Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claim 8 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 8 recites “8. The method as described in claim 1 wherein the connection service provides highly-secure and resilient access to the network core computing elements, which hosts a blockchain-based system.” The term “highly-secure” and “resilient” are terms of degree and/or subjective terms. See MPEP 2173.05(b) (I) and (IV).  One skilled in the art cannot ascertain the scope of this claim because the specification fails to provide a standard for measuring the scope of “highly-secure” and “resilient.”  See id. This renders the claim vague and indefinite. 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1-15 are rejected under 35 U.S.C. 103 as being unpatentable over Dorri, Towards an Optimized BlockChain for IoT, 2017 in view of Liu, An Efficient Method to Enhance Bitcoin Wallet, 2017. 
With respect to claim 1, Dorri teaches “1. A method operative in association with a set of transaction handling computing elements that comprise a network core that receive and process transaction requests into an append-only immutable chain of data blocks” p. 174
The overlay CHs maintain a public [blockchain], which has a ledger for
each overlay node that shows the history of transactions sent by
the overlay user and is used to gain reputation. The transactions are
generated by users or devices to request or share data with others.

(transaction requests are sent by user devices); 
“wherein a data block is a collection of transactions” on p. 173 (“Communications among entities in different tiers are known as transactions that are grouped into blocks”) 
“and wherein presence of a transaction recorded within a data block is verifiable via a cryptographic hash” p. 173 (“Verified signed transactions are available for the entire network immediately”); 
p. 176 
it calculates a hash of received data packets and compares it with the received hash in the transaction. If the two hashes match, then data packets are stored in the storage and the new block-number is encrypted with the SHM PK, to make sure that only the true SHM can read the new block-number, and sent to the SHM.

“wherein the transaction requests originate from legacy computing infrastructure associated with a third party, comprising”  
p. 174
The overlay CHs maintain a public [blockchain], which has a ledger for
each overlay node that shows the history of transactions sent by
the overlay user and is used to gain reputation. The transactions are
generated by users or devices to request or share data with others
(Examiner finds user devices are part of a legacy computing infrastructure when “legacy computing infrastructure” is broadly read in view of the specification); 
“configuring an overlay network intermediate the legacy computing infrastructure and the network core” on p. 173 
The smart home is comprised of IoT devices, local IL, and a local storage as shown in the bottom left of Figure 1. Each home has a local private IL that is similar to a BC but is managed centrally by the smart home manager (SHM).

p. 174
The overlay is a peer-to-peer network that brings the distributed
feature to our architecture. The constituent nodes, known as overlay nodes, could be SHMs, other high resource devices in the home, or the user’s smartphone or personal computer.

(Examiner finds the SHMs make up the overlay network; SHMs sit between the legacy devices in the smart home and the cloud storage network (network core); 

The overlay is a peer-to-peer network that brings the distributed
feature to our architecture. e constituent nodes, known as overlay
nodes, could be SHMs, other high resource devices in the home, or
the user’s smartphone or personal computer. To decrease network
overhead and delay, nodes in the overlay are grouped in clusters
and each cluster elects a Cluster Head (CH)

(Examiner finds each cluster head is an edge server because it acts as entry points for transaction requesting entering the network (cloud storage network); 
“hosting a connection service in association with the overlay network to enable secure end-to-end communication among the legacy computing infrastructure the network core computing elements and the overlay network edge servers” on p. 174
PK of requesters: the list of PKs that are allowed to access data
for the SHMs connected to this cluster. An example of which might
be a SP that provides certain services for the smart home devices.
PK of requestees: the list of PKs of SHMs connected to this cluster
that are allowed to be accessed.

(SP services allow legacy computing infrastructure devices in smart home, for example, to communicate to network core (storage network) via overlay network via edge servers (CH/SHM); 
p. 176 
To access stored data of a device, the SP creates and signs the
requester part of a multisig transaction. The SP then sends this to
its own CH. The e CH checks both lists of PKs defined in Section 3.2.
If either the multisig transaction’s requester is in the CH requester’s
key list, or the transaction’s requestee is in its requestee’s key list,
then it broadcasts the transaction to its own cluster. Otherwise, the
transaction is broadcast to other CHs. When the requestee (SHM)
receives the multisig transaction, it authorizes the SP by checking
the local policy in the local IL. If so, the SHM requests data from
the storage, encrypts them with requester’s PK, and sends them
to the requester (the SP). After sending data for the requester, the
SHM should store the multisig transaction in the local IL to keep
the history of transactions. In addition, the SHM sends the multisig
transaction to its CH to be stored in the overlay BC as a history of
requester transactions.

