DETAILED ACTION
This action is in response to the amendment filed 05/05/2021.  
Claims 1, 5 and 6-7 have been amended.
Claim 4 has been deleted.
Claims 1-3 and 5-13 are pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Claim Objections
Applicant’s amendment to claim 6 has corrected minor informalities within the preamble as suggested in the prior office action.  The objection to claim 6 informalities has been withdrawn. 

Response to Arguments
Applicant’s arguments, see Applicant Remarks, filed 05/05/2021, with respect to the rejection(s) of claim(s) 1 and 3-6 under 35 U.S.C. § 102(a)(1) as being anticipated by Thekadath et al. (US Pat. 10,715,531) have been fully considered and are persuasive in light of the amendments to the claims, i.e., a device that functions as a node in a blockchain network, comprising: a processor, a hardware security module (HSM) and memory has been amended to read on, a device… comprising: a hardware security module having a processor, and memory.  Therefore, the rejection of claims 1 and 3-6 under 35 U.S.C. § 102(a)(1) have been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Thekadath in further view of Sandberg-Maitland et al. (US Pat. 10,673,626 B2).

Applicant Argument:
(A)	On pages 8-9, the Applicant argues that the rejection of claim 1 under 35 U.S.C. § 102 as anticipated by Thekadath does not disclose or otherwise suggest that the hardware security module having a processor and memory that functions to generate new blocks for a blockchain and to validate blocks that have been received from other nodes in the blockchain network.

Examiner’s Response:
In response to the Applicant’s argument that the HSM of Thekadath does not disclose a processor and memory that functions to generate new blocks and validate blocks that have been received from other nodes in the blockchain, Thekadath administrative node computer 150 may generate digital assets, validate new digital assets, provide digital signatures for new digital assets, and maintain a ledger of transactions (Thekadath, col. 12 lines 64-67).  In particular, Thekadath discloses that the hardware security module (HSM) associated with the administrative node 150, may store one or more keys, i.e., key pairs, for the administrative node computer 150, to provide cryptographic services, i.e., to sign messages and/or digital assets on behalf of the issuer node computer 165 (Thekadath, col. 15 lines 48-55).  In order to generate and store keys, sign messages using the stored keys, the Examiner asserts that the HSM of Thekadath contains the requisite processor and memory as evidenced by Sandberg (Sandberg, fig. 1, col. 6 lines 1-21): 
“…a Hardware Security Module 100 ("HSM") is a physical computing device that safeguards and manages digital keys for strong authentication and provides crypto-processing and secure storage 104 (for keys and data at rest) both within a tamper resistant boundary, e.g., SPYRUS’ Rosetta® HSM”.  
The Examiner asserts that the combination of Thekadath and Sandberg supports the use of a hardware security module having a processor and memory to provide for cryptographic processes, and therefore reads on the claimed limitation.

Applicant Argument:
(B) On pages 9-10 of the Applicant’s Remarks, the Applicant argues that the rejection of claim 3 under 35 U.S.C. § 102 was improper because of its dependence on 


Examiner’s Response:  
With respect to the rejection of claim 3 under 35 U.S.C. §§ 102 or 103, the Applicant’s argument is considered moot in light of the new grounds of rejection for claims 1 and 2 discussed in the Examiner’s response to the Applicant’s argument (A) above. 

Applicant Argument:
	(C) On pages 10-11 of the Applicant’s Remarks, the Applicant argues that the rejection of claim 7 and dependent claims 8-13, under 35 U.S.C. § 103 as being unpatentable over Thekadath in view of Sandberg in further view of Dobrek (US Pat. 10.320,843), should be withdrawn because the combination of Thekadath, Sandberg and Dobrek do not disclose a separate and distinct entity that authenticates the hardware security modules of all nodes in the blockchain network or the removal of a node in the blockchain network is not carried out by means of a collection, e.g., a list (of public keys of the other network nodes that create and validate blocks), that is distributed to each of the nodes.

Examiner Response:


