Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This is a Final Office action in response to communications received January 14, 2022.  No Claims have been amended, canceled or added.  Therefore, claims 1-2, 5-9, 11-16, and 19 are pending and addressed below. 


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.



The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-2, 5-9, 11-16, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Ventura (US 2018/0239897 A1, provisional date 02/20/2017) in view of Liu et al. (US 2018/0174097 A1, file date 12/19/2016).

Claim 1:
With respect to claim 1, Ventura discloses an apparatus (Node computing entity, a trusted execution environment 420 provided, maintained by the processing element 205 of the node computing entity 200, 0055, Figure 4) (Figure 6), comprising:
a data storage device to store the ledger keys (A secure ledger corresponding to the trusted application network may store encrypted information/data accessible by the secure domain of the trusted applications of the trusted application network, the secure ledger is a distributed ledger such as, for example, a blockchain database, the one or more trusted applications of a trusted application network may intercommunicate (e.g., using public/private and/or other key encryption of information/data) via the secure ledger, 0004) (the secure ledger may be a data store in which at least a portion of the information/data stored therein is encrypted using an encryption key corresponding to the TA-NET, 0019) (at least portions of the secure ledger may be controlled via encryption keys (e.g., private/public keys, and/or the like).  The use of these encryption keys may enable secure communication of the one or more TA-HOSTS, and/or one or more trusted applications of the TA-NET (e.g., the corresponding one or more TA-SEC), via the secure ledger, 0048);
a trusted execution environment (TEE) (trusted execution environment 420, Figure 4) comprising: 
a processor (a trusted execution environment resides in an isolated area on a node computing entity 200, 200', maintained by the processor (e.g., processing element 205, processing device 308), to securely and verifiably restrict access to protected data and/or a trusted application, 0047, Figure 4); and
memory coupled to the processor (memory, processing device, Figure 3, 322, 324), the memory comprising instructions that when executed by the processor cause the processor to:
receive an encrypted transaction (the secure ledger may be a data store in which at least a portion of the information/data stored therein is encrypted using an encryption key corresponding to the TA-NET, 0019) (the TEE 420 may generate one or more public/private key pairs and/or other encryption keys such that the TEE 420 may be accessible via and/or to the TA-NET.  In an example embodiment, the one or more keys may include an encryption code for encoding information/data written to the secure ledger 430 and/or for decrypting information/data read from the secure ledger 430, 0065) from a node of a plurality of nodes of a public network (the distributed system 100 comprises a plurality of node computing entities 200, 200' in communication with one another via a network 135B that is a mesh network.  As shown in FIG. 1B, the system may further comprise one or more user computing entities 30, one or more other and/or external networks 135A, 0028, Figure 1B) (networks 135 may include public networks, Internet, 0046), the encrypted transaction having been encrypted using ledger keys and distributed to a public ledger maintained by the plurality of nodes of the public network (the secure ledger may be a data store in which at least a portion of the information/data stored therein is encrypted using an encryption key corresponding to the TA-NET) (generating a new entry comprising the result and encrypting at least a portion of the new entry using an encryption key, within the trusted execution environment; and posting the encrypted new entry to the secure ledger, 0005) (the secure ledger is a distributed ledger, 0054) (If the secure ledger 430 is a distributed ledger, the second TA-HOST 422B may also generate one or more local ledger files 432 based on entries (e.g., instances of information/data and/or one or more records, blocks, and/or the like) read from the secure ledger 430, 0076);
wherein the ledger keys are known to a subset of the nodes of the public network, the subset including the node (only TA-SECs of the TA-NET have access to the encryption keys required for reading or writing information/data, records, block, and/or the like from/to the secure ledger.  For example, read and write access to the secure ledger may only be available through a TA-SEC of an application of the 
TA-NET (e.g., within the trusted execution environment), 0053) (each TA-SEC has a shared public key that can be used by various users (e.g., users having the appropriate permissions and/or the like) to securely encrypt and/or send data to any node computing entity 200, 0052) (the use of public/private keys hence all nodes would only have access to the public key and only a specific node or nodes would have access to a private key (this would be a subset of nodes).

