DETAILED ACTION
This office action is in response to applicant’s RCE submission filed on 03/07/2022, which has an effective filing date of 06/23/2017.  Claims 1, 8, and 12-14 have been amended.  Claims 1-14 and 16-20 are pending and are directed towards apparatuses, methods, and computer product for Privacy Preserving Computation Protocol for Data Analytics.  Examiner acknowledges applicant’s amendment to claims 8 and 12 and therefore withdraws the previous office action’s objections to claims 8 and 12.  This is Non-Final action. 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
1.	Applicant’s arguments filed 03/07/2022 have been fully considered.
A) Applicant’s arguments, with respect to the amended limitations of claim 1, 8, and 12-14, that Nath fails to teach “for use in a single-request-response type scheme”, “selecting, by a server, a subgroup H of at least t client devices from a group G of n client devices, the subgroup H comprising fewer client devices than the group G”, and “[each client device] having access to or being provided with an aggregate R of the random values ri of the client devices in the subgroup H” (page 15-16 of the present response) have been fully considered but they are moot in view of the new grounds of 35 U.S.C. 103 rejections. 
B) Applicant’s arguments, with respect to the amended limitations of claim 1, 8, and 12-14, that Rane fails to teach “for use in a single-request-response type scheme”, “selecting, by a server, a subgroup H of at least t client devices from a group G of n client devices, the subgroup H comprising fewer client devices than the group G”, and server transmitting "client information to each of the client devices, the client information including a set of client indices or information to determine a set of client indices, the set of client indices identifying the at least t client devices of subgroup H" (page 16-17 of the present response) have been fully considered but they are moot in view of the new grounds of 35 U.S.C. 103 rejections. 
C) Applicant’s arguments, with respect to the amended limitations of claim 1, that “the skilled person would not modify Nath based on Rane, because Nath and Rane are incompatible with each other" (page 18 of the present response) have been fully considered but they are moot in view of the new grounds of 35 U.S.C. 103 rejections. 
D) Applicant’s arguments that Neumann and Gentry do not disclose “a method using a single request-response cycle" and “selecting a subset H of t client devices from a group G of n devices” (page 18-19 of the present response) have been fully considered but they are not persuasive.
Regarding D) Neumann teaches the subgroup H comprising fewer client devices than the group G (page 3, sec. Shamir/Feldman Secret Sharing; threshold secret sharing allows reconstructing the secret having t<n shares of all participants).  It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Nath to incorporate the teachings of Neumann to provide threshold secret sharing allows reconstructing the secret having t<n shares of all participants. Doing so would allow for verifiable threshold secret sharing among multiple participants through a trusted party, as recognized by Neumann.  Therefore, the prior art Neumann at least suggests the claimed feature in question.
Claim Rejections - 35 USC § 103
2.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
3.	Claims 1-5, 8-10, 12-14, 16-18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Nath et al. (US 2011/0283099), hereinafter Nath, filed on May 13, 2010 in view of Neumann et al. (Analysis of Security and Cryptographic Approaches to Provide Secret and Verifiable Electronic Voting, 2014, pages 1-32), hereinafter Neumann. 
	Regarding claim 1, Nath teaches a method for privacy-preserving computation of aggregated private data of a group of client devices for use in a single-request-response type scheme (Fig. 1 and para 25, line 1-22; privately aggregating distributed data from multiple user systems by providing a summation sequence and then combine received decryption shares, where decryption is performed on the combined received shares), the method comprising: 
selecting, by a server, a subgroup H of at least t client devices from a group G of n client devices (para 25, line 1-22 and para 32, line 1-10; a requestor or aggregator system for performing data mining, such as a computer device, provides an encrypted summation sequence to at least a threshold number of the users), 
Nath does not teach the subgroup H comprising fewer client devices than the group G,
Neumann teaches the subgroup H comprising fewer client devices than the group G (page 3, sec. Shamir/Feldman Secret Sharing; threshold secret sharing allows reconstructing the secret having t<n shares of all participants)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Nath to incorporate the teachings of Neumann to provide threshold secret sharing allows reconstructing the secret having t<n shares of all participants. Doing so would allow for verifiable threshold secret sharing among multiple participants through a trusted party, as recognized by Neumann.
Nath teaches each client device in the group G: being identifiable by a client index i (i=1,...,n); comprising an encryption function E; being configured to generate or being provided with key information including an encryption key e and a decryption key d of a homomorphic threshold cryptosystem (para 49, line 1-13 and para 58, line 1-2 and para 69, line 1-3; users receive the encrypted summation sequence, which is encrypted using an encryption key, used to determine a decryption key share in a threshold homomorphic encryption technique); 
being configured to generate or being provided with a random value ri; and having access to or being provided with random values ri of the other client devices in at least the subgroup H or having access to or being provided with an aggregate R of the random values ri the client devices in the subgroup H (para 49, line 1-13 and para 50, line 1-7; each user generates a random variable and random variable for all users are made public during key generation phase); 
Nath does not teach transmitting, by the dealer, client information to each of the client devices, the client information including a set of client indices or information to determine a set of client indices
Neumann teaches transmitting, by the dealer, client information to each of the client devices, the client information including a set of client indices or information to determine a set of client indices (page 3, sec. Shamir/Feldman Secret Sharing; in a verifiable secret sharing scheme, a trusted dealer provide proofs that the issued secret shares allow to reconstruct the secret to each shareholder i where each shareholder can verify that their share was created correctly)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Nath to incorporate the teachings of Neumann to provide in a verifiable secret sharing scheme, a trusted dealer provide proofs that the issued secret shares allow to reconstruct the secret to each shareholder i where each shareholder can verify that their share was created correctly. Doing so would allow for verifiable threshold secret sharing among multiple participants through a trusted party, as recognized by Neumann.
