DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to communication filed on 10/19/2021.
Status of claims in the instant application as of 10/19/2021:
Claims 1-2, 4-9, 11-16 and 18-23 are pending.
Claims 3, 10 and 17 have been canceled.
Claims 21-23 have been added.
Claims 1, 6, 8, 13, 15 and 20 have been amended.
Response to Arguments
Applicant’s arguments, see page [8-11] of the remarks filed on 10/19/2021 with respect to rejections of claims under 35 USC 101 for the claims being an “abstract idea”, have been fully considered in view of the claim amendments, and they are persuasive. Therefore, the claim rejections are withdrawn.
Applicant’s arguments, see page [11-13] of the remarks filed on 10/19/2021 with respect to various rejections of claims under 35 USC 103, have been fully considered in view of the claim amendments, and they are persuasive. Therefore, the claim rejections are withdrawn.
Applicant has not argued/disagreed with Examiner’s “Interpretation of Claims under 35 USC 112(f)”, see the remarks filed on 10/19/2021. Therefore, the claim interpretation under 35 USC 112(f) is maintained.
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):


The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f):
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f). The presumption that the claim limitation is interpreted under 35 U.S.C. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) because the claim limitations use a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitations are:
Claim 13 recites, “The system of claim 11, wherein the obtaining further comprises generating the at least a portion of the first dataset using a pruning algorithm, the pruning algorithm being configured to, for multiple iterations …”
Specification of the published instant application describes:
Para [0010]: FIG. 6 illustrates a pruning algorithm in accordance with some example embodiments.
Para [0022]: The methods or embodiments disclosed herein may be implemented as a computer system having one or more modules (e.g., hardware modules or software modules). Such modules may be executed by one or more hardware processors of the computer system. In some example embodiments, a non-transitory machine-readable storage device can store a set of instructions that, when executed by at least one processor, causes the at least one processor to perform the operations and method steps discussed within the present disclosure.
Para [0040]: FIG. 3 is a block diagram illustrating a secure computation system 300, in accordance with some example embodiments. In some embodiments, the secure computation system 300 comprises any combination of one or more of a pruning module 310, a merging module 320, a computation module 330, and a selection module 340. The modules 310, 320, 330, and 340 can reside on a computer system, or other machine, having a memory and at least one processor (not shown). In some embodiments, the modules 310, 320, 330, and 340 can be incorporated into the application server(s) 126 in FIG. 1. However, it is contemplated that other configurations of the modules 310, 320, 330, and 340 are also within the scope of the present disclosure.”
Fig. 6 of the instant application describes the steps of pruning algorithm, and also the steps of the pruning algorithm are performed by a processor using instructions stored on a non-transitory media as recited in claim 8 that claim 13 depends on (claim 13 depends on claim 11 and claim 11 depends on claim 8). Thus, the disclosed 
Because these claim limitations are being interpreted under 35 U.S.C. 112(f), they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have these limitations interpreted under 35 U.S.C. 112(f), applicant may:  (1) amend the claim limitations to avoid them being interpreted under 35 U.S.C. 112(f) (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitations recite sufficient structure to perform the claimed function so as to avoid them being interpreted under 35 U.S.C. 112(f).
Allowable Subject Matter
Claims 1-2, 4-9, 11-16 and 18-23 are allowed, but they renumbered as claims 1-20.
The following are examiner's statement of reasons for allowance: The following prior arts were yielded during the examination of applicant’s amended claim set filed on 10/19/2021 in response to office action mailed on 08/03/2021. They do not explicitly teach the applicant’s claimed invention, in view of the amended claims, but are in general realm of applicant’s field of endeavor:
US-PGPUB 20190026489, Nerurkar et al.: This relates to generating a differentially private random forest classifier trained using a set of restricted data. The differentially private random forest classifier is generated in response to the request. 
