DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
2.	The information disclosure statements (IDSs) submitted on 3/15/21, 9/17/21 and 3/21/22 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.

Specification
The specification is object to because:
3.	The abstract does not comply with requirements of section 608.01(b) set forth in the MPEP.  The abstract contains the phrase “For example, according to one embodiment” and “Other related embodiments are disclosed”. The abstract should not contain “For example, according to one embodiment” and “Other related embodiments are disclosed”. “For example, according to one embodiment” and “Other related embodiments are disclosed” are another way of stating “The disclosure concerns," "The disclosure defined by this invention," "The disclosure describes," etc., all of which should be avoided.  Correction is required.

4.	Applicant is reminded of the proper language and format for an abstract of the disclosure.
The abstract should be in narrative form and generally limited to a single paragraph on a separate sheet within the range of 50 to 150 words.  It is important that the abstract not exceed 150 words in length since the space provided for the abstract on the computer tape used by the printer is limited.  The form and legal phraseology often used in patent claims, such as "means" and "said," should be avoided.  The abstract should describe the disclosure sufficiently to assist readers in deciding whether there is a need for consulting the full patent text for details.
The language should be clear and concise and should not repeat information given in the title.  It should avoid using phrases which can be implied, such as, "The disclosure concerns," "The disclosure defined by this invention," "The disclosure describes," etc.

Claim Rejections - 35 USC § 102
5.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
	
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


6.	Claims 1, 3, 9, 12, 14, 18, and 20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Giordano et al. (U.S. Patent Application Publication No. 2017/0300627).
As to claim 1, Giordano et al. teaches, a method performed by a system of a host organization having at least a processor and a memory therein to execute instructions (See Giordano et al., paragraphs 42, 57-58 and 92, wherein Giordano teaches “the decentralized filesystem 112 is configured to allow peer-to-peer sharing of medical records among participants in the records management system”), wherein the method comprises: 
operating a blockchain interface to the blockchain on behalf of a plurality of tenants of the host organization, wherein each one of the plurality of tenants operate as a participating node with access to the blockchain (See Giordano et al., paragraphs 42, 57-59 and 92, wherein Giordano teaches “the decentralized filesystem 112 is configured to allow peer-to-peer sharing of medical records among participants in the records management system. For example, when a doctor creates a medical record that is added to a patient's smart contract, the medical record may initially be hosted by one or more computers associated with the doctor that created the record. If the patient later selects to access the record, the record may be retrieved from the doctor's computers and provided to one or more computers associated with the patient. Subsequent parties that access the record may then obtain the record from the doctor, the patient, or both”); 
receiving, from a user device communicably interfaced with the system, input for adding a plurality of authorized network participants to a declared application, wherein the network participants are granted access rights to the declared application (See Giordano et al., paragraphs 3, 18-25, 42, 57-59 and 92, wherein Giordano teaches “the ledger also stores program modules, referred to as smart contracts, which allow participants in a distributed medical records management network to interact with the ledger and with each other. For example, doctors, patients, pharmacists, and insurers may be issued role-specific smart contracts that allow the participants to invoke various records management events on the network. A doctor, for instance, may use his or her smart contract to add or retrieve a medical record from a patient. Conversely, a patient's smart contract may identify a collection of medical records owned by the patient that reflect the patient's medical history or medical profile. The patient's smart contract may comprise code that, when executed, sends data to an authorized user's smart contract (e.g., the smart contract of a patient's attending physician) that allows the authorized user to access the patient's medical records” and “Each respective node of the plurality of nodes of the computing network can add to the respective instance of the electronic ledger an entry that indicates information about the request to access the medical record of the patient”); 
updating a blockchain asset on the blockchain having encoded therein as defined metadata for the declared application, a plurality of entity types declared for the application and one or more new field definitions declared for each of the plurality of entity types, wherein the update to the blockchain asset specifies the plurality of authorized network participants for the declared application (See Giordano et al., paragraphs 52, 64-68, wherein Giordano teaches “In order for the user to create a new smart contract for himself or herself, the user may call another smart contract (e.g., a factory contract) on the network that specifically configured to create new smart contracts for users. To call the factory contract, a transaction may be sent from the user's account to the factory contract via the factory contract's address on the network. The factory contract may then be executed using values of any parameters included in the call to the contract, such as values indicating the user account to which the new contract is to be assigned and values indicating the type of contract to be created. In the process of creating a new contract for a user, the factory contract may automatically call none, one, or more other contracts on the network”); 
deploying an executable install package to each of the plurality of authorized network participants for the declared application (See Giordano et al., paragraphs 47-49, wherein Giordano discloses “to create a smart contract, a participant on the network may write source code for the program that they wish to deploy on the network. The source code may be compiled to executable code (e.g., byte code) and packaged in a transaction that is broadcasted across the distributed computing network. As with any transaction, the respective nodes in the network may separately validate the transaction, and if valid, the transaction may be provided in a block that is permanently appended to the blockchain of the ledger 106. Thus, each node in the computing network that stores the distributed ledger may include a copy of the executable code for the smart contract. In some implementations, smart contracts may be programs that can store data, maintain state, interact with other smart contracts, interact with programs and resources off of the blockchain, or that can perform a combination of these operations. For example, a patient's smart contract may comprise code for a computer program that stores data indicating one or more medical records belonging to the patient. The patient's smart contract may include, in some instances, program code for adding records to the patient's medical history, removing records, amending records, and for granting permission to others to access the patient's records”); and 
wherein the executable install package retrieves the metadata for the declared application from the blockchain and displays GUIs specific to the declared application which are auto generated by the executable install package based on the retrieved metadata (See Giordano et al., paragraphs 47-49 and 53-54, wherein Giordano discloses “to create a smart contract, a participant on the network may write source code for the program that they wish to deploy on the network. The source code may be compiled to executable code (e.g., byte code) and packaged in a transaction that is broadcasted across the distributed computing network.” And “when a user at the computing device 102 calls a smart contract to be executed, the call can cause each respective node in the computing network that maintains a copy of the electronic ledger 106 to separately execute the called contract and to update the ledger 106 based on any transactions that result from the calling and execution of the contract. For example, a doctor may call a first smart contract from her computer 102. The call may be broadcast to all nodes in the network, and both the computer 102 and other network nodes may separately execute the first smart contract. During execution of the first smart contract, a second smart contract may be called by the first smart contract. Each node in the computing network may then execute the second smart contract. As a result of executing the first and second smart contracts, the states of one or more user accounts, smart contracts, or both may be changed (e.g., a new medical record may be assigned to a patient or access to a medical record may be given to a third party)”).  