Nath teaches identifying the at least t client devices of subgroup H that have been selected by the server, the client information signalling each client device of subgroup H that the server would like to aggregate encrypted private data of only the at least t client devices of subgroup H (para 25, line 1-22 and para 32, line 1-10; a requestor or aggregator system for performing data mining, such as a computer device, provides an encrypted summation sequence to at least a threshold number of the users and receives their respective decryption shares); 
receiving, by the server, randomized encrypted private data and an associated decryption share di from client devices identified by the set of client indices, the decryption shares being configured such that the encrypted aggregated result can be decrypted on the basis of at least t decryption shares (para 6, line 6-7 and para 43, line 2-7 and para 50, line 1; the requestor receives encrypted private data with random noise from users and at least some of the users, for each user u, provide respective decryption shares to the requestor and the requestor is able successfully decrypts the data if a threshold number of users provide their decryption shares); -5- 
aggregating, by the server, the received randomized encrypted private data of the selected client devices using the homomorphic properties of the cryptosystem and using the decryption shares for decrypting the aggregated randomized encrypted private data into a cleartext representation of the aggregated private data (para 59, line 1-8 and para 60, line 1-12; the aggregator sums up the encrypted private data using a homomorphic encryption technique and decrypts it using the decryption shares).
Regarding claim 2, Nath and Neumann teach method of claim 1.
	Nath does not teach the key information includes a polynomial function of degree t-1, such that d=f(0), and a client device i is provided with a decryption share di of the decryption key d.
Neumann teach the key information includes a polynomial function of degree t-1, such that d=f(0), and a client device i is provided with a decryption share di of the decryption key d (page 3, sec. Shamir/Feldman Secret Sharing; key shares are based upon computations using Lagrange polynomial t-1 where the sum of all shares provided to each participant i allows for the secret decryption key to be reconstructed and secret s = f(0))
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Nath to incorporate the teachings of Neumann to provide Lagrange polynomial interpolation in order to reconstruct the decryption key from decryption shares. Doing so would allow for verifiable threshold secret sharing among multiple participants through a trusted party, as recognized by Neumann.
Regarding claim 3, Nath and Neumann teach method of claim 2.
	Nath does not teach the threshold homomorphic cryptosystem is based on an additively homomorphic cryptosystem.
	Neumann teaches the threshold homomorphic cryptosystem is based on an additively homomorphic cryptosystem (page 5, sec. Homomorphic Property, para 2; ElGamal encryption has been extended towards additive homomorphism).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Nath to incorporate the teachings of Neumann to provide an ElGamal encryption scheme using additive homomorphism. Doing so might result in a more useful encryption scheme for ciphertext of messages in electronic voting systems, as recognized by Neumann.
Regarding claim 4, Nath and Neumann teach method of claim 3.
	Nath does not teach each decryption share is of the form (gR)-siai and wherein each randomized encrypted private data is of the form gmi*hri wherein g is a generator of cyclic group G and wherein h is defined as gd
	Neumann teaches each decryption share is of the form (gR)-siai and wherein each randomized encrypted private data is of the form gmi*hri wherein g is a generator of cyclic group G and wherein h is defined as gd (page 3, sec. Shamir/Feldman Secret Sharing: a generator g of a group of shareholders and secret shares are in the form of gf(i) = gs * gri*i mod p and Lagrange interpolation f(x) equation (rearranging the equation according to s(i) = f(i) and R = (ΠiЄHri)-1mod N gives obviously similar form to the claimed decryption shares form); and page 16, sec. Description, para 3 and 7: calculation hi = gai and encrypted voting data gvihiri).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Nath to incorporate the teachings of Neumann to provide the forms for decryption shares and randomized encrypted private data. Doing so would result in an encryption scheme for ciphertext of messages that is applicable to electronic voting systems, as recognized by Neumann.
Regarding claim 5, Nath and Neumann teach method of claim 3.
	Nath does not teach decrypting the aggregated randomized encrypted private data includes determining the product of the randomized encrypted private data and the associated decryption shares.
Neumann teaches decrypting the aggregated randomized encrypted private data includes determining the product of the randomized encrypted private data and the associated decryption shares (page 3, sec. Shamir/Feldman Secret Sharing and page 16, sec. Description, para 3 and 7; voting data mi’ = gvihiri (rearranging with (gR)-siai , ΠiЄH , h = gd , and Lagrange interpolation equation f(x) gives similar form to the claimed product expression))
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Nath to incorporate the teachings of Neumann to provide the forms for decryption shares and randomized encrypted private data used in decryption encrypted private data. Doing so would result in an encryption scheme for ciphertext of messages that is applicable to electronic voting systems, as recognized by Neumann.