Ventura does not disclose wherein the encrypted transaction comprises encrypted data, a public part of a one-time key, a public part of an existing node key, and a signature, 
identify the node based on the public part of the existing node key, verify the encrypted transaction originated from the identified node based on the signature, generate a one-time symmetric key based on the public part of the one-time key, and decrypt the encrypted data based on the one-time symmetric key and the ledger keys as claimed.

However, Liu et al. teaches using a blockchain, distributed ledger or public ledger to track and provide a guarantee that a shipment of goods is accurately identified during a shipment and verifying authenticity of the goods with a verification procedure (such as a one-time verification procedure) (0018), Using a one-time verification can prove the goods' origination, and avoid unwanted parties from attempting to reuse the same product ID, tag or address associated with the authentic goods. The manufacturer of the product, the shipping waypoint centers and/or the consumers can access the blockchain data collectively to identify and prevent counterfeit goods by verifying authenticity of the goods (0020), the blockchain could include store additional information about the parties involved in the transactions. the application permits a check for authentication based on acceptable location information stored in the local blockchain and validated by the remote blockchain information (0029), wherein the encrypted transaction comprises encrypted data, a public part of a one-time key, a public part of an existing node key, and a signature (The one-time verification may be a sub-process that includes a 2D-barcode (UPC, QR, etc.).  The barcode could be a product/item encrypted with the manufacturer's private key and a verification code encrypted with a unique symmetric key, 0019) (Each shipping waypoint may submit a private key and a public key used for crypto and digital signature (i.e., shipment verification keys), The new block is signed with a private key, and current shipping waypoints link the new block to the blockchain stored in the embedded readable/writable unit of the goods (local blockchain), 0021),
identify the node based on the public part of the existing node key, verify the encrypted transaction originated from the identified node based on the signature (smartphone or device may scan the barcode and extract/decrypt unique product/item serial data using the manufacturer's public key associated with the above private key, 0019),
generate a one-time symmetric key based on the public part of the one-time key, and decrypt the encrypted data based on the one-time symmetric key and the ledger keys (Along with the encrypted verification code being extracted, the user smart device application encrypts the product/item serial data with the manufacturer's public key and transmits that data to a manufacturer verification interface.  , The manufacturer may then send back the unique symmetric key associated with the verification code, and the user decrypts the verification code, 0019).

Ventura and Liu et al. are analogous art because they are from the same field of endeavor of trusted execution environments and blockchains.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Liu et al. in Ventura for wherein the encrypted transaction comprises encrypted data, a public part of a one-time key, a public part of an existing node key, and a signature, identify the node based on the public part of the existing node key, verify the encrypted transaction originated from the identified node based on the signature, generate a one-time symmetric key based on the public part of the one-time key, and decrypt the encrypted data based on the one-time symmetric key and the ledger keys as claimed for purposes of verifies a blockchain thus The customer verifies the goods' authenticity by using the blockchain/public ledger to track and guarantee the shipment of goods and verify authenticity of the goods (see Liu et al. 0026)

Claims 2, 12:
With respect to claims 2, 12, Ventura discloses wherein the decrypted version of the transaction comprises a clear text version of the transaction (the one or more keys may include an encryption code for encoding information/data written to the secure ledger 430 and/or for decrypting information/data read from the secure ledger 430, 0065) (decrypting entries and/or portions thereof (e.g., instances of information/data and/or records, blocks, and/or the like) read, gotten, and/or accessed from the secure ledger 430 by the second TA-HOST 422B, 0073).

Claim 5:
With respect to claim 5, Ventura discloses the instructions when executed by the processor, cause the processor to:
verify that the node is allowed to participate in the transaction; and confirm the node is able to access data associated with the transaction (the user authentication request may comprise at least a portion of the information/data identifying the user requesting the function provided by the function request, the user requesting the function may be authenticated by applying a public and/or authentication key to the function request to determine if the function request and/or a portion thereof was signed with the private and/or signing key of the user, 0088).

