Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments

Applicant has amended to overcome the previous 112 rejection, therefore the previous 112 rejection is withdrawn.
Applicant argues: Bradley does not show “the set of transactions from the blockchain database is accessed ‘to generate a set of prior security events’…Though, Bradley provides several examples for how the risk assessment value can be calculated or determined in paragraph [0111] a risk assessment value is not the same as a set of prior security events (Remarks pg. 7).”
The Examiner respectfully disagrees. Bradley in Paragraph [0111] teaches “a risk assessment value associated with a user identity…can be determined by historical data and tracked user behavioral data collected by one or more constituents of the distributed consensus system.” Therefore Bradley teaches historical user behavioral data that may be determined to be risky (i.e. prior security events).
That is, historical data and tracked user behavioral data, under broadest reasonable interpretation can be interpreted as “prior security events” as claimed. 
The remaining arguments are derived from the above argument and are unpersuasive for a similar rationale. 

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1, 4-8 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Bradley (US 2017/0289134).


Regarding Claim 1,

Bradley (US 2017/0289134) teaches a computer implemented method of access control for a restricted resource comprising: 
receiving a request from an authenticated resource consumer to access the restricted resource, the request including an identifier of the consumer (Figure 6, 601, 607, teaches a request for resources from an authenticated user, see associated text); 
accessing a set of transactions from a blockchain database based on the identifier of the consumer (Paragraph [0117] teaches transaction information associated with specific users)(Paragraph [0031] teaches blockchain), each transaction in the set of transactions corresponding to a prior security event concerning the consumer, to generate a set of prior security events (Paragraph [0111] teaches historical data of prior risk assessment)(Also see Paragraph [016]); 
comparing the set of prior security events with an access control profile for the restricted resource (Figure 6, 615, 616 and associated text)(Paragraph [0113] comparing risk assessment with a threshold); 
and responsive to the comparison, precluding access to the restricted resource by the consumer (Figure 6, 619 and associated text)(Paragraph [0113] teaches denying access);

Regarding Claim 4,

Bradley teaches the method of claim 1 wherein the access control profile defines criteria in terms of classes of security events and volumes of security events for determining whether access to the restricted resource should be precluded (Paragraph [0113] teaches risk threshold and denying access).


Regarding Claim 5,

Bradley teaches the method of claim 1 wherein each transaction in the set of transactions is committed to the blockchain database by one or more blockchain miner components, and the committing of the transaction includes verifying an authenticity of the transaction by verifying an originator of the transaction (Paragraph [0031, 0035] teaches verifying originator of a blockchain transaction).

Regarding Claim 6,

Bradley teaches the method of claim 5. wherein committing of the transaction further includes verifying an authorization of the originator of the transaction to submit the transaction, wherein the consumer is the originator of the transaction (Paragraph [0041] teaches consumer is originator of transaction and authorization module verifies and authorization of the originator).

Regarding Claims 7-8,

Claims 7-8 are similar in scope to Claim 1 and is rejected for a similar rationale.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 2-3 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bradley in view of Daniel (US 2017/0034197).


Regarding Claim 2,

Bradley teaches the method of claim 1 but does not explicitly teach wherein each transaction in the set of transactions includes an indication of a class of a corresponding security event 
Daniel (US 2017/0034197) teaches each transaction in the set of transactions includes an indication of a class of a corresponding security event (Figure 3, 336, 340, 338 teaches a malicious or non-malicious security event)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Bradley to classify security events
The motivation is a design choice


Regarding Claim 3,

Bradley and Daniel teaches the method of claim 2. Daniel teaches a class of security event for a transaction. Bradley teaches one of. an authentication failure event; an excessive access event; a data breach event; a denial of service event; and a malware event (Paragraph [0089]).

Conclusion

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARRIS C WANG whose telephone number is (571)270-1462. The examiner can normally be reached M-F 9:00-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LUU PHAM can be reached on 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/HARRIS C WANG/Primary Examiner, Art Unit 2439