DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-42 have been examined. 

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-21 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter. Claim 1 is directed to a system comprising of a plurality of first nodes, at least one second node and at least one third node. The specification of the instant application recites that the nodes may be implemented in the form of a general-purpose computing device but does not explicitly recite that the nodes are not implemented using software only. Therefore, it is within the scope of one of ordinary skill in the art to construe the nodes of claim 1 to be software implemented. This means that claim 1 is directed to a system comprising of software only and no hardware which is non-statutory. 
Claims 2-21 also directed to the system and do not comprise of any hardware elements. Therefore, claims 2-21 are also non-statutory. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1, 2, 6-8, 21-23, 27-29 and 42 are rejected under 35 U.S.C. 103 as being unpatentable over US 20190222586 to Sachkov et al (hereinafter Sachkov) and US 20180307979 to Selinger et al (hereinafter Selinger).
As per claims 1 and 22, Sachkov teaches:
A system comprised of a peer-to-peer network of security nodes collectively adhering to a protocol for inter-node communication, the system comprising: 
a plurality of first security nodes to receive at least one of pre-trained detection models and rules, monitor at least one of a blockchain and connected devices for malicious and good behavior based on the received at least one of pre-trained detection models and rules, and report the malicious behavior associated with at least one of the monitored blockchain and the monitored connected devices (Sachkov: [0079] Each of the set of the computer devices 1021, 1022, . . . , 102N is connected to each other (each with each) via a communication channel to form the peer-to-peer network 150. Each of the set of the computer devices 1021, 1022, . . . , 102N is a node of the peer-to-peer network 150 and is configured to receive and transmit messages represented as blocks of transactions in accordance with the blockchain technology. [0081]: each node contains a distributed malware register 108, a transaction pool 109, a machine-learning module 110, and at least one virtual machine 1121, 1122, . . . 112N to execute files containing potential malware in a virtual environment. [0101] The machine-learning module 110 is configured to use a machine learning algorithm configured to check and confirm harmfulness of a potential malware file. [0128]: The malware analysis model is pre-trained on a sample of the malware-related data. [0133]: Thus, each computer device from the set of the devices 1022 . . . 102N may check harmfulness of the potentially malicious file using the same check parameters that are the parameters used by the computer device 1021. [0136] At step 208, the computer device 1021 receives results of distributed check of potential malware from at least a portion of computer devices 1022 . . . 102N. These results may be transmitted via data communication channels available to each of the computer devices 1021 . . . 102N that may transmit these results in a hashed form); 
at least one second security node to create the at least one of pre-trained detection models and rules, communicate the at least one of pre-trained detection models and rules to the plurality of first security nodes, and receive from at least one of the plurality of first security nodes the reported malicious behavior associated with at least one of the monitored blockchain and the monitored connected devices (Sachkov: [0128]: The malware analysis model is pre-trained on a sample of the malware-related data. [0121]: The parameters of the virtual machine 1121 used to check the malware may be determined based on at least one of the following: input data related to the potential malware, settings of the malware analysis model, etc. The specified parameters of the virtual machine 1121 may be stored in the transaction pool 109. Thus, the parameters of the virtual machine 1121 used to check the malware by the computer device 1021 might be used to check the malicious file by the other computer devices of the peer-to-peer network 150. [0136] At step 208, the computer device 1021 receives results of distributed check of potential malware from at least a portion of computer devices 1022 . . . 102N. These results may be transmitted via data communication channels available to each of the computer devices 1021 . . . 102N that may transmit these results in a hashed form); and 
at least one third security node informed by the at least one second security node of the reported malicious behavior associated with at least one of the monitored blockchain and the monitored connected devices (Sachkov: [0147] At the step 212, the computer device 1021 processor identifies the malware in response to the harmfulness parameter of the potential malware exceeding a predetermined threshold value. [0150] At the step 214, the computer device 1021 processor stores the malware in the distributed malware register 108. [0090] In addition, the first user device 1041 may have access to the distributed malware register 108. If check of potential malware by the set of the nodes of the peer-to-peer network 150 confirms the software harmfulness, then the software, its hash sum, and at least a portion of the associated malware-related data can be input into the distributed malware register 108. Thus, the first user device 1041 may receive data associated with malware confirmed by the set of the nodes of the peer-to-peer network 150). 
Sachkov teaches device 1021 transmitting the settings of the malware analysis model to devices 1022,…,102N via the transaction pool but does not explicitly teach: communicate the at least one of pre-trained detection models and rules to the plurality of first security nodes. However, Selinger teaches:
(Selinger: [0024]: the central server 102 may send a neural network to a group of remote servers 106. [0033]: The method depicted in FIG. 2 is given from the perspective of the Remote Distributed Deep Learning Engine (RDDLE) 174 executing as program instructions on processor 166 of any of remote servers 106 at locations RL1 108, RL2 110, RL3 112, RL4 114, RL5 116, RL6 118, RL7 120, or RL8 122, depicted in FIG. 1. The depicted method begins with the processor 166 receiving 205 from a central location a model trained on data from remote locations. The method continues with the processor 166 receiving 210 from a central location training data representative of the total error in the received model. The method continues with the processor 166 determining 215 a baseline event filter as a function of the received model, the data representative of the total error, and historical data representative of the event stream at the remote location).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Selinger in the invention of Sachkov to include the above limitations. The motivation to do so would be to develop neural networks with improved accuracy for known problems (Selinger: [0014]).