Liu et al. teaches verify that the node is allowed to participate in the transaction; and confirm the node is able to access data associated with the transaction (The one-time verification may be a sub-process that includes a 2D-barcode (UPC, QR, etc.).  The barcode could be a product/item encrypted with the manufacturer's private key and a verification code encrypted with a unique symmetric key, 0019) (Each shipping waypoint may submit a private key and a public key used for crypto and digital signature (i.e., shipment verification keys), The new block is signed with a private key, and current shipping waypoints link the new block to the blockchain stored in the embedded readable/writable unit of the goods (local blockchain), 0021) (smartphone or device may scan the barcode and extract/decrypt unique product/item serial data using the manufacturer's public key associated with the above private key, 0019).

Ventura and Liu et al. are analogous art because they are from the same field of endeavor of trusted execution environments and blockchains.

The motivation for combining Ventura and Liu et al. is recited in claim 1.  

Claim 6:
With respect to claim 6, Ventura discloses the memory comprising an access control list and the instructions, when executed by the processor cause the processor to indicate which of the plurality of nodes is allowed to participate in the transaction (public/private keys and/or other encryption methods for signing/authorization, data access control, and/or encryption to be managed within and among distributed trusted applications through a secure TA-NET, 0020) (a particular node computing entity 200 may maintain multiple partitions that define multiple trusted execution environments each for use with a TA-NET, 0048)(TA-HOST Attestation, Figure 6, 608).

Claim 7:
With respect to claim 7, Ventura discloses the access control list further to indicate what data related to the transaction is accessible (public/private keys and/or other encryption methods for signing/authorization, data access control, and/or encryption to be managed within and among distributed trusted applications through a secure TA-NET, 0020) (a particular node computing entity 200 may maintain multiple partitions that define multiple trusted execution environments each for use with a TA-NET, 0048)(TA-HOST Attestation, Figure 6, 608).

Claims 8, 14, 19:
With respect to claims 8, 14, 19, Ventura discloses the instructions when executed by the processor, cause the processor to: establish a secure connection to the node in response to receiving a join request from the node; and share the ledger keys with the node in response to the node proving its identity (an add node request is provided by a user computing entity 30, Attestation, the second TA-HOST 422B may access the secure ledger 430 to access and/or read one or more application program code of one or more trusted applications 424 of the TA-HOST, at 618, the second TA-HOST 422B may download and/or read application program code corresponding to the trusted application 424, and possibly comprising one or more smart contracts, from the secure ledger 430 at 620, Figure 6).

Claim 9:
With respect to claim 9, Ventura discloses wherein the node proves its identity using remote attestation (Attestation, Figure 6).


Claim 11:
With respect to claim 11, Ventura discloses an apparatus (Node computing entity, a trusted execution environment 420 provided, maintained by the processing element 205 of the node computing entity 200, 0055, Figure 4) (Figure 6), comprising:
a trusted execution environment (TEE) (trusted execution environment 420, Figure 4) comprising: 
a processor (a trusted execution environment resides in an isolated area on a node computing entity 200, 200', maintained by the processor (e.g., processing element 205, processing device 308), to securely and verifiably restrict access to protected data and/or a trusted application, 0047, Figure 4); and
memory coupled to the processor (memory, processing device, Figure 3, 322, 324), the memory comprising instructions that when executed by the processor cause the processor to:
receive an encrypted transaction (the secure ledger may be a data store in which at least a portion of the information/data stored therein is encrypted using an encryption key corresponding to the TA-NET, 0019) (the TEE 420 may generate one or more public/private key pairs and/or other encryption keys such that the TEE 420 may be accessible via and/or to the TA-NET.  In an example embodiment, the one or more keys may include an encryption code for encoding information/data written to the secure ledger 430 and/or for decrypting information/data read from the secure ledger 430, 0065) from a node of a plurality of nodes of a public network (the distributed system 100 comprises a plurality of node computing entities 200, 200' in communication with one another via a network 135B that is a mesh network.  As shown in FIG. 1B, the system may further comprise one or more user computing entities 30, one or more other and/or external networks 135A, 0028, Figure 1B) (networks 135 may include public networks, Internet, 0046), wherein the encrypted transaction having been encrypted using ledger keys (secure ledger corresponding to the trusted application network may store encrypted information/data accessible by the secure domain of the trusted applications of the trusted application network, the secure ledger is a distributed ledger such as, for example, a blockchain database, the one or more trusted applications of a trusted application network may intercommunicate (e.g., using public/private and/or other key encryption of information/data) via the secure ledger, 0004) (the secure ledger may be a data store in which at least a portion of the information/data stored therein is encrypted using an encryption key corresponding to the TA-NET, 0019) (at least portions of the secure ledger may be controlled via encryption keys (e.g., private/public keys, and/or the like).  The use of these encryption keys may enable secure communication of the one or more TA-HOSTS, and/or one or more trusted applications of the TA-NET (e.g., the corresponding one or more TA-SEC), via the secure ledger, 0048) and distributed to a public ledger maintained by the plurality of nodes of the public network (the secure ledger may be a data store in which at least a portion of the information/data stored therein is encrypted using an encryption key corresponding to the TA-NET) (generating a new entry comprising the result and encrypting at least a portion of the new entry using an encryption key, within the trusted execution environment; and posting the encrypted new entry to the secure ledger, 0005) (the secure ledger is a distributed ledger, 0054) (If the secure ledger 430 is a distributed ledger, the second TA-HOST 422B may also generate one or more local ledger files 432 based on entries (e.g., instances of information/data and/or one or more records, blocks, and/or the like) read from the secure ledger 430, 0076);
wherein the ledger keys are known to a subset of the nodes of the public network, the subset including the node  (only TA-SECs of the TA-NET have access to the encryption keys required for reading or writing information/data, records, block, and/or the like from/to the secure ledger.  For example, read and write access to the secure ledger may only be available through a TA-SEC of an application of the 
TA-NET (e.g., within the trusted execution environment), 0053) (each TA-SEC has a shared public key that can be used by various users (e.g., users having the appropriate permissions and/or the like) to securely encrypt and/or send data to any node computing entity 200, 0052) (the use of public/private keys hence all nodes would only have access to the public key and only a specific node or nodes would have access to a private key (this would be a subset of nodes).