Dorri fails to explicitly teach “wherein the overlay network edge servers are configured without access to keying material useful to forge either transactions requests, or transaction responses to the transaction requests.” 
However, Examiner takes official notice that “wherein the overlay network edge servers are configured without access to keying material useful to forge either transactions requests, or transaction responses to the transaction requests1” was well known in the art before the effective filing date of the invention. 
It would have been obvious to one skilled in the art before the effective filing date of the invention to modify the edge servers in Dorri to include “wherein the overlay network edge servers are configured without access to keying material useful to forge either transactions requests, or transaction responses to the transaction requests.” The motivation would have to maintain user privacy and also allow a user to make daily transactions. See Liu pp. 27-28 (emphasis added). 
A third-party website service hosting user accounts provide another approach to help users manage their addresses and private keys [8]. In this situation, the web service maintains the possession of user’s private keys. It will cause customers to worry about the reputation of the web service. Common users are advised to take the following measure. Keep only a small amount of their holdings on hot storage for daily expenditure and store the majority of their property in cold storage. The verifier B gets the domain parameter separated from the Internet. There is still a drawback for users to make their payment in case that the hot storage amount is exhausted

With respect to claim 2, Dorri teaches “2. The method as described in claim 1 wherein the connection service comprises a connector located on-premises in the legacy computing infrastructure, the connector configured to establish outgoing connection to the network core computing elements” p. 174 (“PK of requesters: the list of PKs that are allowed to access data for the SHMs connected to this cluster. An example of which might be a SP that provides certain services for the smart home devices”) (emphasis added). 
With respect to claim 3, Dorri teaches “3. The method as described in claim 2 further including hosting a set of one or more origin servers configured to interoperate with the connector located on premises in the legacy computing infrastructure” in Fig. 3 (smart home has origin servers such as local IL and local storage). 
With respect to claim 4, Dorri fails to teach “4. The method as described in claim 3 wherein the one or origin servers host a wallet services, wherein a wallet service stores the keying material” 
However, Liu teaches “origin servers host a wallet services, wherein a wallet service stores the keying material” on pp. 27-28 
A third-party website service hosting user accounts provide another approach to help users manage their addresses and private keys [8]. In this situation, the web service maintains the possession of user’s private keys. It will cause customers to worry about the reputation of the web service. Common users are advised to take the following measure. Keep only a small amount of their holdings on hot storage for daily expenditure and store the majority of their property in cold storage. The verifier B gets the domain parameter separated from the Internet. There is still a drawback for users to make their payment in case that the hot storage amount is exhausted

Liu and Dorri are analogous art because they are from the same field of endeavor as the claimed invention. It would have been obvious to one skilled in the art before the effective filing date of the invention to modify the origin servers in Dorri et al. to include “origin servers host a wallet services, wherein a wallet service stores the keying material.” The motivation would have been to allow a user a quick and convenient way to make daily expenditures.  See Liu id. 
With respect to claim 5, Dorri teaches “5. The method as described in claim 2 wherein the on-premises connector is configured (i) to verify digital signatures for requests received from the network core computing elements” on p. 175
This works as follows: A user that initially has no transaction history is suspected to be malicious and all his transactions are verified. To verify a transaction the first step is to confirm that the requester has the=right to append transactions to the specified ledger which is done by comparing the hash of the current transaction PK with the output PK of the previous transaction. Following this, the requester signature is verified using his PK in the transaction. Next, the verifier controls that only one of the outputs of the current transaction, i.e. the number of successful transactions or the number of rejected transactions, is increased only by one. If the steps passed successfully, the transaction is verified.