Regarding claim 8, Nath teaches a method for enabling privacy-preserving computation of aggregated private data of a group G of n client devices for use in a single-request-response type scheme, the method comprising (Fig. 1 and para 25, line 1-22; privately aggregating distributed data from multiple user systems by providing a summation sequence and then combine received decryption shares, where decryption is performed on the combined received shares): 
providing a client device identified by client index i comprising an encryption function of a homomorphic threshold cryptosystem with key information or generating, by the client device, key information, wherein the key information includes an encryption key e and a decryption key d of the homomorphic threshold cryptosystem (para 49, line 1-13 and para 58, line 1-2 and para 69, line 1-3; each user receive the encrypted summation sequence, which is encrypted using an encryption key, used to determine a decryption key share in a threshold homomorphic encryption technique);
generating, by the client device, or being provided with a random value ri and having access to, or being provided with, the random values of the -7-other client devices in at least a subgroup H of at least t client devices from the group G, or having access to or being provided with an aggregate R of the random values ri of the client devices in the subgroup H (para 49, line 1-13 and para 50, line 1-7; each user generates a random variable and random variable for all users are made public during key generation phase); 
Nath does not teach the subgroup H comprising fewer client devices than the group G,
receiving, by the client device, client information from a server, the client information including client indices
Neumann teaches the subgroup H comprising fewer client devices than the group G (page 3, sec. Shamir/Feldman Secret Sharing; threshold secret sharing allows reconstructing the secret having t<n shares of all participants),
receiving, by the client device, client information from a server, the client information including client indices (page 3, sec. Shamir/Feldman Secret Sharing; in a verifiable secret sharing scheme, a trusted dealer provide proofs that the issued secret shares allow to reconstruct the secret to each shareholder i where each shareholder can verify that their share was created correctly)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Nath to incorporate the teachings of Neumann to provide threshold secret sharing allows reconstructing the secret having t<n shares of all participants. Doing so would allow for verifiable threshold secret sharing among multiple participants through a trusted party, as recognized by Neumann.
Nath teaches identifying client devices selected by the server, the client information signalling a client device that the server would like to aggregate encrypted private data of only each of the selected client devices in the subgroup H identified in the client information (para 25, line 1-22 and para 32, line 1-10; a requestor or aggregator system for performing data mining, such as a computer device, provides an encrypted summation sequence to at least a threshold number of the users and receives their respective decryption shares); 
if the client device determines on the basis of the received client information that the number of client devices selected by the server includes at least t client devices, using, by the client device, the random values ri and the encryption function for generating randomized encrypted private data and using, by the client device the random values of the selected client devices to compute a decryption share, the decryption share being computed such that the aggregated value can be decrypted by the server on the basis of t decryption shares generated by client devices identified in the client information (para 6, line 6-7 and para 43, line 2-7 and para 50, line 1; the requestor receives encrypted private data with random noise from users and at least some of the users, for each user u, provide respective decryption shares to the requestor and the requestor is able successfully decrypts the data if a threshold number of users provide their decryption shares); and 
transmitting, by the client device, the randomized encrypted private data and the decryption share to the server, the server being adapted to aggregate randomized encrypted private data of the selected client devices and decrypt the aggregated randomized encrypted private data into a cleartext representation of the aggregated private data (para 59, line 1-8 and para 60, line 1-12; the aggregator sums up the encrypted private data using a homomorphic encryption technique and decrypts it using the decryption shares).
Regarding claim 9, Nath and Neumann teach method of claim 8.
	Nath does not teach the key information includes a polynomial function of degree t-1, such that d=f(0), and a client device i is provided or is adapted to determine a secret share of the decryption key d.
	Neumann teaches the key information includes a polynomial function of degree t-1, such that d=f(0), and a client device i is provided or is adapted to determine a secret share of the decryption key d (page 3, sec. Shamir/Feldman Secret Sharing; key shares are based upon computations using Lagrange polynomial t-1 where the sum of all shares provided to each participant i allows for the secret decryption key to be reconstructed and secret s = f(0), for equation teachings)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Nath to incorporate the teachings of Neumann to provide Lagrange polynomial interpolation in order to reconstruct the decryption key from decryption shares. Doing so would allow for verifiable threshold secret sharing among multiple participants through a trusted party, as recognized by Neumann.
Regarding claim 10, Nath and Neumann teach method of claim 9.
	Nath does not teach the threshold homomorphic cryptosystem is based on an additively homomorphic cryptosystem, such as an additive ElGamal cryptosystem.
Neumann teaches the threshold homomorphic cryptosystem is based on an additively homomorphic cryptosystem, such as an additive ElGamal cryptosystem (page 5, sec. Homomorphic Property, para 2: ElGamal encryption has been extended towards additive homomorphism; page 3, sec. Shamir/Feldman Secret Sharing: a generator g of a group of shareholders and secret shares are in the form of gf(i) = gs * gri*i mod p and Lagrange interpolation f(x) equation).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Nath to incorporate the teachings of Neumann to provide the forms for decryption shares and randomized encrypted private data. Doing so would result in an encryption scheme for ciphertext of messages that is applicable to electronic voting systems, as recognized by Neumann.