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-2 and 5-6 are rejected under 35 U.S.C. 103 as being unpatentable over Thekadath et al. (US Pat. 10,715,531 B2 Claims Priority to PCT/US2017/046364 filed 08/10/2017) in view of Sandberg-Maitland et al. (US Pat. 10,673,626 B2 filed 12/31/2018 hereinafter referred to as Sandberg).
As to claim 1, Thekadath discloses:
“a communication interface for communicating with the other nodes in the blockchain network (Thekadath, fig. 2 network interface 150B, col. 13 lines 47-51; processor executable instructions for implementing a method comprising creating, by the first data center computer, a first block for a first blockchain). 
a hardware security module having: 
a memory for storing a private key that is unique to the device, a public key associated with the private key (Thekadath, fig. 2, col. 15, lines 48-55; administrative node computer 150 may include or be associated with a hardware security module (shown in FIG. 2 as the key database 150P). The hardware security module (HSM) may store one or more keys, e.g., a public/private key pair) “and information pertaining to public keys associated with other nodes in the blockchain network” (Thekadath, col. 10 lines 12-17, 18-25 and col. 19 lines 27-42; public/private key pairs, for enterprise nodes, i.e., sending node computer 160 and issuer node computer’s enrolled in the asset transfer network may be stored in the administrative node’s hardware security module).
Thekadath discloses that a hardware security module (HSM) may be used to provide for the generation of key pairs, i.e., cryptographic services and the storage of key pairs, during enrollment processes (Thekadath, col. 19 lines 34-42).
Sandberg discloses that a Hardware Security Module 100 ("HSM") is a physical computing device that safeguards and manages digital keys for strong authentication and provides crypto-processing and secure storage 104 (for keys and data at rest) both within a tamper resistant boundary, e.g., SPYRUS’ Rosetta® HSM (Sandberg, fig. 1, col. 6 lines 1-21).  
A person of ordinary skill in the art prior to the effective filing date of the invention would have been motivated to combine the technical features of Thekadath with Sandberg to provide for secure blockchain transactions and protection of critical security parameters (CSPs) as well as the peer replication copy of the blockchain itself in mobile ®; a PKI smart card chip to support the symmetric and public key management functions required for blockchain security with a hardware root of trust (Sandberg, col. 3 lines 48-58).
Thekadath further discloses:
“generate a new block for the blockchain by signing a block containing one or more new transactions with the private key stored in the memory of the hardware security module, and transmitting the signed block to the other nodes in the blockchain network via the communication interface” (Thekadath, col. 15 lines 48-55, col. 16 lines 1-5 and lines 33-40; the administrative node computer 150 may be able to create and/or sign new blocks using its private key stored in a hardware security module (HSM) associated with the administrative node computer and distribute information about the digital asset to other network nodes so they can update their own ledgers), and 
“receive a block generated by another node in the blockchain network, accept the received block by validating all transactions contained in the received block, and confirm that the received block has been signed by the other node, using the stored information about the public key associated with the other node that is stored in the memory” (Thekadath, fig. 5, steps s510 and s512; col. 27 line 62–64, col. 28 lines 9-10 and 20-23; the issuer node computer 565 may provide the digital asset and any other suitable information to an administrative node computer 550, may validate the digital asset and verify the issuer node computer's digital signature, e.g., with the issuer node computer's public key or the sending institution computer's public key).

As to claim 2, Thekadath and Sandberg disclosed the invention of claim 1.  Thekadath further discloses:
“wherein the hardware security module is certified by an entity that is recognized as a trusted entity within the blockchain network” (Thekadath, col. 12 lines 46-57; In addition to acting as a node in the asset transfer network, the administrative node computer 150 may also organize and ensure the reliability of the asset transfer network; The administrative node computer 150 may be a trusted central entity. As a result, the asset transfer network administered by the administrative node computer 150 may also be trusted).

As to claim 5, Thekadath disclosed the invention of claim 1.  Thekadath further discloses:
“wherein the device further includes a memory that stores at least one of: 
required historical information for creating a new block, and/or a list of new transactions to be added to a blockchain” (Thekadath, col. 6 lines 21-25, 42-45 and 50-54; a computer node, e.g., administrative node computer, may maintain a ledger of transactions in a database containing a compilation of data records, e.g., blocks in a blockchain, from all previous digital asset transfers).


“wherein the device comprises a sensor, and wherein data generated by the sensor is provided to the hardware security module to be signed with the private key of the hardware security module and added to a blockchain, to thereby certify the integrity of the data as of the time it is added to the blockchain” (Thekadath, col. 5 lines 19-29, 48-55, col. 15 lines 48-55 and col. 28 lines 9-10, 20-23; a digital asset may include biometric data and timestamp associated with a transaction record/block in a blockchain, may be signed by an issuer node computer using its private key stored in a hardware security module and validated (using ) by an administrator node computer upon receipt). 

Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Thekadath in view of Sandberg in further view of Cheng et al. (US Pat. 10,461,940 B2 filed 03/10/2017).
As to claim 3, Thekadath and Sandberg disclosed the invention of claim 2.  Thekadath does not explicitly disclose:
“wherein the memory also stores a public key associated with the trusted entity.”
However, Cheng discloses:
“wherein the memory also stores a public key associated with the trusted entity” (Cheng, col. 4 lines 23-30; the second HSM's tamper-proof storage may store a master private key (e.g., an ECDSA private key) 444 and a public key encryption key, e.g., an RSA public key that corresponds to the RSA private key stored in the first HSM's tamper-proof storage 446).
A person of ordinary skill in the art prior to the effective filing date of the invention would have been motivated to combine the technical features of Thekadath and Sandberg with Cheng to provide a reliable way to store information, e.g., crypto keys securely is inside a FIPS 140-2--certified hardware security module (HSM) appliance that provides tamper-proof storage of sensitive information and no external access to the dynamic memory inside a HSM (Cheng, col. 2 lines 47-54).

