DETAILED ACTION
The applicant’s amendment filed on April 20, 2022 has been acknowledged. Claims 11-16 have been withdrawn. Claims 1-10 and 17-23, as amended, are currently pending and have been considered below.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-10 and 17-23 are rejected under 35 U.S.C. 101 because the claimed invention is recites an abstract idea without reciting significantly more. Under the 2019 PEG guidance the claims recite a method of organizing human activity, these elements have been updated in the MPEP in sections 2106.03 through 2106.07. Specifically 2106.04(a) that certain methods of organizing human activity are considered abstract ideas. As noted in 2106.04(a) certain methods of organizing human activity include fundamental economic practices, as it has been a common business practice to have service providers making statements about their products and enforce those statements with rules. This is similar to what is known as a Service Level Agreement, where the service provider offers a specific level of service and guarantees that level of service for the customer. In this case, the abstract idea is, assessing the managing service provider “promises” or statements. The applicant has amended the limitations of “promises” to operating conditions which are still statements which are evaluated by rules. This is supported by the applicant’s originally filed specification paragraph [0052], which specifically says that a “pledge” can be a Service Level Agreement. Additionally it is managing interactions between people as it uses information from provider to make offers or statements to the customers and enforce those statements. The steps of receiving from a service provider a promise or statement is considered to be merely insignificant extra solution activity, as shown in MPEP 2106.05(g). That is the system receives input which is merely the gathering and transmission of data. The steps of verifying the information, authenticating the computing device and interacting with the controller computer are related to a processor merely as general/generic link that is a function but without explanation as to how it is performed. That is as currently written this allows for merely a computer presented to carry out the actions of comparing rules and acting on those rules in any possible way. The applicant’s specification paragraphs [0049]-[0055] outline that these rules can be any type of rule which is enforced in any possible way again highlighting that this is generic in nature rather than a specific way of matching or enforcing the policies. The processor can perform these tasks in various ways, with various levels of involvement form the user. Even claiming automatically can still involve some involvement from a human such as initiating the processor or entering the values. As such these recitations are considered to be merely applying the abstract idea on a computer, as established in MPEP 2106.05(f).
The claims as stated above are considered to be a method of organizing human activity as it is merely collecting and comparing data for the purpose of enforcing statements or policies, which can be broad enough to be merely enforcing the terms of a contract.
The applicant has amended the claims to include limitations directed toward security and authenticating of information and sources of information. Specifically “a plurality of one-way hashes, wherein (i) each one-way hash corresponds to a computer-executable enforcement instruction of the plurality of computer-executable enforcement instructions and (ii) each one-way hash enables authentication of the corresponding computer-executable enforcement instruction” which establishes hashing information but as previously discussed in regard to prior claim 7, there is no specifics as to how the one-way hash is examined. As such this is generically using known techniques to achieve the intended result. Further still the applicant has cited references establishing the use of these values again indicating that these are known conventional techniques. As such the applicant is merely using generic known techniques to achieve their intended result of securing access to data and authenticating data sources. Amended limitation “transmitting to the plurality of client computing device, via the communications network, (i) a proof of controller authenticity, and (ii) the obtained plurality of one-way hashes corresponding to the plurality of enforcement instructions”, which is merely transmitting of information which is insignificant extra solution activity and as such does not render the claims into a practical application. Amended limitation “receiving, from the plurality of client computing devices, an indication of self-determined trust in (i) the controller computing device, based on a verification of the proof of controller authenticity, and (ii) the plurality of enforcement instructions, based on a verification of the plurality of one-way hashes corresponding to the plurality of enforcement instructions, and assessments of the abilities of the plurality of computer-executable enforcement instructions enabled by the plurality of evaluations”, which is merely receiving data, which is merely data gathering and as such merely insignificant extra solution activity. The indication of self-determined trust is based on verification of the proof of controller authenticity and based on a verification of the plurality of one-way hashes but these verification steps are not performed the system merely receives an indication that the data matches. Further there are no specific implementations of the verification and based on the applicant’s originally filed specification these are conventional techniques. For example paragraph [0070] establishes that the controller can be created using TPM or Trusted Platform Modules and provides references establishing how it is carried out, establishing that this one of various known ways of implementing the controller. While the applicant has amended the claims to include the word scalably, there are no elements in the claim that achieve this result specifically. The newly amended limitations are for securing information and determining authenticity which are not directly tied to the scalability of the system. As such this can be achieved with any generic form of scalability. The applicant has further amended the claims to recite “a plurality of evaluations, wherein (i) each evaluation corresponds to a computer-executable enforcement instruction of the plurality of computer-executable enforcement instructions, different evaluations corresponding to different computer-executable enforcement instructions, and (ii) each evaluation enables a client computing device of the plurality of client computing devices to perform an assessment of ability of the corresponding computer-executable enforcement instruction to facilitate provision of a client-requested service of the plurality of services in accordance with at least one client-requested operating condition of the plurality of operating conditions” which is a verification that the rules have been implemented, which again is part of the contract process. The rules and evaluations of those rules are standard practices in contracts and known to be implemented in smart contracts and specifically in the Service Level Agreements known in the industry. The Examiner has provided the “2015 ISO 9001 Plain English Definitions” to establish that the concept of verification is known and conventional, specifically “Verification is a process. It uses objective evidence to confirm that specified requirements have been met. Whenever specified requirements have been met, a verified status is achieved. There are many ways to verify that requirements have been met. For example you could inspect something, you could do tests, you could carry out alternative calculations, or you could examine documents before you issue them.” This is consistent with the Lee reference paragraph [0174], which establishes using a “private key” to authenticate the information and verifying the transactions. The applicant has merely provided known security techniques to ensure that the instructions cannot be tampered with. While this provides trust, it is in the integrity of the instructions and the controller and not in the service provider themselves.
This judicial exception is not integrated into a practical application. In particular, the claim only recites the use of “controller computing device” to perform routine generic functions. The computer in these steps is recited at a high-level of generality (i.e., as a generic processor performing a generic computer functions) such that it amounts no more than mere instructions to apply the exception using a generic computer component, as stated above. This is even supported by the applicant’s original specification which states “The controller, like a compiler, can be generic”, paragraph [0041] of the originally filed specification. The claims are broad enough to allow for various ways of receiving and accessing the stored information. Additionally the authentication and interactions can also work in any possible way. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea.
While the applicant argues that the claimed structure is not generic as the “Applicant's Specification describes "acquiring a generic controller C" as being followed by "constructing a law Lp that would satisfy promise P when executed by a controller C; and ... loading law Lp into C." Specification as filed, paragraph [0044]”, the specification does not establish how any of the instructions or “laws” are generated to satisfy any possible promise P. Rather the structure is merely a generic computer programmed with rules in any possible way, which still establishes that the structure is generic, as the applicant has not provided or established any specific way of programming the generic computer. Rather the applicant is merely applying the abstract idea of contract or policy enforcement on a computer, see MPEP 2106.05(f). The use of known security techniques does not render the claims into a practical application as these are generic techniques with known conventional results, as established but the supplied art.
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the element of “controller computing device” amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claim is not patent eligible.
Claim 2 describes that the controller provider manages multiple controller computing devices but this does not change or alter the steps but rather merely indicate that multiple instances can exist under one controller provider. While the applicant has amended the claims to include scalably there is no specifics to how the scalability is achieved, as such this does not render the claims into a practical application. 
Claim 3, establishes the that controller computing device “configured to transmit to the plurality of client computing devices, via a handshake protocol, the proof of controller authenticity, wherein the proof of controller authenticity is a certificate of authenticity signed by a certification authority of the controller provider”, however this merely describes transmitting the proof of authenticity, which is merely an insignificant extra solution activity as it is merely transmitting data. 
Claims 4 and 5 utilizes a trusted platform module technology which like the authentication shown in claim 3, this is a known conventional process and doesn’t change or even link to the process of enforcing the promises. This again is supported by the applicant’s specification paragraph [0070] which establishes these concepts are known. 
Claim 6 states that the service provider is part of a service oriented architecture system which establishes the environment of use but does not change how the steps of are performed. Further the applicant has cited references specifically reference [16] which establish these types of architectures are known. 
Claim 7, 8 and 19-21 describe the use of a one-way hash to identify the law or rules which apply. Claim 7 merely states that the client is “configured to demonstrate compliance with the plurality of enforcement instructions by transmitting to the plurality of client computing devices the one-way hashes of the plurality of enforcement instructions, enabling the plurality of client computing devices to identify the plurality of enforcement instructions by examining the plurality of one-way hashes of the plurality of enforcement instructions” but this is merely transmitting the one-way hashes and allowing or not preventing the client from identifying the instructions, which again is insignificant extra solution activity as it merely transmits the data. Further still the applicant has cited references establishing the use of these values again indicating that these are known conventional techniques. 
Claims 9, 10 and 22-23 discuss that the pledges depend or are subordinate from other pledges, while this expands on how the rules are applied it merely indicates a description of the rules and allows for the rules to depend in any way for any reason, which again is a generic concept rather than a specific practical application. 
Claim 18 as amended describes what the proof of controller authenticity is, that is it can be “a certificate of authenticity signed by a certificate authority of a controller provider” or “a certificate of authenticity signed by a manufacturer of a host of the controller computing device” or “a one-way hash of operating code of the controller computing device” which describes what is received but not how it is used. Again this is merely receiving information and as such is insignificant extra solution activity as it does not establish how the information is used. Further as discussed above these are indicated as known techniques as such these limitations fail to render the claims into a practical application.
As such when considered individually or in combination the limitations to not amount to a practical application and as such the claims are not patent eligible.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 2, 4, 5 and 17-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lee et al. (US 2017/0046709 A1) hereafter Lee, in view of Sylla (WO 2006/121933 A2) hereafter Sylla.