As per claims 2 and 23, Sachkov in view of Selinger teaches:  
The system of claim 1, wherein the plurality of first security nodes, the at least one second security node, and the at least one third security node form a security detection loop, the system including a plurality of security detection loops each coupled to a security blockchain ledger, the security blockchain ledger also coupled to at least one of the monitored blockchain and the monitored connected devices (Sachkov: [0078]. [0081]: each node of the peer-to-peer network 150 may be implemented as a computer device 1021, 1022, . . . , 102N, and each node contains a distributed malware register 108, a transaction pool 109, a machine-learning module 110. [0136] At step 208, the computer device 1021 receives results of distributed check of potential malware from at least a portion of computer devices 1022 . . . 102N. [0139] At step 212, the processor of the computer device 1021 determines the harmfulness parameter based on the results of the distributed check of potential malware received from at least a portion of the computer devices 1022 . . . 102N. [0147] At the step 212, the computer device 1021 processor identifies the malware in response to the harmfulness parameter of the potential malware exceeding a predetermined threshold value. [0150] At the step 214, the computer device 1021 processor stores the malware in the distributed malware register 108. The method to save this information and the structure of the stored information related to the malware may be configured, for example, in accordance with the blockchain technology (security blockchain ledger). [0090] In addition, the first user device 1041 may have access to the distributed malware register 108. If check of potential malware by the set of the nodes of the peer-to-peer network 150 confirms the software harmfulness, then the software, its hash sum, and at least a portion of the associated malware-related data can be input into the distributed malware register 108. Thus, the first user device 1041 may receive data associated with malware confirmed by the set of the nodes of the peer-to-peer network 150). 

As per claims 6 and 27, Sachkov in view of Selinger teaches:  
The system of claim 1, wherein the at least one second security node implements self-learning to generate the at least one of pre-trained detection models and rules (Sachkov: [0129] Additionally, the malware analysis model may be re-trained with an updated sample taking into account the results confirmed by the computer devices 1021 . . . 102N. [0136] At step 208, the computer device 1021 receives results of distributed check of potential malware from at least a portion of computer devices 1022 . . . 102N.). 

As per claims 7 and 28, Sachkov in view of Selinger teaches: 
The system of claim 6, wherein the self-learning includes a plurality of neural networks and machine learning algorithms, the machine learning algorithms comprising at least one of a deep learning algorithm, a boosting algorithm, and a bagging approaches algorithm (Sachkov: [0063]: The deep neural networks generally include a series of algorithms that can identify the underlying relationships and connections in a data set using a process that mimics the human brain function. Locations and weights of the data set links generally determine the output. [0101] The machine-learning module 110 is configured to use a machine learning algorithm configured to check and confirm harmfulness of a potential malware file. In some embodiments of the present technology, one or more machine learning algorithms may be any suitable machine-learning algorithm trained in a supervised or semi-supervised manner, such as: [0102] Artificial neural network [0103] Gaussian regression process [0104] Decision trees [0105] and so on). 

