DETAILED ACTION
This Office Action is in response to application 17/125,573 filed on December 17, 2020.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 5, 23-24 and 30-36 are cancelled, claims 1-4, 6-22 and 25-29 are pending and herein considered.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). The certified copy has been filed in parent Application No. GB1918943, filed on 12/20/2019.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-2, 4, 6-7, 11-12, 19 and 25-27 are rejected under 35 U.S.C. 102(a)(1)/(a)(2) as being anticipated by Lauter et al. (Lauter) U.S. Pub. Number 2007/0118746.
Regarding claim 1; Lauter discloses a method of securely propagating updates, the method comprising:
publishing, at a distributor, a plurality of updates, each update being signed to generate an associated digital signature for the update (para. [0061] a server 102 digitally signs respective ones of a set of segmented blocks of content for distribution with respective homomorphic digital signatures);
receiving, at a subscriber, update data for the plurality of updates and a combined digital signature, the combined digital signature being a combination of a plurality of digital signatures for the plurality of updates (para. [0008] compute the hash of a linear combination of the input messages in view of the hash values of the inputs…a linear combination of signatures is the same as the signature of the linear combination; para. [0062] server 102 distributes the packets … to a destination device); and
verifying the plurality of updates using the combined digital signature, wherein the plurality of digital signatures and the combined digital signature are generated using a set-homomorphic digital signature scheme (para. [0008] a linear combination of signatures is the same as the signature of the linear combination; para. [0063] a client device 106 receives one or more of the distributed linear combination of packets. At block 208, the client device 106 verifies and authenticates content …the client device 106, knowing the digital signatures of some of the linear combination of packets, the client device 106 can produce a signature of any linear combination of the packets (i.e., the received packets)).

Regarding claim 2; Lauter discloses the method of claim 1, comprising:
generating the combined digital signature by aggregating the plurality of digital signatures (para. [0008] a linear combination of signatures is the same as the signature of the linear combination).

Regarding claim 4; Lauter discloses the method of claim 3, wherein aggregating the plurality of digital signatures comprises summing or multiplying the plurality of digital signatures (para. [0013] operations to digitally sign content and distribute the signed content as a linear combination of packets to a client device).

Regarding claim 6; Lauter discloses the method of claim 1, comprising:
generating the combined digital signature by signing the update data using the set- homomorphic digital signature scheme (para. Server 102 computes a respective homomorphic digital signature 122-1 for each of block segment using a digital signature scheme, and signs the block segment with the respective signature 122-1 to create a respective signed block 124-1). 

Regarding claim 7; Lauter discloses the method of claim 1.
, wherein the combined digital signature is generated by one of the distributor and an intermediate device (para. [0016] if the client device 106 is not the final destination for the received random linear combination of packets, the client device 106 implements the operations…with respect to server 102 to digitally re-sign the data into points on an elliptic curve using a homomorphic hash function).

Regarding claim 11; Lauter discloses the method of claim 1, comprising:
applying the plurality of updates at the subscriber in response to a successful verification of the plurality of updates using the combined digital signature (para. [0063] a client device 106 receives one or more of the distributed linear combination of packets. At block 208, the client device 106 verifies and authenticates content encapsulated in the received packets using the public information distributed by the server along with the received packets. At block 210, the client device 106 determines whether it is the final destination device for receipt of the received packets).

Regarding claim 12; Lauter discloses a method of securely publishing updates, the method comprising:
preparing a first update (para. [0061] a server 102 digitally signs respective ones of a set of segmented blocks of content for distribution with respective homomorphic digital signatures);
signing the first update according to a set-homomorphic digital signature scheme to generate a first digital signature (para. [0061] a server 102 digitally signs respective ones of a set of segmented blocks of content for distribution with respective homomorphic digital signatures);
publishing the first update (para. [0062] server 102 distributes the packets … to a destination device);
preparing a second update (para. [0061] a server 102 digitally signs respective ones of a set of segmented blocks of content for distribution with respective homomorphic digital signatures);
signing the second update according to the set-homomorphic digital signature scheme to generate a second digital signature (para. [0061] a server 102 digitally signs respective ones of a set of segmented blocks of content for distribution with respective homomorphic digital signatures); and
publishing the second update (para. [0062] server 102 distributes the packets … to a destination device), 
wherein the first and second updates are verifiable by a subscriber using a combined digital signature generated according to the set-homomorphic digital signature scheme, the combined digital signature being generated by combining the first and second digital signatures, the combined digital signature being useable in place of the first and second digital signatures (para. [0008] a linear combination of signatures is the same as the signature of the linear combination; para. [0063] a client device 106 receives one or more of the distributed linear combination of packets. At block 208, the client device 106 verifies and authenticates content …the client device 106, knowing the digital signatures of some of the linear combination of packets, the client device 106 can produce a signature of any linear combination of the packets (i.e., the received packets)).

