DETAILED ACTION
This Office Action is in response to the amendment filed on July 13, 2022
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claims 1-20 are pending and herein considered.

Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
The amendment filed on 07/13/2022 has been entered and fully considered.
The drawings were received on 07/13/2022.  These drawings are acceptable.

Response to Arguments
In light of the Applicant’s amendment filed 07/13/2022, the claim objection has been withdrawn.
In light of the Applicant’s amendment filed 07/13/2022, of the Applicant’s amendment filed 07/13/2022, the 35 U.S.C. 101 rejection has been withdrawn.
Applicant's arguments filed 07/13/2022 have been fully considered but they are not persuasive. For the following:
Applicant’s argument:
” Parida fails to recite a number of claim features, for example:
providing a public encryption key and a first seed to a first party of one or more parties;
receiving a first encrypted data set encrypted using the public encryption key and marked
by the first party with a first mark based on the first seed;
receiving an indication that a first operation associated with the first party has been
performed on the aggregated data set;
 in response to the receiving, updating the first encrypted data set of the aggregated data
set by updating the first mark to a second mark according to the first operation;
generating a verification encrypted data set according to at least the second mark and
at least the corresponding first operation; and
verifying the aggregated data set by comparing the updated first encrypted data set and
the verification encrypted data set”.

	In response:
The Examiner respectfully disagree. The combination of Parida and Ding teaches the claim limitations argues above. providing a public encryption key and a first seed to a first party of one or more parties: para. [0055] encryption keys are transmitted… send a broker encryption key to each of the plurality of subject modules 402…The researcher module 406 can send an isomorphic encryption key 407 to each of the plurality of subject modules 402. The isomorphic encryption key 407 is an encryption key capable of performing isomorphic encryption; the Examiner interpret the isomorphic encryption key as a seed as disclosed in figure 4.
receiving a first encrypted data set encrypted using the public encryption key and marked by the first party with a first mark based on the first seed: para. [0061] sending a homomorphic encryption key to a subject…receiving encrypted random factored data from a broker (prefer to figure 4, for example, broker 412…performing a statistical analysis on the random factored data. In some embodiments of the invention, garbling factors are applied to the intermediate regression matrix restrict resulting statistics for performing a statistical analysis on the random factored data. The Examiner interpret “garbling factor” as seed that mark the first party, for example, a garbled protocol construction allows each party to independently generate a garbled protocol component for securing communication.
receiving an indication that a first operation associated with the first party has been performed on the aggregated data set: para. [0065] aggregation is performed on singly homomorphically encrypted data. After aggregation and prior to sending data to an analyst, random factor inclusion can be performed. An analyst can then homomorphically decrypt the aggregated data to obtain random-factor coded numbers and, subsequently, extract the statistic for final analysis; as described in paragraph 0060, the double encrypted subject data includes isomorphically encrypted data and paragraph 0061, garbling factors are applied to the intermediate regression matrix restrict resulting statistics for performing a statistical analysis on the random factored data, the Examiner interpret the data set is homomorphically encrypted and applying of garbling factors as an  indication that a party has performed on the aggregated data set.
in response to the receiving, updating the first encrypted data set of the aggregated data set by updating the first mark to a second mark according to the first operation: para. [0061] sending a homomorphic encryption key to a subject…receiving encrypted random factored data from a broker (prefer to figure 4, for example, broker 412…performing a statistical analysis on the random factored data). The Examiner direct the Applicant to paragraph 0060, which states “including random factors in the aggregate single encrypted subject data to generate encrypted random factored data…”, since random factors for a single encrypted subject, a second mark would be another random factor for the single subject.
generating a verification encrypted data set according to at least the second mark and at least the corresponding first operation: Ding: para. 0010, wherein each DP is able to homomorphically encrypt its data… wherein the TAP is able to re-encrypt the encrypted analyzing result,; analyzing the cipher texts; in response to a request from a third authorized party (TAP), [0083] Then, at step 208, node x (i.e., the DR) sends a first request to the TAP. The first request may be used for acquiring the analyzed (for example, aggregated) result of a plurality of DPs' data. For example, the first request may comprise information about these DPs' identifications (IDs), what data is required, and what processing is required on the data. The first request may further comprise the DR's public key); the Examiner interpret that the aggregated result as dataset which corresponds to first operation (i.e. request) and a re-encrypted the encrypted result as a second mark for the operation for the aggregated result.