As per claims 8 and 29, Sachkov in view of Selinger teaches:  
The system of claim 1, wherein at least one of the pre-trained detection models and rules include cybersecurity artifacts as security vulnerabilities in at least one of a smart contracts and digital assets, in at least one of binary formats and source code formats, malware in at least one of a smart contract, digital assets, end user computers, good/malicious smart contract patterns, good/malicious network attack traffic patterns, good/malicious behavior patterns by traditional blockchain nodes, good/malicious behavior patterns by the plurality of first security nodes, valid/non-valid signatures' patterns of an Internet of Things (IoT) manufacturer that places an IoT security upgrade as a programmable asset on the blockchain, valid/non-valid signature patterns of a network intrusion collaborating party that places a good/malicious network pattern update as a digital asset, a good/innocuous security software upgrade for a connected user equipment, and a vulnerable security software upgrade for the monitored connected devices (Sachkov: [0101] The machine-learning module 110 is configured to use a machine learning algorithm configured to check and confirm harmfulness of a potential malware file. [0109] The method 200 begins at step 202. The computer device 1021 receives input data associated with a potential malware. In the context of this application, the potential malware is any software that, during its execution, is executing or may execute malicious activity, carry out unauthorized access to information, illegally use, copy, distort, delete or substitute information). 

As per claims 21 and 42, Sachkov in view of Selinger teaches: 
The system of claim 1, wherein a security blockchain ledger stores cybersecurity artifacts associated with the malicious and good behavior by the at least one second security node for self-learning to generate the at least one of pre-trained detection models and rules (Sachkov: [0147] At the step 212, the computer device 1021 processor identifies the malware in response to the harmfulness parameter of the potential malware exceeding a predetermined threshold value. [0150] At the step 214, the computer device 1021 processor stores the malware in the distributed malware register 108. The method to save this information and the structure of the stored information related to the malware may be configured, for example, in accordance with the blockchain technology. [0129] Additionally, the malware analysis model may be re-trained with an updated sample taking into account the results confirmed by the computer devices 1021 . . . 102N).

Claims 3, 5, 15-17, 19, 24, 26, 36-38 and 40 are rejected under 35 U.S.C. 103 as being unpatentable over Sachkov in view of Selinger as applied to claims 1 and 22 above, and further in view of US 20190379699 to Katragadda et al (hereinafter Katragadda).
As per claims 3 and 24, Sachkov in view of Selinger teaches: 
The system of claim 1 …use the cybersecurity artifacts for training of self-learning detection models (Sachkov: [0129] Additionally, the malware analysis model may be re-trained with an updated sample taking into account the results confirmed by the computer devices 1021 . . . 102N).
Sachkov in view of Selinger does not teach the rest of limitations of claim 3. However, Katragadda teaches: 
wherein the protocol is a consensus protocol, and each of the plurality of security detection loops utilize the consensus protocol to guaranty validity of cybersecurity artifacts before sending warning alerts to at least one of a traditional blockchain node and third parties (Katragadda: claim 1: receiving, from at least one of the plurality of nodes, the at least one input data into a curator engine, receiving, from the curator engine, the at least one input data into a transaction engine; evaluating the at least one input data for information and events or vectors of attack; validating the indicator or vectors of attack; ranking the information and events or vectors of attack as an indicator; logging the indicator or vector of attack into the node of the particular network;… processing, by the action engine, the transaction received from the rule engine, wherein the action engine decides a predetermined action and generates feedback to the client environment based on the predetermined action. Claim 2: wherein the validating, the evaluating, the ranking, the recording, and the logging is by … a network consensus from the client environment. [0031] The phrase "alert" as used herein generally refers to notifications about an event that has occurred or may potentially occur in a computer environment. [0070]: Rule engine also includes supervised and unsupervised machine learning techniques and behavior analysis modules that provide decision making capabilities in near real time and to create alerts or notifications. [0086]: The messages sent to client environment from action engine could be a trigger, an alerts, an alarms, a plurality of notifications, and/or the like. Also, [0126]), add cybersecurity artifacts into a security blockchain ledger (Katragadda: claim 1: recording the indicator or vectors of attack into a blockchain database as a transaction having a unique transaction identifier). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Katragadda in the invention of Sachkov in view of Selinger to include the above limitations. The motivation to do so would be to provide a system and method that combines the immutable electronic method with artificial intelligence and the use of behavior analysis to detect and deter cyber threats in the blockchain environment (Katragadda: [0006]).