As to claims 3, 14, and 20, Giordano et al. teaches wherein updating the blockchain asset on the blockchain with the plurality of authorized network participants for the declared application comprises: specifying an IP address or IP address range permissible for each of the plurality of authorized network participants for the declared application (See Giordano et al., paragraphs 44, 52 and 62, wherein Giordano discloses “A transaction may be deemed valid, for example, if the transaction includes a valid signature of the issuer, if the transaction is determined not to be a duplicate, if the parameters of the transaction are valid (e.g., includes an acceptable destination address), and if the transaction complies with any other rules set in the network” and “both users (participants in the network) and smart contracts can have identities (e.g., an account) in the network. An account may have an address in the network that uniquely identifies the user or smart contract associated with the account. An account address may be used by actors in the network to send transactions to the account. For example, a user account may identify one or more smart contracts that are owned by a given user. In order for the user to create a new smart contract for himself or herself, the user may call another smart contract (e.g., a factory contract) on the network that specifically configured to create new smart contracts for users. To call the factory contract, a transaction may be sent from the user's account to the factory contract via the factory contract's address on the network. The factory contract may then be executed using values of any parameters included in the call to the contract, such as values indicating the user account to which the new contract is to be assigned and values indicating the type of contract to be created. In the process of creating a new contract for a user, the factory contract may automatically call none, one, or more other contracts on the network. The factory contract is discussed by way of example only. Generally, any contract in the network may have an address that allows the contract to be called and may be capable of calling other contracts on the network in appropriate instances”).  

As to claim 9, Giordano et al. teaches wherein the deployable install package is a generic deployable install package which operates differently based on an IP address of the computing device from which the generic deployable install package is executed (See Giordano et al., paragraphs 47-49 and 53-54, wherein Giordano discloses “to create a smart contract, a participant on the network may write source code for the program that they wish to deploy on the network. The source code may be compiled to executable code (e.g., byte code) and packaged in a transaction that is broadcasted across the distributed computing network.” And “when a user at the computing device 102 calls a smart contract to be executed, the call can cause each respective node in the computing network that maintains a copy of the electronic ledger 106 to separately execute the called contract and to update the ledger 106 based on any transactions that result from the calling and execution of the contract. For example, a doctor may call a first smart contract from her computer 102. The call may be broadcast to all nodes in the network, and both the computer 102 and other network nodes may separately execute the first smart contract. During execution of the first smart contract, a second smart contract may be called by the first smart contract. Each node in the computing network may then execute the second smart contract. As a result of executing the first and second smart contracts, the states of one or more user accounts, smart contracts, or both may be changed (e.g., a new medical record may be assigned to a patient or access to a medical record may be given to a third party)”).  

