DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The Amendment filed 10/28/2021 has been received and considered.
Claims 1-20 are pending.
This action is Final.
Response to Arguments
2.	Applicant's arguments filed 10/28/2021 have been fully considered but they are not persuasive. Applicant argues that regarding independent claims 1 and 9, Wentz in view of Becker fails to teach “determining a state of a first device in association with a select time interval, the state of the first device being defined by one or more time-variable characteristics of the first device
With respect to this argument, as disclosed below, Wentz in paragraph [0070] discloses a precision clock reference for determination of locations and latencies of nodes in the network graph where precision time may be used to establish physical distance by inference from latency statistics of nodes in the network. Changes in inferred physical distance or latency between nodes are used to flag potentially compromised secure computing modules or man in the middle or other attacks. In paragraph [0098], a confidence level (state of first device) is determined by performing a trusted time evaluation of an action performed by a remote device where a secure proof may be generated using a secure timestamp. Paragraph [0099] discloses a secure timestamp recorded as current time in a hash chain to instantiate attested time. Attested time (time-variable characteristic) is the property that a device incorporating a local reference clock may hash data along with the local timestamp of the device. Attested time may additionally incorporate attested identity, attested device architecture and other pieces of information identifying properties of the attesting device. 
computing, on the first device, an output for a signing function that depends upon the determined state of the first device associated with the first time interval”
With respect to this argument, as disclosed below, Wentz in paragraph [0098] discloses performing a trusted time evaluation of an action performed by a remote device by generating a secure timestamp using a digital signature protocol. In paragraph [0099], a secure timestamp may be recorded as the current time in a hash chain and a secure timestamp is generated by appending a timestamp to the hashed output data, applying the TSA private key to sign the hashed output data concatenated to the timestamp, and returning the signed, trusted timestamped data back to the listener device. 

Applicant further argues that regarding claims 2 and 10, Wentz in view of Becker fails to teach the amended limitations “computing deterministic errors observed by the first device in association with the select time interval, wherein the output for the signing function depends upon the computed deterministic errors for the select time interval”
With respect to this argument, as disclosed below, Wentz in paragraph [0099] discloses generating a secure proof using attested time to capture device properties. Attested time is the property that a device incorporating a local reference clock may hash data along with the local timestamp of the device and may incorporate attested identity, attested device architecture and other pieces of information identifying properties of the attesting device. Confidence levels in a remote device are evaluated by performing threshold cryptography to produce a secure timestamp and a first digitally signed assertion is assessed against a secure timestamp to generate the secure proof. Additionally, paragraph [0100] discloses determining confidence levels in an identity of a remote device. Confidence levels are computed using statistical measures of reliability and statistics are collected on discovery of 

Applicant further argues that regarding claim 18, Wentz in view of Becker fails to teach “computing an error matrix used to generate the secure signature, the error matrix being representative of errors occurring within a communication network in association with a select time interval”
With respect to this argument, as disclosed below, Wentz in paragraph [0089] discloses a calculation based on a confidence levels is recorded in a digitally signed assertion. In paragraph [0098], determining a confidence level includes performing a trusted time evaluation and generating a secure timestamp. Paragraph [0102] discloses the selection of variable values and data according to one or more criteria to be used in computation of an error function. Relationships are maintained by any kind of method for linking or recording relationships between data sets, including without limitation links using relational database tables, parallel table structures, shared record identifiers, or the like. One of ordinary skill in the art given a broadest reasonable interpretation could interpret using an error matrix in evaluation of these relationships and selecting a time interval as criteria for computing the error function.

Therefore, Wentz in view of Becker teaches the claimed limitations and thereby the dependent claims. 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention 



3.	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over US Pub No. US 2020/0320340 A1 to Wentz, (hereinafter, “Wentz”) in view of US Pub. No. US 2019/0013950 A1 to Becker, (hereinafter, “Becker”).

