DETAILED ACTION
Response to Amendment
This action is in response to amendment filed July 21, 2022 for the application # 16/097,482 filed on October 29, 2018. Claims 261-265, 267-283, 288, 290-294, 297, 299, 301, and 302 are pending and are directed toward COMPUTER-IMPLEMENTED PRIVACY ENGINEERING SYSTEM AND METHOD.
Any claim objection/rejection not repeated below is withdrawn due to Applicant's amendment.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Response to Arguments
Applicant’s arguments with regards to claims 261-265, 267-283, 288, 290-294, 297, 299, 301, and 302 have been fully considered, but they are moot because of new grounds of rejection.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 261-264, 268, 269, 273-276, 282, 288, 291, 292, 294, 297, 299, 301, and 302 are rejected under 35 U.S.C. 103 as being unpatentable over Califano et al. (US 2003/0039362, Pub. Date: Feb. 27, 2003) in view of Renjith et al. (Verifiable El-Gamal Re-encryption with Authenticity in Cloud, IEEE, 4th ICCCNT – 2013, 5 pages), hereinafter referred to as Califano, and Renjith respectively.
As per claim 261, Califano teaches  computer implemented method for securely sharing datasets that include information and an original unique ID associated with an individual, where the datasets originate from several different data contributors (the invention, in one embodiment, provides systems that protect the privacy of the many participants in a clinical study. Califano, [0014]) and are to be shared with a central party or recipient (even if permission is given to share the genetic information, such permission is very likely to prohibit linking the disclosed genetic information with the actual identity of the participant that provided that genetic data. In these cases, the health practitioner is obligated to keep the patient’s genetic and other data as private and protected as possible. This is not only important from a risk management perspective, but is basic to the proper practice of medicine. Califano, [0003]), while concealing or masking the original, unique ID (Special concerns have arisen about the process for storing genetic information and other private data. Concerns have also arisen about how best to separate a participant’s identity from the client’s medical data. Current guidance and protections need to be enhanced to deal with the special considerations related to genetics research. Califano, [0004]);
in which each contributor randomly encrypts the original, unique ID and sends the encrypted original unique ID to an intermediary party, together with the information associated with each individual (In one practice the VPI may comprise a random number, or some other type of identifier, that lacks any information that may be employed, in and of itself, to determine identity information, such as name or social security number of the participant assigned the respective VPI. The system may then create an encrypted and secure database that contains the pairing between patient identity information and the assigned VPI. For subsequent operations of storing or accessing patient data, the system may employ the VPI, thus, decoupling patient identity information from operations for reading and storing data. Califano, [0010]), so that each data record or batch or data release will contain a different encrypted form of the original unique ID associated with that individual (Furthermore, the identity information of the patient, e.g., name, SSN, etc., can be stored in an identity database table shown as 26 in FIG. 2 also in encrypted form and indexed by the encrypted value of the VPI rather than directly by the VPI. This later optional step reduces the ability to trace back the genotypic and phenotypic data of the individual starting from the table that contains the identity information even if the encryption key is known because the VPI is not stored in the identity table and cannot, or cannot feasibly, be reconstructed from its encrypted form. Califano, [0030]);
Califano further teaches “the system described herein may employ a public key encryption process to store data in an encrypted format within the data table 420. Public Key encryption processes are known in the art and described in the literature, including in Bruce Schneier, Applied Crytpography (Addison-Wesley 1996), the contents of which are incorporated by reference. This asymmetric embodiment may be used to securely encrypt data remotely for each individual patient without having to divulge the private encryption key.” (Califano, [0038]). This reads on the limitation “in which the encryption is performed with both a public key of the central party and a public key of the intermediary party”. However to exclude any doubt, a reference to Renjith, (page 1) is provided: “The re-encryption process converts the cipher text encrypted under the public key of owner of the data to a different cipher text encrypted under the intended receiver’s public key…The re-encrypting authority should never get any information about the secret keys or the plain text during the process. The re-encryption is secure only if it does not reveal plain text in any of its intermediate stages. In the proposed method a novel re-encryption scheme is introduced that is secure against the collusion attacks and the re-encryption process does not reveal the plain text and secret keys anywhere in the middle of the process.”
Califano in view of Renjith are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Califano in view of Renjith. This would have been desirable because data need to be secured not only in the storage but also in the transit among authorized users. For secure data storage, encryption of the data is done using a powerful encryption mechanism. Encrypted data need to be shared among authorized clients. This is made possible through re-encryption (Renjith, page 1).