Ventura does not disclose wherein the encrypted transaction comprises encrypted data, a public part of a one-time key, a public part of an existing node key, and a signature, 
identify the node based on the public part of the existing node key, verify the encrypted transaction originated from the identified node based on the signature, generate a one-time symmetric key based on the public part of the one-time key, and decrypt the encrypted data based on the one-time symmetric key and the ledger keys as claimed.

However, Liu et al. teaches using a blockchain, distributed ledger or public ledger to track and provide a guarantee that a shipment of goods is accurately identified during a shipment and verifying authenticity of the goods with a verification procedure (such as a one-time verification procedure) (0018), Using a one-time verification can prove the goods' origination, and avoid unwanted parties from attempting to reuse the same product ID, tag or address associated with the authentic goods. The manufacturer of the product, the shipping waypoint centers and/or the consumers can access the blockchain data collectively to identify and prevent counterfeit goods by verifying authenticity of the goods (0020), the blockchain could include store additional information about the parties involved in the transactions. the application permits a check for authentication based on acceptable location information stored in the local blockchain and validated by the remote blockchain information (0029), wherein the encrypted transaction comprises encrypted data, a public part of a one-time key, a public part of an existing node key, and a signature (The one-time verification may be a sub-process that includes a 2D-barcode (UPC, QR, etc.).  The barcode could be a product/item encrypted with the manufacturer's private key and a verification code encrypted with a unique symmetric key, 0019) (Each shipping waypoint may submit a private key and a public key used for crypto and digital signature (i.e., shipment verification keys), The new block is signed with a private key, and current shipping waypoints link the new block to the blockchain stored in the embedded readable/writable unit of the goods (local blockchain), 0021),
identify the node based on the public part of the existing node key, verify the encrypted transaction originated from the identified node based on the signature (smartphone or device may scan the barcode and extract/decrypt unique product/item serial data using the manufacturer's public key associated with the above private key, 0019),
generate a one-time symmetric key based on the public part of the one-time key, and decrypt the encrypted data based on the one-time symmetric key and the ledger keys (Along with the encrypted verification code being extracted, the user smart device application encrypts the product/item serial data with the manufacturer's public key and transmits that data to a manufacturer verification interface.  , The manufacturer may then send back the unique symmetric key associated with the verification code, and the user decrypts the verification code, 0019).