As per claims 1 and 9, Wentz teaches a method and one or more tangible computer-readable storage media encoding computer- executable instructions for executing a computer process, respectively, the computer process comprising: 
determining a state of a first device in association with a select time interval, the state of the first device being defined by one or more time-variable characteristics of the first device (Wentz, para. [0070] “secure computing module 116 and/or remote device may integrate a precision clock reference for determination of locations and latencies of nodes in the network graph… precision time may be used to establish physical distance by inference from latency statistics of nodes in the network, whether using probabilistic, Bayesian or other statistical methods, machine learning classifiers or other. In some embodiments, changes in inferred physical distance or latency between nodes in the graph may be used to flag potentially compromised secure computing modules 116, man in the middle or other attacks.” And para. [0098] “determining the at least a confidence level may include performing a trusted time evaluation of at least an action performed by the at least a remote device. As a non-limiting example, secure proof may be generated using a secure timestamp.” And para. [0099] “secure timestamp may be recorded the current time in a hash chain…The use of secure timestamps as described herein may enable systems and methods as described herein to instantiate attested time. Attested time is the property that a device incorporating a local reference clock may hash data, e.g. sensor data, along with the local timestamp of the device. Attested time may additionally incorporate attested identity, attested device architecture and other pieces of information identifying properties of the attesting device. In one embodiment, secure timestamp is generated by a trusted third party (TTP) that appends a timestamp to the hashed output data, applies the TSA private key to sign the hashed output data concatenated to the timestamp, and returns this signed, a.k.a. trusted timestamped data back to the listener device”); 
computing, on the first device, an output for a signing function that depends upon the determined state of the first device associated with the first time interval (Wentz, para. [0098] “FIG. 3, determining the at least a confidence level may include performing a trusted time evaluation of at least an action performed by the at least a remote device. As a non-limiting example, secure proof may be generated using a secure timestamp. Generating the secure timestamp may include digitally signing the secure timestamp using any digital signature protocol as described above. In one embodiment authenticity of received data signals is established by utilizing a chain of attestation via one or more attestation schemes (in nonlimiting example, via DAA) to verify that the secure computing module 116 is an authentic secure computing module 116 that has the property of attested time.” And para. [0099] “secure timestamp may be recorded the current time in a hash chain…secure timestamp is generated by a trusted third party (TTP) that appends a timestamp to the hashed output data, applies the TSA private key to sign the hashed output data concatenated to the timestamp, and returns this signed, a.k.a. trusted timestamped data back to the listener device…one or more additional participants, such as other remote devices may evaluate confidence levels in at least a remote device or other party generating secure timestamp and/or perform threshold cryptography with a plurality of such parties, each of which may have performed an embodiment of method to produce a secure timestamp. In an embodiment, remote devices or other parties authenticating first digitally signed assertion may perform authentication at least in part by evaluating timeliness of entry and/or generation of first digitally signed assertion as assessed against secure timestamp.”); and 
Wentz teaches all the limitations of claims 1 and 9 above, however fails to explicitly teach but Becker teaches:
generating a secure signature using the output of the signing function (Becker, para. [0044] “a lattice-based homomorphic signature system employs a private, signing key sk.sub.i for each client i that signs an input message m.sub.i. using a signature function Auth to generate a cryptographic signature .sigma..sub.i: .sigma..sub.i=Auth(sk.sub.i,m.sub.i, id), where m.sub.i is the an input message, such as noisy plaintext data, for a client i. The id term is a nonce identifier that is shared by each of the clients and any computing device that performs verification to prevent a forgery attempt that seeks to use previously recorded valid message and signature from a client to alter the output of a later set of communications that include a message from the client. Thus, the id term ensures that each signature is unique to one set of messages from a plurality of clients. Each cryptographic signature is also referred to as a tag that a client generates for a piece of noisy plaintext data or ciphertext data. In one embodiment, the Auth function applies a latticed-based homomorphic hash function to the input message m.sub.i and the private key sk.sub.i signs the hash value output of the lattice-based homomorphic hash function to produce the signature .sigma..sub.i that has additive homomorphism.”)
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Becker’s privacy preserving method into Wentz’s machine learning system, with a motivation to preserve differential privacy of the plurality of clients (Becker, para. [0009]). 

As per claims 2 and 10, the combination of Wentz and Becker teach the method of claim 1 and the one or more tangible computer-readable storage media of claim 9, respectively, wherein determining the state of the first device further comprises: computing deterministic errors observed by the first device in association with the select time interval, wherein the output for the signing function depends upon the computed deterministic errors for the select time interval (Wentz, para. [0099] discloses generating a secure proof using attested time to capture device properties. Attested time is the property that a device incorporating a local reference clock may hash data along with the local timestamp of the device and may incorporate attested identity, attested device architecture and other pieces of information identifying properties of the attesting device. Confidence levels in a remote device are evaluated by performing threshold cryptography to produce a secure timestamp and a first digitally signed assertion is assessed against a secure timestamp to generate the secure proof. And para. [0100] discloses determining confidence levels in an identity of a remote device. Confidence levels are computed using statistical measures of reliability and statistics are collected on discovery of any vulnerabilities. Furthermore, para. [0102] discloses the selection of variable values to be used in computation of an error function.)