As per claim 1, Lee discloses a computing system for scalably establishing trust in services available over the internet (Page 4, paragraph [0045]; discloses that the sever can have both cloud storage and cloud computing making the system scalable. Page 17, paragraphs [0173] and Page 2, paragraphs [0025]-[0026]; discloses that the registry is accessible by clients through software to verify products. The Examiner notes that trust is defined as “Firm belief in the integrity, ability, or character of a person or thing; confidence or reliance” as defined by https://www.thefreedictionary.com/trust. As such the intended use of the system is to provide a belief or confidence in the system. This is consistent with the applicant’s arguments filed on April 20, 2022 on page 13, which describes the invention as “anybody [as a service provider] can make itself trustworthy – where ‘trustworthy’ means that it can be justifiably trusted by many [client] actors, widespread over the Internet” which establishes that the goal or intended use is to provide a service the clients can have confidence in or “trust”. As noted above this is a belief and not a tangible condition), the system comprising:
	a pledge (As defined by the applicant on Page 7, paragraph [0035] of the originally filed specification, “a pledge is a promise P enforced via PleM or similar mechanism”, as stated by the applicant Page 9, of the remarks filed on August 26, 2021, “paragraph [0078] goes on to describe such a “statement” is being “claimed to be satisfied by the law in question,” i.e., an assurance that the law is satisfied”, thus a pledge is merely a statement of the conditions to be monitored to ensure compliance) registry database (Lee Page 18, paragraphs [0187]-[0189] and Page 19, paragraph [0190]; discloses that the system contains a registry or database that includes statements such as delivery terms and rules for tracking delivery and ensuring the validity of the product. Page 11, paragraph [0105]; discloses that the system accesses the stored list of triggering events within the database, the system determines if the detected event is within the triggering events and accesses the rules engine to access the rules for the detected event. It identifies the one or more operations associated with the identified rules) storing:
		computer-readable representations of a plurality of operating conditions relating to a plurality of services available from a service provider associated with a plurality of client computing devices (Page 3, paragraph [0035]; discloses that there are a plurality of client devices. Page 4, paragraph [0043]; discloses that there a plurality of service providers which provide different services which are consistent with each business entity. Page 17, paragraphs [0173] and Page 2, paragraphs [0025]-[0026]; discloses that the registry is accessible by clients through software. This interpretation is consistent with the applicant’s originally filed specification paragraph [0052] which states that “Service Level Agreement (SLA): A service can be pledge that if it does not respond to a request within a specified period of time”. Specifically Lee Page 18, paragraph [0189]; discloses that the system will track and confirm if the products were shipped within the terms defined by the manufacturer. Lee goes on to state in paragraph [0189] that this includes the release of funds or payments for the distributor’s services in accordance with the rules defined by the manufacturer. Thus these are computer-readable representations of the operating conditions which are applicable to the service provider and are to be monitored to ensure compliance);
		a plurality of computer-executable enforcement instructions corresponding to the plurality of operating conditions, that, when loaded and executed, enforce the plurality of operating conditions (Lee Page 18, paragraphs [0187]-[0189] and Page 19, paragraphs [0190] and [0197]; disclose that each product has an associated set of rules which it must conform with. The process “promises” or makes a statement that the products are certified and conform with the rules, which turns the “promise” into a “pledge” based on the rules as the applicant’s originally filed specification. Lee Page 18, paragraph [0189]; discloses that the system will track and confirm if the products were shipped within the terms defined by the manufacturer. Lee goes on to state in paragraph [0189] that this includes the release of funds or payments for the distributor’s services in accordance with the rules defined by the manufacturer. Thus these are computer-readable representations of the operating conditions which are applicable to the service provider and are to be monitored to ensure compliance); 
	a plurality of evaluations, wherein (i) each evaluation corresponds to a computer-executable enforcement instruction of the plurality of computer-executable enforcement instructions, different evaluations corresponding to different computer-executable enforcement instructions, and (ii) each evaluation enables a client computing device of the plurality of client computing devices to perform an assessment of ability of the corresponding computer-executable enforcement instruction to facilitate provision of a client-requested service of the plurality of services in accordance with at least one client-requested operating condition of the plurality of operating conditions (Page 17, paragraphs [0171]-[0174]; discloses that the “smart contracts” contain evaluations or ways to verify that the transactions have gone according to the rules/agreements); and
	a controller computing device configured to function as a surrogate service provider of the plurality of services and thereby scalably establish trust in the plurality of services based on enforcement of the plurality of operating conditions, wherein scalably establishing trust in the plurality of services includes (Page 17, paragraphs [0171], [0173] and [0179]; discloses that the system contains a rule-based system which tracks transactions and ensures they conform with the rules. This as stated in paragraph [0179] is to validate products and track legitimate products through the system. Page 18, paragraphs [0187]-[0189] and Page 19, paragraphs [0190] and [0197]; disclose that each product is tracked using the software in the system. The central authority acts as the controller provider (See Claim 2) which operates the repository which tracks each product for a plurality of service providers or manufacturers. This is a surrogate as it acts on behalf of the service providers or manufacturers. The system tracks the sale of the products and ensures those sales conform to the rules of the smart contract. Which is a statement which indicates the system intends to certify the products as they change hands and enforces this statement through a series of rules which are indicated with the product and smart contract. This establishes trust as it provides confidence in the service and that it will be carried out according to the contract): 
		accessing, the pledge registry database, via a communications network, to obtain (i) the plurality of enforcement instructions corresponding to the plurality of operating conditions (Page 11, paragraph [0105]; discloses that the system accesses the stored list of triggering events within the database, the system determines if the detected event is within the triggering events and accesses the rules engine to access the rules for the detected event. It identifies the one or more operations associated with the identified rules); and
receiving, from the plurality of client computing devices, an indication of self-determined trust in (ii) the plurality of enforcement instructions, based on both a verification of the plurality of enforcement instructions and assessments of the abilities of the plurality of computer-executable enforcement instructions enabled by the plurality of evaluations (Page 18, paragraph [0189]; discloses that the system will track and confirm if the products were shipped within the terms defined by the manufacturer. Lee goes on to state in paragraph [0189] that this includes the release of funds or payments for the distributor’s services in accordance with the rules defined by the manufacturer. Page 11, paragraph [0105]; discloses that the system accesses the stored list of triggering events within the database, the system determines if the detected event is within the triggering events and accesses the rules engine to access the rules for the detected event. It identifies the one or more operations associated with the identified rules. Page 17, paragraphs [0171]-[0174]; discloses that the “smart contracts” contain evaluations or ways to verify that the transactions have gone according to the rules/agreements. Lee Page 17, paragraph [0174] discloses that the system uses keys to establish trust or authenticating the user corresponding to the rules in the system.);
		enforcing the plurality of operating conditions by loading and executing the plurality of enforcement instructions, thereby scalably establishing trust in the plurality of services (Page 4, paragraph [0047]; discloses that the system executes software instructions to establish the rules that regulate distributions of and/or secured transactions. Page 11, paragraph [0105]; discloses that the system stores the events and their rules monitoring the operations of those events to execute the transactions and perform the service).
	Lee fails to explicitly disclose a plurality of one-way hashes, wherein (i) each one-way hash corresponds to a computer-executable enforcement instruction of the plurality of computer-executable enforcement instructions and (ii) each one-way hash enables authentication of the corresponding computer-executable enforcement instruction; and accessing the pledge registry database, via a communications network, to obtain (i) the enforcement instructions corresponding to the plurality of operating conditions and (ii) the plurality of one-way hashes corresponding to the plurality of enforcement instructions; transmitting to the plurality of client computing devices, via the communications network, (i) a proof of controller authenticity, and (ii) the obtained plurality of one-way hashes corresponding to the plurality of enforcement instructions; receiving, from the plurality of client computing devices, an indication of self-determined trust in (i) the controller computing device, based on a verification of the proof of controller authenticity, and (ii) the plurality of enforcement instructions and assessments of the abilities of the plurality of computer-executable enforcement instructions enabled by the plurality of evaluations, based on a verification of the plurality of one-way hashes corresponding to the plurality of enforcement instructions, said self-determined trust qualifying the plurality of services as trusted services with respect to the plurality of client devices.
	Sylla, which like Lee talks about communications between a central server to a client, teaches it is known to have a plurality of one-way hashes, wherein (i) each one-way hash corresponds to a computer-executable enforcement instruction of the plurality of computer-executable enforcement instructions and (ii) each one-way hash enables authentication of the corresponding computer-executable enforcement instruction (Page 9, lines 5-14; teaches that it is known to include one-way hash functions to authenticate data. Page 9, line 20 through Page 10, line 10; teaches that the software instructions are encrypted or authenticated. This ensures that the software instructions or computer-executable instruction have not been changes since they were authenticated. As such these one-way hashes enable authentication of the instructions as it ensures it has not been tampered with).
	accessing the pledge registry database, via a communications network, to obtain (i) the plurality of enforcement instructions corresponding to the plurality of operating conditions and (ii) the plurality of one-way hashes corresponding to the plurality of enforcement instructions (Page 9, line 15 through Page 10, line 10; teaches that the system access a collection of instructions that correspond to a plurality of operation conditions or software instructions which are executed. Page 9, lines 5-14; teaches that it is known to include one-way hash functions to authenticate data); 
transmitting to the plurality of client computing devices, via the communications network, (i) a proof of controller authenticity, and (ii) the obtained plurality of one-way hashes corresponding to the plurality of enforcement instructions (Page 12, lines 19-26; teaches that certificates can be used to attest that the module is genuine. Page 15, lines 1-5; teaches that the server or controller can authenticate itself and provides this information to the client devices through the network. Page 9, line 15 through Page 10, line 10; teaches that the system accesses a collection of instructions that correspond to a plurality of operation conditions or software instructions which are executed. Page 9, lines 5-14; teaches that it is known to include one-way hash functions to authenticate data); 
receiving, from the plurality of client computing devices, an indication of self-determined trust in (i) the controller computing device, based on a verification of the proof of controller authenticity, and (ii) the plurality of enforcement instructions, based on a verification of the plurality of one-way hashes corresponding to the plurality of enforcement instructions (Page 12, lines 6-18; teaches that the client device will attest to its identity, to its hardware or software configuration. The controller receives the attestation. Page 12, lines 19-26; teaches that the system contains certificates which can be used to provide attestation that the trusted platform module is genuine and is used as the reliable root of authentication. Page 13, lines 1-6; teaches that the platform is provided by the platform vendor and is used to provide attestation that the platform is genuine. As established in Sylla it is known to implement an authentication system which utilizes one-way hashes and certificates to attest that the information has not been tampered with and that the source is genuine. Since Lee already transmits information and enforces rules it would have been obvious to implement an authentication system similar to what is shown in Sylla to ensure that the data has not been tampered with and the sources are genuine. Sylla establishes that this can be used to create trust in the system and that this trust can then be used to extend to devices, software and other components in the system).
Lee discloses a registry which contains “promises” or statements which are enforced by an automated set of rules. Lee discloses a computer programming running on a server which controls the interactions between parties. While Lee discloses securing and validating the communications between parties, Lee fails to disclose including a one-way hash of the instructions and transmit and receive proof of authenticity and the encrypted instructions.
Sylla teaches it is known to implement a system for authenticating communications to ensure security. In doing so the system creates a series of one-way hashes of the software instructions to ensure that the instructions are not tampered with. It also utilizes certificates to send and receive communication to ensure the source is genuine and can be trusted.
It would have been obvious to one of ordinary skill in the art to include in the central registry of Lee the ability to use one-way hashes and certificates to authenticate communications as taught by Sylla since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.
Therefore, from this teaching of Sylla, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the method/system of managing a registry for statements enforced by rules by Lee, with the ability to use one-way hashes and certificates to authenticate communications as taught by Sylla, for the purposes of ensuring security. As established in Sylla it is known to implement an authentication system which utilizes one-way hashes and certificates to attest that the information has not been tampered with and that the source is genuine. Since Lee already transmits information and enforces rules it would have been obvious to implement an authentication system similar to what is shown in Sylla to ensure that the data has not been tampered with and the sources are genuine. Sylla establishes that this can be used to create trust in the system and that this trust can then be used to extend to devices, software and other components in the system.
As per claim 2, the combination of Lee and Sylla teaches the above-enclosed invention; Lee further discloses comprising a controller provider configured to manage a plurality of controller computing devices, including the controller computing device configured to scalably establish trust in the plurality of services (Page 3, paragraphs [0041]-[0042] and Page 4, paragraphs [0043] and [0047]; discloses that the system can contain more than server or controller computing device. The server contains software which establishes the enforcement of the rules for tracking the assets and their transactions. Page 18, paragraphs [0187]-[0189] and Page 19, paragraphs [0190] and [0197]; disclose that each product is tracked using the software in the system. The central authority acts as the controller provider which operates the repository which tracks each product for a plurality of service providers or manufacturers. The system tracks the sale of the products and ensures those sales conform to the rules of the smart contract. Which is a statement which indicates the system intends to certify the products as they change hands and enforces this statement through a series of rules which are indicated with the product and smart contract. Page 4, paragraph [0045]; discloses that the sever can have both cloud storage and cloud computing making the system scalable).
As per claim 4, the combination of Lee and Sylla teaches the above-enclosed invention; Sylla further teaches wherein the service provider provides the controller computing device using trusted platform module technology (Page 9, line 20 through Page 11, line 4 and Page 12, line 19 through Page 13, line 6; teaches it is known for the service provider to provide the controller with a trusted platform module technology to ensure the source is genuine and can be trusted).