Regarding claim 19; Lauter discloses a method of securely verifying updates, the method comprising:
receiving update data comprising a plurality of updates, each update being published with an associated digital signature for verification, a plurality of associated digital signatures for the updates being generated according to a set-homomorphic digital signature scheme (para. [0061] a server 102 digitally signs respective ones of a set of segmented blocks of content for distribution with respective homomorphic digital signatures);
receiving a combined digital signature generated according to the set-homomorphic digital signature scheme, the combined digital signature being generated by combining the plurality of associated digital signatures (para. [0008] compute the hash of a linear combination of the input messages in view of the hash values of the inputs…a linear combination of signatures is the same as the signature of the linear combination; para. [0062] server 102 distributes the packets … to a destination device); and
verifying the update data using the combined digital signature in place of the plurality of digital signatures (para. [0008] a linear combination of signatures is the same as the signature of the linear combination; para. [0063] a client device 106 receives one or more of the distributed linear combination of packets. At block 208, the client device 106 verifies and authenticates content …the client device 106, knowing the digital signatures of some of the linear combination of packets, the client device 106 can produce a signature of any linear combination of the packets (i.e., the received packets)).

Regarding claim 25; Lauter discloses the method of claim 1, wherein the set-homomorphic digital signature scheme defines a limit on a total number of digital signature combinations (para. [0015] a homomorphism is shown when a result obtained by adding two vectors in a vector space and hashing to an elliptic curve is the same as the sum of the respective hashes of the two vectors on that elliptic curve).

Regarding claim 26; Lauter discloses the method of claim 1, wherein the set-homomorphic digital signature scheme uses a set-homomorphic hash function (para. [0015] homomorphism…adding two vectors in a vector space and hashing to an elliptic curve is the same as the sum of the respective hashes of the two vectors on that elliptic curve).

Regarding claim 27; Lauter discloses the method of claim 1, wherein the set-homomorphic digital signature scheme is a lattice-based digital signature scheme, wherein the digital signatures and cryptographic keys of the digital signature scheme are matrices or vectors whose coefficients are ring elements (para. [0015] a homomorphism is shown when a result obtained by adding two vectors in a vector space and hashing to an elliptic curve is the same as the sum of the respective hashes of the two vectors on that elliptic curve para [0030] one source node 102 and a target node 104 (or a set of target nodes). A general goal in this example is to have the source node transmit a file to the target node, where a file is represented as a matrix comprising m row vectors).


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 3, 8-10, 18 and 20-22 are rejected under 35 U.S.C. 103 as being unpatentable over Lauter et al. (Lauter) U.S. Pub. Number 2007/0118746 in view of Nguyen et al. (Nguyen) U.S. Pub. Number 2013/0346755.
Regarding claim 3; Lauter discloses the method of claim 2.
Lauter does not disclose, which Nguyen discloses wherein aggregating the plurality of digital signatures comprises applying an associative and commutative binary operation (Nguyen: para. [0005] data is securely distributed using a homomorphic signature scheme, in which the homomorphic signature scheme for signing the data is based upon binary pairing with standard prime order groups). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Lauter to provide applying an associative and commutative binary operation. The motivation would be to provide protects against changes to the block identifier.