the intermediary party performs a homomorphic crypto operation (The encryption keys KvPI stored in the Key Table are then used to encrypt all data or some predefined data in the Data Table. These keys can be either symmetric or they can be the private key of a public-private asymmetric pair where the public part is the VPI, or another key associated with the VPI. In the first case, data in the Data Table is both encrypted and decrypted using the same key KvPI• while in the second case data is encrypted with the public portion of the key-pair and decrypted with the private portion of the key-pair. The systems described herein may employ the keys to decrypt data for allowing access to the data. Califano, [0015]) that deterministically but irreversibly maps the encrypted original, unique ID to an encrypted and obscured form (Each user related table is indexed on a primary key based on the VPI. This could be the VPI itself, a function, such as a hash function, of the VPI, or the encrypted VPI. The process employed for creating the hash of the VPI may include any suitable hash function, including any of the hash functions discussed and described in Bruce Schneier, Applied Cryptography (Addison-Wesley 1996), the contents of which are incorporated by reference. By way of example, the system may employ the MDS hash process to create the hashed key for indexing data within the Key and Data Tables. Each row in a table indexed by the VPI will have all or some fields encrypted with the corresponding KvPI key, uniquely associated to the VPI through the Key Table. Califano, [0032]), that differs for each contributor (The systems allow records for different individuals to be encrypted using different keys. Such systems also allow records for different patients to be accessed using a primary key, which is also encrypted using different keys. Furthermore, in this embodiment the keys employed to encrypt the individual records and primary keys are themselves encrypted using a Master Key and they are stored in a central Key Table indexed by a the primary key, which may be a unique random number, called the Virtual Private Identity (VPI). Califano, [0032]) and sends that encrypted and obscured data to a central or recipient party (As mentioned above, the phenotypic and genotypic data in the databases 12 and 14 are advantageously stored in the form of tables, with rows of the tables indexed by the encrypted VPI, while the identification information is stored in a table with rows of the table indexed by the encrypted VPI. The depicted system incorporates a separate and unique table with a list of the encryption keys KvPI related to the VPI's. This table will be referred to hereinafter as the "Key Table. Califano, [0014]);
Califano is silent about homomorphic, Renjith however teaches in which the homomorphic crypto operation uses a blind homomorphic operation; (The scheme proposed is a multiplicative homomorphic if it support group operation on encrypted text without decryption. Renjith, page 3).
Califano in view of Renjith further teaches the central or recipient party (i) decrypts the encrypted and obscured data received from the intermediate party to recover obscured unique IDs that are one-to-one mapped to but cannot be used to recover the original, unique ID and then (ii) joins together the information for the individual from each contributor (Thus, the VPI may act as the index for the patient's data and the key or keys employed for encrypting and decrypting that data. In optional practices, the VPI may also be encrypted, hashed or otherwise processed, to encrypt or secure the relational link for indexing the patient's data and the key or keys for encrypting and decrypting that information. Califano, [0013]).
As per claim 262, Califano in view of Renjith teaches the method of Claim 261 in which the original unique ID, once encrypted, is never sent in the clear (To this end, the systems and methods of the invention may include database systems that separate the patient's identity information from the patient's medical data. The separated identity and medical data may then be securely stored within a database table, and done so in a way that allows the health care practitioner to store portions of the data in a secure format, typically as encrypted data. Other tuples of medical data may be stored in a non-secure format, typically in clear text, thereby providing data that the database management system may expose for searching the data and building views. Califano, [0026]).
As per claim 263, Califano in view of Renjith teaches the method of Claim 261 in which the intermediary party generates and raises the ciphertext to the power of a secret, random number exponentiation key, k, to generate the encrypted and obscured form and the central party decrypts this to generate mK, where m is the original unique ID and the decisional DiffieHellman assumption implies that it is cryptographically hard for the central party to generate m using mK. (D. Proposed Protocol. Renjith, page 3).
Califano in view of Renjith are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Califano in view of Pornin in view of Kennedy. This would have been desirable because Blinding is a technique that hides the presence of a message with a blinding factor and all the encryption operations are done on the blinded message. We uses the concept of blinding for the secure production of the re-encryption key so that the assymmetric property of the re-encryption is maintained. (Renjith, pages 2-3).