verifying the aggregated data set by comparing the updated first encrypted data set and the verification encrypted data set: Ding: para. [0084] Then, at step 210, the TAP checks the DR's eligibility in response to the first request from the DR; para. [0085] Then, at step 212, the CSP encrypts the analyzing result in response to the second request from the TAP, and sends the encrypted analyzing result to the TAP. In this scheme, it is assumed that the DR requests for the analyzed (for example, aggregated) result of all the DPs that have provided their data to the CSP during the data collection. However, it is also possible that the DR only requests for the analyzed (for example, aggregated) result of a subset of all the DPs. In this case, the CSP may store the cipher texts of respective DPs' data during the data collection, and analyze the cipher texts of the subset according to the DR's request. The Examiner interpret the first encrypted data set as the aggregated result and the verification encrypted dataset as a subset of all the Data Providers, also as recited in paragraph 0080 each DP homomorphically encrypts its data to generate its cipher text, and sends the cipher text to the CSP, so a subset of all DP can be verified.
Therefore, the combination of Parida and Ding disclosed the argument above.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-13 and 15-19 are rejected under 35 U.S.C. 103 as being unpatentable over Parida et al. (Parida) U.S. Pub. Number 2019/0266343, in view of Ding et al. (Ding) U.S. Pub. Number 2018/0359229.
Regarding claim 1; Parida discloses a method of improving data security or privacy in a homomorphic encryption computing environment, comprising:
providing a public encryption key and a first seed to a first party of one or more parties (para. [0055] encryption keys are transmitted… send a broker encryption key to each of the plurality of subject modules 402);
receiving a first encrypted data set encrypted using the public encryption key and marked by the first party with a first mark based on the first seed (para. [0061] sending a homomorphic encryption key to a subject…receiving encrypted random factored data from a broker (prefer to figure 4, for example, broker 412…performing a statistical analysis on the random factored data. In some embodiments of the invention, garbling factors are applied to the intermediate regression matrix restrict resulting statistics for performing a statistical analysis on the random factored data). Emphasis added
aggregating the first encrypted data set into an aggregated data set at an aggregator (para. [0062] aggregation is performed on singly homomorphically encrypted data. After aggregation and prior to sending data to an analyst, random factor inclusion can be performed. An analyst can then homomorphically decrypt the aggregated data to obtain random-factor coded numbers and, subsequently, extract the statistic for final analysis);
receiving an indication that a first operation associated with the first party has been performed on the aggregated data set (para. [0065] aggregation is performed on singly homomorphically encrypted data. After aggregation and prior to sending data to an analyst, random factor inclusion can be performed. An analyst can then homomorphically decrypt the aggregated data to obtain random-factor coded numbers and, subsequently, extract the statistic for final analysis);
in response to the receiving, updating the first encrypted data set of the aggregated data set by updating the first mark to a second mark according to the first operation (para. [0061] sending a homomorphic encryption key to a subject…receiving encrypted random factored data from a broker (prefer to figure 4, for example, broker 412…performing a statistical analysis on the random factored data).
Parida does not disclose, which Ding discloses generating a verification encrypted data set according to at least the second mark and at least the corresponding first operation (Ding: para. [0083] Then, at step 208, node x (i.e., the DR) sends a first request to the TAP. The first request may be used for acquiring the analyzed (for example, aggregated) result of a plurality of DPs' data. For example, the first request may comprise information about these DPs' identifications (IDs), what data is required, and what processing is required on the data. The first request may further comprise the DR's public key); and
verifying the aggregated data set by comparing the updated first encrypted data set and the verification encrypted data set (Ding: para. [0084] Then, at step 210, the TAP checks the DR's eligibility in response to the first request from the DR; para. [0085] Then, at step 212, the CSP encrypts the analyzing result in response to the second request from the TAP, and sends the encrypted analyzing result to the TAP. In this scheme, it is assumed that the DR requests for the analyzed (for example, aggregated) result of all the DPs that have provided their data to the CSP during the data collection. However, it is also possible that the DR only requests for the analyzed (for example, aggregated) result of a subset of all the DPs. In this case, the CSP may store the cipher texts of respective DPs' data during the data collection, and analyze the cipher texts of the subset according to the DR's request).

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Parida to provide generating a verification encrypted data set according to at least the second mark and at least the corresponding first operation and verifying the aggregated data set by comparing the updated first encrypted data set and the verification encrypted data set, as taught by Ding. The motivation would be to reduce impact on privacy of raw data providers or the human-beings being involved that the data are collected and processed both in an encrypted manner and the final processing result can only be accessed by the authorized party with eligibility, for enhancing the privacy of data providers (i.e. based on the personal data or sensitive data of the involved parties)

Regarding claim 2; the combination of Parida and Ding discloses the method of claim 1, further comprising decrypting the first aggregated data set in response to the first aggregated data set being verified, and transmitting the decrypted aggregated data set to the aggregator (Parida: para. [0058] a data aggregation engine 418…can aggregate the encrypted subject data. For example, the aggregation engine 418 can aggregate subject data that is isomorphically encrypted and has been decrypted by the broker encryption key…transmits aggregate data 422, such as encrypted and random factored data generated by the broker module 404, to the researcher module 406).

