DETAILED ACTION
This Final Office Action is in response to amendment filed on 01/20/2022.
Claims 1, 8, 13, 15 and 20 have been amended. Claims 1, 4-8, 11-15 and 18-20 remain pending in the application. 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings
The drawings filed on 05/08/2019 are accepted.

Response to Amendment 
Applicant’s amendments to the abstract have overcome the objection previously set forth in the Non-Final Office Action mailed on 10/28/2021.
 Applicant’s claims amendments have overcome the objection previously set forth in the Non-Final Office Action mailed on 10/28/2021.

Response to Arguments 
Applicant’s arguments, see Applicant Remarks, Page 14 regarding the newly added limitation to include one of the following limitations “at least one of a registration contract that maps a blockchain address identity of an organization to a pseudoidentity of the organization, a policy deployment contract that maps a blockchain address of the or a reputation contract that maps a blockchain address identity of an organization to a reputation of the organization”, filed 01/20/2022, with respect to the rejections of claims 1, 8 and 15 under 35 U.S.C 103 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of prior art: Dent-Young et. al. (US 20210027260 A1), hereinafter Dent-Young, in addition to the previously cited prior art. Please see detailed rejection below. 
Conclusion: Kane in view of Mehta, Hennebert and Dent-Young disclose the aforementioned limitations of independent claims 1, 8 and 15 and render claims’ limitations obvious before the effective date of the claimed invention.
	
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having 

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 4-6, 8, 11-13 and 15, 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Kane (US 20050010780 A1), hereinafter Kane in view of Mehta (US 20190319968 A1), hereinafter Mehta, Hennebert et. al. (US 20190294822 A1), hereinafter Hennebert and further in view of Dent-Young et. al. (US 20210027260 A1), hereinafter Dent-Young.

