Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 07-16-2019 was is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 101 (Abstract Idea)
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1 – 10 is / are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more analyzed according to 2019 Revised Patent Subject Matter Eligibility Guidance (“2019 PEG”). The claim recites receiving messages and checking if the messages match rules and/or policies and an authenticator authenticates a user and based on successful authentication releases the received message to the blockchain.
Step 1: The claims 1 and 6 do fall into one of the four statutory categories of method and system claims. Nevertheless the claims still is/are considered as abstract idea for the following prongs and reasons.
Step 2A: Prong 1: The limitation of claims 1 and 6 recites: receiving messages and checking if the messages match rules and/or policies and an authenticator authenticates a user and based on 
Dependent claims 2, 4 and 5 which in turn recite checking for malicious messages, interaction with a third party to receive rules and doing out-of-band authentication is/are mere structural addendums and are other steps that could be performed by human manually with/without need for a computer.  If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in an human organized way but for the recitation of generic computer components, then it falls within the “certain methods of organizing human activities” grouping of abstract ideas and can be done manually. Accordingly, the claim recites an abstract idea.
Prong 2: This judicial exception is not integrated into a practical application. In particular, the claims do not recite any additional element to perform beyond routine steps of receiving messages and checking if the messages match rules and/or policies and an authenticator authenticates a user and based on successful authentication releases the received message to the blockchain. The steps are recited at a high-level of generality (i.e., as generic terms performing generic computer functions (Figs. 3 & 4) such that it amounts no more than mere instructions to 
Step 2B: The claims does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, receiving messages and checking if the messages match rules and/or policies and an authenticator authenticates a user and based on successful authentication releases the received message to the blockchain amounts to no more than mere instructions to apply the exception using a generic computer terms. Mere instructions to apply an exception using a generic computer components cannot provide an inventive concept. The claims is / are not patent eligible. Therefore all the corresponding dependent claims 2, 4, 5, 7, 9, 10 are also rejected for the same rationale.
Claims 3 and 8 are considered statutory as it integrates the concept into a practical application. Therefore those claims are not rejected under this statute.

Claim Rejections - 35 USC § 101 (Non-Statutory)
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

The claimed invention is directed to non-statutory subject matter.  The claim(s) 1 does/do not fall within at least one of the four categories of patent eligible subject matter because Claim 1 is directed to “A system” (software per se) a non-statutory subject matter.  The claim(s) 1 does/do not fall within at least one of the four categories of patent eligible subject matter because .

Claim Interpretation
The claims 1 and 6 recite “…if the message comprises one or more predetermined applicable rules or one or more predetermined applicable policies…” However, the spec. recites about messages of “interest” – means spec. [0045-46] “Controller 104 identifies the sender of the message and checks with the Policy Engine 107 to determine if the sender and message meet the policies of the organization”. Therefore it is interpreted that the message is checked to identify if it conforms to rules or policies of an organization.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1 – 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Huffman et al (US 20200403992), hereafter Huff and Zhan, Jun (US 20200329022), hereafter Zhan.
Claim 1: Huff teaches a system for controlling access to a blockchain comprising: a security agent; a controller; an authenticator; a rules engine; and a policy engine (Fig. 1); wherein the security agent receives a message from an application, parses the message, and transmits the message to the controller if the message comprises one or more predetermined applicable rules or one or more predetermined applicable policies; ([0006] a set of personally identifiable information (PII) associated with the particular user is obtained via the first entity and an identity verification (IDV) and fraud risk evaluation analysis of the particular user is performed based on the obtained set of PII, where [0011] each entity of the plurality of entities is associated with a set of entity-specific authentication rules and/or rules that define and identify customer-relevant information);
wherein the controller receives the message and the one or more rules or policies associated with the message, queries the rules engine and the policy engine to apply the rules and policies associated with the message, transmits an authentication request to the authenticator; ([0077-78] fraud evaluation engine compares the transaction request and associated information with an ongoing analysis of the consumer's records, along with information associated with the transaction request, including information obtained regarding the mobile device itself or external entities, basing the results of the evaluation on a set of fraud evaluation rules and patterns, which define a set of potential fraudulent flags or behavior patterns... [0006] in response to satisfying the IDV and fraud risk evaluation analysis, instructions are transmitted to the mobile trust application for user authentication);
wherein the authenticator requests an authentication signal from a user and transmits a first signal corresponding to a successful authentication to the controller; ([0011-12] wherein the at least one first additional authentication operation comprises an authentication request... for input from the user associated with the digital ID via the mobile trust application. In response to a valid response to the first authentication request, [0058] the transaction authorization is sent to the customer system);
Huff teaches the claimed concept but is silent on wherein the controller receives the first signal corresponding to a successful authentication and forwards a second signal to the security agent; and wherein the security agent releases the message to a blockchain upon receipt of the second signal from the controller.