As per claim 5, the combination of Lee and Sylla teaches the above-enclosed invention; Sylla further teaches wherein the proof of controller authenticity is at least one: (i) a certificate of authenticity signed by a manufacturer of a host of the controller computing device, wherein the certificate of authenticity attests that the host is implementing the controller computing device using the trusted platform module technology, and (ii) a one-way hash of operating code of the controller computing device (Page 9, line 20 through Page 11, line 4 and Page 12, line 19 through Page 13, line 6; teaches it is known for the service provider to provide the controller with a trusted platform module technology to ensure the source is genuine and can be trusted. Page 11, lines 17-25; teaches that the trusted platform module can have an endorsement key pair which is generated and embedded during the manufacturing process).
As per claim 17, Lee discloses a method of scalably establishing trust in services available over the internet (Page 4, paragraph [0045]; discloses that the sever can have both cloud storage and cloud computing making the system scalable. Page 17, paragraphs [0173] and Page 2, paragraphs [0025]-[0026]; discloses that the registry is accessible by clients through software to verify products. The Examiner notes that trust is defined as “Firm belief in the integrity, ability, or character of a person or thing; confidence or reliance” as defined by https://www.thefreedictionary.com/trust. As such the intended use of the system is to provide a belief or confidence in the system. This is consistent with the applicant’s arguments filed on April 20, 2022 on page 13, which describes the invention as “anybody [as a service provider] can make itself trustworthy – where ‘trustworthy’ means that it can be justifiably trusted by many [client] actors, widespread over the Internet” which establishes that the goal or intended use is to provide a service the clients can have confidence in or “trust”. As noted above this is a belief and not a tangible condition), the method comprising:
	receiving, from a controller computing device configured to scalably establish trust in a plurality of services by functioning as a surrogate service provider of the plurality of services for a service provider associated with a plurality of client computing devices: (i) information relating to a controller computing device used to provide the plurality of services to a plurality of client computing device in accordance with the plurality of operating condition, wherein the controller computing device includes a computer program implementing the plurality of computer-executable enforcement instructions (Lee Page 3, paragraph [0035]; discloses that there are a plurality of client devices. Page 4, paragraph [0043]; discloses that there a plurality of service providers which provide different services which are consistent with each business entity. Page 18, paragraphs [0187]-[0189] and Page 19, paragraphs [0190] and [0197]; disclose that each product has an associated set of rules which it must conform with. The process “promises” or makes a statement that the products are certified and conform with the rules, which turns the “promise” into a “pledge” based on the rules as the applicant’s originally filed specification. Paragraph [0187]; discloses that this information comes from the manufacturer or the provider. Page 17, paragraphs [0171], [0173] and [0179]; discloses that the system contains a rule-based system which tracks transactions and ensures they conform with the rules. This as stated in paragraph [0179] is to validate products and track legitimate products through the system. Page 18, paragraphs [0187]-[0189] and Page 19, paragraphs [0190] and [0197]; disclose that each product is tracked using the software in the system. The central authority acts as the controller provider which operates the repository which tracks each product for a plurality of service providers or manufacturers. This is a surrogate as it acts on behalf of the service providers or manufacturers. The system tracks the sale of the products and ensures those sales conform to the rules of the smart contract. Which is a statement which indicates the system intends to certify the products as they change hands and enforces this statement through a series of rules which are indicated with the product and smart contract. This establishes trust as it provides confidence in the service and that it will be carried out according to the contract);
	wherein the computer program, when loaded and executed, enforces a plurality of operating conditions corresponding to the plurality of computer-executable enforcement instructions (Page 4, paragraph [0047]; discloses that the system executes software instructions to establish the rules that regulate distributions of and/or secured transactions. Page 11, paragraph [0105]; discloses that the system stores the events and their rules monitoring the operations of those events to execute the transactions and perform the service);
	accessing a pledge (As defined by the applicant on Page 7, paragraph [0035] of the originally filed specification, “a pledge is a promise P enforced via PleM or similar mechanism”) registry database to (i) verify information relating to the operating condition, including the enforcement instruction corresponding to the operating condition and (ii) perform assessments of abilities of the enforcement instructions to facilitate provision of a client-requested service of the plurality of services in accordance with at least one client-requested operating condition of the plurality of operating conditions (Page 18, paragraphs [0187]-[0189] and Page 19, paragraph [0190]; discloses that the system contains a registry or database that includes statements such as delivery terms and rules for tracking delivery and ensuring the validity of the product. Page 17, paragraphs [0173] and Page 2, paragraphs [0025]-[0026]; discloses that the registry is accessible by clients through software. This interpretation is consistent with the applicant’s originally filed specification paragraph [0052] which states that “Service Level Agreement (SLA): A service can be pledge that if it does not respond to a request within a specified period of time”. Specifically Lee Page 18, paragraph [0189]; discloses that the system will track and confirm if the products were shipped within the terms defined by the manufacturer. Lee goes on to state in paragraph [0189] that this includes the release of funds or payments for the distributor’s services in accordance with the rules defined by the manufacturer. Page 11, paragraph [0105]; discloses that the system accesses the stored list of triggering events within the database, the system determines if the detected event is within the triggering events and accesses the rules engine to access the rules for the detected event. It identifies the one or more operations associated with the identified rules. Page 17, paragraphs [0171]-[0174]; discloses that the “smart contracts” contain evaluations or ways to verify that the transactions have gone according to the rules/agreements);
	authenticating the client devices (Page 2, paragraphs [0026] and Page 7, paragraph [0077]; discloses that the system uses public key and private key to authenticate the users);
	indicating self-determined trust in (ii) the plurality of enforcement instructions, based on the assessments of abilities of the plurality of computer-executable enforcement instructions (Page 18, paragraph [0189]; discloses that the system will track and confirm if the products were shipped within the terms defined by the manufacturer. Lee goes on to state in paragraph [0189] that this includes the release of funds or payments for the distributor’s services in accordance with the rules defined by the manufacturer. Page 11, paragraph [0105]; discloses that the system accesses the stored list of triggering events within the database, the system determines if the detected event is within the triggering events and accesses the rules engine to access the rules for the detected event. It identifies the one or more operations associated with the identified rules. Page 17, paragraphs [0171]-[0174]; discloses that the “smart contracts” contain evaluations or ways to verify that the transactions have gone according to the rules/agreements. Lee Page 17, paragraph [0174] discloses that the system uses keys to establish trust or authenticating the user corresponding to the rules in the system);
	interacting with the controller computing device to support enforcement of the plurality of operating conditions by the enforcement instructions loaded and executed by the controller computing device, thereby scalably establishing trust in the plurality  of services (Page 17, paragraphs [0171], [0173] and [0179]; discloses that the clients can interact with the system to verify that the products are valid. Page 18, paragraph [0189]; discloses that the system will track and confirm if the products were shipped within the terms defined by the manufacturer. Lee goes on to state in paragraph [0189] that this includes the release of funds or payments for the distributor’s services in accordance with the rules defined by the manufacturer).
	Lee however fails to explicitly disclose receiving from a service provider (ii) a proof of controller authenticity, (ii) a plurality of one-way hashes, wherein each one-way hash corresponds to a computer-executable enforcement instruction of a plurality of computer-executable enforcement instructions. Lee additionally fails to explicitly disclose accessing a pledge registry database to: (i) verify the plurality of one-way hashes corresponding to the plurality of enforcement instructions, indicating self-determined trust in (i) the controller computing device, based on the verification of the proof of controller authenticity, and (ii) the plurality of enforcement instructions, based on the verification of the plurality of one-way hashes and the assessments of abilities of the plurality of computer-executable enforcement instructions.
Sylla, which like Lee talks about communications between a central server to a client, teaches it is known to receiving from a service provider (ii) a proof of controller authenticity, (iii) a plurality of one-way hashes, wherein each one-way hash corresponds to a computer-executable enforcement instruction of a plurality of computer-executable enforcement instructions (Page 12, lines 19-26; teaches that certificates can be used to attest that the module is genuine. Page 15, lines 1-5; teaches that the server or controller can authenticate itself and provides this information to the client devices through the network. Page 9, lines 5-14; teaches that it is known to include one-way hash functions to authenticate data. Page 9, line 20 through Page 10, line 10; teaches that the software instructions are encrypted or authenticated. This ensures that the software instructions or computer-executable instruction have not been changes since they were authenticated. As such these one-way hashes enable authentication of the instructions as it ensures it has not been tampered with).
	accessing a pledge registry database to: (i) verify the plurality of one-way hashes corresponding to the plurality of enforcement instructions (Page 9, line 15 through Page 10, line 10; teaches that the system access a collection of instructions that correspond to a plurality of operation conditions or software instructions which are executed. Page 9, lines 5-14; teaches that it is known to include one-way hash functions to authenticate data); 
indicating self-determined trust in (i) the controller computing device, based on the verification of the proof of controller authenticity, and (ii) the plurality of enforcement instructions, based on the verification of the plurality of one-way hashes (Page 12, lines 6-18; teaches that the client device will attest to its identity, to its hardware or software configuration. The controller receives the attestation. Page 12, lines 19-26; teaches that the system contains certificates which can be used to provide attestation that the trusted platform module is genuine and is used as the reliable root of authentication. Page 13, lines 1-6; teaches that the platform is provided by the platform vendor and is used to provide attestation that the platform is genuine. As established in Sylla it is known to implement an authentication system which utilizes one-way hashes and certificates to attest that the information has not been tampered with and that the source is genuine. Since Lee already transmits information and enforces rules it would have been obvious to implement an authentication system similar to what is shown in Sylla to ensure that the data has not been tampered with and the sources are genuine. Sylla establishes that this can be used to create trust in the system and that this trust can then be used to extend to devices, software and other components in the system).
Lee discloses a registry which contains “promises” or statements which are enforced by an automated set of rules. Lee discloses a computer programming running on a server which controls the interactions between parties. While Lee discloses securing and validating the communications between parties, Lee fails to disclose including a one-way hash of the instructions and transmit and receive proof of authenticity and the encrypted instructions.
Sylla teaches it is known to implement a system for authenticating communications to ensure security. In doing so the system creates a series of one-way hashes of the software instructions to ensure that the instructions are not tampered with. It also utilizes certificates to send and receive communication to ensure the source is genuine and can be trusted.
It would have been obvious to one of ordinary skill in the art to include in the central registry of Lee the ability to use one-way hashes and certificates to authenticate communications as taught by Sylla since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.
Therefore, from this teaching of Sylla, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the method/system of managing a registry for statements enforced by rules by Lee, with the ability to use one-way hashes and certificates to authenticate communications as taught by Sylla, for the purposes of ensuring security. As established in Sylla it is known to implement an authentication system which utilizes one-way hashes and certificates to attest that the information has not been tampered with and that the source is genuine. Since Lee already transmits information and enforces rules it would have been obvious to implement an authentication system similar to what is shown in Sylla to ensure that the data has not been tampered with and the sources are genuine. Sylla establishes that this can be used to create trust in the system and that this trust can then be used to extend to devices, software and other components in the system.
As per claim 18, the combination of Lee and Sylla teaches the above-enclosed invention; Sylla further teaches wherein the proof of controller authenticity received from the controller computing device is at least one of: (i) a certificate of authenticity signed by a certification authority of a controller provider; (ii) a certificate of authenticity signed by a manufacturer of a host of the controller computing device, wherein the certificate of authenticity signed by the manufacturer of the host attests that the host is implementing the controller computing device using trusted platform module technology; and (iii) a one-way hash of operating code of the controller computing device, wherein the service provider provides the controller computing device using the trusted platform module technology (Page 9, line 20 through Page 11, line 4 and Page 12, line 19 through Page 13, line 6; teaches it is known for the service provider to provide the controller with a trusted platform module technology to ensure the source is genuine and can be trusted. Page 11, lines 17-25; teaches that the trusted platform module can have an endorsement key pair which is generated and embedded during the manufacturing process).