Regarding claim 1 (Currently Amended) Kane teaches a computer-implemented method (Kane [0008] “…a method and apparatus for providing access to personal information”) comprising: 
transmitting, at a computer system comprising a processor, memory accessible by the processor, and computer program instructions stored in the memory and executable by the processor, an access permission request [to a blockchain network], the access permission request requesting permission to access [cyber threat] [cyber threat] information storage system [storing cyber threat information from a plurality of organizations] (Kane illustrates in Figure 1 a computer device requestor 103, i.e. computer system, where a computer comprises memory and processor, transmitting a request to access information to a requestee 101, [0013] “…requestor 103 comprises an electronic device that requests access to personal information from requestee 101. For example, requestor 103 may comprise a computer running software that requests credit card information from requestee 101, may comprise a computer running software that requests certain medical records from requestee 101, or may comprise an online store that requests permission from requestee 101 to write a receipt for recently purchased goods into the database 102.”), 
the access permission request further comprising an indication of the requested [cyber threat] information and an identifier of identity or pseudoidentity information (Kane discloses in [0013, 0021] requests including information that identify the requesting entity and indicate the requesting information, which indicate requesting credit card information, medical records, etc. [0013] “requestor 103 may comprise a computer running software that requests credit card information from requestee 101, may comprise a computer running software that requests certain medical records from requestee 101, or may comprise an online store that requests permission from requestee 101 to write a receipt for recently purchased goods into the database 102.”, [0027] “The request is received by authorization manager 308 and the request is analyzed to determine if it was made by a proper entity (e.g., the requester's public-key certificate is examined and verified). The requester 103 will also identify the intended use of the requested information. For example, if the requestor 103 is receiving personal information it can state one of three possible uses for the information: (a) use once and discard, (b) securely retain, (c) no commitments. Once it has been determined that the request was made by a proper entity and the intended use has been approved, a token is generated by generator 309.”), 
[stored in the blockchain, of an organization requesting the cyber threat information, the blockchain network including a blockchain ledger storing access control information from the plurality of organizations]; 
receiving, at the computer system, a reference to an access permission token to be used to access the [cyber threat] information (Kane Figure 1 illustrates receiving, by the requestor 103, access token, [0016] “In response to the request, requestee 101 determines if the information should be provided, and if so, provides requestor 103 (external entity) with cryptographically protected access information (i.e., a token) allowing requestor to access the specified personal information existing within database 102.”), 
the access permission token generated [by the blockchain network using at least one smart contract] (Kane [0008] “…the request is made to a token generation subsystem that produces a token that allows access to the personal database”); 
transmitting, at the computer system, a transaction request to the cyber threat information storage system, the transaction request including the reference to the access permission token (Kane Figure 1 illustrates transmitting, by the requestor 103, a request including the token to the database 102, where the database is a separate storage circuitry, corresponding to the server, as disclosed in [0014]); and 
receiving, at the computer system, the requested [cyber threat] information, wherein the requested [cyber threat] information was retrieved from the [cyber threat] information storage system using the access permission token (Kane Figure 1 illustrates receiving, by the requestor, information from the database 102 in response to receiving the token by the database 102).
While Kane discloses the aforementioned limitations, however, Kane does not disclose that the information can be cyber threat information and that the requestee can be a blockchain system with a smart contract.
Mehta from analogues field of invention teaches cyber threat information and storing cyber threat information from a plurality of organizations (Mehta [0011] “…shares security data (e.g., threats, vulnerabilities) experienced by enterprises with other participants on the network.” storing the security data (e.g., threats, vulnerabilities) as disclosed in [0012]),
blockchain network, the blockchain network including a blockchain ledger storing access control information from the plurality of organizations (Mehta [0012] “…providing a data summary to a distributed ledger platform having a private distributed ledger, the data summary being stored to the private distributed ledger, being representative of the security data, and having a smaller memory footprint than the security data, determining, by the distributed ledger platform, a token value to be associated with the security data, the token value being determined using a smart contract executed on the distributed ledger platform, and being based on the data summary of the security data”, where the token determined and stored token, which controls access to the security data, where the [0015] “distributed ledger is the commonly known Blockchain (or blockchain)”, where [0026] “The token value is added to a wallet of the enterprise that provided the security data.”, [0037] “…each enterprise 110 has respective wallet maintained with the blockchain-based processing system 222, each wallet having an associated key, and a password. In some examples, the wallet is a digital wallet that enables users (enterprises) to manage tokens.”),
the access permission token generated by the blockchain network using at least one smart contract (Mehta [0012] “…determining, by the distributed ledger platform, a token value to be associated with the security data, the token value being determined using a smart contract executed on the distributed ledger platform”),
Mehta discloses the teaching of using blockchain to determine tokens associated with cyber security/vulnerability information/data that can be shared/purchased/given in charity among enterprises/organizations through vendors, [0043] “…the security network marketplace 320 provides data security services that can be purchased by data providers (e.g., enterprises) using tokens obtained through sharing of their security data…external participants 330 can benefit from the e-commerce architecture 300 (e.g., tokens can be donated to a charity, which can use the tokens to procure data security services.”, where the above teaching shows that the purchasing/requesting enterprise/organization requests/purchases access to cyber threat information, and through blockchain, receives token to access the purchased/requested cyber threat information. 