As per claims 5 and 26, Sachkov in view of Selinger does not teach the limitations of claims 5 and 26. However, Katragadda teaches: 
wherein each of the plurality of first security nodes, the at least one second security node, and the at least one third security node register themselves on the blockchain prior to the plurality of first security nodes monitoring at least one of the blockchain and the connected devices for the malicious and good behavior (Katragadda: [0009]: The method includes registering, by a unique identifier, an internet of things device to a transaction engine such that a unique signature is provided. The transaction engine determines a plurality of data to be collected from the internet of things device. A blockchain database records the unique signature. [0026]: Further, the system is configured to utilize blockchain distributed database to achieve transparency of all the transactions. The system is further configured to use advanced adaptation and distribution of intelligence making each node or endpoint extremely intelligent and fast to proactively act on various threats. Also, [0028]. [0141]: The new device registration 801 may be configured to register the IoT devices (i.e. the server computing devices 20, the user computing devices 25, the tablet computing devices 35, the mobile devices 40, and/or the like of FIG. 1) to the system 100 with a unique identifier 205 (FIG. 3) as the input data 110 (FIG. 3)). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Katragadda in the invention of Sachkov in view of Selinger to include the above limitations. The motivation to do so would be to provide a system and method that combines the immutable electronic method with artificial intelligence and the use of behavior analysis to detect and deter cyber threats in the blockchain environment (Katragadda: [0006]).

As per claims 15 and 36, Sachkov in view of Selinger does not teach the limitations of claims 15 and 36. However, Katragadda teaches: 
wherein a plurality of the third security node achieve consensus as a basis on deciding whether to store the risk scores calculated by each of the plurality of first security nodes in a security blockchain ledger for use by the at least one second security node to implement self-learning to generate the at least one of pre-trained detection models and rules (Katragadda: [0126]: For example, within the transaction engine 107, the valid message payload having a header M101 may be evaluated for IOC's, IOE's and/or vectors of attack as described in FIG. 13 below. As such, information and events (IAE) may be divided into indicators of compromise (IOC), indicators of attack (IOA), indicators of activity (IOV), and powered by indicators of usage (IOU). Each indicator may be ranked depending on the approval rating of researchers when evaluating possible vectors of attack. That is, if a vector has enough validation of approval from its peers or researchers, the indicator becomes a comprise vector and is logged in the network layer 104 (FIG. 2). The vectors and indicators are validated, logged in the network layer 104 (FIG. 2), and recorded in the blockchain database 103. [0150] A score is assigned to the at least one of the plurality of security or vulnerability threats based on the peer reviews, at block 1130. [0156]: By leveraging such data and filtering it with supervised and unsupervised machine learning techniques the system can learn and detect anomalies, malfunctioning devices, and insecure components. Such anomalies include cyber security threats, incidents that can affect usability, overall system integrity, and or comprised information. Also, claims 1 and 2). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Katragadda in the invention of Sachkov in view of Selinger to include the above limitations. The motivation to do so would be to provide a system and method that combines the immutable electronic method with artificial intelligence and the use of behavior analysis to detect and deter cyber threats in the blockchain environment (Katragadda: [0006]).