Ventura and Liu et al. are analogous art because they are from the same field of endeavor of trusted execution environments and blockchains.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Liu et al. in Ventura for wherein the encrypted transaction comprises encrypted data, a public part of a one-time key, a public part of an existing node key, and a signature, identify the node based on the public part of the existing node key, verify the encrypted transaction originated from the identified node based on the signature, generate a one-time symmetric key based on the public part of the one-time key, and decrypt the encrypted data based on the one-time symmetric key and the ledger keys as claimed for purposes of verifies a blockchain thus The customer verifies the goods' authenticity by using the blockchain/public ledger to track and guarantee the shipment of goods and verify authenticity of the goods (see Liu et al. 0026)

Claim 13:
With respect to claim 13, Ventura discloses the instructions when executed by the processor, cause the processor to:
verify that the node is allowed to participate in the transaction; and confirm, based on an access control list (public/private keys and/or other encryption methods for signing/authorization, data access control, and/or encryption to be managed within and among distributed trusted applications through a secure TA-NET, 0020) (a particular node computing entity 200 may maintain multiple partitions that define multiple trusted execution environments each for use with a TA-NET, 0048)(TA-HOST Attestation, Figure 6, 608), the node is able to access data associated with the transaction (the user authentication request may comprise at least a portion of the information/data identifying the user requesting the function provided by the function request, the user requesting the function may be authenticated by applying a public and/or authentication key to the function request to determine if the function request and/or a portion thereof was signed with the private and/or signing key of the user, 0088).

Liu et al. teaches verify that the node is allowed to participate in the transaction; and confirm the node is able to access data associated with the transaction (The one-time verification may be a sub-process that includes a 2D-barcode (UPC, QR, etc.).  The barcode could be a product/item encrypted with the manufacturer's private key and a verification code encrypted with a unique symmetric key, 0019) (Each shipping waypoint may submit a private key and a public key used for crypto and digital signature (i.e., shipment verification keys), The new block is signed with a private key, and current shipping waypoints link the new block to the blockchain stored in the embedded readable/writable unit of the goods (local blockchain), 0021) (smartphone or device may scan the barcode and extract/decrypt unique product/item serial data using the manufacturer's public key associated with the above private key, 0019).

Ventura and Liu et al. are analogous art because they are from the same field of endeavor of trusted execution environments and blockchains.

The motivation for combining Ventura and Liu et al. is recited in claim 11.  

Claim 15:
With respect to claim 1, Ventura discloses at least one machine-readable storage medium comprising instructions that, when executed by a processor (a trusted execution environment resides in an isolated area on a node computing entity 200, 200', maintained by the processor (e.g., processing element 205, processing device 308), to securely and verifiably restrict access to protected data and/or a trusted application, 0047, Figure 4)  (Node computing entity, a trusted execution environment 420 provided, maintained by the processing element 205 of the node computing entity 200, 0055, Figure 4) (Figure 6), cause the processor to:
receive an encrypted transaction (the secure ledger may be a data store in which at least a portion of the information/data stored therein is encrypted using an encryption key corresponding to the TA-NET, 0019) (the TEE 420 may generate one or more public/private key pairs and/or other encryption keys such that the TEE 420 may be accessible via and/or to the TA-NET.  In an example embodiment, the one or more keys may include an encryption code for encoding information/data written to the secure ledger 430 and/or for decrypting information/data read from the secure ledger 430, 0065) from a node of a plurality of nodes of a public network (the distributed system 100 comprises a plurality of node computing entities 200, 200' in communication with one another via a network 135B that is a mesh network.  As shown in FIG. 1B, the system may further comprise one or more user computing entities 30, one or more other and/or external networks 135A, 0028, Figure 1B) (networks 135 may include public networks, Internet, 0046), the encrypted transaction having been encrypted using ledger keys (A secure ledger corresponding to the trusted application network may store encrypted information/data accessible by the secure domain of the trusted applications of the trusted application network, the secure ledger is a distributed ledger such as, for example, a blockchain database, the one or more trusted applications of a trusted application network may intercommunicate (e.g., using public/private and/or other key encryption of information/data) via the secure ledger, 0004) (the secure ledger may be a data store in which at least a portion of the information/data stored therein is encrypted using an encryption key corresponding to the TA-NET, 0019) (at least portions of the secure ledger may be controlled via encryption keys (e.g., private/public keys, and/or the like).  The use of these encryption keys may enable secure communication of the one or more TA-HOSTS, and/or one or more trusted applications of the TA-NET (e.g., the corresponding one or more TA-SEC), via the secure ledger, 0048) and distributed to a public ledger maintained by the plurality of nodes of the public network (the secure ledger may be a data store in which at least a portion of the information/data stored therein is encrypted using an encryption key corresponding to the TA-NET) (generating a new entry comprising the result and encrypting at least a portion of the new entry using an encryption key, within the trusted execution environment; and posting the encrypted new entry to the secure ledger, 0005) (the secure ledger is a distributed ledger, 0054) (If the secure ledger 430 is a distributed ledger, the second TA-HOST 422B may also generate one or more local ledger files 432 based on entries (e.g., instances of information/data and/or one or more records, blocks, and/or the like) read from the secure ledger 430, 0076);
a trusted execution environment (TEE) (trusted execution environment 420, Figure 4);
encrypt, within the TEE, the updated traction using the ledger key; and distribute the encrypted updated transaction to the public ledger maintained by the plurality of nodes of the public network (generating a new entry comprising the result and encrypting at least a portion of the new entry using an encryption key, within the trusted execution environment; and posting the encrypted new entry to the secure ledger, 0005).