However, the analogous art Zhan teaches wherein the controller receives the first signal corresponding to a successful authentication and forwards a second signal to the security agent; ([0007, 0050] upon receiving successful verification, broadcasting a recording result to the other authentication node(s)... in response to the number of authentication nodes successfully verifying preset conditions... generating a verification result to be sent to block chain);
and wherein the security agent releases the message to a blockchain upon receipt of the second signal from the controller. ([0053] the electronic device packages the verification result (contain a verification conclusion and data meeting the standard and the like) and the award record into a new data block that is added to an end of the distributed data block chain [0009] upon receiving authorization result from a number of authentication nodes);
Therefore it is prima facie obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Huff to include the idea of sending and receiving signals and adding message to blockchain as taught by Zhan thereby realizing a decentralized data authentication system and enhancing the security of the data authentication system ([0079]).
Claim 2: the combination of Huff and Zhan teaches the system of claim 1, further comprising a content scanner, wherein the controller uses the content scanner to identify malware associated with the message. (Huff: [0086] velocity analysis module detects suspicious and potentially fraudulent activity across financial institutions that indicates fraud, including an analysis related to the amount of attempted transactions in comparison to normal consumer user activity or in comparison to other users and consumer);
Claim 3: the combination of Huff and Zhan teaches the system of claim 2, wherein, if the content scanner identifies malware associated with the message, the system discards the message and blocks release of the message to the blockchain. (Huff: [0063] scores received from the partnership system are interpreted by the customer system according to the rules and are denied based on the results);
Claim 4: the combination of Huff and Zhan teaches the system of claim 1, wherein the system further comprises an enterprise interface, wherein the enterprise interface is used to interact with third-party software. (Huff: [0071] the identity verification process can be managed by the registration module accessing... other third-party systems);
Claim 5: the combination of Huff and Zhan teaches the system of claim 1, wherein the authentication signal requested by the authenticator takes the form of a response to out-of-band phone-based authentication, an email message, an SMS message, a biometric request, or a token request. (Huff: [0079] ID verification rules includes some or all of the following without limitation: a knowledge-based authentication, out-of-band authentication (SMS or email verification message independent of the communication with the user's digital banking device), a known fraud exchange evaluation, an analysis of PII velocity, transaction data analysis, a biometric analysis);
Claim 6: Huff teaches a computer-implemented method for controlling access to a blockchain comprising the steps of. receiving, at a security agent, a message from an application, parsing the message, and transmitting the message to a controller if the message comprises one or more predetermined applicable rules or one or more predetermined applicable policies; receiving, at the controller, the message and the one or more rules or policies associated with the message, querying a rules engine and a policy engine to apply the rules and policies associated with the message, and transmitting an authentication request to an authenticator; requesting, at the authenticator, an authentication signal from a user and transmitting a first signal corresponding to a successful authentication to the controller; ([0006, Fig. 1] a set of personally identifiable information (PII) associated with the particular user is obtained via the first entity and an identity verification (IDV) and fraud risk evaluation analysis of the particular user is performed based on the obtained set of PII, where [0011] each entity of the plurality of entities is associated with a set of entity-specific authentication rules and/or rules that define and identify customer-relevant information; [0077-78] fraud evaluation engine compares the transaction request and associated information with an ongoing analysis of the consumer's records, along with information associated with the transaction request, including information obtained regarding the mobile device itself or external entities, basing the results of the evaluation on a set of fraud evaluation rules and patterns, which define a set of potential fraudulent flags or behavior patterns... [0006] in response to satisfying the IDV and fraud risk evaluation analysis, instructions are transmitted to the mobile trust application for user authentication; [0011-12] wherein the at least one first additional authentication operation comprises an authentication request... for input from the user associated with the digital ID via the mobile trust application. In response to a valid response to the first authentication request, [0058] the transaction authorization is sent to the customer system);
Huff teaches the claimed concept but is silent on receiving, at a controller, the signal corresponding to a successful authentication and forwarding a second signal to the security agent; and releasing the message to a blockchain from the security agent, upon receipt of the second signal from the controller. 