As per claim 264, Califano in view of Renjith teaches the method of Claim 261 in which key generation, encryption and decryption operations are based on an ElGamal encryption system and the intermediary party conducts the operation on the ciphertexts exploiting the fact that ElGamal encryption is homomorphic under exponentiation (D. Proposed Protocol. Renjith, page 3).
Califano in view of Renjith are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Califano in view of Pornin in view of Kennedy. This would have been desirable because Blinding is a technique that hides the presence of a message with a blinding factor and all the encryption operations are done on the blinded message. We uses the concept of blinding for the secure production of the re-encryption key so that the assymmetric property of the re-encryption is maintained. (Renjith, pages 2-3).

As per claim 268, Califano in view of Renjith teaches the method of Claim 261 in which the method eliminates the requirement for the sharing of a unique ID for an individual that is also shared between some or all data contributors, and that is also used by the central party (It would therefore be desirable to provide a system and a method that supports adequate security precautions to prevent people without appropriate authorization from accessing the information contained in its databases. Moreover, the most important privacy element, that is the association of individual identities with their corresponding genotype or phenotype data, must be inaccessible, or substantially inaccessible, to any authenticated user without the authorization of a supervisory trusted party. Califano, [0009]).
As per claim 269, Califano in view of Renjith teaches the method of Claim 261 in which an individual has more than one original unique ID such as address, email, and postcode (In one practice the VPI may comprise a random number, or some other type of identifier, that lacks any information that may be employed, in and of itself, to determine identity information, such as name or social security number of the participant assigned the respective VPI. Califano, [0010]).
As per claim 273, Califano in view of Renjith teaches the method of Claim 261 in which each contributor includes with the information sent to the intermediary party a schema, or structural description of the information, and the intermediary party is able to use the schema from each contributor to identify columns in the data that correspond to the original, unique IDs (Califano, [0014]).
As per claim 274, Califano in view of Renjith teaches the method of Claim 261 in which the information associated with each individual, that is sent from each contributor to the intermediary party, is encrypted (Califano, [0014]).
As per claim 275, Califano in view of Renjith teaches the method of Claim 261 in which original unique IDs are stored in a column in the datasets held by a contributor (Califano, [0030]).
As per claim 276, Califano in view of Renjith teaches the method of Claim 261 in which each contributor uses the same unique ID for an individual, or more than one original unique ID with a common identifier (Califano, [0026]).
As per claim 282, Califano in view of Renjith teaches the method of Claim 261 in which each contributor is independent of all other contributors and cannot share personal information, with other contributors (Califano, [0003]).
As per claim 283, Califano in view of Renjith teaches the method of Claim 261, but does not explicitly teach areas of application, Beunardeau however teaches in which each contributor is: a different bank or other financial institution and the datasets include personal financial information, or a different holder of medical data and the datasets include medical information, or a different telecommunications service provider and the datasets include call-related information, or a different internet service provider and the datasets include internet or web browsing-related information, or a different social network and the datasets include social network-related information (And FHE obviously has many applications, be it in hospitals, financial institutions, advertising, consulting, or pricing. Beunardeau, page 66).
Califano in view of Renjith in view of Beunardeau are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Califano in view of Renjith in view of Beunardeau. This would have been desirable because We can securely perform arbitrary complex computations, leveraging an external server’s computational power. To illustrate this, imagine blind cooks (or photographers, silversmiths, and so on) using their skills on something they can’t see. In this analogy, the cooks are the powerful cloud services and the raw material they work on is your data (Beunardeau, page 65).