Claims 7-13 are rejected under 35 U.S.C. 103 as being unpatentable over Thekadath in view of Sandberg in further view of Zhang et al. (US Pub. 2021/0160058 A1, Priority CN201810877867.3 filed 08/03/2018).
As to claim 7, Thekadath discloses:
“A system for conducting blockchain transactions” (Thekadath, fig. 1, col. 2 lines 57-61 and col. 3 lines 8-14; an asset transfer network system, e.g., a universal network, with which participating entities can be directly enrolled as participants in a blockchain network), “comprising:
a hardware security module manager” (Thekadath, col. 12 lines 46-57; In addition to acting as a node in the asset transfer network, the administrative node computer 150 (corresponds to hardware security module manager) may also organize and ensure the reliability of the asset transfer network; The administrative node computer 150 may be a trusted central entity, wherein the asset transfer network administered by the administrative node computer 150 may also be trusted); and 
that constitute a blockchain community” (Thekadath, col. 3 lines 20-29; the asset transfer network can be a permissioned network that only allows validated entities to participate in the network. For example, a central network administrator can validate financial institutions and other entities during enrollment. During validation, the administrator can ensure that enrolling entities are legitimate organizations that are screened for compliance to network rules), 
“at least some of said nodes including:
a processor that is configured to participate in the generation and validation of new blocks within the blockchain community” (Thekadath, figs. 1-3, col. 13 lines 1-6, col. 15 lines 48-55, col. 16 lines 1-5 and lines 33-40; administrator node computers 150 comprises processor 150A and may be configured to create and/or sign new blocks using its private key stored in a hardware security module (HSM) associated with the administrative node computer; the administrative node computer 550, may validate the digital asset and verify the issuer node computer's digital signature, e.g., with the issuer node computer's public key or the sending institution computer's public key, see fig. 5, steps s510 and s512, col. 27 line 62–64, col. 28 lines 9-10 and 20-23).
Thekadath discloses that a hardware security module (HSM) may be used to provide for the generation of key pairs, i.e., cryptographic services and the storage of key pairs, during enrollment processes (Thekadath, col. 19 lines 34-42).
Sandberg discloses that a Hardware Security Module 100 ("HSM") is a physical computing device that safeguards and manages digital keys for strong authentication and provides crypto-processing and secure storage 104 (for keys and data at rest) both ® HSM (Sandberg, fig. 1, col. 6 lines 1-21).  
A person of ordinary skill in the art prior to the effective filing date of the invention would have been motivated to combine the technical features of Thekadath with Sandberg to provide for secure blockchain transactions and protection of critical security parameters (CSPs) as well as the peer replication copy of the blockchain itself in mobile or portable environments, i.e., bootable live drives that provide FIPS 140-2 Level 3 drives include encrypted compartments for the blockchain, the operating system, blockchain applications and chaincode, other user or device/enterprise data, and include an integrated Rosetta®; a PKI smart card chip to support the symmetric and public key management functions required for blockchain security with a hardware root of trust (Sandberg, col. 3 lines 48-58).
Thekadath further discloses:
“a memory” (Thekadath, fig. 2, col. 15, lines 48-55; administrative node computer 150 may include or be associated with a hardware security module (shown in FIG. 2 as the key database 150P). The hardware security module (HSM) may store one or more keys, e.g., a public/private key pair);
“a communication interface for connection to a network” (Thekadath, fig. 2 network interface 150B, col. 13 lines 47-51; processor executable instructions for implementing a method comprising creating, by the first data center computer, a first block for a first blockchain);
“wherein the hardware security module manager is configured to:
authenticated nodes that participates in the creation and validation of blocks for the blockchain community, add a new node to a blockchain community by adding the public key associated with the new node to the collection and distribute the collection of keys to the nodes in the blockchain community for storage in their respective memories” (Thekadath, figs. 2 and 7, col. 12 lines 60-64, col. 37 lines 57-61, col. 40 lines 55-65 and col. 41 lines 33-48; administrative node computer 150 may enroll nodes, provide key pairs to these enrolled entities; maintain key database 750P, e.g., hardware security module (HSM) that holds one or more encryption keys associated with the one or more entities; and a key management computer 780 to distribute encryption keys to one or more data centers). 
Thekadath does not explicitly disclose:
“remove a node from the blockchain by indicating in the collection that the node being removed has been revoked, to produce an updated collection and distribute the updated collection to the nodes in the blockchain community.”
However, Zhang discloses:
“remove a node from the blockchain by indicating in the collection that the node being removed has been revoked, to produce an updated collection and distribute the updated collection to the nodes in the blockchain community” (Zhang, figs. 4 and 5 steps S51-S59, pars. 0099-0100, 0102-0103, 0112, 0115 and 0126; management node 170 sends request for removing tenant B nodes, e.g., node group 124, from blockchain channel 140 to prevent tenant B nodes from participating in blockchain maintenance of blockchain channel 140; management node 170 sends an indication to an execution node 1101 of tenant A for removing tenant B’s blockchain node group 124).