Regarding claim 12, Nath teaches a server device adapted for privacy-preserving computation of aggregated private data of a group of client devices for use in a single-request-response type scheme, the server device comprising (Fig. 1 and para 25, line 1-22; privately aggregating distributed data from multiple user systems by providing a summation sequence and then combine received decryption shares, where decryption is performed on the combined received shares):
a computer readable storage medium having computer readable program code embodied therewith, and a processor, coupled to the computer readable storage medium, wherein responsive to executing the first computer -9-readable program code, the processor is configured to perform executable operations comprising (para 90, line 2-10; computer-readable mediums contain instructions executed by processing devices): 
selecting, a subgroup H of at least t client devices from a group G of n client devices (para 25, line 1-22 and para 32, line 1-10; a requestor or aggregator system for performing data mining, such as a computer device, provides an encrypted summation sequence to at least a threshold number of the users),
Nath does not teach the subgroup H comprising fewer client devices than the group G,
Neumann teaches the subgroup H comprising fewer client devices than the group G (page 3, sec. Shamir/Feldman Secret Sharing; threshold secret sharing allows reconstructing the secret having t<n shares of all participants)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Nath to incorporate the teachings of Neumann to provide threshold secret sharing allows reconstructing the secret having t<n shares of all participants. Doing so would allow for verifiable threshold secret sharing among multiple participants through a trusted party, as recognized by Neumann.
Nath teaches each client device in the group G: being identifiable by a client index i (i=1,...,n); comprising an encryption function E; being configured to generate or being provided with key information including an encryption key e and a decryption key d of a homomorphic threshold cryptosystem (para 49, line 1-13 and para 58, line 1-2 and para 69, line 1-3; users receive the encrypted summation sequence, which is encrypted using an encryption key, used to determine a decryption key share in a threshold homomorphic encryption technique);  
being configured to generate or being provided with a random value ri and having access to or being provided with random values ri of the other client devices in at least the subgroup H or having access to or being provided with an aggregate R of the random values ri of the client devices in the subgroup H (para 49, line 1-13 and para 50, line 1-7; each user generates a random variable and random variable for all users are made public during key generation phase); 
Nath does not teach transmitting, by the dealer, client information to each of the client devices, the client information including a set of client indices or information to determine a set of client indices
Neumann teaches transmitting, by the dealer, client information to each of the client devices, the client information including a set of client indices or information to determine a set of client indices (page 3, sec. Shamir/Feldman Secret Sharing; in a verifiable secret sharing scheme, a trusted dealer provide proofs that the issued secret shares allow to reconstruct the secret to each shareholder i where each shareholder can verify that their share was created correctly)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Nath to incorporate the teachings of Neumann to provide in a verifiable secret sharing scheme, a trusted dealer provide proofs that the issued secret shares allow to reconstruct the secret to each shareholder i where each shareholder can verify that their share was created correctly. Doing so would allow for verifiable threshold secret sharing among multiple participants through a trusted party, as recognized by Neumann.
Nath teaches identifying the at least t client devices of subgroup H that have been selected by the server, the client information signalling each client device of subgroup H that the server would like to aggregate encrypted private data of only the at least t client devices of subgroup H (para 25, line 1-22 and para 32, line 1-10; a requestor or aggregator system for performing data mining, such as a computer device, provides an encrypted summation sequence to at least a threshold number of the users and receives their respective decryption shares);
receiving randomized encrypted private data and an associated decryption share di from client devices identified by the set of client indices, the decryption shares being configured such that the encrypted aggregated result can be decrypted on the basis of at least t decryption shares (para 6, line 6-7 and para 43, line 2-7 and para 50, line 1; the requestor receives encrypted private data with random noise from users and at least some of the users, for each user u, provide respective decryption shares to the requestor and the requestor is able successfully decrypts the data if a threshold number of users provide their decryption shares); -5-and
aggregating, the received randomized encrypted private data of the selected client devices using the homomorphic properties -10- of the cryptosystem and using the decryption shares for decrypting the aggregated randomized encrypted private data into a cleartext representation of the aggregated private data (para 59, line 1-8 and para 60, line 1-12; the aggregator sums up the encrypted private data using a homomorphic encryption technique and decrypts it using the decryption shares).
Regarding claim 13, Nath teaches a client device configured to communicate with a server for privacy-preserving computation of aggregated private data of a group G of n client devices for use in a single-request-response type scheme (Fig. 1 and para 23, line 1-5 and para 32, line 7-9; a requestor or aggregator, such as a computing device, capable of privately aggregating distributed data from multiple users and multiple users comprises multiple user systems), the client device comprising: 
a computer readable storage medium having computer readable program code embodied therewith, the program code including an encryption function of a homomorphic threshold cryptosystem, and a processor, coupled to the computer readable storage medium, wherein responsive to executing the first computer readable program code, the processor is configured to perform executable operations comprising (para 8, line 9 and line 12-13 and para 90, line 2-10; computer-readable mediums contain instructions executed by processing devices and performing homomorphic threshold encryption technique): 
receiving or generating key information, the key information including an encryption key e and a decryption key d of the homomorphic threshold cryptosystem (para 47, line 1-4 and para 50, line 1 and para 58, line 1-2 and para 69, line 1-3: each user u receive the encrypted summation sequence, which is encrypted using an encryption key, used to determine a decryption key share in a threshold homomorphic encryption technique); 
generating or receiving a random value ri and receiving random values ri of client devices of at least a subgroup H of at least t client devices from the group G of n client devices, the client devices being associated with a client index I (i=1,…,n) (para 49, line 1-13 and para 50, line 1-7; each user generates a random variable and random variable for all users are made public during key generation phase);; 
Nath does not teach the subgroup H comprising fewer client devices than the group G,
receiving client information from the dealer, the client information including a set of client indices or information to determine a set of client indices,
Neumann teaches the subgroup H comprising fewer client devices than the group G (page 3, sec. Shamir/Feldman Secret Sharing; threshold secret sharing allows reconstructing the secret having t<n shares of all participants)
receiving client information from the dealer, the client information including a set of client indices or information to determine a set of client indices (page 3, sec. Shamir/Feldman Secret Sharing; in a verifiable secret sharing scheme, a trusted dealer provide proofs that the issued secret shares allow to reconstruct the secret to each shareholder i where each shareholder can verify that their share was created correctly)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Nath to incorporate the teachings of Neumann to provide threshold secret sharing allows reconstructing the secret having t<n shares of all participants. Doing so would allow for verifiable threshold secret sharing among multiple participants through a trusted party, as recognized by Neumann.