Mehta discloses storing in the blockchain, of an organization requesting the cyber threat information (Mehta  [0012] “…providing a data summary to a distributed ledger platform having a private distributed ledger, the data summary being stored to the private distributed ledger, being representative of the security data, and having a smaller memory footprint than the security data, determining, by the distributed ledger platform, a token value to be associated with the security data, the token value being determined using a smart contract executed on the distributed ledger platform, and being based on the data summary of the security data”, where the token determined and store token, which controls access the security data, where the [0015] “distributed ledger is the commonly known Blockchain (or blockchain)”, where [0026] “The token value is added to a wallet of the enterprise that provided the security data.”, [0037] “…each enterprise 110 has respective wallet maintained with the blockchain-based processing system 222, each wallet having an associated key, and a password. In some examples, the wallet is a digital wallet that enables users (enterprises) to manage tokens.”, where the security data is identified and associated with the identity of the providing enterprise).
Mehta further discloses wherein the smart contract comprises at least:  
a payment contract that controls trading of cyber threat information among organizations using internal tokens (Mehta  discloses [0011] “Tokens can be redeemed to for security products, and/or subscriptions from participating security vendors”, [0013] “…enterprises often rely on one or more vendors for their information security needs”, [0016] “all entities on the blockchain network may need to know all previous transactions (e.g., security information, token issuance, token value, contracts, settlement) to validate a requested transaction, entities must agree on which transactions”, [0027] “…the enterprise can use token value to purchase data security services. For example, the enterprise can purchase, or subscribe to data security services through the security information exchange platform 140”, 
examiner interprets internal tokens as the (Meta [0043]) “token-based payment” utilized by enterprises for purchasing security data services, where (Meta [0012]) the token determined by the smart contract and, the token, is internal to a wallet associated with the enterprise. Examiner notes that the “internal token” is not distinctively defined and merely stated in [0007] and [0042] in the specification of the instant application).    
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Kane to incorporate the teaching of Mehta to utilize the above feature, with the motivation of increasing effectiveness of data security measures, using a distributed ledger-based such that automatically share security data (e.g., threats, vulnerabilities) experienced by enterprises with other participants on the network, as recognized by (Mehta [0001-0002]).
While Kane discloses the above limitations, and Mehta further discloses smart contract comprising a contract that determines token utilized as disclosed in (Mehta [0012]), where token determined by a smart contract, and is utilized for purchase of security data/threat information/vulnerability data, [0027] where the enterprise can use token value to purchase data security services where (Mehta [0026, 0037]) the token is added to a wallet of an enterprise and provides security data, where each enterprise wallet is maintained by the blockchain system, where the disclosure of the token by Mehta makes it obvious to conceive of the smart contract controlling purchase via tokens, and controlling retrieval of the access token, however, Kane in view of Mehta do not explicitly disclose that the smart contract further comprises other/second form of contract functionality as recited in the below claim limitation. Emphasis in Italic below.
Hennebert discloses wherein the smart contract comprises a permission contract that stores and controls retrieval of access permission tokens  (Hennebert discloses smart contracts within a blockchain, [0041] “A smart contract is a software code that can be stored in a block of the distributed ledger”, where the smart contracts functions can be grouped into a single smart contract, [0049] “…the operations carried out by the different elements of the system call on smart contracts (or even a single smart contract grouping together all of their respective functions). These smart contracts are stored in the distributed ledger of the blockchain.”, where functions of the smart contracts include recording/storing access tokens in the blockchain, [0020] “…the second smart contract recording the access token in the blockchain”, functions further include control retrieval of access tokens, [0095] “The data server then interrogates the second smart contract #Authorize by providing to it the access authorization request identifier, IdReq#p in 332. The contract #Authorize verifies that an access authorization corresponding to the number has indeed been granted to the user and, in the affirmative, interrogates in 333 the first smart contract #Subscribe and obtains in 334 the corresponding token (that is to say the token of which the identifier TokUID appears in the access authorization). The contract #Authorize returns, in 335, the token in question to the data server.”,
where the functions of recording, verifying, obtaining, authorizing, and returning, corresponding to the permission contract functionality).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Kane in view of Mehta to incorporate the teaching of Hennebert to utilize the above feature, with the motivation of guaranteeing correct execution of security functions and authentication of different element of the system, as recognized by (Hennebert [0050]).
Kane in view of Mehta and Hennebert do not disclose the below limitations.
Dent-Young discloses smart contract comprises at least one of 
a registration contract that maps a blockchain address identity of an organization to a pseudoidentity of the organization, a policy deployment contract that maps a blockchain address of the organization to cyber threat information sharing and consumption policies of the organization, a coalition relationship contract that regulates the cyber threat information that may be exchanged between organizations, ora  reputation contract that maps a blockchain address identity of an organization to a reputation of the organization and  (Dent-Young discloses automatically using a past contract to determine past behavior of a software defined network controller (SDNC) recorded in the distributed ledger and to associate/map the (SDNC) and its identified business entity with its reputation and accordingly determining whether the SDNCs owned by a given business entity should continue to be part of the circle of trust, [0134] “…the record of SDNC interactions recorded in the distributed ledger provides a means to assess the past behaviour of SDNCs and, by extension their owning or operating business entities. This creates a means objectively to establish a reputation for business entities that can be used to allow a given SDNC, owned by one business entity, to make decisions about whether to interact with other SDNCs, owned by other business entities. Also, reputation can be automatically, with a Smart Contract, used to determine whether SDNCs owned by a given business entity should continue to be part of the circle of trust implied by being present in the Distributed Ledger.”, where the smart contract identifies the address identity of the SDNCs, owned by a particular Business Entity (BE), in the distributed ledger, and maps the SDNCs and its BE to its reputation).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Kane in view of Mehta and Hennebert to incorporate the teaching of Dent-Young to utilizes the above feature, with the motivation of permitting the dynamic establishment of trust relationships between SDNCs through the use of the SDN distributed ledger and reducing the cost of operations and the time to establish services for service providers using SDNCs, as recognized by (Dent-Young [0135]).
Regarding Claims 8 (Currently Amended) and 15 (Currently Amended), claims 8 and 15 are system and computer program product claims that have similar limitations to claim 1. Therefore, the rationale and motivation described in claim 1 is applied to claims 8 and 15.