As per claims 3 and 12, the combination of Wentz and Becker teach the method of claim 2 and the one or more tangible computer-readable storage media of claim 10, respectively, wherein the deterministic errors include hardware errors of the first device and the output of the signing function is the secure signature (Wentz, para. [0056] “varied inputs including variations in local physical parameters, such as fluctuations in local electromagnetic fields, radiation, temperature, and the like may be combined with key-generation circuits or methods, such that an almost limitless variety of private keys may be so generated. In an embodiment, at least a remote device and/or secure computing module 116 may convert immediate output from PUF 124 into key in the form of a binary number. Private key extraction may utilize additional corrective measures, including as a nonlimiting example machine learning, neural networks, convolutional neural networks and the like, or other approaches to provide error correction over the operating temperature range of the device, to ensure consistency in key extraction.” And Becker, para. [0044] “a lattice-based homomorphic signature system employs a private, signing key sk.sub.i for each client i that signs an input message m.sub.i. using a signature function Auth to generate a cryptographic signature .sigma..sub.i: .sigma..sub.i=Auth(sk.sub.i,m.sub.i, id), where m.sub.i is the an input message, such as noisy plaintext data, for a client i…In one embodiment, the Auth function applies a latticed-based homomorphic hash function to the input message m.sub.i and the private key sk.sub.i signs the hash value output of the lattice-based homomorphic hash function to produce the signature .sigma..sub.i that has additive homomorphism.”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Becker’s privacy preserving method into Wentz’s machine learning system, with a motivation to preserve differential privacy of the plurality of clients (Becker, para. [0009]). 

As per claims 4 and 13, the combination of Wentz and Becker teach the method of claim 3 and the one or more tangible computer-readable storage media of claim 10, respectively, wherein the secure signature is verifiable to confirm a unique identity of the first device (Becker, para. [0054] “The homomorphic verification data 188 includes, for example, a plurality of public keys vk.sub.i, one for each of the clients 104A-104N that correspond to the individual private signing keys sk.sub.i in the homomorphic signature data 119 of the clients 104A-104N, a nonce identifier, and any other data needed for a homomorphic signature system to verify the decrypted sum of noisy plaintext data 192. The untrusted aggregator 170 receives the public keys vk.sub.i from, for example, a trusted repository of public key data or directly using a key exchange protocol with the clients 104A-104N. During operation of the untrusted aggregator 170, if the processor 174 performs a verification process for the decrypted aggregate sum of the noisy plaintext data 192 using the sum of signatures 186 successfully, then the processor 174 can verify if the sum of noisy plaintext data 164 that the trusted aggregator 150 of the seller transmits to the untrusted aggregator 170 of the influencer is correct or incorrect.”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Becker’s privacy preserving method into Wentz’s machine learning system, with a motivation to preserve differential privacy of the plurality of clients (Becker, para. [0009]). 

As per claims 5 and 14, the combination of Wentz and Becker teach the method of claim 2 and the one or more tangible computer-readable storage media of claim 10, respectively, wherein the deterministic errors include communication errors detected in a broadcast channel of the first device (Becker, para. [0059] “The process 200 continues as each of the clients 104A-104N transmits a message that includes the noisy plaintext data 116 and the associated signature data 122 to the trusted aggregator 150 (block 212). In the client 104A, the processor 108 uses the network interface 124 to transmit the noisy plaintext data and the signature data 122 through the network 130 to the network interface 152 of the trusted aggregator 150. Each of the clients 104A-104N transmits the noisy plaintext and signature to the aggregator 150. While the trusted aggregator 150 has full access to the noisy plaintext data 116 that are transmitted from each of the clients 104A-104N, the clients 104A-104N and the aggregator use an encrypted communication channel, such as an encrypted channel generated using the Transport Layer Security (TLS) protocol that is known to the art, to prevent eavesdroppers from accessing the noisy plaintext data during transmission through the data network 130. Additionally, the signature data 122 prevents the trusted aggregator 150 or an external attacker from being able to alter the noisy plaintext data 116 in a manner that escapes detection by a verifier, such as the untrusted aggregator 170.”)
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Becker’s privacy preserving method into Wentz’s machine learning system, with a motivation to preserve differential privacy of the plurality of clients (Becker, para. [0009]). 

