Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
   
            DETAILED ACTION

1.	This action is responsive to:  an original application filed on 15 April 2019.	
2.	Claims 1-31 are currently pending and claims 1, 16 and 17 are independent claims. 

Information Disclosure Statement

3.	The information disclosure statement (IDS) submitted are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

        Priority

4.	Priority claimed from provisional application no. 62/663,132, filed on 26 April 2018.

         Drawings

5.	The drawings filed on 1 May 2019 are accepted by the examiner. 
                                                  Claim Rejections - 35 USC § 102

6.	The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –	
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-31 are rejected 35 U.S.C §102 (a)(1) as being anticipated by applicant ant’s admitted prior art, Johnsrud et al. (US Publication No. 20170244707), hereinafter Johnsrud.

In regard to claim 1: 
receiving, by the protected entity, an access request to a protected entity, wherein the access request is received from a client device (Johnsrud, ¶7).
extracting a unique client identifier from the received access request (Johnsrud ¶ 8-9).
causing the client device to perform an admission process (Johnsrud, ¶27). 
monitoring a blockchain network to identify at least one admission transaction, wherein the at least one admission transaction designates admission criteria (Johnsrud, ¶69 ). 
determining if the admission criteria satisfy a set of conditions for accessing the protected entity (Johnsrud, ¶60, 67).
and granting access to the client device when the admission criteria satisfies the set of conditions, wherein the access is access to the protected entity (Johnsrud, ¶75, 72).
In regard to claim 2: 
wherein causing the client device to perform an admission process further comprises: identifying, on the blockchain network, an access policy in response to a request from the client device to access the protected entity, wherein the access policy includes at least one game to be performed by the client; identifying, on the blockchain network, results of the at least one game, wherein the results are deposited by the client upon completion of at least one cycle of the at least one game, wherein whether the admission criteria satisfies the set of conditions for accessing the protected entity is determined based on the results of the at least one game (Johnsrud, ¶68).
In regard to claim 3: 
further comprising: determining a bias to the client based on the completion results, wherein the determined bias is utilized for a cyber-security assessment of the client, wherein whether the admission criteria satisfies the set of conditions for accessing the protected entity is determined based further on at least one of: the access policy, the completion results, and the determined bias (Johnsrud, ¶57-58).
In regard to claim 4: 
wherein granting access to the client device further comprises: determining a drift from a previously determined bias, wherein the determined bias is continuously 
In regard to claim 5: 
wherein granting access to the client further comprises: determining if the client executes the at least one game defined in the access policy; and denying access to the protected entity when the client did not execute the at least one game defined in the access policy (Johnsrud, ¶67).
In regard to claim 6: 
wherein granting access to the client an access further comprises: determining if completion results of the game executed by the client have been deposited on the blockchain network; and denying access to the protected entity when no completion results have been deposited (Johnsrud, ¶42).
In regard to claim 7: 
wherein the bias includes any one of: a cognitive bias, a behavioral bias, and an intent bias; wherein each type of bias is defined to detect a cyber-security threat; wherein the cyber-security threat is any one of: account takeover, denial of inventory, denial of service, and anti-scraping (Johnsrud, ¶74).
In regard to claim 8: 
wherein the unique client identifier does not reveal any information about a user of the client device (Johnsrud, ¶
In regard to claim 9: 
wherein the admission transaction is realized as at least one of: a smart contract on the blockchain network, and an off-chain Oracle on the blockchain network (Johnsrud, ¶36).
In regard to claim 10: 
wherein the at least one game is shared with the client over the blockchain network, wherein the access policy is selected based on the protected entity, wherein the access policy designates at least one of: the at least one game, the protected entity, a resource within the protected entity, and a scope of the at least one game (Johnsrud, ¶58).
In regard to claim 11: 
wherein causing the client device to perform an admission process further comprises: causing the client to spend a first sum of a specified type of access tokens (Johnsrud, ¶27, 60). 
In regard to claim 12: 
further comprising: causing the client to convert a first-type of access tokens into access tokens of a second-type based on a conversion value, wherein the conversion value is determined based on at least one access parameter; and causing the client to spend the second sum of the second-type of access tokens to access the protected entity (Johnsrud, ¶71).
In regard to claim 13: 
wherein the first-type access tokens and the second-type access tokens are different types, wherein of the first-type access token and the second-type access token are cryptocurrency tokens having different cryptographic identities (Johnsrud, ¶71). 
In regard to claim 14: 
wherein the method is performed by a gateway connected to the protected entity (Johnsrud, ¶61).
In regard to claim 15: 
wherein the protected entity includes at least one of: a network element and a computing element accessed by the client (Johnsrud, ¶33).
In regard to claim 16: 
receiving, by the protected entity, an access request to a protected entity, wherein the access request is received from a client device (Johnsrud, ¶7).