The present invention generally relates to building classifiers used in computerized machine learning, and more specifically to preserving privacy of training data used to build a machine-learned classifier.
US-PGPUB 20140281572 A1, Wang et al.: Wang discloses that a sampling independent first and second data at one or more clients to obtain sampled data, wherein a sampling parameter substantially smaller than a length of the data. The sampled data are encrypted to obtain encrypted data, which are then combined. The combined encrypted data are randomized to obtain randomized data. At an authorized third-party processor, a joint distribution of the first and second data is estimated from the randomized encrypted data, such that a differential privacy requirement of the first and second is satisfied.
This invention relates generally to secure computing, and more particularly to performing secure aggregate statistical analysis on a private data by a third party.
	NPL: Private Record Matching Using Differential Privacy, Inan et al.: Private matching between datasets owned by distinct parties is a challenging problem with several applications. Private matching allows two parties to identify the records that are close to each other according to some distance functions, such that no additional 
	US-PGPUB 20190332703, FELDMAN et al.: FELDMAN discloses a computer system may include a processor and a memory coupled thereto. The memory may include a database. The processor may be configured to randomly split the database into sub-databases and applying a database query to the sub-databases. The processor may also be configured to generate respective estimated query response values for each sub-database based upon applying the database query, calculate a median of the 
	The present invention relates to computer systems, and more specifically, to database querying and related methods. The databases contain private information, such as medical records. The algorithm used to perform analysis on the database ensures the desired level of differential privacy.
	US-PGPUB 20190147188, BENALOH et al.: This relates to hardware protection of differential privacy techniques. One example obtains multiple instances of encrypted telemetry data within a secure enclave and processes the encrypted telemetry data to obtain multiple instances of unencrypted telemetry data. The example also processes, within the secure enclave, the multiple instances of unencrypted telemetry data to obtain a perturbed aggregate. The example also releases the perturbed aggregate from the secure enclave.
One broad approach is to allow organizations to learn aggregate statistical information about the telemetry data (e.g., an average, median etc.) without giving those organizations the raw telemetry data.
US-PGPUB 20130085916, Abbe et al.: This relates to computer based system and method is directed to the determination of aggregate metrics of select financial indicators utilizing a protocol that preserves the confidentiality of the individual data sets comprising the aggregate metrics. The data processing system provides industry wide transparency of financial risk, concentration and the like based on data associated with 
It is an object of the present invention to provide a secure mechanism for processing highly confidential data to create aggregate metrics of risk and performance that cannot be used subsequently to generate the confidential data underlying the metrics.
However, none of the prior arts of record, alone or in combination, discloses all the limitations of the amended independent claims 1, 8 and 15; specifically they do not disclose “obtaining, by at least one hardware processor, secret shares of a first dataset of a first entity, secret shares of a second dataset of a second entity, secret shares of gap values for the first dataset, secret shares of gap values for the second dataset, secret shares of probability mass values for the first dataset, and secret shares of probability mass values for the second dataset, the gap values for the first dataset comprising differences between adjacent data points in the first dataset, and the gap values for the second dataset comprising difference between adjacent data points in the second dataset; determining, by the at least one hardware processor, a differentially private median of a union of the first dataset and the second dataset using an inverse transform sampling algorithm based on the secret shares of the first dataset, the secret shares of the second dataset, the secret shares of the gap values for the first dataset, the secret shares of the gap values for the second dataset, the secret shares of the probability mass values for the first dataset, and the secret shares of the probability mass values for the second dataset, the determining the differentially private median being performed using a garbled circuit protocol” Therefore, the independent claim are allowable over the prior arts. The dependent claims being definite, further limiting, and fully enabled by the specification are also allowed by virtue of their dependence on the independent claims.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAHABUB S AHMED whose telephone number is (571)272-0364.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  
/MAHABUB S AHMED/Examiner, Art Unit 2434
/KAMBIZ ZAND/Supervisory Patent Examiner, Art Unit 2434