Lee further discloses comprising a controller provider configured to manage a plurality of controller computing devices, including the controller computing device configured to scalably provide the plurality of services of the service provider (Page 3, paragraphs [0041]-[0042] and Page 4, paragraphs [0043] and [0047]; discloses that the system can contain more than server or controller computing device. The server contains software which establishes the enforcement of the rules for tracking the assets and their transactions. Page 18, paragraphs [0187]-[0189] and Page 19, paragraphs [0190] and [0197]; disclose that each product is tracked using the software in the system. The central authority acts as the controller provider which operates the repository which tracks each product for a plurality of service providers or manufacturers. The system tracks the sale of the products and ensures those sales conform to the rules of the smart contract. Which is a statement which indicates the system intends to certify the products as they change hands and enforces this statement through a series of rules which are indicated with the product and smart contract. Page 4, paragraph [0045]; discloses that the sever can have both cloud storage and cloud computing making the system scalable).
As per claim 19, the combination of Lee and Sylla teaches the above-enclosed invention; Lee further discloses identifying the plurality of enforcement instructions implemented by the computer program of the controller computing device by examining the plurality of hashes of the enforcement instruction implemented by the computer program of the controller computing device (Page 7, paragraph [0080]). 
Sylla further teaches that the hashes are known to be one-way hashes (Page 9, lines 5-14; teaches that it is known to include one-way hash functions to authenticate data. Page 9, line 20 through Page 10, line 10; teaches that the software instructions are encrypted or authenticated. This ensures that the software instructions or computer-executable instruction have not been changes since they were authenticated. As such these one-way hashes enable authentication of the instructions as it ensures it has not been tampered with).

Claim 3 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lee et al. (US 2017/0046709 A1) hereafter Lee, in view of Sylla (WO 2006/121933 A2) hereafter Sylla, further in view O’Toole, Jr. (US 8,352,725 B1) hereafter O’Toole.
As per claim 3, the combination of Lee and Sylla teaches the above-enclosed invention; Sylla further teaches wherein the proof of controller authenticity is a certificate of authenticity signed by a certification authority of the controller provider (Page 13, lines 1-6; teaches it is known for the certificate to be signed by a trusted authority).
The combination however fails to explicitly state wherein the controller computing device is configured to transmit to the plurality of client computing devices, via a handshake protocol, the proof of controller authenticity.
O’Toole, which like Sylla talks about authenticating devices, teaches it is known for the controller computing device to be configured to transmit to the plurality of client computing devices, via a handshake protocol, the proof of controller authenticity (Col. 18, lines 8-41; teaches that when communicating authentication information it is known to do so during a handshake protocol where the client communicates with the server and the server responds to the communication to establish the connection. During this handshake protocol it is known to transmit the proof of controller authenticity. Since the combination already establishes that the client and the server communicate and authenticate each other, it would have been obvious to do it during a handshake protocol which is the initial connection between the client and server as shown in O’Toole. This would ensure both the client and the server authentic and can be trusted which is the goal of Sylla).
Lee discloses a registry which contains “promises” or statements which are enforced by an automated set of rules. Lee discloses a computer programming running on a server which controls the interactions between parties. Sylla teaches it is known to implement a system for authenticating communications to ensure security. In doing so the system creates a series of one-way hashes of the software instructions to ensure that the instructions are not tampered with. It also utilizes certificates to send and receive communication to ensure the source is genuine and can be trusted. While the combination discloses securing and validating the communications between parties, the combination however fails to explicitly disclose including a certificate of authenticity during a handshake protocol.
O’Toole teaches it is known to authenticate devices using a handshake protocol it is known to transmit authentication information which can include certificates of authentication. O’Toole establishes this ensures that the communication can be trusted.
It would have been obvious to one of ordinary skill in the art to include in the central registry of Lee and Sylla the ability to transmit authentication information during a handshake protocol as taught by O’Toole since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.
Therefore, from this teaching of O’Toole, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the method/system of managing a registry for statements enforced by rules by Lee and Sylla, with the ability to transmit authentication information during a handshake protocol as taught by O’Toole, for the purposes of ensuring that the communication can be established in a trusted manner. Since the combination already establishes that the client and the server communicate and authenticate each other, it would have been obvious to do it during a handshake protocol which is the initial connection between the client and server as shown in O’Toole. This would ensure both the client and the server authentic and can be trusted which is the goal of Sylla.

Claim 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lee et al. (US 2017/0046709 A1) hereafter Lee, in view of Sylla (WO 2006/121933 A2) hereafter Sylla, further in view of Loewy et al. (US 2004/0193703 A1) hereafter Loewy.
As per claim 6 the combination of Lee and Sylla teaches the above-enclosed invention; the combination however fails to disclose wherein the service provider is part of a service-oriented architecture (SOA) system.
	Loewy, which like Lee and Sylla talks about a centralized system, teaches it is known for the given service provider to be part of a service-oriented architecture (SOA) system (Page 3, paragraphs [0041]-[0046]; teaches that it is known for service providers to be part of a service-oriented architecture and that this is done to provide conformance and governance to enable distributed multi-user environments. Loewy further states that this allows for centralized policies or rules. Since Lee already has a centralized system it would have been obvious as shown in Loewy that this could be part of a service-oriented architecture as this is a known way to operate a centralized management of information to track actions. As stated in Loewy this provides effective tracking for all system elements).
	Lee discloses a registry which contains “promises” or statements which are enforced by an automated set of rules. Lee discloses a computer programming running on a server which controls the interactions between parties. Sylla teaches it is known to implement a system for authenticating communications to ensure security. In doing so the system creates a series of one-way hashes of the software instructions to ensure that the instructions are not tampered with. It also utilizes certificates to send and receive communication to ensure the source is genuine and can be trusted. While the combination discloses securing and validating the communications between parties, the combination fails to disclose service provider being part of a service-oriented architecture (SOA) system.
Loewy teaches it is known for a service provider to be part of a service-oriented architecture system. 
	Since each individual element and its function are shown in the prior art, albeit shown in separate references, the difference between the claimed subject matter and the prior art rests not on any individual element or function but in the very combination itself- that is in the substitution of the centralized authority found in Lee and Sylla with the service provider being part of a service-oriented architecture system as shown in Loewy.
	Thus, the simple substitution of one known element for another producing a predictable result renders the claim obvious.
Therefore, from this teaching of Loewy, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the method/system of managing a registry for statements enforced by rules by Lee and Sylla, with the service provider being part of a service-oriented architecture system as shown in Loewy, for the purposes of offering a centralized management point for tracking all of the system elements. Since Lee already has a centralized system it would have been obvious as shown in Loewy that this could be part of a service-oriented architecture as this is a known way to operate a centralized management of information to track actions. As stated in Loewy this provides effective tracking for all system elements.

Claim(s) 7, 8, 20 and 21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lee et al. (US 2017/0046709 A1) hereafter Lee, in view of Sylla (WO 2006/121933 A2) hereafter Sylla, further in view of Sprosts et al. (US 2007/0079379 A1) hereafter Sprosts.
As per claim 7, the combination of Lee and Sylla teaches the above-enclosed invention; Lee further discloses wherein the system can communicate encrypted and/or hashed rules to owners of and/or users associated with, the tracked assets (Page 7, paragraph [0080]).
Sylla further teaches wherein the controller computing device is configured to demonstrate compliance with the plurality of enforcement instructions by transmitting to the plurality of client computing devices the one-way hashes of the plurality of enforcement instructions (Page 9, lines 5-14; teaches that it is known to include one-way hash functions to authenticate data. Page 9, line 20 through Page 10, line 10; teaches that the software instructions are encrypted or authenticated. This ensures that the software instructions or computer-executable instruction have not been changes since they were authenticated. As such these one-way hashes enable authentication of the instructions as it ensures it has not been tampered with).
The combination however fails to disclose enabling the plurality of client computing devices to identify the plurality of enforcement instructions by examining the plurality of one-way hashes of the plurality of enforcement instructions.
	Sprosts, which like Lee tracks messages using hashed information, teaches enabling the plurality of client computing devices to identify the plurality of enforcement instructions by examining the plurality of one-way hashes of the plurality of enforcement instructions (Page 3, paragraph [0060]; teaches that it is known to enable the specified party to be able to decode the rules that matched by comparing the rules using a one-way hash. This is used to improve the security of the system. Since Lee and Sylla already disclose the use of hashed rules and communicating those hashed rules to any involved party this would allow the client to identify the rules using the hash. Sprosts establishes that this is done using a one-way hash and improves the security of the system).
	Lee discloses a registry which contains “promises” or statements which are enforced by an automated set of rules. Lee discloses a computer programming running on a server which controls the interactions between parties. Sylla teaches it is known to implement a system for authenticating communications to ensure security. In doing so the system creates a series of one-way hashes of the software instructions to ensure that the instructions are not tampered with. It also utilizes certificates to send and receive communication to ensure the source is genuine and can be trusted. While the combination teaches securing and validating the communications between parties, the combination fails to disclose using a one-way hash to compare rules.
	Sprosts teaches it is known to one-way hashes of the rule identifiers and this is done to improve security. 
	It would have been obvious to one of ordinary skill in the art to include in the central registry of Lee and Sylla the ability to use one-way hashes of the rule identifiers to improve security as taught by Sprosts since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.
Therefore, from this teaching of Sprosts, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the method/system of managing a registry for statements enforced by rules by Lee and Sylla, with the ability to use one-way hashes of the rule identifiers to improve security as taught by Sprosts, for the purposes of improving security. Since Lee already discloses the use of hashed rules and communicating those hashed rules to any involved party this would allow the client to identify the rules using the hash. Sprosts establishes that this is done using a one-way hash and improves the security of the system.
As per claim 8, the combination of Lee, Sylla and Sprosts teaches the above-enclosed invention; Sprosts further teaches wherein examining the plurality of one-way hashes of the plurality of enforcement instructions includes comparing (i) the plurality one-way hashes of the plurality of enforcement instructions obtained from the controller computing device with (ii) one-way hashes of the plurality of enforcement instructions received from the service provider (Page 3, paragraph [0060]; teaches that it is known to enable the specified party to be able to decode the rules that matched by comparing the rules using a one-way hash. This is used to improve the security of the system. Since Lee already discloses the use of hashed rules and communicating those hashed rules to any involved party this would allow the client to identify the rules using the hash. Sprosts establishes that this is done using a one-way hash and improves the security of the system).
As per claim 20, the combination of Lee and Sylla teaches the above-enclosed invention; the combination however fails to explicitly disclose wherein examining the plurality of one-way hashes of the plurality of enforcement instructions includes comparing (i) the plurality of one-way hashes of the plurality of enforcement instructions implemented by the computer program of the controller computing device with (ii) one-way hashes of the plurality of enforcement instructions received from the service provider.
Sprosts further teaches wherein examining the plurality of one-way hashes of the plurality of enforcement instructions includes comparing (i) the plurality of one-way hashes of the plurality of enforcement instructions implemented by the computer program of the controller computing device with (ii) one-way hashes of the plurality of enforcement instructions received from the service provider (Page 3, paragraph [0060]; teaches that it is known to enable the specified party to be able to decode the rules that matched by comparing the rules using a one-way hash. This is used to improve the security of the system. Since Lee already discloses the use of hashed rules and communicating those hashed rules to any involved party this would allow the client to identify the rules using the hash. Sprosts establishes that this is done using a one-way hash and improves the security of the system).