As per claims 6 and 15, the combination of Wentz and Becker teach the method of claim 5 and the one or more tangible computer-readable storage media of claim 14, respectively, wherein the secure signature is a group signature verifiable to confirm that the first device is a member of the group and the method further comprises: combining the output of the signing function computed on the first device with a signing function output from each other respective device in the group (Wentz, para. [0083] “FIG. 3, an exemplary embodiment of a method 300 of machine learning using a distributed framework. At step 305, a computing device selects at least a remote device of a plurality of remote devices. Selecting may include identifying at least a remote device of a plurality of remote devices 112, where “identifying” signifies identifying and/or verifying an association of the at least a remote device with a particular identity of a specific machine and/or person, with a verification datum associated with a digital signature performed by the particular machine, with a group key in which the at least a remote device is at least a member, with a credential issued to the device, or the like; in other words, identification as used in this disclosure does not necessarily mean identification of a specific device or person, but may signify identification of a particular pseudonym, of membership in a group, or of receipt of a credential. Identifying may include, as a non-limiting example, comparing at least a datum received as an identifier from at least a remote device to one or more stored values; one or more stored values may be stored in a temporally sequential listing as described above. One or more stored values may be stored in a database or other data structure. Identifying may include comparison of a digitally signed assertion and/or secure proof, as described in further detail below, in a temporally sequential listing or other data structure to a digitally signed assertion and/or secure proof received from at least a remote device. Identifying the at least a remote device may include evaluating a secure proof and/or digital signature, for instance as described above, generated by the at least a remote device and identifying the at least a remote device as a function of the secure proof.”), 
the signing function output from each other respective device in the group being based on communication errors observed by the respective device in association with the select time interval ( Wentz, para. [0086] “FIG. 3, selections of remote devices for distributed framework may be determined according to proximity according one or more measures of distance or time between each remote device and computing device 104, between at least a remote device and each selected remote device, and/or between at least a remote device and computing device 104, and/or between devices to be selected for distributed framework.”).

As per claims 7 and 17, the combination of Wentz and Becker teach the method of claim 1 and the one or more tangible computer-readable storage media of claim 10, respectively, wherein the signing function is a member of a key- homomorphic pseudorandom function (KH-PRF) family (Becker, para. [0040] “PSA processes provide differential privacy where the term "differential privacy" refers to a property of the PSA process that prevents any party from determining the individual contribution of one client to the aggregate sum of all the data. For example, in a PSA process in which each client encodes a numeric value corresponding to the age of a customer, each client computing device for each customer adds a random noise value, such as a Laplace noise value, to the actual age and encrypts the noisy age value using homomorphic encryption. [0044] In one example of a homomorphic signature system that is known to the art, a lattice-based homomorphic signature system employs a private, signing key sk.sub.i for each client i that signs an input message m.sub.i. using a signature function Auth to generate a cryptographic signature .sigma..sub.i: .sigma..sub.i=Auth(sk.sub.i,m.sub.i, id), where m.sub.i is the an input message, such as noisy plaintext data, for a client i. The id term is a nonce identifier that is shared by each of the clients and any computing device that performs verification to prevent a forgery attempt that seeks to use previously recorded valid message and signature from a client to alter the output of a later set of communications that include a message from the client. Thus, the id term ensures that each signature is unique to one set of messages from a plurality of clients.”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Becker’s privacy preserving method into Wentz’s machine learning system, with a motivation to preserve differential privacy of the plurality of clients (Becker, para. [0009]). 