In the overlay network each CH maintains a trust rating for other
CHs based on direct and indirect evidence. CH A has direct evidence
about CH B if it verified  a block generated by B. If A receives a
block generated by B and A has no trust in B, but one or more CHs
signed the block as a valid block, then A has indirect evidence about
B. When a CH generates a new block it has to create a multisig
transaction which is used for evaluating trust. e CH then sends
both the block and multisig transaction to its neighboring CHs.
Neighbor CHs check the multisig transaction for direct or indirect
evidence. If the neighbor CH has direct evidence with the block
generator or other CHs who signed the multisig transaction, then
it randomly verifies a portion of the transactions in the block by
checking their signatures. The portion of transactions that need to
be verified

blocks for the corresponding CH

“and (ii) to digitally sign responses directed to the network core computing elements” on p. 175
This works as follows: A user that initially has no transaction history is suspected to be malicious and all his transactions are verified. To verify a transaction the first step is to confirm that the requester has the=right to append transactions to the specified ledger which is done by comparing the hash of the current transaction PK with the output PK of the previous transaction. Following this, the requester signature is verified using his PK in the transaction. Next, the verifier controls that only one of the outputs of the current transaction, i.e. the number of successful transactions or the number of rejected transactions, is increased only by one. If the steps passed successfully, the transaction is verified.

In the overlay network each CH maintains a trust rating for other
CHs based on direct and indirect evidence. CH A has direct evidence
about CH B if it verified  a block generated by B. If A receives a
block generated by B and A has no trust in B, but one or more CHs
signed the block as a valid block, then A has indirect evidence about
B. When a CH generates a new block it has to create a multisig
transaction which is used for evaluating trust. The CH then sends
both the block and multisig transaction to its neighboring CHs.
Neighbor CHs check the multisig transaction for direct or indirect
evidence. If the neighbor CH has direct evidence with the block
generator or other CHs who signed the multisig transaction, then
it randomly verifies a portion of the transactions in the block by
checking their signatures. The portion of transactions that need to
be verified

With respect to claim 6, Dorri et al. teaches a connection service.  See above. It appears Dorri et al. fails to explicitly teach “6. The method as described in claim 1 wherein the connection service comprises a connector located externally from the legacy computing infrastructure, the connector being coupled to the legacy computing infrastructure via a secure, private link.”
However, Liu teaches this element in at least p. 27 col. 2 last paragraph. 
id. 
With respect to claim 7, Dorri teaches “the method as described in claim 1 wherein the connection service comprises a connector located on premises in the legacy computing infrastructure” on p. 174 (“PK of requesters: the list of PKs that are allowed to access data for the SHMs connected to this cluster. An example of which might be a SP that provides certain services for the smart home devices”); Examiner finds that providing services to the devices suggests the services are “on premises”). 
With respect to claim 8, Dorri teaches “8. The method as described in claim 1 wherein the connection service provides highly-secure and resilient access to the network core computing elements, which hosts a blockchain-based system” in abstract; Fig. 1 (top right of figure “BC in CH4” is blockchain); p. 176 (“In each smart home there is a private secure storage managed by the SHM.”). 


With respect to claim 9, Dorri teaches “9. The method as described in claim 1 wherein the append-only immutable chain of data blocks is a blockchain” in the abstract (Blockchain is an append-only immutable chain of data blocks). 
With respect to claim 10, Dorri teaches “10. The method as described in claim 3 wherein a given transaction in the blockchain is digitally-signed and self-verifiable” on p. 176
To access stored data of a device, the SP creates and signs the
requester part of a multisig transaction. The SP then sends this to
its own CH. e CH checks both lists of PKs defined in Section 3.2.
If either the multisig transaction’s requester is in the CH requester’s
key list, or the transaction’s requestee is in its requestee’s key list,
then it broadcasts the transaction to its own cluster. Otherwise, the
transaction is broadcast to other CHs. When the requestee (SHM)
receives the multisig transaction, it authorizes the SP by checking
the local policy in the local IL. If so, the SHM requests data from
the storage, encrypts them with requester’s PK, and sends them
to the requester (the SP). Afer sending data for the requester, the
SHM should store the multisig transaction in the local IL to keep
the history of transactions. In addition, the SHM sends the multisig
transaction to its CH to be stored in the overlay BC as a history of
requester transactions.
(checking the local policy in the local IL is a type of self-verification). 
With respect to claim 11, Dorri teaches “The method as described in claim 2 wherein the  connector comprises a secure network appliance” in Fig. 1 lower left (any of the devices in the smart home are secure network appliances). 
With respect to claim 12, Dorri teaches “12. The method as described in claim 11 wherein the connector is bootstrapped with a root of trust having an associated key management system” on p. 176 
During the bootstrapping process, the cloud storage
returns a pointer to the first block of data. When the smart thermostat
needs to store data in the cloud storage, it sends its data to
the SHM. After checking permissions and extracting the previous
block-number and hash from the local IL, the SHM creates a random
ID and sends data to the storage with this ID. It is assumed that at
any given time, two nodes cannot have the same ID. The storage
checks the validity of the transaction by locating data using given
parameters and also confirms that there is space available in the
cloud storage. If so, it calculates a hash of received data packets and
compares it with the received hash in the transaction. If the two
hashes match, then data packets are stored in the storage and the