Lee discloses a registry which contains “promises” or statements which are enforced by an automated set of rules. Lee discloses a computer programming running on a server which controls the interactions between parties. Jones teaches it is known to issue certificates for authenticating computing devices and that this was known in the prior art at the time of the invention. Sylla teaches it is known to implement a system for authenticating communications to ensure security. In doing so the system creates a series of one-way hashes of the software instructions to ensure that the instructions are not tampered with. It also utilizes certificates to send and receive communication to ensure the source is genuine and can be trusted. While the combination discloses securing and validating the communications between parties, the combination fails to disclose using a one-way hash to compare rules.
	Sprosts teaches it is known to use one-way hashes of the rule identifiers and to compare them and this is done to improve security. 
	It would have been obvious to one of ordinary skill in the art to include in the central registry of Lee and Sylla the ability compare one-way hashes of the rule identifiers with one-way hashes received from the service provider to improve security as taught by Sprosts since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.
Therefore, from this teaching of Sprosts, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the method/system of managing a registry for statements enforced by rules by Lee and Sylla, the ability compare one-way hashes of the rule identifiers with one-way hashes received from the service provider as taught by Sprosts, for the purposes of improving security. Since Lee already discloses the use of hashed rules and communicating those hashed rules to any involved party this would allow the client to identify the rules using the hash. Sprosts establishes that this is done using a one-way hash and improves the security of the system.
As per claim 21, the combination of Lee and Sylla teaches the above-enclosed invention; Lee further discloses wherein verifying the proof of the controller authenticity for the controller computing device includes examining a hash of operating code of the controller computing device (Page 7, paragraph [0080]; discloses that the rules and the triggers are hashed and stored and later examined in subsequent transactions).
Sylla further teaches the hashes are one-way hashes of the plurality of enforcement instructions (Page 9, lines 5-14; teaches that it is known to include one-way hash functions to authenticate data. Page 9, line 20 through Page 10, line 10; teaches that the software instructions are encrypted or authenticated. This ensures that the software instructions or computer-executable instruction have not been changes since they were authenticated. As such these one-way hashes enable authentication of the instructions as it ensures it has not been tampered with).
The combination is not specific that the system compares and matches the one-way hashes.
Sprosts, which like Lee tracks messages using hashed information, teaches the use of one-way hashes to compare and match rules (Page 3, paragraph [0060]; teaches that it is known to enable the specified party to be able to decode the rules that matched by comparing the rules using a one-way hash. This is used to improve the security of the system. Since Lee already discloses the use of hashed rules and communicating those hashed rules to any involved party this would allow the client to identify the rules using the hash. Sprosts establishes that this is done using a one-way hash and improves the security of the system).
Lee discloses a registry which contains “promises” or statements which are enforced by an automated set of rules. Lee discloses a computer programming running on a server which controls the interactions between parties. Jones teaches it is known to issue certificates for authenticating computing devices and that this was known in the prior art at the time of the invention. Sylla teaches it is known to implement a system for authenticating communications to ensure security. In doing so the system creates a series of one-way hashes of the software instructions to ensure that the instructions are not tampered with. It also utilizes certificates to send and receive communication to ensure the source is genuine and can be trusted. While the combination discloses securing and validating the communications between parties, the combination fails to disclose using a one-way hash to compare rules.
	Sprosts teaches it is known to use one-way hashes of the rule identifiers and to compare them and this is done to improve security. 
	It would have been obvious to one of ordinary skill in the art to include in the central registry of Lee and Sylla the ability compare one-way hashes of the rule identifiers with one-way hashes received from the service provider to improve security as taught by Sprosts since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.
Therefore, from this teaching of Sprosts, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the method/system of managing a registry for statements enforced by rules by Lee and Sylla, the ability compare one-way hashes of the rule identifiers with one-way hashes received from the service provider as taught by Sprosts, for the purposes of improving security. Since Lee already discloses the use of hashed rules and communicating those hashed rules to any involved party this would allow the client to identify the rules using the hash. Sprosts establishes that this is done using a one-way hash and improves the security of the system.

Claim(s) 9, 10 and 22 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lee et al. (US 2017/0046709 A1) hereafter Lee, in view of Sylla (WO 2006/121933 A2) hereafter Sylla, further in view of Arjomand et al. (US 2016/0379312 A1) hereafter Arjomand.
As per claim 9, the combination of Lee and Sylla teaches the above-enclosed invention; Lee further discloses that operations can be dependent on the outcome of applied rules (Page 21, claim 2). 
The combination however fails to disclose wherein an operating condition applicable to the service provider is a subordinate to another operating condition, forming a conformance hierarchy of at least two operating conditions.
Arjomand, which like Lee talks about applying rules and conditions to transactions, teaches it is known for an operating condition made by a service to be subordinate to another operating condition, forming a conformance hierarchy of at least two operating conditions (Page 25, paragraph [0250]; teaches that it is known for a set of rules or conditions to be subordinate or dependent on another set of rules or conditions. As shown in Arjomand this allows the rules to change or be altered based on the prior condition or rules as they are enforced. This allows the entities to control limits or other conditions. Since Lee already discloses that the rules can depend on the outcome of other tests or operations it would have been obvious to have a set of subordinate rules so that service providers can have better control as established in Arjomand).
Lee discloses a registry which contains “promises” or statements which are enforced by an automated set of rules. Lee discloses a computer programming running on a server which controls the interactions between parties. Sylla teaches it is known to implement a system for authenticating communications to ensure security. In doing so the system creates a series of one-way hashes of the software instructions to ensure that the instructions are not tampered with. It also utilizes certificates to send and receive communication to ensure the source is genuine and can be trusted. While the combination discloses securing and validating the communications between parties, the combination fails to disclose implementing subordinate rules based off of other rules.
	Arjomand teaches it is known to implement subordinate rules based off of other rules. 
	It would have been obvious to one of ordinary skill in the art to include in the central registry of Lee and Sylla the ability to implement subordinate rules based off of other rules as taught by Arjomand since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.
Therefore, from this teaching of Arjomand, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the method/system of managing a registry for statements enforced by rules by Lee and Sylla, with the ability to implement subordinate rules based off of other rules as taught by Arjomand, for the purposes of improving the control of the system. Since Lee already discloses that the rules can depend on the outcome of other tests or operations it would have been obvious to have a set of subordinate rules so that service providers can have better control as established in Arjomand.
As per claim 10, the combination of Lee, Sylla and Arjomand teaches the above-enclosed invention; Lee further discloses wherein the controller computing device is configured to provide the plurality of client computing devices with a sequence of hashes of enforcement instructions of the at least two operating conditions (Page 7, paragraph [0080]; discloses that the values are communicated in hashes).
Sylla further teaches that the hashes are known to be one-way hashes (Page 9, lines 5-14; teaches that it is known to include one-way hash functions to authenticate data. Page 9, line 20 through Page 10, line 10; teaches that the software instructions are encrypted or authenticated. This ensures that the software instructions or computer-executable instruction have not been changes since they were authenticated. As such these one-way hashes enable authentication of the instructions as it ensures it has not been tampered with).
Arjomand further teaches where the rules are in a conformance hierarchy (Page 25, paragraph [0250]; teaches that it is known for a set of rules or conditions to be subordinate or dependent on another set of rules or conditions. As shown in Arjomand this allows the rules to change or be altered based on the prior condition or rules as they are enforced. This allows the entities to control limits or other conditions).
As per claim 22, the combination of Lee and Sylla teaches the above-enclosed invention; Lee further discloses that operations can be dependent on the outcome of applied rules (Page 21, claim 2).
The combination however fails to further disclose wherein a hierarchy of operating conditions is associated with a given services of the plurality of services, and operating conditions depending from a given operating condition in the hierarchy of operating conditions are required to be consistent with the given operating condition.
Arjomand, which like Lee talks about applying rules and conditions to transactions, teaches it is known for a hierarchy of operating conditions is associated with a given trusted service of the plurality of services, and operating conditions depending from a given operating condition in the hierarchy of operating conditions are required to be consistent with the given operating condition (Page 25, paragraph [0250]; teaches that it is known for a set of rules or conditions to be subordinate or dependent on another set of rules or conditions. As shown in Arjomand this allows the rules to change or be altered based on the prior condition or rules as they are enforced. This allows the entities to control limits or other conditions. Since Lee already discloses that the rules can depend on the outcome of other tests or operations it would have been obvious to have a set of subordinate rules so that service providers can have better control as established in Arjomand).
Lee discloses a registry which contains “promises” or statements which are enforced by an automated set of rules. Lee discloses a computer programming running on a server which controls the interactions between parties. Sylla teaches it is known to implement a system for authenticating communications to ensure security. In doing so the system creates a series of one-way hashes of the software instructions to ensure that the instructions are not tampered with. It also utilizes certificates to send and receive communication to ensure the source is genuine and can be trusted. While the combination discloses securing and validating the communications between parties, the combination fails to disclose implementing subordinate rules based off of other rules.
	Arjomand teaches it is known to implement subordinate rules based off of other rules. 
	It would have been obvious to one of ordinary skill in the art to include in the central registry of Lee and Sylla the ability to implement subordinate rules based off of other rules as taught by Arjomand since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.
Therefore, from this teaching of Arjomand, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the method/system of managing a registry for statements enforced by rules by Lee and Sylla, with the ability to implement subordinate rules based off of other rules as taught by Arjomand, for the purposes of improving the control of the system. Since Lee already discloses that the rules can depend on the outcome of other tests or operations it would have been obvious to have a set of subordinate rules so that service providers can have better control as established in Arjomand.

Claim 23 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lee et al. (US 2017/0046709 A1) hereafter Lee, in view of Sylla (WO 2006/121933 A2) hereafter Sylla, further in view of Arjomand et al. (US 2016/0379312 A1) hereafter Arjomand, further in view of Sprosts et al. (US 2007/0079379 A1) hereafter Sprosts.
As per claim 23, the combination of Lee, Sylla and Arjomand teaches the above-enclosed invention; Lee further discloses determining whether an enforcement instruction associated with the given service is consistent with a corresponding operating condition using hashes (Page 7, paragraph [0080]; discloses that the values are communicated in hashes).
Sylla further teaches the hashes are one-way hashes of the plurality of enforcement instructions (Page 9, lines 5-14; teaches that it is known to include one-way hash functions to authenticate data. Page 9, line 20 through Page 10, line 10; teaches that the software instructions are encrypted or authenticated. This ensures that the software instructions or computer-executable instruction have not been changes since they were authenticated. As such these one-way hashes enable authentication of the instructions as it ensures it has not been tampered with).
	Arjomand further teaches where the rules are in a hierarchy, specifically a higher-level operating condition from which it depends in the hierarchy by verifying corresponding to the operating condition and the higher-level operating condition (Page 25, paragraph [0250]; teaches that it is known for a set of rules or conditions to be subordinate or dependent on another set of rules or conditions. As shown in Arjomand this allows the rules to change or be altered based on the prior condition or rules as they are enforced. This allows the entities to control limits or other conditions).
	The combination however fails to explicitly state that the use of one-way hashes to compare and match rules.
	Sprosts, which like Lee tracks messages using hashed information, teaches the use of one-way hashes to compare and match rules (Page 3, paragraph [0060]; teaches that it is known to enable the specified party to be able to decode the rules that matched by comparing the rules using a one-way hash. This is used to improve the security of the system. Since Lee already discloses the use of hashed rules and communicating those hashed rules to any involved party this would allow the client to identify the rules using the hash. Sprosts establishes that this is done using a one-way hash and improves the security of the system).