As per claims 8 and 16, the combination of Wentz and Becker teach the method of claim 1 and the one or more tangible computer-readable storage media of claim 10, respectively, further comprising: 
receiving, at a second device, a message signed with the secure signature; computing, at the second device, an error matrix used to generate the secure signature; and verifying the error matrix is a Learning With Errors (LWE) matrix (Becker, para. [0041] “A post-quantum PSA (PQ-PSA) process is one type of PSA process that provides improved computational efficiency for transmitting larger numeric values and that is believed to be secure against eavesdropping attackers that have access to quantum computers that are more advanced than what is generally known to the art. In the PQ-PSA process, each client encrypts noisy plaintext data to generate ciphertext data using a first public key in a cryptographic system that provides additive homomorphism, such as a learning with errors ( LWE) asymmetric cryptographic system, which has a corresponding private key that is known to the untrusted aggregator. Each client then embeds this first ciphertext in a vector that is indistinguishable from a discrete Gaussian vector. This is achieved by constructing a distribution that is indistinguishable from a discrete Gaussian distribution and sampling said vector from this distribution. This vector is called the error vector E.sub.i. Because E.sub.i is capable of embedding large numeric values, each client can encrypt a comparatively large numeric value (e.g. 8, 16, 32, 64, or 128 bits of data) in a single ciphertext. Each client then performs the following matrix multiplication and addition operation to produce an output vector b: b=[A][s.sub.i]+E.sub.i where A is a multi-dimensional matrix of random data that forms part of an LWE public key and is known to each client and the untrusted aggregator, s.sub.i is a one-dimensional vector of random secret data that each client i possesses individually and does not reveal to the untrusted aggregator, and E.sub.i is the previously generated error vector that is different for each client. The final output b is a vector that is normally part of an LWE public key, but in the PQ-PSA process each vector b is actually a ciphertext c.sub.i from client i that encodes the noisy plaintext data from the client in a manner that prevents the untrusted aggregator or any third party from decrypting individual ciphertext messages.”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Becker’s privacy preserving method into Wentz’s machine learning system, with a motivation to preserve differential privacy of the plurality of clients (Becker, para. [0009]). 
As per claim 11, the combination of Wentz and Becker teach the one or more tangible computer-readable storage media of claim 9, wherein determining the state of the first device further comprises: using a trained linear regression model to compute deterministic errors observed by the first device in association with the select time interval (Wentz, para. [0074]”FIG. 2, machine-learning processes may include performance of a machine-learning algorithm 204 to generate a machine-learning model 208. A machine-learning model 208, as used herein, is a mathematical representation of a relationship between inputs and outputs, as generated using any machine-learning process including without limitation any process as described above, and stored in memory; an input is submitted to a machine-learning model 208 once created, which generates an output based on the relationship that was derived. For instance, and without limitation, a linear regression model, generated using a linear regression algorithm, may compute a linear combination of input data using coefficients derived during machine-learning processes to calculate an output datum.”).


As per claim 18, Wentz teaches a method comprising: 
receiving a message signed with a secure signature (Wentz, para. [0099] “Attested time is the property that a device incorporating a local reference clock may hash data, e.g. sensor data, along with the local timestamp of the device. Attested time may additionally incorporate attested identity, attested device architecture and other pieces of information identifying properties of the attesting device. In one embodiment, secure timestamp is generated by a trusted third party (TTP) that appends a timestamp to the hashed output data, applies the TSA private key to sign the hashed output data concatenated to the timestamp, and returns this signed, a.k.a. trusted timestamped data back to the listener device.”); 
(Wentz, para. [0089] discloses a calculation based on a confidence levels is recorded in a digitally signed assertion. And para. [0098] discloses determining a confidence level includes performing a trusted time evaluation and generating a secure timestamp. Paragraph [0102] discloses the selection of variable values and data according to one or more criteria to be used in computation of an error function. Relationships are maintained by any kind of method for linking or recording relationships between data sets, including without limitation links using relational database tables, parallel table structures, shared record identifiers, or the like. One of ordinary skill in the art given a broadest reasonable interpretation could interpret using an error matrix in evaluation of these relationships and selecting a time interval as criteria for computing the error function.); 

Wentz teaches all the limitations of claim 18 above, however fails to explicitly teach but Becker teaches:
based on the computed error matrix, verifying a source of the message (Becker, para. [0041] “A post-quantum PSA (PQ-PSA) process is one type of PSA process that provides improved computational efficiency for transmitting larger numeric values and that is believed to be secure against eavesdropping attackers that have access to quantum computers that are more advanced than what is generally known to the art. In the PQ-PSA process, each client encrypts noisy plaintext data to generate ciphertext data using a first public key in a cryptographic system that provides additive homomorphism, such as a learning with errors (LWE) asymmetric cryptographic system, which has a corresponding private key that is known to the untrusted aggregator. Each client then embeds this first ciphertext in a vector that is indistinguishable from a discrete Gaussian vector. This is achieved by constructing a distribution that is indistinguishable from a discrete Gaussian distribution and sampling said vector from this distribution. This vector is called the error vector E.sub.i. Because E.sub.i is capable of embedding large numeric values, each client can encrypt a comparatively large numeric value (e.g. 8, 16, 32, 64, or 128 bits of data) in a single ciphertext. Each client then performs the following matrix multiplication and addition operation to produce an output vector b: b=[A][s.sub.i]+E.sub.i where A is a multi-dimensional matrix of random data that forms part of an LWE public key and is known to each client and the untrusted aggregator, s.sub.i is a one-dimensional vector of random secret data that each client i possesses individually and does not reveal to the untrusted aggregator, and E.sub.i is the previously generated error vector that is different for each client. The final output b is a vector that is normally part of an LWE public key, but in the PQ-PSA process each vector b is actually a ciphertext c.sub.i from client i that encodes the noisy plaintext data from the client in a manner that prevents the untrusted aggregator or any third party from decrypting individual ciphertext messages.”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Becker’s privacy preserving method into Wentz’s machine learning system, with a motivation to preserve differential privacy of the plurality of clients (Becker, para. [0009]). 