As per claim 288, Califano in view of Renjith teaches the method of Claim 261 in which each contributor holds geo-location information for multiple individuals and/or holds sensitive personal information for different individuals (Califano, [0007]).
As per claim 291, Califano in view of Renjith teaches the method of Claim 261 in which the central party data mines the information for multiple individuals, without being able to identify any specific individual (Califano, [0009]).
As per claim 292, Califano in view of Renjith teaches the method of Claim 261 in which the central party assumes the role of the intermediary party (These principles are the prerequisites for the creation of highly secure, reliable, and centralized genetic system for the enrollment of large number of genetic study participants and for the storage, management, and analysis of their tissue samples, general type, medical and personal data. These principles must also apply to the creation of an online infrastructure to support an informed consent process that is dynamic in nature. Califano, [0008]).
As per claim 294, Califano in view of Renjith teaches the method of Claim 261 in which the representation further provides a comprehensive view of information held by the dataset(s) that specifically relates to health, pension, financial or education data (Califano, [0026]).
As per claim 297, Califano in view of Renjith teaches a software system that implements the computer implemented methods defined above in Claim 261 (As discussed above, the systems can be realized as a software component operating on a conventional data processing system such as a Unix workstation. In that embodiment, the system may be implemented as a C language computer program, or a computer program written in any high level language including C++, Fortran, Java or basic. General techniques for high level programming are known, and set forth in, for example, Stephen G. Kochan, Programming in C, Hayden Publishing (1983). Califano, [0041]).
As per claim 299, Califano in view of Renjith teaches a cloud computing infrastructure that implements the computer implemented methods as defined above in Claim 261 (By way of example, the depicted databases can be any suitable database system, including the commercially available Microsoft Access database, and can be a local or distributed database system. The design and development of suitable database systems are described in the literature, including McGovern et al., A Guide to Sybase and SQL Server, Addison-Wesley (1993). The database can be supported by any suitable persistent data memory, such as a hard disk drive, RAID system, tape drive system, floppy diskette, or any other suitable system. The system depicted in FIG. 2 includes a database device that is separate from the data processing platform, however, it will be understood by those of ordinary skill in the art that in other embodiments the database device can be integrated into the data processing platform, including a web server system. Califano, [0029]).
As per claim 301, Califano in view of Renjith teaches  the method of Claim 261 in which the original unique ID for the individual is never seen by the intermediary or the central or recipient party, and yet the central or recipient party is able to join together the information for the individual from each contributor (Califano, [0034]).
As per claim 302, Califano in view of Renjith teaches the method of Claim 301 in which the original unique ID for the individual is never seen, never stored and neither transmitted or held transiently during processing in the clear (Califano, [0009]).
Claim 283 is rejected under 35 U.S.C. 103 as being unpatentable over Califano et al. (US 2003/0039362, Pub. Date: Feb. 27, 2003) in view of Renjith et al. (Verifiable El-Gamal Re-encryption with Authenticity in Cloud, IEEE, 4th ICCCNT – 2013, 5 pages) in view of Beunardeau et al. (Fully Homomorphic Encryption: Computations with a Blindfold, IEEE, January/February 2016, pages 63-67), hereinafter referred to as Califano, Renjith, and Beunardeau respectively.
As per claim 283, Califano in view of Renjith teaches the method of Claim 261, but does not explicitly teach areas of application, Beunardeau however teaches in which each contributor is: a different bank or other financial institution and the datasets include personal financial information, or a different holder of medical data and the datasets include medical information, or a different telecommunications service provider and the datasets include call-related information, or a different internet service provider and the datasets include internet or web browsing-related information, or a different social network and the datasets include social network-related information (And FHE obviously has many applications, be it in hospitals, financial institutions, advertising, consulting, or pricing. Beunardeau, page 66).
Califano in view of Renjith in view of Beunardeau are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Califano in view of Renjith in view of Beunardeau. This would have been desirable because We can securely perform arbitrary complex computations, leveraging an external server’s computational power. To illustrate this, imagine blind cooks (or photographers, silversmiths, and so on) using their skills on something they can’t see. In this analogy, the cooks are the powerful cloud services and the raw material they work on is your data (Beunardeau, page 65).