Ventura does not disclose wherein the encrypted transaction comprises encrypted data, a public part of a one-time key, a public part of an existing node key, and a signature, identify the node based on the public part of the existing node key, verify the encrypted transaction originated from the identified node based on the signature, generate a one-time symmetric key based on the public part of the one-time key, and decrypt the encrypted data based on the one-time symmetric key and the ledger keys as claimed.

However, Liu et al. teaches using a blockchain, distributed ledger or public ledger to track and provide a guarantee that a shipment of goods is accurately identified during a shipment and verifying authenticity of the goods with a verification procedure (such as a one-time verification procedure) (0018), Using a one-time verification can prove the goods' origination, and avoid unwanted parties from attempting to reuse the same product ID, tag or address associated with the authentic goods. The manufacturer of the product, the shipping waypoint centers and/or the consumers can access the blockchain data collectively to identify and prevent counterfeit goods by verifying authenticity of the goods (0020), the blockchain could include store additional information about the parties involved in the transactions. the application permits a check for authentication based on acceptable location information stored in the local blockchain and validated by the remote blockchain information (0029), wherein the encrypted transaction comprises encrypted data, a public part of a one-time key, a public part of an existing node key, and a signature (The one-time verification may be a sub-process that includes a 2D-barcode (UPC, QR, etc.).  The barcode could be a product/item encrypted with the manufacturer's private key and a verification code encrypted with a unique symmetric key, 0019) (Each shipping waypoint may submit a private key and a public key used for crypto and digital signature (i.e., shipment verification keys), The new block is signed with a private key, and current shipping waypoints link the new block to the blockchain stored in the embedded readable/writable unit of the goods (local blockchain), 0021),
identify the node based on the public part of the existing node key, verify the encrypted transaction originated from the identified node based on the signature (smartphone or device may scan the barcode and extract/decrypt unique product/item serial data using the manufacturer's public key associated with the above private key, 0019),
generate a one-time symmetric key based on the public part of the one-time key, and decrypt the encrypted data based on the one-time symmetric key and the ledger keys (Along with the encrypted verification code being extracted, the user smart device application encrypts the product/item serial data with the manufacturer's public key and transmits that data to a manufacturer verification interface.  , The manufacturer may then send back the unique symmetric key associated with the verification code, and the user decrypts the verification code, 0019).