Regarding claim 3; the combination of Parida and Ding discloses the method of claim 2, wherein the decrypting is performed by a decryptor (Parida: para. [0059] isomorphic decryption engine can encrypt the aggregate data 422 with a key capable of decrypting data encrypted with the isomorphic encryption key 407).

Regarding claim 4; the combination of Parida and Ding discloses the method of claim 4, wherein the decryptor uses a private key to perform the decryption (Parida: para. [0057] a broker decryption engine 416. The broker decryption engine 416 can decrypt subject data 414 transmitted by the subject module 402 with a broker decryption key. The broker decryption key can be the corresponding key to the broker encryption key in an asymmetric key pair or a corresponding key to the broker encryption key in a symmetric encryption system).

Regarding claim 5; the combination of Parida and Ding discloses the method of claim 3, wherein the decryptor, separately and independently of the aggregator, verifies the updated aggregated data set by generating marks corresponding to the first operation and the aggregated data set and for each of the one or more parties (Parida: para. [0004] decrypting the double-encrypted subject data with a broker decryption key to generate single-encrypted subject data for the plurality of subjects…includes aggregating the single-encrypted subject data for the plurality of subjects to generate an aggregated single-homomorphically encrypted data set).

Regarding claim 6; the combination of Parida and Ding discloses the method of claim 1, wherein the aggregator is an entity that is assumed to be non-trusted by at least the decryptor (Parida: para. [0056] In the subject module 402, an isomorphic encryption engine 410 can encrypt the subject data with the isomorphic encryption key. The subject module 402 can also include a broker encryption engine 412. The broker encryption engine 412 can encrypt the subject data, such as isomorphically encrypted subject data generated by the isomorphic encryption engine 410 with the broker encryption key 408).

Regarding claim 7; the combination of Parida and Ding discloses the method of claim 6, wherein the aggregator is assumed to be malicious, and is assumed to deviate from steps of a requested protocol (Ding: para. [0055] response to a first request from a DR, the TAP checks the DR's eligibility. If the check result is negative, the TAP neglects the first request at step 604. On the other hand, if the check result is positive, the TAP sends a second request to a CSP at step 606, wherein the CSP is able to process cipher texts obtained from a plurality of DPs). The reason to combine Parida and Ding is the same as claim 1, above.

Regarding claim 8; the combination of Parida and Ding discloses the method of claim 3, wherein the decryptor is assumed to be semi-honest, and is assumed to follow steps of a requested protocol (Ding: para. [0099] if the check result is positive (i.e., the DR has eligibility to acquire the data), the TAP sends a second request to the CSP. In this scheme shown in FIG. 3, the second request is basically the same as the first request except that the second request does not comprise the DR's public key). The reason to combine Parida and Ding is the same as claim 1, above.

Regarding claim 9; the combination of Parida and Ding discloses the method of claim 8, wherein the decryptor comprises a trusted execution environment (Ding: para. [0092] there exists a trusted server which is allowed to access the analyzed result but not the provided raw data. In this scheme, the TAP is assumed to be fully trusted to be able to access the analyzed result). The reason to combine Parida and Ding is the same as claim 1, above.

Regarding claim 10; the combination of Parida and Ding discloses the method of claim 9, wherein a certificate is generated when code is executed accurately within the trusted execution environment of the decryptor (Ding: para. [0092] there exists a trusted server which is allowed to access the analyzed result but not the provided raw data. In this scheme, the TAP is assumed to be fully trusted to be able to access the analyzed result). The reason to combine Parida and Ding is the same as claim 1, above.

Regarding claim 11; the combination of Parida and Ding discloses the method of claim 1, wherein first encrypted data set comprises private information of the first party (Ding: para. [0055] data aggregation is based on the personal data or sensitive data of the involved parties). The reason to combine Parida and Ding is the same as claim 1, above.

Regarding claim 12; the combination of Parida and Ding the method of claim 1, further comprising updating the first mark to the second mark according to the first operation and using a pseudo random generator (Ding: para. [0065] At step 102b, node i (i.e., a DP) performs its share of the system initialization process… the node i may obtain the public parameters n, g and h from the TAP by sending a registration request to the TAP, and then generate its key pair (SK.sub.i, PK.sub.i)=(k.sub.i, h.sup.k.sup.i), where k.sub.i is a random number). The reason to combine Parida and Ding is the same as claim 1, above.

Regarding claim 13; the combination of Parida and Ding the method of claim 1, wherein the first operation corresponds to a first iteration (Ding: para. [0016] the first request comprises the DR's public key, and the second request is the same as the first request… the cipher texts based on the second request, and analyze the cipher texts; Ding: para. [0017] the first request comprises the DR's public key, and the second request is the same as the first request). The reason to combine Parida and Ding is the same as claim 1, above.