Lee discloses a registry which contains “promises” or statements which are enforced by an automated set of rules. Lee discloses a computer programming running on a server which controls the interactions between parties. Sylla teaches it is known to implement a system for authenticating communications to ensure security. In doing so the system creates a series of one-way hashes of the software instructions to ensure that the instructions are not tampered with. It also utilizes certificates to send and receive communication to ensure the source is genuine and can be trusted. Arjomand teaches it is known to implement subordinate rules based off of other rules. While the combination discloses securing and validating the communications between parties, the combination fails to disclose using a one-way hash to compare rules.
	Sprosts teaches it is known to use of one-way hashes to compare and match rules. 
	It would have been obvious to one of ordinary skill in the art to include in the central registry of Lee, Sylla and Arjomand the ability to use of one-way hashes to compare and match rules as taught by Sprosts since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.
Therefore, from this teaching of Sprosts, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the method/system of managing a registry for statements enforced by rules by Lee, Sylla and Arjomand, with use of one-way hashes to compare and match rules as taught by Sprosts, for the purposes of improving security. Since Lee already discloses the use of hashed rules and communicating those hashed rules to any involved party this would allow the client to identify the rules using the hash. Sprosts establishes that this is done using a one-way hash and improves the security of the system.

Response to Arguments
Applicant's arguments filed April 20, 2022 have been fully considered but they are not persuasive. 
In response to the applicant’s arguments on pages 12-17, regarding the 101 rejections specifically that “The Office, in its attempt to support the 35 U.S.C. § 101 rejections, contends that the claimed invention is directed to an abstract idea. See Office Action dated January 21, 2022, hereinafter referred to as "Office Action," page 2. Specifically, the Office contends that the ''plurality of one-way hashes" and ''proof of controller authenticity" recited in Claims 1 and 17 represent "generically using known techniques to achieve the intended result," and that "based on the applicant's originally filed specification these are conventional techniques." See Office Action, pages 4-5. Additionally, the Office argues that "[w]hile the applicant has amended the claims to include the word scalably, there are no elements in the claim that achieve this result specifically. The newly amended limitations are for securing information and determining authenticity which are not directly tied to the scalability of the system." See Office Action, pages 5-6. Finally, the Office contends that Applicant's Claims 1 and 17 claim only generic computer functionality without demonstrating specifics as to how the claims provide a technical solution to a technical problem, and thereby do not integrate the claim elements into a practical application. See Office Action, page 6.”
“Applicant respectfully disagrees with the Office's characterization of the claimed invention. At the very least, Applicant submits that the claimed invention is not directed to an abstract idea because the claimed invention is, in fact, integrated into a practical application. See MPEP 2106.04(d). Under current USPTO guidelines, a claim that recites an abstract idea is considered to not be directed to an abstract idea and, is therefore, patent eligible, if the abstract idea is integrated into a practical application. MPEP 2106.04(d). Applicant submits that the claimed invention is not directed to the alleged abstract idea stated by the Office because any such alleged abstract idea is integrated into a practical application, namely, scalably establishing trust in services available over the Internet.”
“Applicant submits that the claimed invention provides a technical improvement to establishment of trust in services available over the Internet. Applicant respectfully clarifies that scalability of trust, within the context of services available over the Internet, is a separate concept from scalability of a means of providing said services. Applicant's Specification introduces the aforementioned distinction thusly: "Of particular concern is what can be called the scalability of trust, which is quite different from the conventional concept scalability of an algorithm or of a system. This concept can be defined as follows: A trust modality is considered scalable if practically anybody [as a service provider] can make itself trustworthy-where 'trustworthy' means that it can be justifiably trusted by many [client] actors, widespread over the Internet." See Specification as filed, paragraph [0030].”
“Applicant's claimed invention, at least as currently amended, is directed to aspects of scalably establishing trust, as introduced hereinabove, by including "a controller computing device configured to function as a surrogate service provider." Claim 1. Applicant's Specification describes a conventional means of providing a potential surrogate using a trusted third party (TTP) platform, additionally providing a reference that describes such a method. Specification as filed, paragraphs [0038] - [0039]. However, it is evident that Applicant's claimed invention is not directed toward such a conventional system, with Applicant's Specification subsequently warning that while "[i]t may seem natural to employ the conventional concept of [TTP] for such a surrogate ... , unfortunately, the trust provided by TTP is not scalable." See Specification as filed, paragraph [0039] (emphasis added).”
“Applicant's Specification goes on to distinguish conventional TTP platforms from an unconventional dual trusted third party (DTTP) platform, wherein both a controller and a law included in the DTTP platform are unquestionably trustworthy. Such a platform may be used to provide a surrogate for a service provider that can be "scalably trusted [if] each of its parts- the controller and the law-should be trusted scalably." See Specification as filed, paragraphs [0040] and [0044].”
“The functionality of establishing such scalable trust in a controller and a law, and, thus, in a surrogate service provider comprising said controller and law, is explicitly recited in Applicant's Claim 1. Regarding the law, referred to in Applicant's Claim 1 by using the technical terms of "computer-executable enforcement instructions," said trust is established by "transmitting to the plurality of client computing devices ... one-way hashes corresponding to the plurality of enforcement instructions ... " and "receiving, from the plurality of client devices, an indication of self-determined trust in ... the plurality of enforcement instructions, based on ... a verification of the plurality of one-way hashes corresponding to the plurality of enforcement instructions." Similarly, regarding the controller, Applicant's Claim 1, as currently and previously presented, recites: "transmitting to the plurality of client computing devices ... a proof of controller authenticity ... " and "receiving, from the plurality of client computing devices, an indication of self-determined trust in ... the controller computing device."”
“The Office contends that the above-quoted elements of Applicant's Claim 1 represent mere data gathering, and that the claimed enablement of authentication of the enforcement instructions by the one-way hashes of the enforcement instructions was presented without "specifics as to how the one-way hash is examined. As such this is generically using known techniques to achieve the intended result. Further still the applicant has cited references establishing the use of these values again indicating that these are known conventional techniques." See Office Action, page 6. Applicant respectfully disagrees.”
“Applicant respectfully submits that the techniques so recited in Applicant's Claim 1, and exemplified by systems including elements of Applicant's provided references, provide a technical improvement to technical problems in establishing trust in services available over the Internet. Specifically, the claimed invention provides such an improvement by embodying an unconventional combination of a trusted law with a trusted controller device to form a scalably trustworthy surrogate for a service provider. As explained in Applicant's Specification, "[f]or a pledge made by a surrogate S' of a service S to be trustworthy, that is, to be justifiably and scalably trusted, each of its two parts (namely, the controller and the law) need to be independently trustworthy. And, as described below, being trustworthy can have different meanings for these two parts of a DTTP-based surrogate, requiring different techniques for trustworthiness to be achieved." Specification as filed, paragraph [0064]. The Office alleges that the different types of pledges indicated in paragraphs [0049]-[0055] of Applicant's Specification suggest that "this is generic in nature rather than a specific way of matching or enforcing the policies." See Office Action, pages 3-4. However, Applicant respectfully submits that it is precisely in this perceived genericity that an improvement to technology, and thus a practical application, may be found. Such an improvement is namely the scalability provided by Applicant's claimed system, wherein a surrogate including a controller and a law that have been independently deemed trustworthy, may be employed to establish trust in any type of service to be provided by any number of service providers on the Internet.”
“Such perceived genericity being a recurring theme within the rejections under 35 U.S.C. § 101, the Office further contends that Applicant's claimed "controller computing device" is merely a generic computer component with which the alleged abstract idea is applied. See Office Action, page 6. Applicant respectfully disagrees. Applicant submits that, in the case of the controller computing device, the perception of genericity is only accurate upon initially sourcing the subject controller computing device. However, Applicant's Specification describes "acquiring a generic controller C" as being followed by "constructing a law Lp that would satisfy promise P when executed by a controller C; and ... loading law Lp into C." Specification as filed, paragraph [0044]. Applicant submits that once the law is loaded into the controller, the controller is no longer generic, but specially configured to perform functions of a trusted surrogate to a service provider. This initial genericity of the controller supports Applicant's claimed invention, as a controller of a surrogate may be easily authenticated via verification of a one-way hash against that of a still-generic, known-trusted, i.e. "golden" controller, of which the surrogate controller may originally have been a copy, prior to loading the aforementioned law and thereby assuming its special configuration as a trusted surrogate to a service provider.”
“Applicant respectfully submits that, accomplished at least as delineated above, the aforementioned scalable establishment of trust, performed as claimed in Claim 1, integrates the system into a practical application. Applicant submits that the system of Claim 1 improves the provision of services across the Internet by scalably establishing trust between clients and service providers. By loading and executing enforcement instructions that may be trusted by any client, service providers benefit from the established trust in those enforcement instructions. See Specification as filed, paragraphs [0036] and [00141]. Therefore, Applicant submits that Claim 1 is integrated into a practical application and patent eligible per the latest guidance.”
“While Applicant asserts that the claimed invention is directed to patent eligible subject matter, Applicant nonetheless submits that if, arguendo, the claimed invention is deemed to be directed to a judicial exception, independent base Claim 1 is nonetheless patent eligible. As described in the USPTO guidance, merely concluding that a claim is directed to a judicial exception does not end the determination of patent subject matter eligibility. Rather, a claim that is directed to a judicial exception is nonetheless directed to patent eligible subject matter where any element, or combination of elements in the claim, "is sufficient to ensure that the claim as a whole amounts to significantly more than the" judicial exception itself MPEP 2106.05. Applicant's claims do just this.”
“Applicant respectfully asserts that the claimed invention includes significantly more than any alleged judicial exception at least because Claim 1 adds "a specific limitation other than what is well-understood, routine, conventional activity." MPEP 2106.05. For example, Claim 1 recites the following specific limitations: "a plurality of evaluations, wherein ... each evaluation enables a client computing device ... to perform an assessment of ability of the corresponding computer-executable enforcement instruction to facilitate provision of a client-requested service of the plurality of services in accordance with at least one client-requested operating condition of the plurality of operating conditions." At the very least, Applicant submits that it is unconventional to ascribe said trust to a law or enforcement instruction employed by the service provider, so as to establish a new layer of clients' trust from which the service provider may benefit. Clients may thus verify that "the law Lp ... fulfills the pledge ... [at least] by examining the evaluations of the law by experts and by other clients of this law." See Specification as filed, paragraphs [00105] and [00107]. Applicant respectfully submits that by inclusion of such an unconventional element within the context of the claimed invention, independent base Claim 1 as a whole is patent eligible per the latest guidance.”
“In view of the foregoing remarks, Applicant respectfully asserts that base Claim 1, as well as base Claim 17, which recites similar elements as those argued above with regard to Claim 1, are directed to patent eligible subject matter. Further, Applicant submits that dependent Claims 2-10 and 18-23 inherit the features of their respective base claims and are likewise directed to patent eligible subject matter at least by virtue of their dependencies. Thus, Applicant respectfully requests that the 35 U.S.C. § 101 rejections of Claims 1-10 and 17-23 be withdrawn.”
The Examiner respectfully disagrees.
While the applicant has argued that the invention is integrated into a practical application because it “scalably establishing trust in services available over the Internet”, as stated during the interview on December 15, 2021 the recited limitations are not directed toward scalability in that they offer no solutions that improve or address the scalability. Rather the claims recite the intended outcome that the process is intended to be used for multiple services and to establish trust and therefore it is scalable, but this is merely the result and not how it is achieved. While the claims recite “enforcing the plurality of operating conditions by loading and executing the plurality of enforcement instructions, thereby scalably establishing trust in the plurality of services” enforcing rules does not address scalability at all. 
