the median (Becher, page 4, col. 2 lines 15-50, server P.sub.s initiates the decryption by blinding the result with a random number and sends the ciphertext each of the players).
Becher does not teach the limitation of threshold encryption and threshold decryption. Veugen remedies and teaches threshold encryption (Veugen, Fig. 1, public encryption key e is a common public key in a threshold homomorphic cryptosystem that is shared by client devices, key information of client devices 110.sub.1..n) and threshold decryption (Veugen, Fig. 3A-3B, ¶[0085-0086], aggregator server initiates decryption to calculate final sum of the selected number of clients from which the data is received and performs decryption using threshold homomorphic mechanism for threshold decryption). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Becher with the teachings of Veugen to have threshold based encryption and decryption with the motivation of using threshold based homomorphic encryption mechanism for big data analytics applications for processing of financial data of commercial and institutional organizations since all selected t clients have the guarantee that the data they sent to the server will be used in the combination to calculate final result while the privacy of individual client devices is guaranteed. Also, no computational and communication intensive zero-knowledge-proofs are required in order to provide proof that the private data are taken in to account by the server. (Veugen, ¶ [0023-0024]).
The combination of Becher and Veugen does not teach the limitation of homomorphically adding the encrypted results. Ahmed remedies and teaches homomorphically adding the encrypted results to perform homomorphic comparison (Ahmed, ¶ [0285-0289], fast homomorphic addition performed as a lookup table Table Z generated for a key as part of the encryption process. Also see ¶ [0501-0506] where the encrypted values of x and y are homomorphically added for comparing the ciphertexts, see ¶ [0503-0504]). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Becher and Veugen with the teachings of Ahmed to perform homomorphic addition of the encrypted values with the motivation to provide speed and processing efficiency for homomorphic addition and comparison of encrypted values. Additionally, it provides homomorphic transformation of encrypted data that is more scalable, rapid, inexpensive, difficult to invert or break, enables various types of key generation protocols and is semantically secure (Ahmed, ¶ [0010])
(Raisaro, Fig. 2, ¶ [0052-0058], key manager MK generates cryptographic key pairs and it divides the private key into two parts where one part is provided to DC and another to MC essentially pairing the clients DC and MC for further cryptographic operations. Here, key manager is the server that does the pairing) and pair of clients jointly decrypting the ciphertext (Raisaro, Fig. 2, ¶ [0080-0081], during step J, MC transmits encrypted result to DC which partly decrypts it to obtain partly decrypted test result. In step K, partly decrypted test result is transmitted to MC by DC which then decrypts it to obtain fully decrypted test result in step L. This means pair of clients MC and DC have jointly decrypted the encrypted results). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Becher, Veugen and Ahmed with the teachings of Raisaro to pair plurality of clients and pair of clients jointly decrypting the encrypted result or ciphertext with the motivation to perform secure comparison of data values that is more efficient and optimized which happens between pair of clients where both are involved in cryptographic exchange of information to jointly perform decryption of the result but without learning the input of the other (Raisaro, ¶ [0009-0011]).

Regarding claim 15, it is rejected as claim 2.

Regarding claim 16, it is rejected using teachings from Becher and Veugen, as presented in claim  3 and claim 4.


Claims 5-6 and 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over source An Enhanced Approach to Cloud-based Privacy-preserving Benchmarking to Becher et al. hereinafter (“Becher”) provided in IDS, in view of U.S. Pat. Appl. Publ’n No. 2018/0373882 A1 to Veugen hereinafter (“Veugen”), further in view of U.S. Pat. Appl. Publ'n No. 20190036678 to Ahmed hereinafter (“Ahmed”), and further in view of European Pat. Appl. No. EP 3340067 A1 to Lee hereinafter (“Lee”)

Regarding claim 5, Becher in view of Veugen and further in view of Ahmed teaches:
The method of claim 1, … the median value (Becher page 4, col. 2, lines 1-10) … in the sorted received encrypted data values (Becher page 4 col.2 lines 1-10, sorted list of xi values which are encrypted, see page 4 col. 1 para 2 of Adapted protocol. Also see page 5 for the sorted list in Round 2 of the protocol)
The combination of Becher, Veugen and Ahmed does not teach the limitation that the median value is a middle value if the size of the sorted datasets is odd. Lee remedies and teaches that the sorted dataset with odd size has a median value as a middle value (Lee, Fig. 8, col. 17, ¶ [0052]). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to calculate the median value of odd sized dataset in this way, as customarily known in the art.