As per claims 16 and 37, Sachkov in view of Selinger teaches: 
The system of claim 1, wherein: the at least one second security node identifies a particular risk score associated with the plurality of first security nodes as being inside of an accepted risk score range, and informs the at least one third security node that the particular risk score is inside of the accepted risk score range (Sachkov: [0139] At step 212, the processor of the computer device 1021 determines the harmfulness parameter based on the results of the distributed check of potential malware received from at least a portion of the computer devices 1022 . . . 102N. [0140] The harmfulness parameter is a function that depends on the number N of the computer devices 1021 . . . 102N in the peer-to-peer network 150, of reputation of each of these devices and of the results of determination of the harmfulness of the potential malware received by each of the computer devices [1021 . . . 102N]. [0147] At the step 212, the computer device 1021 processor identifies the malware in response to the harmfulness parameter of the potential malware exceeding a predetermined threshold value (accepted risk score range). 0150] At the step 214, the computer device 1021 processor stores the malware in the distributed malware register 108. [0090] In addition, the first user device 1041 may have access to the distributed malware register 108. If check of potential malware by the set of the nodes of the peer-to-peer network 150 confirms the software harmfulness, then the software, its hash sum, and at least a portion of the associated malware-related data can be input into the distributed malware register 108. Thus, the first user device 1041 may receive data associated with malware confirmed by the set of the nodes of the peer-to-peer network 150); and 
Sachkov does not teach: the at least one third security node further decides to reward the plurality of first security nodes for behaving honestly in response to the particular risk score being inside of the accepted risk score range. However, Katragadda teaches:
the at least one third security node further decides to reward the plurality of first security nodes for behaving honestly in response to the particular risk score being inside of the accepted risk score range (Katragadda: [0150] A score is assigned to the at least one of the plurality of security or vulnerability threats based on the peer reviews, at block 1130, and a reward is generated based on the score, at block 1135, such that the researcher receives the reward, at block 1101, and both the scores and the rewards are recorded in the blockchain database 103 at block 1115. It should be appreciated that rewards may be used in an ICO. Further, the rewards may be issued within the system by a proof of work mechanism such as, without limitation, cryptocurrencies including Bitcoin, Ethereum, and/or the like. Moreover, it should be appreciated that the peer review may be a plurality of external individuals, a plurality of researchers, a plurality of machines having supervised and/or unsupervised machine learning and configured to provide legitimate intelligence, computational validation and/or the like. As such, the plurality of external individuals, the plurality of researchers, the plurality of machines and/or the like may be rewarded through a valid and fair mechanism such as, without limitation, cryptocurrencies including Bitcoin, Ethereum, and/or the like. Claim 3. The method of claim 2, wherein the plurality of researchers, a plurality of external individuals or a plurality of machines that provide legitimate intelligence are rewarded). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Katragadda in the invention of Sachkov in view of Selinger to include the above limitations. The motivation to do so would be to provide a system and method that combines the immutable electronic method with artificial intelligence and the use of behavior analysis to detect and deter cyber threats in the blockchain environment (Katragadda: [0006]).

As per claims 17 and 38, Sachkov in view of Selinger and Katragadda teaches: 
The system of claim 16, wherein a plurality of the second security node achieve consensus to decide whether the particular risk score associated with a particular first security node is inside of an accepted risk score range (Katragadda: [0150] A score is assigned to the at least one of the plurality of security or vulnerability threats based on the peer reviews, at block 1130, and a reward is generated based on the score, at block 1135, such that the researcher receives the reward, at block 1101, and both the scores and the rewards are recorded in the blockchain database 103 at block 1115. It should be appreciated that rewards may be used in an ICO. Further, the rewards may be issued within the system by a proof of work mechanism such as, without limitation, cryptocurrencies including Bitcoin, Ethereum, and/or the like. Moreover, it should be appreciated that the peer review may be a plurality of external individuals, a plurality of researchers, a plurality of machines having supervised and/or unsupervised machine learning and configured to provide legitimate intelligence, computational validation and/or the like). 