As to claim 8, Thekadath, Sandberg and Zhang disclosed the invention of claim 7.  Thekadath further discloses:
“wherein the collection of public keys is contained in a list that is distributed by the hardware security module manager to the nodes in the blockchain community” (Thekadath, figs. 2 and 7, col. 37 lines 57-61, col. 40 lines 55-65 and col. 41 lines 33-48; data center administrative node computer maintains key database 750P, e.g., hardware security module (HSM) that holds one or more encryption keys associated with the one or more entities; and a key management computer 780 to distribute encryption keys to one or more data centers).  

As to claim 9, Thekadath, Sandberg and Zhang disclosed the invention of claim 7.  Thekadath further discloses:
“wherein the collection of public keys is embedded in a block signed by the hardware security module manager“ (Thekadath, fig. 7, col. 39 lines 27-48, col. 40 lines 55-65 and col. 40 line 66 – col. 67 line 8; first data center operating as an administrative node computer comprising a signing computer 750K, a ledger database 750D, a key database 750P, e.g. hardware security module includes public keys of other entities; the signing computer signs a blockchain block, ledger and/or any other information that may needed to be verified).  

As to claim 10, Thekadath, Sandberg and Zhang disclosed the invention of claim 7.  Thekadath further discloses:
“wherein the hardware security module manager has an associated private key and public key, and its public key is included in the collection of keys that is distributed to the nodes in the blockchain community” (Thekadath, figs. 2 and 7, col. 12 lines 60-64, col. 37 lines 57-61, col. 40 lines 55-65 and col. 41 lines 33-48; administrative node computer 150 may enroll nodes, provide key pairs to these enrolled entities; maintain key database 750P, e.g., hardware security module (HSM) that holds one or more encryption keys associated with the one or more entities; and a key management computer 780 to distribute encryption keys to one or more data centers).  

As to claim 11, Thekadath, Sandberg and Zhang disclosed the invention of claim 10.  Thekadath further discloses:
“wherein the hardware security module manager is configured to add a new hardware security module manager to the blockchain community by including the public key of the new hardware security module manager in the collection of keys that is distributed to the nodes in the blockchain community” (Thekadath, figs. 2 and 7, col. 12 lines 60-64, col. 37 lines 57-61, col. 40 lines 55-65 and col. 41 lines 33-48; administrative node computer 150 may enroll nodes, provide key pairs to these enrolled entities; maintain key database 750P, e.g., hardware security module (HSM) that holds one or more encryption keys associated with the one or more entities; and a key management computer 780 to distribute encryption keys to one or more data centers).  

As to claim 12, Thekadath, Sandberg and Zhang disclosed the invention of claim 7.  Thekadath further discloses:
“wherein, in addition to the public key of a node that is distributed to other nodes in the blockchain community, the hardware security module manager adds certified identifying information for the node to a blockchain, to enable transactions added to the blockchain by that node to be traced and validated” (Thekadath, col. 12 lines 58-64; administrative node computer 150 may provide a number of services to facilitate the asset transfer network and the transaction system i.e., enroll nodes, service providers, etc.; administrative node computer 150 may also provide enterprise identifiers and key pairs to these enrolled entities and also generate digital assets, validate new digital assets, provide digital signatures for new digital assets, and maintain a ledger of transactions).

As to claim 13, Thekadath, Sandberg and Zhang disclosed the invention of claim 7.  Thekadath further discloses:
“wherein at least one of the nodes comprises a sensor, and wherein data generated by the sensor is provided to the node's hardware security module to be signed with the private key of the hardware security module and added to a blockchain, to thereby certify the integrity of the data as of the time it is added to the blockchain” (Thekadath, col. 5 lines 19-29, 48-55, col. 15 lines 48-55 and col. 28 lines 9-10, 20-23; a digital asset may include biometric data and timestamp associated with a transaction record/block in a blockchain, may be signed by an issuer node computer using its private key stored in a hardware security module and validated by an administrator node computer upon receipt).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to /FELICIANO S MEJIA/ whose telephone number is (571)270-5994.  The examiner can normally be reached on 8:30am - 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/FELICIANO S. MEJIA/
Examiner
Art Unit 2492


/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492