Ventura and Liu et al. are analogous art because they are from the same field of endeavor of trusted execution environments and blockchains.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Liu et al. in Ventura for wherein the encrypted transaction comprises encrypted data, a public part of a one-time key, a public part of an existing node key, and a signature, identify the node based on the public part of the existing node key, verify the encrypted transaction originated from the identified node based on the signature, generate a one-time symmetric key based on the public part of the one-time key, and decrypt the encrypted data based on the one-time symmetric key and the ledger keys as claimed for purposes of verifies a blockchain thus The customer verifies the goods' authenticity by using the blockchain/public ledger to track and guarantee the shipment of goods and verify authenticity of the goods (see Liu et al. 0026)

Claim 16:
With respect to claim 16, Ventura discloses comprising instructions that further cause the processor to:
obtain the ledger keys based on a cryptographic library located inside the TEE, wherein the ledger keys are used to: decrypt the encrypted transaction and encrypt the updated transaction (generating a new entry comprising the result and encrypting at least a portion of the new entry using an encryption key, within the trusted execution environment; and posting the encrypted new entry to the secure ledger, 0005) (the one or more keys may include an encryption code for encoding information/data written to the secure ledger 430 and/or for decrypting information/data read from the secure ledger 430, 0065) (the approval message may comprise one or more keys for encrypting entries, written to the secure ledger 430 by the second TA-HOST 422B, TA-SEC 428B, and/or second node computing entity 200B and/or decrypting entries and/or portions thereof (e.g., instances of information/data and/or records, blocks, and/or the like) read, gotten, and/or accessed from the secure ledger 430, 0073).



Response to Remarks/Arguments
Applicant's arguments filed on January 14, 2022 have been fully considered but they are not persuasive.  In the remarks, Applicant argues that:

Claim 1:
(1) The cited references fail to disclose, teach, or suggest at least “receive an encrypted transaction from a node of a plurality of nodes of a public network, the encrypted transaction having been encrypted using ledger keys and distributed to a public ledger maintained by the plurality of nodes of the public network” and “wherein the ledger keys are known to a subset of the nodes of the public network, the subset including the node”.  Ventura does not teach distributing an encrypted transaction to a public leger as claimed.  Ventura does teach using a ledger. However, the ledger is private and not public.  Ventura teaches a private ledger that is only readable by trusted applications executing in a trusted environment. Conversely, the above claims recite distributing encrypted data to a public ledger where a subset of nodes to the public ledger have the encryption keys. This is different.

(2) Liu does not remedy the deficiencies of Ventura.  Nothing within Liu is concerned with identifying nodes accessing the blockchain or verifying that an encrypted transaction on the blockchain originated from a particular node.  The cited portion of Liu teaches that a barcode is scanned with a smartphone. This is not at all related to encrypted data stored on a blockchain.  Even were the barcode of Liu stored on a blockchain, the process to validate the barcode discussed by Liu does not identify nodes of the network storing the blockchain but instead merely uses a manufacturer portal to validate the barcode. This is not at all analogous to what is claimed.


In response to remark/arguments (1), Examiner respectfully disagrees.  Ventura discloses “the secure ledger is a distributed ledger” (0054), “If the secure ledger 430 is a distributed ledger, the second TA-HOST 422B may also generate one or more local ledger files 432 based on entries (e.g., instances of information/data and/or one or more records, blocks, and/or the like) read from the secure ledger 430” (0076), “each TA-SEC has a shared public key that can be used by various users (e.g., users having the appropriate permissions and/or the like) to securely encrypt and/or send data to any node computing entity 200” (0052).  Ventura discloses the use of public/private keys hence all nodes would only have access to the public key and only a specific node or nodes would have access to a private key (this would be a subset of nodes).   Therefore, Examiner maintains that combination of Ventura and Liu et al. does teach and suggest this limitation.

In response to remark/arguments (2), Examiner respectfully disagrees.  Liu et al. teaches “Using a one-time verification can prove the goods' origination, and avoid unwanted parties from attempting to reuse the same product ID, tag or address associated with the authentic goods. …  The manufacturer of the product, the shipping waypoint centers and/or the consumers can access the blockchain data collectively to identify and prevent counterfeit goods by verifying authenticity of the goods” (0020), “the blockchain could include store additional information about the parties involved in the transactions. … the application permits a check for authentication based on acceptable location information stored in the local blockchain and validated by the remote blockchain information” (0029).  Therefore, Examiner maintains that combination of Ventura and Liu et al. does teach and suggest this limitation.






Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Helai Salehi whose telephone number is 571-270-7468.  The examiner can normally be reached on Monday - Friday from 9 am to 5 pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jeff Pwu, can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/HELAI SALEHI/
Examiner, Art Unit 2433

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433