As per claims 19 and 40, Sachkov in view of Selinger does not teach the limitations of claim 19, However, Katragadda teaches:  
wherein the at least one third security node further sends a security warning acknowledgement alert to the plurality of first security nodes, and the plurality of first security nodes, in response to the security warning acknowledgement alert, further send the security warning alert to at least one of a traditional blockchain node and third parties, and the plurality of first security nodes, in response to the security warning acknowledgement alert, further at least one of block traffic from at least one of malicious connected devices, place vulnerable contracts into quarantine, and perform security configuration updates (Katragadda: [0126]: That is, if a vector has enough validation of approval from its peers or researchers, the indicator becomes a comprise vector and is logged in the network layer 104 (FIG. 2). The vectors and indicators are validated, logged in the network layer 104 (FIG. 2), and recorded in the blockchain database 103. [0127]: The rule engine 108 outputs a decision signal M104 to the both the blockchain database 103 and an action engine 109, which is communicatively coupled to the rule engine 108. As such, all rule engine 108 decision signals M104 are recorded in the blockchain database 103 so to be shared to the swarm intelligence 121. The action engine 109 may be configured to execute the decision signal M104 as well as to make a decision on whether to generate a plurality of alerts M10 to the client environment 105 and specifically to the client UI 114. [0128]: The swarm 112 is configured to share information, ordered and securely between the group of nodes 111. [0129] The client reporter node 111a processes the data, as described herein, and the node is communicatively coupled to the client environment 105 as described herein. As such, the node may input the input data 110 from the client environment 105 and output the decision signal M104 to the action engine 109 of the client environment 105. [0139]: If the rule engine 108 determines that the new transaction is malware, as illustrated by the dotted line 710 in FIG. 7, the data file is rejected 708 and the action engine 109 may alert the client UI 114. [0123]: connection, TCP connection, Web Notification, JSON message, and/or the like. Further, administration events, such as firewall configuration, IDS rule writing, shutdown and reconfiguration of devices is contemplated). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Katragadda in the invention of Sachkov in view of Selinger to include the above limitations. The motivation to do so would be to provide a system and method that combines the immutable electronic method with artificial intelligence and the use of behavior analysis to detect and deter cyber threats in the blockchain environment (Katragadda: [0006]).

Claims 18 and 39 are rejected under 35 U.S.C. 103 as being unpatentable over Sachkov in view of Selinger and Katragadda as applied to claims 16 and 37 above, and further in view of US 20210049509 to Yang (hereinafter Yang).
As per claims 18 and 39, Sachkov in view of Selinger and Katragadda teaches:  
The system of claim 16, wherein a plurality of the third security node achieve consensus as a basis to reward the plurality of first security nodes for behaving honestly in response to the particular risk score being inside of the accepted risk score range (Katragadda: [0150] A score is assigned to the at least one of the plurality of security or vulnerability threats based on the peer reviews, at block 1130, and a reward is generated based on the score, at block 1135, such that the researcher receives the reward, at block 1101, and both the scores and the rewards are recorded in the blockchain database 103 at block 1115. It should be appreciated that rewards may be used in an ICO. Further, the rewards may be issued within the system by a proof of work mechanism such as, without limitation, cryptocurrencies including Bitcoin, Ethereum, and/or the like. Moreover, it should be appreciated that the peer review may be a plurality of external individuals, a plurality of researchers, a plurality of machines having supervised and/or unsupervised machine learning and configured to provide legitimate intelligence, computational validation and/or the like). 
Sachkov in view of Selinger and Katragadda teaches rewarding the plurality of nodes but does not teach: wherein a plurality of the third security node achieve consensus as a basis to reward the plurality of first security nodes. However, Yang teaches:
wherein a plurality of the third security node achieve consensus as a basis to reward the plurality of first security nodes (Yang: [0060] Consensus verification on the performer reward transaction mainly means that the multiple nodes separately perform validity verification on the performer reward transaction, and reach a consensus on a validity verification result. Content of validity verification includes at least verifying whether a signature of the execution node that broadcasts the performer reward transaction is valid, whether the performer reward transaction is tampered with in the broadcasting process, etc.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Yang in the invention of Sachkov in view of Selinger and Katragadda to include the above limitations. The motivation to do so would be to provide a more open and credible method for rewarding a work performer (Yang: [0006]).