Nath teaches identifying the subgroup H of client devices that have been selected by the server from the group G of n client devices, the client information signalling the client device that the server would like to aggregate encrypted private data of only the at least t client devices of subgroup H (para 25, line 1-22 and para 32, line 1-10; a requestor or aggregator system for performing data mining, such as a computer device, provides an encrypted summation sequence to at least a threshold number of the users and receives their respective decryption shares); 
determining on the basis of the set of client indices or the information to determine the set of client indices that the number of client devices of subgroup H selected by the server includes at least t client devices (para 6, line 6-7 and para 50, line 1; at least some of the users, for each user u, provide respective decryption shares based on the encrypted private data with noise along with the threshold number of users to the requestor);  -11- 
if the client information includes at least t client devices, using the random value ri of the client device and the encryption function to generate randomized encrypted private data and using the random values ri of the client devices as identified by the set of client devices to compute a decryption share, the decryption shares being configured such that the encrypted aggregated result can be decrypted on the basis of at least t decryption shares (para 6, line 6-7 and para 43, line 2-7 and para 50, line 1; the requestor receives encrypted private data with random noise from users and at least some of the users, for each user u, provide respective decryption shares based on the encrypted private data with noise along with the threshold number of users to the requestor and the requestor is able successfully decrypts the data if a threshold number of users provide their decryption shares); and
transmitting the randomized encrypted private data and the decryption share to the server, the server being adapted to aggregate randomized encrypted private data of the selected client devices and decrypt the aggregated randomized encrypted private data into a cleartext representation of the aggregated private data on the basis of the decryption shares (para 59, line 1-8 and para 60, line 1-12; the aggregator sums up the encrypted private data using a homomorphic encryption technique and decrypts it using the decryption shares).
Regarding claim 14, an electronic online voting platform comprising: 
Nath teaches a server device adapted for privacy-preserving computation of aggregated private data of a group of client devices for use in a single-request-response type scheme, the server device comprising (Fig. 1 and para 25, line 1-22; privately aggregating distributed data from multiple user systems by providing a summation sequence and then combine received decryption shares, where decryption is performed on the combined received shares): 
a computer readable storage medium having computer readable program code embodied therewith, and a processor, coupled to the computer readable storage medium, wherein responsive to executing the first computer readable program code, the processor is configured to perform executable operations comprising (para 90, line 2-10; computer-readable mediums contain instructions executed by processing devices): 
selecting a subgroup H of at least t client devices from a group G of n client devices (para 25, line 1-22 and para 32, line 1-10; a requestor or aggregator system for performing data mining, such as a computer device, provides an encrypted summation sequence to at least a threshold number of the users),: 
each client device in the group G: being identifiable by a client index i (i=1,...,n); comprising an encryption function E; being provided with key information including an encryption key e and a decryption key d of a homomorphic threshold cryptosystem (para 49, line 1-13 and para 58, line 1-2 and para 69, line 1-3; users receive the encrypted summation sequence, which is encrypted using an encryption key, used to determine a decryption key share in a threshold homomorphic encryption technique); 
being configured to generate or being provided with a random value ri and -12-  having access to or being provided with random values ri of the other client devices in at least the subgroup H or having access to or being provided with an aggregate R of the random values ri of the client devices in the subgroup H (para 49, line 1-13 and para 50, line 1-7; each user generates a random variable and random variable for all users are made public during key generation phase); 
Nath does not teach transmitting, by the dealer, client information to each of the client devices, the client information including a set of client indices or information to determine a set of client indices
Neumann teaches transmitting, by the dealer, client information to each of the client devices, the client information including a set of client indices or information to determine a set of client indices (page 3, sec. Shamir/Feldman Secret Sharing; in a verifiable secret sharing scheme, a trusted dealer provide proofs that the issued secret shares allow to reconstruct the secret to each shareholder i where each shareholder can verify that their share was created correctly)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Nath to incorporate the teachings of Neumann to provide in a verifiable secret sharing scheme, a trusted dealer provide proofs that the issued secret shares allow to reconstruct the secret to each shareholder i where each shareholder can verify that their share was created correctly. Doing so would allow for verifiable threshold secret sharing among multiple participants through a trusted party, as recognized by Neumann.