Regarding claim 8; Lauter discloses the method of claim 1.
Lauter does not disclose, which Nguyen discloses comprising:
receiving, at an intermediate device, a first update in the plurality of updates and a first digital signature in the plurality of digital signatures (Nguyen: para. [0022] a source node 202 distributes packets P.sub.HS, signed using signatures 203 of a homomorphic signature scheme … to intermediate nodes 222.sub.1-222.sub.N. The intermediate nodes may combine multiple packets, if received, digitally sign them with a homomorphic signature, and send/distribute them to other nodes);
receiving, at the intermediate device, a second update in the plurality of updates and a second digital signature in the plurality of digital signatures (Nguyen: para. [0022] a source node 202 distributes packets P.sub.HS, signed using signatures 203 of a homomorphic signature scheme … to intermediate nodes 222.sub.1-222.sub.N. The intermediate nodes may combine multiple packets, if received, digitally sign them with a homomorphic signature, and send/distribute them to other nodes);
generating, at the intermediate device, the combined digital signature by aggregating the first and second digital signatures (Nguyen: para. [0022] intermediate nodes 222.sub.1-222.sub.N. The intermediate nodes may combine multiple packets, if received, digitally sign them with a homomorphic signature, and send/distribute them to other nodes)); and
sending the update data comprising the first and second updates and the combined digital signature from the intermediate device to the subscriber (Nguyen: para. [0024] These coded packets, possibly along with other packets from other intermediate nodes, are received at the final destination node). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Lauter to provide receiving, at an intermediate device, a first update in the plurality of updates and a first digital signature in the plurality of digital signatures, receiving, at the intermediate device, a second update in the plurality of updates and a second digital signature in the plurality of digital signatures, generating, at the intermediate device, the combined digital signature by aggregating the first and second digital signatures, sending the update data comprising the first and second updates and the combined digital signature from the intermediate device to the subscriber, as taught by Nguyen. The motivation would be to provide allow for signing of packets in a way that may be used to detect corrupted packets, and thereby reduce the harm of pollution attacks (i.e. each of the blocks may contain information corresponding to a block identifier, and the homomorphic signature scheme protects against changes to the block identifier).

Regarding claim 9; the combination of Lauter and Nguyen discloses the method of claim 8, comprising:
verifying, at the intermediate device, the first update using the first digital signature (Nguyen: para. [0026] the recipient node authenticates and verifies and content in each received packet using the public information; para. [0027] the recipient node combines packets and signs them with a signature based upon the received signatures);
applying, at the intermediate device, the first update in response to a successful verification of the first update (Nguyen: para. [0028] At some point in a typical transmission, at step 310 a node that is the final destination will receive the packets. At step 316, these packets may then be decoded and used to reassemble the original data block (e.g., file);
verifying, at the intermediate device, the second update using the second digital signature (Nguyen: para. [0026] At step 302, a node receives one or more of the distributed linear combination of packets, including public information. At steps 304 and 306, the recipient node authenticates and verifies and content in each received packet); and 
applying, at the intermediate device, the second update in response to a successful verification of the second update (Nguyen: para. [0022] intermediate nodes 222.sub.1-222.sub.N. The intermediate nodes may combine multiple packets, if received, digitally sign them with a homomorphic signature, and send/distribute them to other nodes).

Regarding claim 10; the combination of Lauter and Nguyen discloses the method of claim 9, wherein generating the combined digital signature and sending the update data steps is performed at the intermediate device in response to a request from the subscriber (Nguyen: para. [0022] a source node 202 distributes packets P.sub.HS, signed using signatures 203 of a homomorphic signature scheme …intermediate nodes 222.sub.1-222.sub.N. The intermediate nodes may combine multiple packets, if received, digitally sign them with a homomorphic signature, and send/distribute them to other nodes).

Regarding claim 18; Lauter discloses the method of claim 12.
Lauter does not disclose, which Nguyen discloses wherein the first and second updates are published according to an update policy, the update policy defining one or more conditions to meet for one or more subscribers to apply at least one of the first and second updates (Nguyen: para. [0014] processor 108 fetches and executes computer-program instructions from respective ones of the program modules 112. Program modules 112 include digital signatures for network coding module 116 (e.g., 116-1 and 116-2) and other program modules 118 (e.g., 118-1 and 118-2) such as an operating system, a content distribution model, etc. … between respective server(s) 102 and client(s) 106 across network 104).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Lauter to provide an update policy, the update policy defining one or more conditions to meet for one or more subscribers to apply at least one of the first and second updates, as taught by Nguyen. The motivation would be to provide allow for signing of packets in a way that may be used to detect corrupted packets, and thereby reduce the harm of pollution attacks (i.e. each of the blocks may contain information corresponding to a block identifier, and the homomorphic signature scheme protects against changes to the block identifier).
Regarding claim 20; Lauter discloses the method of claim 19.
Lauter does not disclose, which Nguyen disclose wherein verifying the update data comprising applying a verification function, the verification function receiving as input the update data, the combined digital signature and a public key for a distributor of the plurality of updates (Nguyen: para. [0037] algorithm outputs the public key, secret key pair (pk,sk). Sign(pk,sk,{right arrow over (m)},id) is a possibly randomized algorithm that takes public key, secret key pair (pk,sk), a vector {right arrow over (m)} of dimension n, a file identifier id and outputs a signature .sigma).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Lauter to provide applying a verification function, the verification function receiving as input the update data, the combined digital signature and a public key for a distributor of the plurality of updates, as taught by Nguyen. The motivation would be to provide allow for signing of packets in a way that may be used to detect corrupted packets, and thereby reduce the harm of pollution attacks (i.e. each of the blocks may contain information corresponding to a block identifier, and the homomorphic signature scheme protects against changes to the block identifier).