Claims 4 and 25 are rejected under 35 U.S.C. 103 as being unpatentable over Sachkov in view of Selinger as applied to claims 1 and 22 above, and further in view of US 20190379642 to Simons et al (hereinafter Simons).
As per claims 4 and 25, Sachkov in view of Selinger teaches: 
The system of claim 1, wherein the plurality of first security nodes are each one of installed on a traditional blockchain node (Sachkov: [0079] Each of the set of the computer devices 1021, 1022, . . . , 102N is connected to each other (each with each) via a communication channel to form the peer-to-peer network 150. Each of the set of the computer devices 1021, 1022, . . . , 102N is a node of the peer-to-peer network 150 and is configured to receive and transmit messages represented as blocks of transactions in accordance with the blockchain technology).
Sachkov does not teach: registered in the system as an independent first security node running separately from the traditional blockchain node. However, Simons teaches:
registered in the system as an independent first security node running separately from the traditional blockchain node (Simons: [0039] In accordance with some embodiments, the overwatch agent can run out of band relative to the blockchain. This can be accomplished by creating a tap (e.g., an inline tap, a passive tap, etc.) on proxy 210 to gain access to the network traffic. As a result, downtime of the overwatch agent 230 has no effect on the normal operation of the blockchain and the physical deployment is distributed between a number of geographic locations based on capacity requirements. [0042]: The overwatch agent can analyze the traffic (e.g., packages and payloads of the data). [0043]: In some embodiments, the analysis can be performed locally on the miners and that analysis can then be aggregated remotely).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Simons in the invention of Sachkov in view of Selinger to include the above limitations. The motivation to do so would be to provide a blockchain overwatch system that provides secure communications, ensures privacy, and actively monitors transactions to identify various security threats (Simons: [0005]).

Claims 9 and 30 are rejected under 35 U.S.C. 103 as being unpatentable over Sachkov in view of Selinger as applied to claims 1 and 22 above, and further in view of Katragadda and US 9774632 to Gallant et al (hereinafter Gallant).
As per claims 9 and 30, Sachkov in view of Selinger teaches: 
The system of claim 1, wherein the monitoring by the first plurality of security nodes includes validating incoming network traffic for malicious attack patterns, validating at least one of programmable digital assets, smart contracts, files, and executables for malware and/or presence of exploits (Sachkov: [0101] The machine-learning module 110 is configured to use a machine learning algorithm configured to check and confirm harmfulness of a potential malware file. [0109] The method 200 begins at step 202. The computer device 1021 receives input data associated with a potential malware. In the context of this application, the potential malware is any software that, during its execution, is executing or may execute malicious activity, carry out unauthorized access to information, illegally use, copy, distort, delete or substitute information), 
Sachkov does not teach: validating security policy updates for innocuousness, validating an incoming security software upgrade for innocuousness, validating a signature pattern of an Internet of Things (IoT) manufacturer, and validating signature patterns of a network intrusion collaborating party. However, Katragadda teaches:
validating an incoming security software upgrade for innocuousness, validating a signature pattern of an Internet of Things (IoT) manufacturer, and validating signature patterns of a network intrusion collaborating party (Katragadda: [0028]: The indicators or vectors of attack are recorded into a blockchain database so to be distributed throughout the swarm and/or the plurality of nodes to protect those connected from unwanted intrusions, malware, vulnerabilities, and/or the like. [0156] Another embodiment envisioned is a method to analyze, detect vulnerabilities and anomalies on Internet of Things (IoT) enabled devices, computer environments and related components by generating a unique digital representation of the target device and or environment and categorize server metadata, including but not limited to ports, current system configuration, operating system, current user usage and permissions, access levels, network configuration and connectivity, services and active services, interconnected components).  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Katragadda in the invention of Sachkov in view of Selinger to include the above limitations. The motivation to do so would be to provide a system and method that combines the immutable electronic method with artificial intelligence and the use of behavior analysis to detect and deter cyber threats in the blockchain environment (Katragadda: [0006]).
And, Gallant teaches:
validating security policy updates for innocuousness (Gallant: column 6, lines 63-67: The code is advantageously embodied in a document or other data structure (e.g., a certificate) signed by a CA. We refer to this message as a Policy Update message, or PU-message. Column 7, lines 16-45: Upon receipt of a secured message having a bare (plaintext or unprocessed) message, a digital signature on the message, a certificate of the supposed signing entity, and perhaps a PU-message containing an PU-script, the secured message and the PU-message is verified according to normal verification protocols (which are predetermined at the time of manufacture of the system entity). Such information is used by the PU-script code to determine the ultimate validity of a received message and/or whether to implement a particular policy update).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Gallant in the invention of Sachkov in view of Selinger and Katragadda to include the above limitations. The motivation to do so would be to provide a controlled environment for dynamically modifying and distributing security system policies (Gallant: column 4, lines 63-65).