Nath teaches identifying the at least t client devices of subgroup H that have been selected by the server, the client information signalling each client device of subgroup H that the server would like to aggregate encrypted private data of the at least t client devices (para 25, line 1-22 and para 32, line 1-10; a requestor or aggregator system for performing data mining, such as a computer device, provides an encrypted summation sequence to at least a threshold number of the users and receives their respective decryption shares);
receiving randomized encrypted private data and an associated decryption share di from client devices identified by the set of client indices, the decryption shares being configured such that the encrypted aggregated result can be decrypted on the basis of at least t decryption shares (para 6, line 6-7 and para 43, line 2-7 and para 50, line 1; the requestor receives encrypted private data with random noise from users and at least some of the users, for each user u, provide respective decryption shares to the requestor and the requestor is able successfully decrypts the data if a threshold number of users provide their decryption shares); and
aggregating, the received randomized encrypted private data of the selected client devices using the homomorphic properties of the cryptosystem and using the decryption shares for decrypting the aggregated randomized encrypted private data into a cleartext representation of the aggregated private data (para 59, line 1-8 and para 60, line 1-12; the aggregator sums up the encrypted private data using a homomorphic encryption technique and decrypts it using the decryption shares); 
a plurality of client devices configured to communicate with the server device for privacy-preserving computation of aggregated private data of a group of client devices, each client device comprising (Fig. 1 and para 23, line 1-5 and para 32, line 7-9; a requestor or aggregator, such as a computing device, capable of privately aggregating distributed data from multiple users and multiple users comprises multiple user systems): 
a computer readable storage medium having computer readable program code embodied therewith, the program code including an encryption function of a homomorphic threshold cryptosystem, and a processor, coupled to the computer readable storage medium, wherein responsive to executing the first computer readable program code, the processor is configured to perform executable operations comprising (para 8, line 9 and line 12-13 and para 90, line 2-10; computer-readable mediums contain instructions executed by processing devices and performing homomorphic threshold encryption technique): -13- 
receiving or generating key information, the key information including an encryption key e and a decryption key d of the homomorphic threshold cryptosystem (para 47, line 1-4 and para 50, line 1 and para 58, line 1-2 and para 69, line 1-3: each user u receive the encrypted summation sequence, which is encrypted using an encryption key, used to determine a decryption key share in a threshold homomorphic encryption technique); 
generating or receiving a random value ri and receiving random values ri of client devices of the group G of n client devices, the client devices being associated with a client index i (i=1,…,n) (para 49, line 1-13 and para 50, line 1-7; each user generates a random variable and random variable for all users are made public during key generation phase); 
Nath does not teach receiving client information from the server, the client information including a set of client indices or information to determine a set of client indices,
Nuemann teaches receiving client information from the server, the client information including a set of client indices or information to determine a set of client indices (page 3, sec. Shamir/Feldman Secret Sharing; in a verifiable secret sharing scheme, a trusted dealer provide proofs that the issued secret shares allow to reconstruct the secret to each shareholder i where each shareholder can verify that their share was created correctly)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Nath to incorporate the teachings of Neumann to provide in a verifiable secret sharing scheme, a trusted dealer provide proofs that the issued secret shares allow to reconstruct the secret to each shareholder i where each shareholder can verify that their share was created correctly. Doing so would allow for verifiable threshold secret sharing among multiple participants through a trusted party, as recognized by Neumann.
Nath teaches identifying the subgroup H of client devices that have been selected by the server from the group G of n client devices, the client information signalling the client device that the server would like to aggregate encrypted private data of the at least t client devices (para 25, line 1-22 and para 32, line 1-10; a requestor or aggregator system for performing data mining, such as a computer device, provides an encrypted summation sequence to at least a threshold number of the users and receives their respective decryption shares);  
determining on the basis of the set of client indices or the information to determine the set of client indices that the number of client devices of subgroup H selected by the server includes at least t client devices (para 6, line 6-7 and para 50, line 1; at least some of the users, for each user u, provide respective decryption shares based on the encrypted private data with noise along with the threshold number of users to the requestor); 
if the client information includes at least t client devices, using the random value ri of the client device and the encryption function to generate randomized encrypted private data and using the random values ri of the client devices as identified by the set of client devices to compute a decryption share, the decryption shares being configured such that the encrypted aggregated result can be decrypted on the basis of at least t decryption shares (para 6, line 6-7 and para 43, line 2-7 and para 50, line 1; the requestor receives encrypted private data with random noise from users and at least some of the users, for each user u, provide respective decryption shares based on the encrypted private data with noise along with the threshold number of users to the requestor and the requestor is able successfully decrypts the data if a threshold number of users provide their decryption shares); and
transmitting the randomized encrypted private data and the decryption share to the server, the server being adapted to aggregate randomized encrypted private data of the selected client devices and decrypt the aggregated randomized encrypted private data into a cleartext representation of the aggregated private data on the basis of the decryption shares (para 59, line 1-8 and para 60, line 1-12; the aggregator sums up the encrypted private data using a homomorphic encryption technique and decrypts it using the decryption shares); 
Nath does not teach wherein each client device is configured as an electronic voting application, 25the application being configured to receive a vote from a user of the voting application and to send the vote as randomized encrypted private data to the server; and, 
wherein the server device is configured to select t or at least t electronic voting applications from the plurality of electronic voting applications and to sum the randomized encrypted private data representing the votes.