	As for the element of trust, the definition of trust is “Firm belief in the integrity, ability, or character of a person or thing; confidence or reliance” as defined by https://www.thefreedictionary.com/trust as such this is merely the intended result of performing these limitations is to provide confidence in the service but this is merely a belief and not a tangible result. Further these limitations do not guarantee trust but rather establish rules for ensuring compliance with the agreement. This is part of contracts and a known fundamental concept. 
	While the applicant has argued that the specification outlines this as an improvement and that “A trust modality is considered scalable if practically anybody [as a service provider] can make itself trustworthy-where 'trustworthy' means that it can be justifiably trusted by many [client] actors, widespread over the Internet” however does not provide any guidance as to how to achieve this concept, where anybody can make itself trustworthy.
	As for the fact that the applicant’s specification outlines that it is not a conventional system, the applicant is again referencing the specification rather than what in the claims achieve this result. That is to say while the specification outlines that the conventional system is not scalable the applicant has not established what elements in the claims make it scalable or differentiate from the conventional system. The applicant goes on to state both the controller and the law are “unquestionably trustworthy” and again says “Such a platform may be used to provide a surrogate for a service provider that can be "scalably trusted [if] each of its parts- the controller and the law-should be trusted scalably." See Specification as filed, paragraphs [0040] and [0044]” but again does not state or establish how it is scalable. Further it doesn’t establish how the controller and the law are “unquestionably trustworthy”, that is the claims outline using one-way hashes to enable authentication of the instructions, which is a known technique and providing a certification authority to the controller which is also a known technique. Both of these are directed toward security to ensure that the elements are not tampered with, however this does not provide trust in the service provider as it has nothing to do with the actions of the service provider. Further the rules and evaluations of those rules are standard practices in contracts and known to be implemented in smart contracts and specifically in the Service Level Agreements known in the industry. The Examiner has provided the “2015 ISO 9001 Plain English Definitions” to establish that the concept of verification is known and conventional, specifically “Verification is a process. It uses objective evidence to confirm that specified requirements have been met. Whenever specified requirements have been met, a verified status is achieved. There are many ways to verify that requirements have been met. For example you could inspect something, you could do tests, you could carry out alternative calculations, or you could examine documents before you issue them.” This is consistent with the Lee reference paragraph [0174], which establishes using a “private key” to authenticate the information and verifying the transactions. The applicant has merely provided known security techniques to ensure that the instructions cannot be tampered with. While this provides trust, it is in the integrity of the instructions and the controller and not in the service provider themselves. 
	While the applicant argues that “establishing such scalable trust in a controller and a law, and, thus, in a surrogate service provider comprising said controller and law, is explicitly recited in Applicant’s Claim 1”, the claims establish as stated above that the instructions and the controller are authenticated, this does not mean that the service provider can be trusted as alleged by the applicant but rather that the controller and the instructions have not been altered or tampered with. As stated above just because the data is secure doesn’t mean that the source of the data can be trusted. Rather the claims are directed toward contract enforcement, which again is not establishing that the service provider is inherently and unquestionably trustworthy. While the applicant alleges that the combination of these elements amounts to an “unconventional combination” and provides a scalably trustworthy surrogate for a service provider, as stated above these are known elements and amount to merely a combination of known elements which have predictable results. The applicant has not established what the combination is unconventional other than to state that they are. Further the applicant’s arguments that the fact the claims scope is generic is the reason it is an improvement, the applicant again has not established how the results are achieved other than merely arguing they have been achieved and that this is an unconventional practice. That is the claims do not establish how “Such an improvement is namely the scalability provided by Applicant's claimed system, wherein a surrogate including a controller and a law that have been independently deemed trustworthy, may be employed to establish trust in any type of service to be provided by any number of service providers on the Internet” is achieved. 
	While the applicant argues that the claimed structure is not generic as the “Applicant's Specification describes "acquiring a generic controller C" as being followed by "constructing a law Lp that would satisfy promise P when executed by a controller C; and ... loading law Lp into C." Specification as filed, paragraph [0044]”, the specification does not establish how any of the instructions or “laws” are generated to satisfy any possible promise P. Rather the structure is merely a generic computer programmed with rules in any possible way, which still establishes that the structure is generic, as the applicant has not provided or established any specific way of programming the generic computer. Rather the applicant is merely applying the abstract idea of contract or policy enforcement on a computer, see MPEP 2106.05(f). The use of known security techniques does not render the claims into a practical application as these are generic techniques with known conventional results, as established but the supplied art. 
	While the applicant has alleged that the inclusion of verification of the law or enforcement instructions is unconventional, as shown in the applied art verifying the enforcement of the rules is a known conventional part of smart contracts. That is having a set of rules to verify that the agreed upon policies are carried out the way they were agreed upon. That is to say the third party tracking the transactions to verify that the transactions went according to the set of rules/agreements, Lee paragraph [0173]. As such this is not considered to be unconventional activity and rather known activities in contract implementation. As stated above this is also supported by the “2015 ISO 9001 Plain English Definitions” reference.
	In light of the above the Examiner has not been persuaded and the rejections have been maintained.
In response to the applicant’s arguments on page 17-20 regarding the art rejections specifically that, “Applicant respectfully asserts that neither Lee nor Sylla, nor any combination thereof, makes obvious the currently amended Claim 1 elements of "a controller computing device configured to function as a surrogate service provider of the plurality of services and thereby scalably establish trust in the plurality of services based on enforcement of the plurality of operating conditions."”
“The Office contends that Lee discloses a system that scalably provides trusted services to client devices over the Internet through a cloud storage and cloud computing solution. See Office Action, page 9. The Office also asserts that Lee discloses a controller computing device configured to scalably provide such services to such clients in accordance with operating conditions. To support the aforementioned assertion, the Office points to a rules-based system, and a central authority operating according to the rules, allegedly disclosed in Lee. See Office Action, page 10. Regarding Sylla, the Office contends that using certificates and one-way hashes to authenticate communications for security is disclosed in Sylla, and that it would be obvious to combine the subject teachings of Lee and Sylla so as to more securely provide a service, thus rendering obvious Applicant's claimed invention. See Office Action, pages 14-16. Applicant respectfully disagrees.”
“Nonetheless, solely in the interest of furthering prosecution, Applicant is amending Claim 1 to recite "a controller computing device configured to function as a surrogate service provider of the plurality of services and thereby scalably establish trust in the plurality of services based on enforcement of the plurality of operating conditions." Applicant submits that, while computing clouds may, by their nature, offer a measure of scalability in providing services over the Internet, cloud services such as those disclosed in Lee do not function to establish trust in the services that they provide, but merely to provide the services under an assumption of sufficient trust, which may not be reflective of reality in all instances. In combination with Sylla, Applicant acknowledges that an element of trust may be incorporated in to the system of Lee, but said trust is not scalably established as in Applicant's claimed invention.”
“In contrast to the combination of Lee and Sylla, Applicant's claimed invention scalably establishes trust in services available over the Internet by employing a controller computing device that functions as a surrogate to the service provider. In this way, a service provider, otherwise lacking a reputation upon which a client may base its trust in the service provider, may in effect assume the trust inherent in a controller provider's more easily verifiable credentials, in a form that may include security certificates or one-way hashes of code of the controller computing device. While Sylla generically describes certificates and hashes, Sylla does not disclose or suggest applying such security measures to a controller computing device acting as a surrogate on behalf of a service provider. Such a surrogacy configuration thus provides the scalability aspect of Applicant's claimed invention, in that any service provider may in this manner establish trust in the services that the service provider makes available.”
“The Office still further contends that Applicant's claimed controller computing device is taught by Lee in the form of a central authority. See Office Action, page 12. However, the central authority in Lee is described as being an entire institution such as a "financial institution, anticounterfeiting institution, trade organization, or other centralized authority," and thus includes all aggregate computing power of such institution in addition to other overhead pertaining to the institution. Additionally, embodied as a large standalone institution, the central authority of Lee does not lend itself well to scalability in terms of replicated implementations being established across a group of such institutions. On the other hand, due to the easily verifiable credentials of Applicant's claimed controller computing device, including security certificates or one-way hashes of code of the controller computing device, Applicant's claimed system is inherently scalable across a multitude of service providers.”
“In terms of scalably establishing trust in a given service provider which may then be trusted by a multitude of client devices, Applicant previously argued that Applicant's claimed invention is distinguished from the blockchain-based smart contract of Lee, to which the Office replied by alleging that Applicant's own Specification indicates that Applicant's claimed system can be implemented via blockchain. See Amendment After Final, page 17, Specification as filed, paragraph [0059], and Office Action, pages 59-60. Applicant respectfully submits that the referenced paragraph in Applicant's Specification does not, in fact, indicate that Applicant's claimed invention can be implemented via blockchain. Rather, paragraph [0059] of Applicant's Specification explains that one example of a pledge, or operating condition, that may be enforced by Applicant's claimed invention is that of a logging service. Applicant's Specification suggests that logging services may in some instances be implemented via blockchains, but explains that blockchain implementations of logging services are separate from, and actually inferior to, implementations of logging services via a "Pledging Mechanism," or "PleM," that implement a pledge registry database and controller computing device configured as claimed in Applicant's Claim 1. Applicant's Specification reasons that, with blockchains, "just expecting all pharmacies to follow promise P8 without enforcing it via PleM is not enough. A given pharmacy may avoid logging certain exchanges with clients, and may log incorrect exchanges." See Specification as filed, paragraph [0059]. Applicant's Specification goes on to explain why PleM is superior, noting that "there is no need for the government itself to ensure that all mail-order pharmacies conform to the logging law by some kind of dynamic monitoring of the activities of such pharmacies. This is because any client of a pharmacy can readily recognize the structure of the law that enforces its pledge, and it can immediately sense the failure of the pledge of the given pharmacy to conform to the government logging law. So there is no need for dynamic supervision of the activities of pharmacies to effectively ensure that all such pharmacies observe the logging law." Specification as filed, paragraph [0061]. Applicant submits that the foregoing is an example of the scalability of trust established as claimed in Applicant's Claim 1, allowing "any client" to recognize a failure, and avoiding overhead required for "dynamic supervision" by nodes of a distributed blockchain network, or of a central authority.”
“Despite the foregoing deficiencies, in order to expedite prosecution, Applicant is amending Claim 1 to make the distinctions between the claimed invention and cited references, abundantly clear. In particular, Claim 1 as currently amended requires "a plurality of evaluations, wherein (i) each evaluation corresponds to a computer-executable enforcement instruction of the plurality of computer-executable enforcement instructions and (ii) each evaluation enables a client computing device of the plurality of client computing devices to perform an assessment of ability of the corresponding computer-executable enforcement instruction to facilitate provision of a client-requested service of the plurality of services in accordance with at least one client-requested operating condition of the plurality of operating conditions ... [ and] receiving, from the plurality of client devices, an indication of self determined trust in ... the plurality of enforcement instructions, based on ... assessments of the abilities of the plurality of computer-executable enforcement instructions enabled by the plurality of evaluations." Applicant submits that Lee and Sylla, alone or in combination, are silent as to the foregoing currently amended Claim 1 features.”
“In light of the above remarks, Applicant submits that Claim 1 is novel and nonobvious in view of the cited combination of Lee and Sylla, and Applicant respectfully requests that the rejection of Claim 1 under 35 U.S.C. § 103 be withdrawn.”
“Applicant respectfully submits that independent Claim 17 is patentable over the cited art at least by virtue of similar elements to those argued above with respect to independent Claim 1. Lee and Sylla, individually or in combination, do not disclose or suggest the elements of independent Claim 17. Thus, Applicant submits that Claim 17 is novel and non-obvious in view of the cited combination of Lee and Sylla, and Applicant respectfully requests that the rejections of Claim 17 under 35 U.S.C. § 103 be withdrawn.”