Claims 10 and 31 are rejected under 35 U.S.C. 103 as being unpatentable over Sachkov in view of Selinger as applied to claims 1 and 22 above, and further in view of US 20200204580 to Konda et al (hereinafter Konda).
As per claims 10 and 31, Sachkov in view of Selinger teaches:  
The system of claim 1, wherein the plurality of first security nodes at least one of each calculate a risk score as a basis to determine if the monitored blockchain includes the malicious behavior (Sachkov: [0133]: Thus, each computer device from the set of the devices 1022 . . . 102N may check harmfulness (risk score) of the potentially malicious file using the same check parameters that are the parameters used by the computer device 1021), 
Sachkov in view of Selinger does not teach: achieve a low-level consensus through an asynchronous Byzantine fault tolerant (BFT) algorithm over the risk score as the basis to determine if the monitored blockchain includes the malicious behavior. However, Konda teaches:
achieve a low-level consensus through an asynchronous Byzantine fault tolerant (BFT) algorithm over the risk score as the basis to determine if the monitored blockchain includes the malicious behavior (Konda: [0035] When a block in a blockchain is created, the new block can be marked as "PENDING" until validating nodes in the blockchain network validate the new block and the DDoS attack details included in the new block. The new block will remain in the "PENDING" state until validating nodes in the blockchain network come to an agreement about whether or not the new block can be validated. The agreement can be in the form of a consensus algorithm or by some other means. For example, a practical Byzantine Fault Tolerance (PBFT) consensus algorithm can be used by the security vendors to validate the block. [0055]: At 402, a block that includes data related to a DDoS attack is created and published for addition to a blockchain in a blockchain network. For example, a PBFT consensus algorithm can be used to determine validation of the block). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Konda in the invention of Sachkov in view of Selinger to include the above limitations. The motivation to do so would be to use a blockchain for distributed denial of service attack mitigation (Konda: [0001]).

Allowable Subject Matter
Claims 32-35 and 41 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. 
Also, claims 11-14 and 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims and if the rejection under 35 U.S.C 101 is overcome.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 
US 20200099698 to Kundu et al: A method contains malware within a network resource. A blockchain system establishes a smart contract, on the blockchain system, for a network resource in a computer environment. The smart contract is for an action to be performed on the network resource if a malware is detected on the network resource. In response to malware being detected in the network resource, the blockchain system determines whether a consensus is reached by a plurality of computers on the blockchain system to implement the action to contain the malware based on the smart contract. In response to the consensus being reached by the plurality of computers, the blockchain system transmits, to the network resource, directions to implement the action on the network resource as specified by the smart contract.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MADHURI R HERZOG whose telephone number is (571)270-3359. The examiner can normally be reached 8:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on (571)272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

MADHURI R. HERZOG
Primary Examiner
Art Unit 2438



/MADHURI R HERZOG/Primary Examiner, Art Unit 2438