extracting a unique client identifier from the received access request (Johnsrud, ¶8-9). 
causing the client device to perform an admission process (Johnsrud, ¶27). 
monitoring a blockchain network to identify at least one admission transaction, wherein the at least one admission transaction designates admission criteria (Johnsrud, ¶69).
 determining if the admission criteria satisfy a set of conditions for accessing the protected entity (Johnsrud, ¶60, 67).
and granting access to the client device when the admission criteria satisfies the set of conditions, wherein the access is access to the protected entity (Johnsrud, ¶72, 75).
In regard to claim 17: 
a processing circuitry (Johnsrud, ¶86).
and a memory, the memory containing instructions that, when executed by the processing circuitry, configure the system to (Johnsrud, ¶87-88).
 receive, by the protected entity, an access request to a protected entity, wherein the access request is received from a client device (Johnsrud, ¶7).
extract a unique client identifier from the received access request; cause the client device to perform an admission process (Johnsrud, ¶8-9). 
monitor a blockchain network to identify at least one admission transaction, wherein the at least one admission transaction designates admission criteria (Johnsrud, ¶69).
determine if the admission criteria satisfy a set of conditions for accessing the protected entity (Johnsrud, ¶60, 67).
and grant access to the client device when the admission criteria satisfies the set of conditions, wherein the access is access to the protected entity (Johnsrud, ¶72, 76). 
In regard to claim 18: 
wherein the system is further configured to: identify, on the blockchain network, an access policy in response to a request from the client device to access the protected entity, wherein the access policy includes at least one game to be performed by the client; identify, on the blockchain network, results of the at least one game, wherein the results are deposited by the client upon completion of at least one cycle of the at least one game, wherein whether the admission criteria satisfies the set of conditions for accessing the protected entity is determined based on the results of the at least one game (Johnsrud, ¶68).
In regard to claim 19: 
wherein the system is further configured to: determine a bias to the client based on the completion results, wherein the determined bias is utilized for a cyber-security assessment of the client, wherein whether the admission criteria satisfies the set of conditions for accessing the protected entity is determined based further on at least one of: the access policy, the completion results, and the determined bias (Johnsrud, ¶57-58).
In regard to claim 20: 
wherein the system is further configured to: determine a drift from a previously determined bias, wherein the determined bias is continuously reevaluated for any action performed by the client; and deny access when the drift from the previously established bias is determined (Johnsrud, ¶69-70).
In regard to claim 21: 
wherein the system is further configured to: determine if the client executes the at least one game defined in the access policy; and deny access to the protected entity when the client did not execute the at least one game defined in the access policy (Johnsrud, ¶67).
In regard to claim 22: 
wherein the system is further configured to: determine if completion results of the game executed by the client have been deposited on the blockchain network; and deny access to the protected entity when no completion results have been deposited (Johnsrud, ¶42).
In regard to claim 23: 
wherein the bias includes any one of: a cognitive bias, a behavioral bias, and an intent bias; wherein each type of bias is defined to detect a cyber-security threat; wherein the cyber-security threat is any one of: account takeover, denial of inventory, denial of service, and anti-scraping (Johnsrud, ¶74).
In regard to claim 1: 
wherein the unique client identifier does not reveal any information about a user of the client device (Johnsrud, ¶8-9).
In regard to claim 25: 
wherein the admission transaction is realized as at least one of: a smart contract on the blockchain network, and an off-chain Oracle on the blockchain network (Johnsrud, ¶68).
In regard to claim 26: 
wherein the at least one game is shared with the client over the blockchain network, wherein the access policy is selected based on the protected entity, wherein the access policy designates at least one of: the at least one game, the protected entity, a resource within the protected entity, and a scope of the at least one game (Johnsrud, ¶69). 
In regard to claim 27: 
wherein the system is further configured to: cause the client to spend a first sum of a specified type of access tokens (Johnsrud, ¶27, 60).
In regard to claim 28: 
wherein the system is further configured to: cause the client to convert a first-type of access tokens into access tokens of a second-type based on a conversion value, wherein the conversion value is determined based on at least one access parameter; and cause the client to spend the second sum of the second-type of access tokens to access the protected entity (Johnsrud, ¶71).
In regard to claim 29: 
wherein the first-type access tokens and the second-type access tokens are different types, wherein of the first-type access token and the second-type access token are cryptocurrency tokens having different cryptographic identities (Johnsrud, ¶71).
In regard to claim 30: 
wherein the method is performed by a gateway connected to the protected entity (Johnsrud, ¶61).
In regard to claim 1: 
wherein the protected entity includes at least one of: a network element and a computing element accessed by the client (Johnsrud, ¶33).
  Conclusion

7.	The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Monjour Rahim whose telephone number is (571)270-3890. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (in USA or CANANDA) or 571-272-1000.

/Monjur Rahim/
Patent Examiner
United States Patent and Trademark Office
Art Unit: 2436; Phone: 571.270.3890
E-mail: monjur.rahim@uspto.gov
Fax: 571.270.4890