Neumann teaches wherein each client device is configured as an electronic voting application, 25the application being configured to receive a vote from a user of the voting application and to send the vote as randomized encrypted private data to the server (page 2, sec. Components and page 3, para 1 and page 5, sec. Encryption, para 1; electronic voting process where the tallying authority, working together with a server, is the entity in charge of processing votes cast by users via a browser and transmitted data is encrypted with random value); and, 
wherein the server device is configured to select t or at least t electronic voting applications from the plurality of electronic voting applications and to sum the randomized encrypted private data representing the votes (page 2, sec. Components and page 3, para 1 and page 3, sec. Shamir/Feldman Secret Sharing and page 5, sec. Encryption, para 1; secret sharing allows splitting a secret apart such that a set of shares allows one to reconstruct the secret and is applied to electronic voting process where the tallying authority, working together with a server, is the entity in charge of processing votes cast by users via a browser and transmitted data is encrypted with random value).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Nath to incorporate the teachings of Neumann to provide for secret sharing among multiple users where a set of shares allows one to reconstruct the secret. Doing so would result in an encryption scheme for ciphertext of messages that is applicable to electronic voting systems, as recognized by Neumann.
Regarding claim 16, Nath and Neumann teach method of claim 2.
Nath does not teach the polynomial function is a Lagrange polynomial, and wherein the secret share di is based on a Lagrange polynomial.
Neumann teaches the polynomial function is a Lagrange polynomial, and wherein the secret share di is based on a Lagrange polynomial (page 3, sec. Shamir/Feldman Secret Sharing; key shares are based upon computations using Lagrange polynomial t-1 where the sum of all shares provided to each participant i allows for the secret decryption key to be reconstructed and secret s = f(0), for equation teachings (see the Lagrange interpolation equation f(x) in prior art and assume that x = 0))
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Nath to incorporate the teachings of Neumann to provide Lagrange polynomial interpolation in order to reconstruct the decryption key from decryption shares. Doing so would allow for verifiable threshold secret sharing among multiple participants through a trusted party, as recognized by Neumann.
Regarding claim 17, Nath and Neumann teach method of claim 16.
Nath does not teach the secret share di comprises si*ai, wherein si is the value of the polynomial function evaluated in si = f(i) and wherein ai is defined as: 
    PNG
    media_image1.png
    200
    400
    media_image1.png
    Greyscale
.
Neumann teaches the secret share di comprises si*ai, wherein si is the value of the polynomial function evaluated in si = f(i) and wherein ai is defined as: 
    PNG
    media_image1.png
    200
    400
    media_image1.png
    Greyscale
 (page 3, sec. Shamir/Feldman Secret Sharing; key shares are based upon computations using Lagrange polynomial t-1 where the sum of all shares provided to each participant i allows for the secret decryption key to be reconstructed and secret s = f(0), for equation teachings (see the Lagrange interpolation equation f(x) in prior art and assume that x = 0))
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Nath to incorporate the teachings of Neumann to provide Lagrange polynomial interpolation in order to reconstruct the decryption key from decryption shares. Doing so would allow for verifiable threshold secret sharing among multiple participants through a trusted party, as recognized by Neumann.
Regarding claim 18, Nath and Neumann teach method of claim 5.
Nath does not teach the product is defined by the expression: 
    PNG
    media_image2.png
    200
    400
    media_image2.png
    Greyscale
.
Neumann teaches the product is defined by the expression: 
    PNG
    media_image2.png
    200
    400
    media_image2.png
    Greyscale
 (page 3, sec. Shamir/Feldman Secret Sharing and page 16, sec. Description, para 3 and 7; voting data mi’ = gvihiri (rearranging with (gR)-siai , ΠiЄH , h = gd , and Lagrange interpolation equation f(x) gives similar form to the claimed product expression))
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Nath to incorporate the teachings of Neumann to provide the forms for decryption shares and randomized encrypted private data used in decryption encrypted private data. Doing so would result in an encryption scheme for ciphertext of messages that is applicable to electronic voting systems, as recognized by Neumann.
Regarding claim 20, Nath and Neumann teach method of claim 9.
Nath does not teach the polynomial function is a Lagrange polynomial, and wherein the secret share di is based on a Lagrange polynomial.
Neumann teaches the polynomial function is a Lagrange polynomial, and wherein the secret share di is based on a Lagrange polynomial (page 3, sec. Shamir/Feldman Secret Sharing; key shares are based upon computations using Lagrange polynomial t-1 where the sum of all shares provided to each participant i allows for the secret decryption key to be reconstructed and secret s = f(0), for equation teachings (see the Lagrange interpolation equation f(x) in prior art and assume that x = 0)).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Nath to incorporate the teachings of Neumann to provide Lagrange polynomial interpolation in order to reconstruct the decryption key from decryption shares. Doing so would allow for verifiable threshold secret sharing among multiple participants through a trusted party, as recognized by Neumann.
4.	Claims 6, 7, 11, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Nath in view of Neumann and Gentry (US Patent 8515058) filed on Nov. 10, 2010.
	Regarding claim 6, Nath and Neumann teach method of claim 2.
	Nath and Neumann do not teach the threshold homomorphic cryptosystem is based on a multiplicatively homomorphic cryptosystem.
	Gentry teaches the threshold homomorphic cryptosystem is based on a multiplicatively homomorphic cryptosystem (col. 6, line 50-51 and col. 22, line 28-35; RSA is a multiplicatively homomorphic encryption scheme using threshold homomorphic encryption).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Nath and Neumann to incorporate the teachings of Gentry to provide for a fully homomorphic encryption scheme that uses a multiplicative RSA encryption scheme. Doing so would allow for the computation of arbitrary functions over encrypted data, as recognized by Gentry.