Claim 290 is rejected under 35 U.S.C. 103 as being unpatentable over Califano et al. (US 2003/0039362, Pub. Date: Feb. 27, 2003) in view of Renjith et al. (Verifiable El-Gamal Re-encryption with Authenticity in Cloud, IEEE, 4th ICCCNT – 2013, 5 pages) in view of Kennedy et al. (US 8,627,107, Jan.7, 2014), hereinafter referred to as Califano, Renjith, and Kennedy respectively.
As per claim 290, Califano in view of Renjith teaches the method of Claim 261, and Kennedy further teaches in which the central party is a governmental organization (For example, the Health Insurance Portability and Accountability Act (HIPAA) requires certain health care providers, health care clearinghouses, and health plans ("covered entities") to encrypt private health information using secure TCP/IP network encryption technology, Kennedy, Column 1, lines 26-30).
Califano in view of Renjith are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Califano in view of Renjith in view of Kennedy. This would have been desirable because a covered entity may disclose private health information to a business associate only after obtaining satisfactory assurances that the business associate will appropriately safeguard the information (Kennedy, Column 1, lines 31-34).



Claims 270 and 272 are rejected under 35 U.S.C. 103 as being unpatentable over Califano et al. (US 2003/0039362, Pub. Date: Feb. 27, 2003) in view of Renjith et al. (Verifiable El-Gamal Re-encryption with Authenticity in Cloud, IEEE, 4th ICCCNT – 2013, 5 pages) in view of Kennedy et al. (US 8,627,107, Jan.7, 2014), in view of Ivan_D (XSLT: How to generate unique id for node based on value only, 2013, 5 pages), hereinafter referred to as Califano, Renjith, Kennedy, and Ivan_D respectively.
As per claim 270, Califano in view of Renjith teaches the method of Claim 269 but does not teach ID concatenation, Ivan_D however teaches in which an individual's original unique IDs are joined together (As for the concatenation that I'm using, I tell my students the technique of using a carriage returnas a field delimiter reduces the likelihood of an unintended value collision to an infinitesimal sizesince there are very few hard carriage returns in XML content (those carriage returns that are partsof end-of-line sequences are normalized to a line-feed and so do not appear in the data). Ivan_D, page 3).
Califano in view of Renjith in view of Ivan_D are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Califano in view of Renjith in view of Ivan_D. This would have been desirable because a covered entity may disclose private health information to a business associate only after obtaining satisfactory assurances that the business associate will appropriately safeguard the information (Kennedy, Column 1, lines 31-34), and what other way to generate unique id for node based on its value only? (Ivan_D, page 1).

As per claim 272, Califano in view of Renjith teaches the method of Claim 261 but does not teach ID concatenation, Ivan_D however in which an original, unique ID is a combination of multiple identifiers, and it is the combination of identifiers that is unique. (As for the concatenation that I'm using, I tell my students the technique of using a carriage returnas a field delimiter reduces the likelihood of an unintended value collision to an infinitesimal sizesince there are very few hard carriage returns in XML content (those carriage returns that are partsof end-of-line sequences are normalized to a line-feed and so do not appear in the data). Ivan_D, page 3).
Califano in view of Renjith in view of Ivan_D are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Califano in view of Renjith in view of Ivan_D. This would have been desirable because a covered entity may disclose private health information to a business associate only after obtaining satisfactory assurances that the business associate will appropriately safeguard the information (Kennedy, Column 1, lines 31-34), and what other way to generate unique id for node based on its value only? (Ivan_D, page 1).