Regarding claim 15; the combination of Parida and Ding the method of claim 1, wherein the first operation is performed according to a homomorphic encryption scheme (Parida: para. [0003] aggregating, by the processor, the single-encrypted subject data for the plurality of subjects to generate an aggregated single-homomorphically encrypted data set).

Regarding claim 16; the combination of Parida and Ding the method of claim 15, wherein the homomorphic encryption scheme supports a packing property, in which one or more plaintexts and/or at least one mark are combined into a single ciphertext (Parida: para. [0003] sending, by the processor, the aggregated single-homomorphically encrypted data set to an analyst).

Regarding claim 17; the combination of Parida and Ding the method of claim 15, wherein the homomorphic encryption scheme comprises additive gates, multiplicative gates, or both (Ding: para. [0054] In the schemes of the present disclosure, the data aggregation utilizes the following characteristics of the additive homomorphic encryption functions). The reason to combine Parida and Ding is the same as claim 1, above.

Regarding claim 18; the combination of Parida and Ding the method of claim 3, wherein the decryptor provides each of the one or more parties with a pseudo random generator with which the one or more parties generate random numbers based on received seeds and public encryption key (Parida: para. [0059] isomorphic decryption engine can encrypt the aggregate data 422 with a key capable of decrypting data encrypted with the isomorphic encryption key 407. The isomorphic decryption engine 424 can perform statistical analyses on the random factored aggregate data to generate the statistics of interest).

Regarding claim 19; claim 19 is directed to a system which has similar scope as claim 1. Therefore, claim 19 remains un-patentable for the same reasons.

Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Parida et al. (Parida) U.S. Pub. Number 2019/0266343, in view of Ding et al. (Ding) U.S. Pub. Number 2018/0359229 and further ins view of Bhowmick et al. (Bhowmick) U.S. Pub. Number 20190244138.
Regarding claim 14; the combination of Parida and Ding the method of claim 3.
The combination above does not disclose, which Bhowmick discloses wherein the aggregator and decryptor are virtual computing entities hosted by a single host (Bhowmick: para.  [0029] a server 130 can connect with a set of client devices 110a-110n, 111a-111n, 112a-112n over a network 120. The server 130 can be any kind of server, including an individual server or a cluster of servers. The server 130 can also be …virtual server).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Parida, in view of Ding to provide virtual computing entities hosted by a single host, as taught by Bhowmick The motivation would be to provide a robust platform that can be associated within a large set of users to which tasks can be crowdsourced with the permission of the user.

Allowable Subject Matter
Claim 20 is allowed.
what is missing from the prior What is missing from the prior art is a teaching, motivation, or suggestion and combine the prior art in such a way as to render obvious the act of verifying the aggregated data set by comparing the updated first encrypted data set and the verification1 encrypted data set; and decrypting the first aggregated data set in response to the first aggregated data set being verified, and transmitting the decrypted aggregated data set to the aggregator, wherein the decrypting is performed by a decryptor, and wherein the decryptor, separately and independently of the aggregator, verifies the updated aggregated data set by generating marks corresponding to the first operation and the aggregated data set and for each of the one or more parties, as recited in claims 20 without the usage of impermissible hindsight reasoning.

Examiner’s remarks 
The Applicant is encouraged to contact the examiner to expedite prosecution and to discuss propose amendment to overcome the rejection.

Related Art
The following prior art made of record and cited on PTO-892, but not relied upon, is considered pertinent to applicant’s disclosure:
U.S. Pub. No. 2021/0359846 to Wright-Wright teaches set of data records including device identifiers and attributes associated with devices in a network may be maintained. An aggregated public key comprising a public key may be obtained, and the data structure can be encrypted using the aggregated shared key to generate an encrypted vector, with the encrypted vector transmitted to a networked worker computing device.
U.S. Pub. No. 2016/0261594 to Vishwanath-Vishwanath teaches a method to transmit data in an ad hoc network or a sensor network with the network comprising a multitude of sensor nodes to sensor data, at least one aggregator node to aggregate the sensored data of at least a subset of the sensor nodes, and at least one sink node to collect the data of the aggregator node is characterized in--regarding a high level of security against attacks from outside while transmitting data that the sensored data is encrypted at the sensor nodes, that the encrypted data is transmitted to one of the aggregator nodes, that at the aggregator node an aggregation function is executed on the encrypted data, and that the result of the aggregation function is transmitted to the sink node and decrypted there.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to VU V TRAN whose telephone number is (571)270-1708.  The examiner can normally be reached on M-F, 8 AM- 4 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/VU V TRAN/Primary Examiner, Art Unit 2491