that only the true SHM can read the new block-number, and sent
to the SHM. Next, the signed hash of data is signed by the storage
and sent to the overlay network to be stored in the overlay BC. is
ensures that any further changes in the user’s data are visible to all.

In each smart home there is a private secure storage managed by
the SHM. The SHM distributes a shared key between authorized IoT devices and the local storage. IoT devices use this key for generating
store transaction. Local storage is managed by the owner of the
home and is trusted. Therefore, there is no additional overhead for
accounting.

With respect to claim 13, Liu teaches “13. The method as described in claim 12 wherein the connector is configured to generate an encryption key-pair and authenticate the public key thereof to the corresponding key management system, thereby enabling the keying material to be securely managed” p. 27 (“Each bitcoin belongs to a Bitcoin address as an account in banks and have a specific value. Bitcoins associated with address can be spent only by their corresponding digital signatures. Digital signature algorithm generates and utilizes a key pair including one public key and one private key. The unique identifier of Bitcoin is derived from public key called as addresses. Bitcoin address is known to every participant in the Bitcoin network. Its corresponding private key is used to authorize to spend bitcoins and only the owner of the bitcoins is aware of it.). 
With respect to claim 14, Dorri teaches “14. The method as described in claim 1 wherein inbound connectivity from the network core computing elements to the legacy computing infrastructure, and outbound connectivity from the legacy computing infrastructure to the network core computing elements, are implemented without change to one or more transaction protocols associated with the legacy computing infrastructure” in Fig. 1 and p. 175 
Distributed Trust and POW elimination We use distributed
trust to ensure that the received blocks are valid and to decrease the
overhead for verifying blocks compared to Bitcoin. This works as

to be malicious and all his transactions are verified. To verify a
transaction the first step is to confirm that the requester has the
right to append transactions to the specified ledger which is done
by comparing the hash of the current transaction PK with the output
PK of the previous transaction. Following this, the requester
signature is verified using his PK in the transaction. Next, the
verifier controls that only one of the outputs of the current transaction,
i.e. the number of successful transactions or the number of
rejected transactions, is increased only by one. If the steps passed
successfully, the transaction is verified.

(the protocols (i.e. Bitcoin BC based--see section 2.2) associated with the legacy computing infrastructure in the smart home are not changed). 
112b
With respect to claim 15, Dorri teaches “15. The method as described in claim 1 wherein the connection service provides the legacy computing infrastructure secure and resilient access to the network core computing elements” on p. 174 
PK of requesters: the list of PKs that are allowed to access data
for the SHMs connected to this cluster. An example of which might
be a SP that provides certain services for the smart home devices.
PK of requestees: the list of PKs of SHMs connected to this cluster
that are allowed to be accessed. The overlay CHs maintain a public BC, which has a ledger for each overlay node that shows the history of transactions sent by the overlay user and is used to gain reputation. e transactions are generated by users or devices to request or share data with others. The overlay has multisig transactions, meaning they need to be signed by two entities - requester and requestee to be treated as a
valid transaction.

(connector service is secure because it is on the list, for example). 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALBERT M PHILLIPS, III whose 
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Mariela D. Reyes can be reached on (571)270-1006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ALBERT M PHILLIPS, III/Primary Examiner, Art Unit 2159                                                                                                                                                                                                        


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 Applicant’s specification fails to describe this element in detail as this language only appears in the original filed claims. As such, Examiner finds this is in indication by Applicant that element was well-known in the art before the effective filling date of the invention.  Additionally, Examiner takes official notice that a private user key for blockchain wallets unknown to anyone except the user and a wallet service was also well known in the art before the effective filing date of the invention. See e.g. Liu p. 27 col. 2 last paragraph.