DETAILED ACTION
Claims 1-2 and 4-20 are allowed.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Scott Berger (Reg. No. 70976) on August 25, 2022.
The application has been amended as follows: 

1. (Currently Amended)	A method of improving data security or privacy in a computing environment, comprising:
providing a group identifier value to at least a first user of one or more users;
associating a first pseudonym with the first user;
encrypting a first data set according to a private key;
marking the encrypted first data set according to the group identifier value and the first pseudonym;
performing a first homomorphic operation on the encrypted first data set;
transforming the encrypted first data set into an encrypted second data set according to the first homomorphic operation performed and the first pseudonym;
decrypting the encrypted second data set using the private key; and
analyzing the decrypted second data set.

2. (Original)	The method of claim 1, wherein the first data set is associated with the first user.

3. (CANCELED)

4. (Original)	The method of claim 1, wherein the first pseudonym is an automatically-generated, unique pseudorandom pseudonym.

5. (Original) The method of claim 1, wherein the encrypted second data set is a homomorphic encrypted data set.

6. (Original)	The method of claim 1, wherein the analyzing the decrypted second data set includes verifying the decrypted second data set at least by determining how many operations were performed on the encrypted second data set.

7. (Original)	The method of claim 6, wherein the verifying further comprises determining which operations were performed by which pseudonym for the second encrypted data set.

8. (Original)	The method of claim 1, wherein the decrypting the encrypted second data set using the private key and the analyzing the decrypted second data set are performed by a decryptor.

9. (Original)	The method of claim 1, wherein the analyzing comprises verifying one or more gates of an encryption circuit.

10. (Currently Amended)	The method of claim 1, further comprising:
providing the group identifier value to a second user of the one or more users;
associating a second pseudonym with the second user;
encrypting a third data set according to the private key; and
marking the encrypted third data set according to the group identifier value and the second pseudonym.

11. (Currently Amended)	The method of claim 1, wherein the performing the first homomorphic operation on the encrypted first data set and the marking the encrypted first data set according to the first homomorphic operation and the first pseudonym are performed by an aggregator.

12. (Currently Amended)	The method of claim 1, wherein following the transforming the encrypted first data set into an encrypted second data set according to the first homomorphic operation performed and the first pseudonym, the first pseudonym is updated and remains associated with the first user.

13. (Original)	The method of claim 1, further comprising providing a log that is updated dynamically and tracks each pseudonym and each operation performed while data is encrypted such that after the decryption, each operation performed on the encrypted second data set is associated with a user.

14. (Currently Amended)	A system, comprising:
a hardware processor operatively coupled to a memory;
	the hardware processor configured to execute instructions stored on the memory, including instructions for a process for improving data security or privacy in a computing environment, the process comprising:
providing a group identifier value to at least a first user of one or more users;
associating a first pseudonym with the first user;
encrypting a first data set according to a private key;
marking the encrypted first data set according to the group identifier value and the first pseudonym;
performing a first homomorphic operation on the encrypted first data set;
transforming the encrypted first data set into an encrypted second data set according to the first homomorphic operation performed and the first pseudonym;
decrypting the encrypted second data set using the private key; and
analyzing the decrypted second data set.

15. (Original)	The system of claim 14, wherein the analyzing the decrypted second data set includes verifying the decrypted second data set at least by determining how many operations were performed on the encrypted second data set.

16. (Original)	The system of claim 15, wherein the verifying further comprises determining which operations were performed by which pseudonym for the second encrypted data set.

17. (Original)	The system of claim 14, wherein the decrypting the encrypted second data set using the private key and the analyzing the decrypted second data set are performed by a decryptor.

18. (Currently Amended)	A computer program product for improving data security or privacy, the computer program product comprising a non-transitory computer-readable storage medium having program code embodied therewith, the program code comprising computer-readable program code configured to cause a processor to perform the steps of:
providing a group identifier value to at least a first user of one or more users;
associating a first pseudonym with the first user;
encrypting a first data set according to a private key;
marking the encrypted first data set according to the group identifier value and the first pseudonym;
performing a first homomorphic operation on the encrypted first data set;
transforming the encrypted first data set into an encrypted second data set according to the first homomorphic operation performed and the first pseudonym;
decrypting the encrypted second data set using the private key; and
analyzing the decrypted second data set.

19. (Currently Amended)	The computer program product of claim 18,[[,]] wherein the analyzing the decrypted second data set includes verifying the decrypted second data set at least by determining how many operations were performed on the encrypted second data set, and wherein the verifying further comprises determining which operations were performed by which pseudonym for the second encrypted data set.

20. (Original)	The computer program product of claim 18, wherein the decrypting the encrypted second data set using the private key and the analyzing the decrypted second data set are performed by a decryptor.



REASONS FOR ALLOWANCE
The following is an examiner’s statement of reasons for allowance: The primary reason for the allowance of the claims is the inclusion of the limitation, inter alia, “providing a group identifier value to at least a first user of one or more users; associating a first pseudonym with the first user; encrypting a first data set according to a private key; marking the encrypted first data set according to the group identifier value and the first pseudonym; performing a first homomorphic operation on the encrypted first data set; transforming the encrypted first data set into an encrypted second data set according to the first homomorphic operation performed and the first pseudonym; decrypting the encrypted second data set using the private key; and analyzing the decrypted second data set". 
The following is considered to be the closest prior art of record:
Gentry (NPL “Homomorphic Encryption with Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based”) – teaches identity-based homomorphic encryption.
Ayday (US 2015/0236849) – teaches using homomorphic encryption and operations on medical data to keep the patient information private. Ayday also mentions that patients can be identified based on an identifier or pseudonym.
Androulaki (US 2017/0155515) – teaches using homomorphic keys. Androulaki also teaches that users can be identified based on an identity such as a pseudonym.
Chaum (US 2018/0139190) – teaches homomorphic encryption.
Simplicio (US 2019/0089547) – teaches homomorphic encryption as well as users being identified by multiple pseudonyms.
Muthukrishnan (US 2021/0019754) – teaches encrypting private social media data using homomorphic encryption.
De Hoogh (US 2022/0070009) – teaches homomorphically encrypting a user identity and a user pseudonym.
Raykova (US 2012/0144185) – teaches using homomorphic operations to count the number of user pseudonyms.
Gu (US 2017/0099133) – teaches homomorphically encrypting a user pseudonym.
However, the concept of performing homomorphic encryption and performing a homomorphic operation on the encrypted data using a user pseudonym as claimed cannot be found in the prior art of record.
None of the prior art of record, either taken by itself or in any combination, would have reasonably anticipated or made obvious the invention of the present application at or before the time it was effectively filed. The concepts and features, as claimed, are considered to be a non-obvious combination of limitations not taught in the prior art. Therefore, claims 1-2 and 4-20 are considered to be allowable.
According to MPEP 1302.14 (I): “In most cases, the examiner’s actions and the applicant’s replies make evident the reasons for allowance, satisfying the “record as a whole” proviso of the rule. This is particularly true when applicant fully complies with 37 CFR 1.111 (b) and (c) and 37 CFR 1.133(b). Thus, where the examiner’s actions clearly point out the reasons for rejection and the applicant’s reply explicitly presents reasons why claims are patentable over the reference, the reasons for allowance are in all probability evident from the record and no statement should be necessary.”
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOHN B KING whose telephone number is (571)270-7310.  The examiner can normally be reached on Monday-Friday 10AM-6PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 5712728878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/John B King/
Primary Examiner, Art Unit 2498