Regarding claim 7, Nath, Neumann, and Gentry teach method of claim 6.
	Nath teaches wherein the decryption share is included in the encrypted private data (para 36, line 1-2 and para 47, line 1-5; a decryption share of the user is determined from the encrypted private data)
Nath does not teach each randomized encrypted private data is of the from mi*ri*E(R)siai and wherein R = (ΠiЄHri)-1mod N, N being a large composite 20number, preferably the product of two primes; and/or, wherein decrypting the aggregated randomized encrypted private data includes determining the product of the randomized encrypted private data and the associated decryption shares.
	Neumann teaches each randomized encrypted private data is of the from mi*ri*E(R)siai wherein the decryption share is included in the encrypted private data and wherein R = (ΠiЄHri)-1mod N, N being a large composite 20number, preferably the product of two primes; and/or, wherein decrypting the aggregated randomized encrypted private data includes determining the product of the randomized encrypted private data and the associated decryption shares (page 3, sec. Shamir/Feldman Secret Sharing and page 16, sec. Description, para 3 and 7; where p is a large prime number (and rearranging the Lagrange interpolation equation f(x), decryption share equation gf(i) = gs * gri*i mod p, R = (ΠiЄHri)-1mod N, encrypted data 𝑚𝑖=𝑔𝑣𝑖⋅ℎ𝑖𝑟𝑖 mod 𝑝, and random number ri gives similar form to decrypted product form)).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Nath to incorporate the teachings of Neumann to provide the forms for decryption shares and randomized encrypted private data used in decryption encrypted private data. Doing so would result in an encryption scheme for ciphertext of messages that is applicable to electronic voting systems, as recognized by Neumann.
Regarding claim 11, Nath and Neumann teach method of claim 10.
	Nath does not teach the threshold homomorphic cryptosystem is based on a multiplicatively homomorphic cryptosystem, such as a multiplicative RSA cryptosystem.
	Neumann teaches the threshold homomorphic cryptosystem is based on a multiplicatively homomorphic cryptosystem, such as a multiplicative RSA cryptosystem (col. 6, line 50-51 and col. 22, line 28-35: RSA is a multiplicatively homomorphic encryption scheme using threshold homomorphic encryption; page 3, sec. Shamir/Feldman Secret Sharing and page 16, sec. Description, para 3 and 7: where p is a large prime number and the Lagrange interpolation equation f(x), decryption share equation gf(i) = gs * gri*i mod p, , encrypted data 𝑚𝑖=𝑔𝑣𝑖⋅ℎ𝑖𝑟𝑖 mod 𝑝, and random number ri gives similar coefficients)).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Nath to incorporate the teachings of Neumann to provide the forms for decryption shares and randomized encrypted private data used in decryption encrypted private data. Doing so would result in an encryption scheme for ciphertext of messages that is applicable to electronic voting systems, as recognized by Neumann.
Regarding claim 19, Nath, Neumann, and Gentry teach method of claim 7.
Nath does not teach wherein N is the product of two primes; and/or, wherein the product is defined by the expression: 
    PNG
    media_image3.png
    200
    400
    media_image3.png
    Greyscale

    PNG
    media_image4.png
    200
    400
    media_image4.png
    Greyscale

Neumann teaches wherein N is the product of two primes; and/or, wherein the product is defined by the expression: 
    PNG
    media_image3.png
    200
    400
    media_image3.png
    Greyscale

    PNG
    media_image4.png
    200
    400
    media_image4.png
    Greyscale
( page 3, sec. Shamir/Feldman Secret Sharing and page 16, sec. Description, para 3 and 7; where p is a large prime number (and rearranging the Lagrange interpolation equation f(x), decryption share equation gf(i) = gs * gri*i mod p, R = (ΠiЄHri)-1mod N, encrypted data 𝑚𝑖=𝑔𝑣𝑖⋅ℎ𝑖𝑟𝑖 mod 𝑝, and random number ri gives similar form to decrypted product form))
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Nath to incorporate the teachings of Neumann to provide the forms for decryption shares and randomized encrypted private data used in decryption encrypted private data. Doing so would result in an encryption scheme for ciphertext of messages that is applicable to electronic voting systems, as recognized by Neumann.
Conclusion
5.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
	The following are the related patents and applications: Nadooshan et al. (US Pub. 2003/0147535) discloses managing components of a secret key according to a secret sharing scheme, where the secret sharing scheme divides a secret value, R, into n secret components and are distributed to a number of authorized users; Shi et al. (US Pub. 2012/0204026) discloses private stream aggregation (PSA) system contributes a user's data to a data aggregator without compromising the user's privacy; van Dijk et al. (US Patent 9,660,813) discloses provide respective increased or decreased privacy to the clients, by making it respectively more or less difficult to determine which client in a corresponding one of the Subgroups produced the communicated information; Wang et al. (US Pub. 2014/0281572) discloses aggregate statistics are securely determined on private data, the sampled data are encrypted to obtain encrypted data which are then combined, and the combined encrypted data are randomized to obtain randomized data.
6.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to NHAN H NGUYEN whose telephone number is (571)272-6443.  The examiner can normally be reached on Monday-Friday 8:30am - 4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/NHAN HUU NGUYEN/Examiner, Art Unit 2492

/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492