The Examiner respectfully disagrees.
While the applicant alleges that the combination does not teach “a controller computing device configured to function as a surrogate service provider of the plurality of services and thereby scalably establish trust in the plurality of services based on enforcement of the plurality of operating conditions”, Lee Page 17, paragraphs [0171], [0173] and [0179]; discloses that the system contains a rule-based system which tracks transactions and ensures they conform with the rules. This as stated in paragraph [0179] is to validate products and track legitimate products through the system. Page 18, paragraphs [0187]-[0189] and Page 19, paragraphs [0190] and [0197]; disclose that each product is tracked using the software in the system. The central authority acts as the controller provider (See Claim 2) which operates the repository which tracks each product for a plurality of service providers or manufacturers. This is a surrogate as it acts on behalf of the service providers or manufacturers. The system tracks the sale of the products and ensures those sales conform to the rules of the smart contract. Which is a statement which indicates the system intends to certify the products as they change hands and enforces this statement through a series of rules which are indicated with the product and smart contract. This establishes trust as it provides confidence in the service and that it will be carried out according to the contract.
	While the applicant alleges that “cloud services such as those disclosed in Lee do not function to establish trust in the services that they provide, but merely to provide the services under an assumption of sufficient trust, which may not be reflective of reality in all instances”, the Examiner asserts that as shown in Lee Page 17, paragraphs [0171], [0173] and [0179]; discloses that the system contains a rule-based system which tracks transactions and ensures they conform with the rules. This as stated in paragraph [0179] is to validate products and track legitimate products through the system. Page 18, paragraphs [0187]-[0189] and Page 19, paragraphs [0190] and [0197]; disclose that each product is tracked using the software in the system. The system tracks the sale of the products and ensures those sales conform to the rules of the smart contract. Which is a statement which indicates the system intends to certify the products as they change hands and enforces this statement through a series of rules which are indicated with the product and smart contract. This establishes trust as it provides confidence in the service and that it will be carried out according to the contract. Given that the applicant has not provided any specific manner of establishing trust or confidence in the system other than to state that it enforces the operating conditions, Lee reads over the claimed invention as it also loads and executes enforcement instructions  to enforce the operating conditions and it also provides a plurality of evaluations to perform an assessment of the ability of the enforcement in the form of rules to verify the compliance with the conditions of the agreement. While the applicant alleges that the combination is not scalable this is merely an allegation as the applicant has not established or stated why it is not scalable. As such the Examiner has not been persuaded. 
	While the applicant has alleged that “While Sylla generically describes certificates and hashes, Sylla does not disclose or suggest applying such security measures to a controller computing device acting as a surrogate on behalf of a service provider. Such a surrogacy configuration thus provides the scalability aspect of Applicant's claimed invention, in that any service provider may in this manner establish trust in the services that the service provider makes available”, Sylla was not used to establish that the controller is acting as a surrogate, the Lee reference was as discussed above. As stated above Lee establishes Page 17, paragraphs [0171], [0173] and [0179]; discloses that the system contains a rule-based system which tracks transactions and ensures they conform with the rules. This as stated in paragraph [0179] is to validate products and track legitimate products through the system. Page 18, paragraphs [0187]-[0189] and Page 19, paragraphs [0190] and [0197]; disclose that each product is tracked using the software in the system. The central authority acts as the controller provider (See Claim 2) which operates the repository which tracks each product for a plurality of service providers or manufacturers. This is a surrogate as it acts on behalf of the service providers or manufacturers. The system tracks the sale of the products and ensures those sales conform to the rules of the smart contract. Which is a statement which indicates the system intends to certify the products as they change hands and enforces this statement through a series of rules which are indicated with the product and smart contract. This establishes trust as it provides confidence in the service and that it will be carried out according to the contract. Since Lee provides a surrogate on behalf of the service providers and the applicant alleges that this is the reason it is scalable, then Lee would be just as scalable. Further as discussed in the rejection Lee Page 4, paragraph [0045]; discloses that the sever can have both cloud storage and cloud computing making the system scalable. While the applicant alleges that this is “a measure of scalability in providing services over the Internet, cloud services such as those disclosed in Lee do not function to establish trust in the services that they provide, but merely to provide the services under an assumption of sufficient trust, which may not be reflective of reality in all instances” as stated above Lee does provide a level of trust or confidence in the system in the same manner and as such is considered scalable even based on the applicant’s arguments.
In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). As stated above it is the combination and not a single reference that was used to address the claimed invention.
	Further while the applicant alleges that “the central authority in Lee is described as being an entire institution such as a "financial institution, anticounterfeiting institution, trade organization, or other centralized authority," and thus includes all aggregate computing power of such institution in addition to other overhead pertaining to the institution. Additionally, embodied as a large standalone institution, the central authority of Lee does not lend itself well to scalability in terms of replicated implementations being established across a group of such institutions”, this is merely an allegation as it is merely the applicant’s opinion as there is no statement of fact or showing of evidence. Further while the applicant has argued that the “Applicant's claimed system is inherently scalable across a multitude of service providers” the applicant has not established this other than to merely state that it is. For something to be inherent there has to be no other way it could occur, since the applied art establishes the use of certificates and one-way hashes by the applicant’s own arguments they would have to be scalable across a multitude of service providers. Given that the combination establishes the use of these elements and the reasons they are used, and the applicant has not stated or shown why they do not read over the claimed invention, the Examiner has not been persuaded. 
	While the applicant has alleged that the specification, “explains that blockchain implementations of logging services are separate from, and actually inferior to, implementations of logging services via a "Pledging Mechanism," or "PleM," that implement a pledge registry database and controller computing device configured as claimed in Applicant's Claim 1”, the specification actually does not establish blockchain is inferior but that blockchain alone is not enough as it merely logs the results and does enforce policy on its own. Further paragraph [0048] establishes that there are a series of pledges one of them as discussed in paragraph [0058] can include logging and [0059] establishes that the logging can be implemented using block chain. The specification goes on to state “A block chain is arguably more secure and reliable than a conventional service maintained by the government” again establishing that it can be part of the system and does not as alleged by the applicant claim it is inferior. Rather it establishes that it is a known form of secure logging of information but doesn’t enforce the policy. The remaining elements don’t establish it is better than block chain, it merely establishes what it does outside of logging the information. That is paragraph [0060] states “Now, while requiring all mail-order pharmacies to enforce promise P8 – that is, making it into a pledge, each pharmacy can be enabled to make its own individual pledge – provided that such an additional pledge does not contradict Pledge P8 required by the government”, thus the system of the applicant can include block chain and this doesn’t establish that block chain is not scalable. Again the applicant is establishing that you have a set of rules or policies that are enforced which is again the same as a smart contract. It does not establish or even discuss the “overhead” it merely states that there is “no need for dynamic supervision” because the system enforces the policy, specifically it states “This is because any client of a pharmacy can readily recognize the structure of the law that enforces its pledge, and it can immediately sense the failure of the pledge of the given pharmacy to conform to the government logging law”, which doesn’t remove block chain but rather states that the system has rules to ensure that the logging is carried out therefore removing the need to dynamically supervise the activities, as there is already a rule to detect and ensure compliance if it fails it is pledge or rule the system will report the failure. This does not make it more scalable this merely discusses enforcement using rules. Again lacking any additional arguments the Examiner has not been persuaded. 
	While the applicant argues that there is a distinction between the claimed invention and the cited references specifically the amended language “a plurality of evaluations, wherein (i) each evaluation corresponds to a computer-executable enforcement instruction of the plurality of computer-executable enforcement instructions and (ii) each evaluation enables a client computing device of the plurality of client computing devices to perform an assessment of ability of the corresponding computer-executable enforcement instruction to facilitate provision of a client-requested service of the plurality of services in accordance with at least one client-requested operating condition of the plurality of operating conditions ... [ and] receiving, from the plurality of client devices, an indication of self determined trust in ... the plurality of enforcement instructions, based on ... assessments of the abilities of the plurality of computer-executable enforcement instructions enabled by the plurality of evaluations”, the Examiner notes that the Lee reference Page 17, paragraphs [0171]-[0174]; discloses that the “smart contracts” contain evaluations or ways to verify that the transactions have gone according to the rules/agreements. Lee additional Page 18, paragraph [0189]; discloses that the system will track and confirm if the products were shipped within the terms defined by the manufacturer. Lee goes on to state in paragraph [0189] that this includes the release of funds or payments for the distributor’s services in accordance with the rules defined by the manufacturer. Page 11, paragraph [0105]; discloses that the system accesses the stored list of triggering events within the database, the system determines if the detected event is within the triggering events and accesses the rules engine to access the rules for the detected event. It identifies the one or more operations associated with the identified rules. Page 17, paragraphs [0171]-[0174]; discloses that the “smart contracts” contain evaluations or ways to verify that the transactions have gone according to the rules/agreements. Lee Page 17, paragraph [0174] discloses that the system uses keys to establish trust or authenticating the user corresponding to the rules in the system. As such the combination does in fact read over the claims as amended. Lacking any additional arguments from the applicant the Examiner has not been persuaded. 
	Applicant merely recites the claim language allegedly missing from the prior art without specifically providing any persuasive rationale or evidence in support thereof. Such a statement is not considered to be an argument. 37 C.F.R. § 41.37(c)(1)(vii) (“A statement which merely points out what a claim recites will not be considered an argument for separate patentability of the claim.”); In re Lovin, 652 F.3d 1349, 1357 (Fed. Cir. 2011) (“[W]e hold that the Board reasonably interpreted Rule 41.37 to require more substantive arguments in an appeal brief than a mere recitation of the claim elements and a naked assertion that the corresponding elements were not found in the prior art.”). As such, Examiner respectfully submits that applicant’s statement is not persuasive.
All rejections made towards the dependent claims are maintained due to the lack of a reply by the applicant in regards to distinctly and specifically point out the supposed errors in the Examiner’s action in the prior Office Action (37 CFR 1.111).  The Examiner asserts that the applicant only argues that the dependent claims should be allowable because the independent claims are unobvious and patentable over Lee and Sylla, and, where appropriate, in further view of O’Toole Jr., Loewy, Sprosts and Arjomand.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
TheFreeDictionary.com, “Trust – definition of trust by The Free Dictionary”  https://www.thefreedictionary.com/trust, Accessed on May 12, 2022.
Praxiom.com, “ISO 9000 2015 Definitions in Plain English”, https://www.praxiom.com/iso-definition.htm, Accessed on May 13, 2022.
Koulu, Riikka. "Blockchains and Online Dispute Resolution: Smart Contracts as an Alternative to Enforcement." SCRIPTed: A Journal of Law, Technology and Society, vol. 13, no. 1, May 2016, pp. 40-69. HeinOnline, https://heinonline.org/HOL/P?h=hein.journals/scripted13&i=40.
Ittay Eyal, Adem Efe Gencer, Emin Gün Sirer, and Robbert van Renesse, "Bitcoin-NG: A Scalable Blockchain Protocol", 13th Usenix Symposium on Networked Systems Design and Implementation, 2016, pages 45-59, https://www.usenix.org/conference/nsdi16/technical-sessions/presentation/eyal
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PAUL R FISHER whose telephone number is (571)270-5097. The examiner can normally be reached Monday - Friday 9 am to 5:30 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Sarah M Monfeldt can be reached on 571-270-1833. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

PAUL R. FISHER
Primary Examiner
Art Unit 3689



/PAUL R FISHER/Primary Examiner, Art Unit 3689                                                                                                                                                                                                        5/13/2022