Regarding clam 4 (Previously Presented), Kane in view of Mehta, Hennebert and Dent-Young teaches the method of claim 1, wherein the access permission token comprises at least one of a public key of an organization requesting the cyber threat information, access permission privileges of the organization, an expiration time of the access permission token, and a network location of the requested cyber threat information (Kane discloses in [0021-0026] token comprises “A validity period (e.g., expiration data)”).  

Regarding Claims 11 (Currently Amended) and 18 (Currently Amended), claims 11 and 18 have similar limitations to claim 4. Therefore, the rationale and motivation described in claim 4 is applied to claims 11 and 18.

Regarding clam 5 (Previously Presented), Kane in view of Mehta, Hennebert and Dent-Young teaches the method of claim 4, wherein the transaction request further comprises at least one of a requested operation and associated metadata, a cryptographic signature of the organization signed by a private key of the organization, and an access permission token timestamp information (Kane discloses in Figure 1 token being transmitted to database 102 as part of the transaction request to access information, where the token comprises [0025] A validity period (e.g., expiration data); and [0026] A digital signature or message authentication code that certifies the token's authenticity and integrity., where the validity period and expiration data correspond to a timestamp information).  
Regarding Claims 12 (Original) and 19 (Original), Claims 12 and 19 have similar limitations to claim 5. Therefore, the rationale and motivation described in claim 5 is applied to claims 12 and 19.

Regarding clam 6 (Original) Kane in view of Mehta, Hennebert and Dent-Young teaches The method of claim 5, 
Kane does not disclose the remaining limitation.
Mehta discloses wherein a hash of the cyber threat information stored in the at least one cyber threat information storage system is stored in the blockchain ledger and the method -25-P201807939US01further comprises determining, at the computer system, whether the cyber threat information has been altered, using the hash (Mehta [0030] “…multiple levels of security are provided on the security data being sent to the network. In a first level, the enterprise will hash the security data using an algorithm provided by the network administrator, and will also attach the hash of the data along with the data. In a second level, participating enterprises will use their private key to encrypt the data, and will use the network's public key to further encrypt the data. When the network receives the message, it will decrypt the data using the network's private key, and using the sending enterprise's public key. In a third level, the network will run the same hashing algorithm on the data, and compare with the original hash received along with the data. If both the hashes match, the message was not compromised en route from the enterprise.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Kane to incorporate the teaching of Mehta to utilize the above feature, with the motivation of increasing effectiveness of data security measures, using a distributed ledger-based blockchain such that automatically share security data (e.g., threats, vulnerabilities) experienced by enterprises with other participants on the network, as recognized by (Mehta [0001-0002]).

Regarding Claims 13 (Currently Amended) and 20 (Currently Amended), Claims 13 and 20 have similar limitations to claim 6. Therefore, the rationale and motivation described in claim 6 is applied to claims 13 and 20.

  Claims 7 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Kane in view of Mehta, Hennebert, Dent-Young and further in view of Mintz (US 20190108323 A1), hereinafter Mintz.

Regarding clam 7 (Previously Presented), Kane in view of Mehta, Hennebert and Dent-Young teaches the method of claim 1, 
retrieval of the cyber threat information.
Mintz from analogues field of invention teaches wherein the computer system performs the transmitting and receiving of claim 1 using an application program interface (Mintz discloses utilizing API for performing access to elements based on tokens [0041] “…the blockchain 114 may include the logic required for controlling access to software based on one or more of the self-executing tokens 116 stored in the blockchain 114”, [0043] “The token manager 118 may include an API…the token manager 118 may provide an interface, such as an Application Programming Interface (API), for adding and updating information stored in the blockchain 114. Alternatively or in addition, the token manager 118 may provide an interface for determining if use of the licensed component 104 or features therein, is authorized based on one or more of the self-executing tokens 116 stored in the blockchain 114. Additionally or alternatively, the token manager 118 may provide an interface for sending and receiving usage information related to one or more licensed components that are licensed according to one or more of the self-executing tokens 116. Alternatively or in addition, the token manager 118 may provide an interface for determining whether the remote device 102 is authorized to launch the licensed component 104 and/or access various features of the licensed component 104 based on one or more of the self-executing tokens 116.”).
 to incorporate the teaching of Mintz to utilize the above feature, with the motivation of providing an interface of adding and updating information stored in the blockchain 114, determining that a use of features is authorized based on a token, sending and receiving usage information, as recognized by (Mintz [0043]), where API is one of the finite interfaces utilized that can be used and would have been obvious to try.

Regarding Claim 14 (Previously Presented), Claim 14 has similar limitations to claim 7. Therefore, the rationale and motivation described in claim 7 is applied to claim 14.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Balaraman (US 20190164157 A1) discloses mart contract to an issuer system to register a merchant-to-smart contract relationship, smart contract comprising a return policy, a refund policy, a partial payment schedule, a full payment workflow, a service deployment schedule, or a product delivery schedule, smart contract for reputation. 
Nossik (US 11128437 B1) discloses a smart contract for reputation calculation of participating clouds.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP 
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BASSAM A NOAMAN whose telephone number is (571)272-2705. The examiner can normally be reached Monday-Friday 8:30 AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/BASSAM A NOAMAN/Examiner, Art Unit 2497                                                                                                                                                                                                        /ELENI A SHIFERAW/Supervisory Patent Examiner, Art Unit 2497