However, the analogous art Zhan teaches receiving, at a controller, the signal corresponding to a successful authentication and forwarding a second signal to the security agent; and releasing the message to a blockchain from the security agent, upon receipt of the second signal from the controller. ([0007, 0050] upon receiving successful verification, broadcasting a recording result to the other authentication node(s)... in response to the number of authentication nodes successfully verifying preset conditions... generating a verification result to be sent to block chain; [0053] the electronic device packages the verification result (contain a verification conclusion and data meeting the standard and the like) and the award record into a new data block that is added to an end of the distributed data block chain [0009] upon receiving authorization result from a number of authentication nodes);
Therefore it is prima facie obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Huff to include the idea of sending and receiving signals and adding message to blockchain as taught by Zhan thereby realizing a decentralized data authentication system and enhancing the security of the data authentication system ([0079]).
Claim 7: the combination of Huff and Zhan teaches the computer-implemented method of claim 6, further comprising the step of using a content scanner to identify malware associated with the message. (Huff: [0086] velocity analysis module detects suspicious and potentially fraudulent activity across financial institutions that indicates fraud, including an analysis related to the amount of attempted transactions in comparison to normal consumer user activity or in comparison to other users and consumer);
Claim 8: the combination of Huff and Zhan teaches the computer-implemented method of claim 7, further comprising the step of discarding the message and blocking release of the message to the blockchain, if the content scanner identifies malware associated with the message. Huff: [0063] scores received from the partnership system are interpreted by the customer system according to the rules and are denied based on the results);
Claim 9: the combination of Huff and Zhan teaches the computer-implemented method of claim 6, further comprising the step of using an enterprise interface to interact with third-party software. (Huff: [0071] the identity verification process can be managed by the registration module accessing... other third-party systems);
Claim 10: the combination of Huff and Zhan teaches the computer-implemented method of claim 6, wherein the authentication signal requested by the authenticator takes the form of a response to out-of-band phone-based authentication, an email message, an SMS message, a biometric request, or a token request. (Huff: [0079] ID verification rules includes some or all of the following without limitation: a knowledge-based authentication, out-of-band authentication (SMS or email verification message independent of the communication with the user's digital banking device), a known fraud exchange evaluation, an analysis of PII velocity, transaction data analysis, a biometric analysis);

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
1. Krauz et al (US 20190294141): A SYSTEM AND METHOD FOR PROVIDING A SECURE DATA MONITORING SYSTEM IMPLEMENTED WITHIN FACTORY OR PLANT.
2. Harris et al (US 20130290234): Intelligent Consumer Service Terminal Apparatuses, Methods and Systems.
3. Ateniese et al (US 20180032273): HYBRID BLOCKCHAIN.
4. Pierce et al (US 20180039667): Methods and Systems for Blockchain Rule Synchronization.
5. Barski et al (US 20180040040): CROSS-BRAND REDEMPTION IN AN EXCHANGE ITEM MARKETPLACE NETWORK.
6. Yoo, InSeon (US 20110314547): ANTI-MALWARE SYSTEM AND OPERATING METHOD THEREOF.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T. Arani can be reached on 5712723787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/BADRINARAYANAN /Examiner, Art Unit 2438.