Regarding claim 6, Becher in view of Veugen and further in view of Ahmed teaches:
The method of claim 1, … the median value (Becher page 4, col. 2, lines 1-10) … in the sorted received encrypted data values (Becher page 4 col.2 lines 1-10, sorted list of xi values which are encrypted, see page 4 col. 1 para 2 of Adapted protocol. Also see page 5 for the sorted list in Round 2 of the protocol). Also see page 5 for the sorted list in Round 2 of the protocol)
The combination of Becher, Veugen and Ahmed does not teach the limitation that the median value is a mean of two middle values if the size of the sorted datasets is even. Lee remedies and teaches that the sorted dataset with even size has a median value as a mean of two middle values (Lee, Fig. 8, col. 17-18, ¶ [0052]). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to calculate the median value of odd sized dataset in this way, as customarily known in the art.

Regarding claim 12, it is rejected using teachings of Becher, Veugen, Ahmed and Lee as presented in claim 5.

Regarding claim 13, it is rejected using teachings of Becher, Veugen, Ahmed and Lee as presented in claim 6.


Claims 7 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over source An Enhanced Approach to Cloud-based Privacy-preserving Benchmarking to Becher et al. hereinafter (“Becher”) provided in IDS, in view of U.S. Pat. Appl. Publ’n No. 2018/0373882 A1 to Veugen hereinafter (“Veugen”), further in view of U.S. Pat. Appl. Publ'n No. 20190036678 to Ahmed hereinafter (“Ahmed”), and further in view of U.S. Pat. Appl. Publ’n No. 2015/0295712 A1 to Veugen hereinafter (“Veugen 2”)

Regarding claim 7, Becher in view of Veugen and further in view of Ahmed teaches:

encrypting, by a … client, a data value of interest using a public key of the … client; (Becher, page 3, section IV. Design, K.sub.ENC is public key known to clients used to encrypt the value of P.sub.i using E() function)
transmitting, by the … client, the encrypted data value of the … client to the server; (Becher, page 3, Round 1 step 1 of the protocol where the client is transmitting encrypted input to the server)
…
The combination of Becher, Veugen and Ahmed does not teach the limitation of first and second client and forwarding, by the server, the encrypted data value of the first client to a second server. Veugen 2 remedies and teaches first and second client and forwarding, by the server, the encrypted data value of the first client to a second client (Veugen 2, Fig. 2a, ¶ [0017], first client U encrypts data with public key of A. U has the public key of A which means both A and U possess the shared public key. U sends the encrypted value to server C. C forwards the encrypted value to second client A). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Becher, Veugen and Ahmed with the teachings of Veugen 2 to have a server as intermediary with the motivation to provide maximum privacy between the clients by not having any direct link between the clients and also have a trusted intermediary as a proxy like a server in this case. (Veugen 2, ¶ [0008]) 

Regarding claim 17, it is rejected as claim 7.

Claims 8-9 and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over source An Enhanced Approach to Cloud-based Privacy-preserving Benchmarking to Becher et al. hereinafter (“Becher”) provided in IDS, in view of U.S. Pat. Appl. Publ’n No. 2018/0373882 A1 to Veugen hereinafter (“Veugen”), further in view of U.S. Pat. Appl. Publ'n No. 20190036678 to Ahmed hereinafter (“Ahmed”), further in view of U.S. Pat. Appl. Publ’n No. 2015/0295712 A1 to Veugen hereinafter (“Veugen 2”), and further in view of U.S. Patent No. 10,764,048 B2 to Joye et al. hereinafter (“Joye”)
Regarding claim 8, Becher in view of Veugen, further in view of Ahmed and further in view of Veugen 2 teaches:
	The method of claim 7.
	The combination of Becher, Veugen, Ahmed and Veugen 2 does not teach the limitation of the second client choosing a random bit δ.sub.ji and computing s = 1 - 2 δ.sub.ji and using the random bit to secret share a result of a comparison. Joye remedies and teaches the second client choosing a random bit δ.sub.ji and computing s = 1 - 2 δ.sub.ji and using the random bit to secret share a result of a comparison (Joye, Fig. 1, col. 4 lines 30-50, second client Alice chooses a random bit δ .sub.A and calculates 1-2 δ.sub.A. Alice sends the ciphertext to Bob secretly sharing the result of its comparison). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Becher, Veugen, Ahmed and Veugen 2 with the teachings of Joye to choose random bit, compute and secretly share the comparison data with the motivation to perform comparison protocol using decision tree to decrease the computational complexity and the required bandwidth. This would be a worthwhile improvement as performing the comparison protocol usually requires massive amounts of computation and bandwidth. (Joye, col. 3 lines 45-60) 