Claim 271 is rejected under 35 U.S.C. 103 as being unpatentable over Califano et al. (US 2003/0039362, Pub. Date: Feb. 27, 2003) in view of in view of Renjith et al. (Verifiable El-Gamal Re-encryption with Authenticity in Cloud, IEEE, 4th ICCCNT – 2013, 5 pages), in view of NSTC (Biometrics Frequently Asked Questions, 2005, 25 pages), hereinafter referred to as Califano, Renjith, Kennedy, and NSTC respectively.
As per claim 271, Califano in view of Renjith teaches the method of Claim 261, but does not teach biometrics, NSTC however teaches in which biometric signatures are used as original unique ID such as voice signatures, digitised fingerprints, retina scans or iris scans (Common examples of biometric use involve controlling access to physical locations (laboratories, buildings, etc.) or logical information (personal computer accounts, secure electronic documents, etc). Biometrics can also be used to determine whether or not a person is already in a database, such as for social service or national ID applications. NSTC, page 9).
Califano in view of Renjith in view of NSTC are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Califano in view of Renjith in view of NSTC. This would have been desirable because a covered entity may disclose private health information to a business associate only after obtaining satisfactory assurances that the business associate will appropriately safeguard the information (Kennedy, Column 1, lines 31-34), and because biometrics are being used in many locations to enhance the security and convenience of the society. Example deployments within the United States Government include the FBI’s IAFIS, the US-VISIT program, the Transportation Workers Identification Credentials (TWIC) program, and the Registered Traveler (RT) program. These deployments are intended to strengthen the security and convenience in their respective environments. Many companies are also implementing biometric technologies to secure areas, maintain time records, and enhance user convenience (NSTC, page 9).

Claims 277 and 278 are rejected under 35 U.S.C. 103 as being unpatentable over Califano et al. (US 2003/0039362, Pub. Date: Feb. 27, 2003) in view of Renjith et al. (Verifiable El-Gamal Re-encryption with Authenticity in Cloud, IEEE, 4th ICCCNT – 2013, 5 pages), in view of Wang et al. (US 2014/0281572, Pub. Date: Sep. 18, 2014), hereinafter referred to as Califano, Renjith, and Wang respectively.
As per claim 277, Califano in view of Renjith teaches the method of Claim 261, but does not teach differential privacy, wang however teaches in which the information that is joined together for each individual from each contributor is anonymised or generalised to less specific values to preserve privacy and is then published (Wang, Fig. 1).
Califano in view of Renjith in view of Wang are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Califano in view of Renjith in view of Wang. This would have been desirable because a covered entity may disclose private health information to a business associate only after obtaining satisfactory assurances that the business associate will appropriately safeguard the information (Kennedy, Column 1, lines 31-34), and because to secure computing, and more particularly to performing secure aggregate statistical analysis on a private data by a third party. (Wang, [0002]).

As per claim 278, Califano in view of Renjith in view of Wang teaches the method of Claim 261 in which publication is by a computer-based system that processes a sensitive dataset and publishes a derivative dataset such that privacy is preserved in the derivative dataset by generalising data values to less specific values by transforming columns in a table of data (Wang, Fig. 1).
Califano in view of Renjith in view of Wang are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Califano in view of Renjith in view of Wang. This would have been desirable because a covered entity may disclose private health information to a business associate only after obtaining satisfactory assurances that the business associate will appropriately safeguard the information (Kennedy, Column 1, lines 31-34), and because to secure computing, and more particularly to performing secure aggregate statistical analysis on a private data by a third party. (Wang, [0002]).