As per claim 19, the combination of Wentz and Becker teach the method of claim 18, wherein verifying the source of the message further comprises: verifying the computed error matrix is a Learning With Errors (LWE) matrix (Becker, para. [0041] “A post-quantum PSA (PQ-PSA) process is one type of PSA process that provides improved computational efficiency for transmitting larger numeric values and that is believed to be secure against eavesdropping attackers that have access to quantum computers that are more advanced than what is generally known to the art. In the PQ-PSA process, each client encrypts noisy plaintext data to generate ciphertext data using a first public key in a cryptographic system that provides additive homomorphism, such as a learning with errors ( LWE) asymmetric cryptographic system, which has a corresponding private key that is known to the untrusted aggregator. Each client then embeds this first ciphertext in a vector that is indistinguishable from a discrete Gaussian vector. This is achieved by constructing a distribution that is indistinguishable from a discrete Gaussian distribution and sampling said vector from this distribution. This vector is called the error vector E.sub.i. Because E.sub.i is capable of embedding large numeric values, each client can encrypt a comparatively large numeric value (e.g. 8, 16, 32, 64, or 128 bits of data) in a single ciphertext. Each client then performs the following matrix multiplication and addition operation to produce an output vector b: b=[A][s.sub.i]+E.sub.i where A is a multi-dimensional matrix of random data that forms part of an LWE public key and is known to each client and the untrusted aggregator, s.sub.i is a one-dimensional vector of random secret data that each client i possesses individually and does not reveal to the untrusted aggregator, and E.sub.i is the previously generated error vector that is different for each client. The final output b is a vector that is normally part of an LWE public key, but in the PQ-PSA process each vector b is actually a ciphertext c.sub.i from client i that encodes the noisy plaintext data from the client in a manner that prevents the untrusted aggregator or any third party from decrypting individual ciphertext messages.”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Becker’s privacy preserving method into Wentz’s machine learning system, with a motivation to preserve differential privacy of the plurality of clients (Becker, para. [0009]). 

As per claim 20, the combination of Wentz and Becker teach the method of claim 18, wherein the secure signature is generated using a key- homomorphic pseudorandom function (KH-PRF) (Becker, para. [0040] “PSA processes provide differential privacy where the term "differential privacy" refers to a property of the PSA process that prevents any party from determining the individual contribution of one client to the aggregate sum of all the data. For example, in a PSA process in which each client encodes a numeric value corresponding to the age of a customer, each client computing device for each customer adds a random noise value, such as a Laplace noise value, to the actual age and encrypts the noisy age value using homomorphic encryption. [0044] In one example of a homomorphic signature system that is known to the art, a lattice-based homomorphic signature system employs a private, signing key sk.sub.i for each client i that signs an input message m.sub.i. using a signature function Auth to generate a cryptographic signature .sigma..sub.i: .sigma..sub.i=Auth(sk.sub.i,m.sub.i, id), where m.sub.i is the an input message, such as noisy plaintext data, for a client i. The id term is a nonce identifier that is shared by each of the clients and any computing device that performs verification to prevent a forgery attempt that seeks to use previously recorded valid message and signature from a client to alter the output of a later set of communications that include a message from the client. Thus, the id term ensures that each signature is unique to one set of messages from a plurality of clients.”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Becker’s privacy preserving method into Wentz’s machine learning system, with a motivation to preserve differential privacy of the plurality of clients (Becker, para. [0009]). 

Conclusion
4.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US 10554405 B1 – Anti-counterfeit protection and secure authentication.
US 20190318103 A1 – Secure initiation and transfer.

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZOHA P TAFAGHODI whose telephone number is (571)272-5199.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

/ZOHA PIYADEHGHIBI TAFAGHODI/Examiner, Art Unit 2437                                                                                                                                                                                                        
/ALI S ABYANEH/Primary Examiner, Art Unit 2437