Regarding claim 21; the combination of Lauter and Nguyen discloses the method of claim 20, wherein the verification function computes a function of the signature, a set-homomorphic hash function of the update data and the public key (Lauter: para. [0008] utilize homomorphic hashing in network coding operations. Given a hash function for which finding collisions is computationally infeasible and linear, the systems and methods compute the hash of a linear combination of the input messages in view of the hash values of the inputs. The computed hash is utilized in a signature scheme based on the theory of elliptic curves to determine whether a message has been altered).

Regarding claim 22; the combination of Lauter and Nguyen discloses the method of claim 20, wherein the verification function checks whether the signature meets one or more signature size constraints (Lauter: para. [0034] the signature 122 is a point on the elliptic curve with coordinates in F.sub.q, thus the size of the signature is O(log q) bits…requires O(d.sub.in log p log.sup.1+.epsilon.q) bit operations where d.sub.in is the in-degree of in(e)). 

Claim 29 is rejected under 35 U.S.C. 103 as being unpatentable over Lauter et al. (Lauter) U.S. Pub. Number 2007/0118746 in view of Qun et al. (Qun) U.S. An ID-Based Linearly Homomorphic Signature Scheme and Its Application in Blockchain, published 02/27/2018. 
Regarding claim 29; Lauter discloses the method of claim 1.
Lauter does not disclose, which Qnu discloses wherein the set-homomorphic digital signature scheme is based on at least one of (i) a Rivest Shamir Adleman - RSA - digital signature scheme, (ii) a Boneh Lynn Shacham - BLS - digital signature scheme, or (iii) a lattice-based digital signature scheme, and wherein the digital signatures are combined using a multiplication operation or a summation operation or both (page 2, introduction: signature scheme proposed by Boneh, Lynn, and Shacham (BLS), as well as the framework of ID-based linear homomorphic signature schemes).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Lauter to provide digital signature scheme, (ii) a Boneh Lynn Shacham, as taught by Qnu. The motivation would be to provide allow perform linear computations on authenticated data which is correctness of the computation can be publicly verified and gives the security proof of the scheme. 



Allowable Subject Matter
Claims 13-17 and 28 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Examiner’s remarks to overcome the rejection above
The Examiner have proposed allowable subject matter to expedite prosecution. The Examiner also encourage Applicant to contact the Examiner to discuss claim’s amendment before responding to this Office Action. 

Related Art
The following prior art made of record and cited on PTO-892, but not relied upon, is considered pertinent to applicant’s disclosure:
U.S. Pub. Number 2013/0326224 to Yavuz-Yavuz teaches verifying communication includes generating a network communication message using a selection of predetermined message elements having digital signatures generated with a private key. The network device generates a signature for the message by applying a homomorphic operation to the digital signatures of the selected predetermined message elements and to a one-time signature corresponding to a random number. The network device transmits the message in association with the signature for the message and the random number to at least one other network device.
U.S. Pub. Number 2011/0191764 to Piorecki-Piorecki teaches assemble a plurality of individual firmware update packages into a single bundled unit for distribution. One or more of the individual firmware update packages may comprise a diff-based firmware update package. The package generation circuitry may be configured to include meta information in the bundled firmware update package that may provide information about the firmware update packages included in the bundled firmware update package and generate a digital signature(s) for a bundled firmware update package and/or one or more portions thereof and include the digital signatures in the bundled firmware update package to allow for verification of the bundled firmware update package.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VU V TRAN whose telephone number is (571)270-1708. The examiner can normally be reached M-F, 8 AM- 4 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/VU V TRAN/Primary Examiner, Art Unit 2491