Claims 279, 280 and 293 are rejected under 35 U.S.C. 103 as being unpatentable over Califano et al. (US 2003/0039362, Pub. Date: Feb. 27, 2003) in view of Renjith et al. (Verifiable El-Gamal Re-encryption with Authenticity in Cloud, IEEE, 4th ICCCNT – 2013, 5 pages), in view of Kern et al. (Anonymity: A Formalization of Privacy - l-Diversity, ACN SS2013, pages 49-56, 2013), hereinafter referred to as Califano, Renjith, and Kern respectively.
As per claim 279, Califano in view of Renjith teaches the method of Claim 278, but does not teach l-diversity, Kern however teaches in which the system enables a user to (a) define the required level of k-anonymity and/or l-diversity, and the system then automatically generalises some or all of the data in the sensitive dataset so that the derivative dataset achieves the required level of k-anonymity and/or l-diversity, and also enables the user to (b) manually configure how to generalise each column in the table (One toolbox is called Cornell Anonymization Toolkit (CAT) [12] and was developed by the Department of Science at Cornell University. It is a Windows-based software containing an interactive GUI for visualization and analyzing of (anonymous) databases. For anonymization it uses the definitions of Recursive (c, l)-Diversity and t-Closeness [5]. Another toolbox was created by the University of Dallas (UTD) and is called UTD Anonymization Toolbox [1]. It is a platform-independent software for anonymization of random datasets. Here nearly every privacy method (including k-Anonymity, l-Diversity and t-Closeness) is implemented using algorithms like Datafly [9] and Incognito [5]. Both tools require databases in form of text files as input and certain hierarchy trees like value generalization trees ([10]) of non-sensitive attributes or quasi-identifiers to apply the implemented algorithms. Kern, page 54).
Califano in view of Renjith in view of Kern are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Califano in view of Renjith in view of Kern. This would have been desirable because a covered entity may disclose private health information to a business associate only after obtaining satisfactory assurances that the business associate will appropriately safeguard the information (Kennedy, Column 1, lines 31-34), and because several algorithms (like [9], [4]) have been introduced so far to realize k-Anonymity, l-Diversity or t-Closeness [5] in an efficient manner. Hence, it is useful to develop toolboxes that provide these algorithms, and that can be applied to any arbitrary published dataset. Therefore, two universities developed such toolboxes which are briefly introduced in the following section. (Kern, page 54).

As per claim 280, Califano in view of Renjith in view of Kern teaches the method of Claim 279 in which the anonymised or generalised form of data is then shared back with one or more of the contributors (In order to publish such a table to any research group or the public, it has to be anonymized to make it difficult for any adversary to disclose sensitive information. Kern, page 54).
Califano in view of Renjith in view of Kern are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Califano in view of Renjith in view of Kern. This would have been desirable because a covered entity may disclose private health information to a business associate only after obtaining satisfactory assurances that the business associate will appropriately safeguard the information (Kennedy, Column 1, lines 31-34), and because several algorithms (like [9], [4]) have been introduced so far to realize k-Anonymity, l-Diversity or t-Closeness [5] in an efficient manner. Hence, it is useful to develop toolboxes that provide these algorithms, and that can be applied to any arbitrary published dataset. Therefore, two universities developed such toolboxes which are briefly introduced in the following section. (Kern, page 54).

As per claim 293, Califano in view of Renjith in view of Kern teaches the method of Claim 261 which provides a representation of the dataset(s) in an aggregate form wherein the representation prevents any original unique ID for any individual to be re-generated (One realization of l-Diversity is called Entropy l-Diversity, Kern. Page 52).
Califano in view of Renjith in view of Kern are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Califano in view of Renjith in view of Kern. This would have been desirable because a covered entity may disclose private health information to a business associate only after obtaining satisfactory assurances that the business associate will appropriately safeguard the information (Kennedy, Column 1, lines 31-34), and because In order to avoid these two privacy-destroying cases, every q*-block should have at least l different sensitive attributes, so that an adversary must have at least l−1 different amount of information to eliminate the other possible values with high probability. (Kern, page 52).

Allowable Subject Matter
Claims 265, 267 and 281 are indicated as allowable over cited prior art.
As allowable subject matter has been indicated, applicant's reply must either comply with all formal requirements or specifically traverse each requirement not complied with.  See 37 CFR 1.111(b) and MPEP § 707.07(a).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to OLEG KORSAK whose telephone number is (571)270-1938.  The examiner can normally be reached on 5:00 AM- 4:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SALEH NAJJAR can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/OLEG KORSAK/Primary Examiner, Art Unit 2492