claim 9, Becher in view of Veugen, further in view of Ahmed, further in view of Veugen 2 and further in view of Joye teaches:
	The method of claim 8, further comprising:
	homomorphically evaluating, by the second client, a comparison circuit on its own data value of interest and the encrypted data value of the first client; (Joye, Fig. 1, col. 4 lines 30-50, Alice homomorphically evaluates and computes ciphertext using t-bit integers x owned by Alice and encrypted value of y owned by Bob which is the first client and sent to Alice which is the second client) and
	generating, by the second client, corresponding ciphertexts. (Joye, Fig. 1, col. 4 lines 30-50, Alice generates ciphertext at the end of step 3)

Regarding claim 18, it is rejected as claim 8.
Regarding claim 19, it is rejected as claim 9.
Claims 10 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over source An Enhanced Approach to Cloud-based Privacy-preserving Benchmarking to Becher et al. hereinafter (“Becher”) provided in IDS, in view of U.S. Pat. Appl. Publ’n No. 2018/0373882 A1 to Veugen hereinafter (“Veugen”), further in view of U.S. Pat. Appl. Publ'n No. 20190036678 to Ahmed hereinafter (“Ahmed”), further in view of U.S. Pat. Appl. Publ’n No. 2015/0295712 A1 to Veugen hereinafter (“Veugen 2”), further in view of U.S. Patent No. 10,764,048 B2 to Joye et al. hereinafter (“Joye”), and further in view of U.S. Pat. Appl. Publ’n No. 2020/0295934 A1 to Diaz Vico et al. hereinafter (“Diaz”)
Regarding claim 10, Becher in view of Veugen, further in view of Ahmed, further in view of Veugen 2 and further in view of Joye teaches:

	sending, by the second client, the generated corresponding ciphertexts …; (Joye, Fig. 1, col. 4 lines 30-50, Alice sends ciphertext at the end of step 3)
…
computing, by the first client using the generated corresponding ciphertexts, a final … comparison bit; (Joye, Fig. 1, col. 4 lines 30-55, Alice generates ciphertext at the end of step 3) and 
…
The combination of Becher, Veugen, Ahmed, Veugen 2 and Joye does not teach the limitation of sending corresponding ciphertexts to the server, the server forwarding ciphertext to the first client, the first client computing encrypted bit and sending it to the server. Diaz remedies and teaches sending ciphertexts to the server by second client (Diaz, ¶ [0122-0126], Trusted client as second client sends the ciphertext as encrypted secret to server 102), the server forwarding corresponding ciphertext to the first client (Diaz, ¶ [0122-0126], the server forwards ciphertext as encrypted secret to the first client), the first client computing encrypted bit and sending it to the server (Diaz, ¶ [0122-0126], the first client decrypts the encrypted secret using it’s private key, digitally signs it using it’s private key and sends it to the server). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Becher, Veugen, Ahmed, Veugen 2 and Joye with the teachings of Diaz to have intermediary server forwarding the ciphertext from second client to the first and then receiving encrypted data from the first client with the motivation to provide an authority that escrows the keys used to encrypt the data using blockchain technology and to securely deposit and escrow the private keys along with any passwords or secrets of the user data. (Diaz, ¶ [0006-0008])

Regarding claim 20, it is rejected as claim 10.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
U.S. Pat. Appl. Publ'n No. 20120121080 to Kerschbaum discloses commutative order-preserving encryption scheme that includes a unique fixed key and a regular keyed cryptographic hash function, where the cryptographic hash function comprises a domain greater than unique fixed key. The unique fixed key is distributed in multiple portions among multiple parties.
U.S. Pat. Appl. Publ'n No. 20080133935 to Elovici et al. discloses structure preserving database encryption method that permits converting a conventional database index into a secure one so that the time complexity of all queries is maintained. It involves comparing of index values that involves decrypting the index values.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to NIRAV C SHAH whose telephone number is (408)918-7592.  The examiner can normally be reached on Monday - Thursday and alternate Fridays, 7:30-4:30 PT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/Michael Simitoski/Primary Examiner, Art Unit 2493