As to claim 12, Giordano et al. teaches non-transitory computer-readable storage media having instructions stored thereupon that, when executed by a processor of a system at a host organization (See Giordano et al., paragraphs 42, 57-58 and 92, wherein Giordano teaches “the decentralized filesystem 112 is configured to allow peer-to-peer sharing of medical records among participants in the records management system”), the instructions cause the system to perform operations including:
 operating a blockchain interface to the blockchain on behalf of a plurality of tenants of the host organization, wherein each one of the plurality of tenants operate as a participating node with access to the blockchain (See Giordano et al., paragraphs 42, 57-59 and 92, wherein Giordano teaches “the decentralized filesystem 112 is configured to allow peer-to-peer sharing of medical records among participants in the records management system. For example, when a doctor creates a medical record that is added to a patient's smart contract, the medical record may initially be hosted by one or more computers associated with the doctor that created the record. If the patient later selects to access the record, the record may be retrieved from the doctor's computers and provided to one or more computers associated with the patient. Subsequent parties that access the record may then obtain the record from the doctor, the patient, or both”); 
receiving, from a user device communicably interfaced with the system, input for adding a plurality of authorized network participants to a declared application, wherein the network participants are granted access rights to the declared application (See Giordano et al., paragraphs 3, 18-25, 42, 57-59 and 92, wherein Giordano teaches “the ledger also stores program modules, referred to as smart contracts, which allow participants in a distributed medical records management network to interact with the ledger and with each other. For example, doctors, patients, pharmacists, and insurers may be issued role-specific smart contracts that allow the participants to invoke various records management events on the network. A doctor, for instance, may use his or her smart contract to add or retrieve a medical record from a patient. Conversely, a patient's smart contract may identify a collection of medical records owned by the patient that reflect the patient's medical history or medical profile. The patient's smart contract may comprise code that, when executed, sends data to an authorized user's smart contract (e.g., the smart contract of a patient's attending physician) that allows the authorized user to access the patient's medical records” and “Each respective node of the plurality of nodes of the computing network can add to the respective instance of the electronic ledger an entry that indicates information about the request to access the medical record of the patient”); 
updating a blockchain asset on the blockchain having encoded therein as defined metadata for the declared application, a plurality of entity types declared for the application and one or Claims-183 -Attorney Docket No.: 37633.6335 (A4358US)more new field definitions declared for each of the plurality of entity types, wherein the update to the blockchain asset specifies the plurality of authorized network participants for the declared application (See Giordano et al., paragraphs 52, 64-68, wherein Giordano teaches “In order for the user to create a new smart contract for himself or herself, the user may call another smart contract (e.g., a factory contract) on the network that specifically configured to create new smart contracts for users. To call the factory contract, a transaction may be sent from the user's account to the factory contract via the factory contract's address on the network. The factory contract may then be executed using values of any parameters included in the call to the contract, such as values indicating the user account to which the new contract is to be assigned and values indicating the type of contract to be created. In the process of creating a new contract for a user, the factory contract may automatically call none, one, or more other contracts on the network”); 
deploying an executable install package to each of the plurality of authorized network participants for the declared application (See Giordano et al., paragraphs 47-49, wherein Giordano discloses “to create a smart contract, a participant on the network may write source code for the program that they wish to deploy on the network. The source code may be compiled to executable code (e.g., byte code) and packaged in a transaction that is broadcasted across the distributed computing network. As with any transaction, the respective nodes in the network may separately validate the transaction, and if valid, the transaction may be provided in a block that is permanently appended to the blockchain of the ledger 106. Thus, each node in the computing network that stores the distributed ledger may include a copy of the executable code for the smart contract. In some implementations, smart contracts may be programs that can store data, maintain state, interact with other smart contracts, interact with programs and resources off of the blockchain, or that can perform a combination of these operations. For example, a patient's smart contract may comprise code for a computer program that stores data indicating one or more medical records belonging to the patient. The patient's smart contract may include, in some instances, program code for adding records to the patient's medical history, removing records, amending records, and for granting permission to others to access the patient's records”); and 
wherein the executable install package retrieves the metadata for the declared application from the blockchain and displays GUIs specific to the declared application which are auto generated by the executable install package based on the retrieved metadata (See Giordano et al., paragraphs 47-49 and 53-54, wherein Giordano discloses “to create a smart contract, a participant on the network may write source code for the program that they wish to deploy on the network. The source code may be compiled to executable code (e.g., byte code) and packaged in a transaction that is broadcasted across the distributed computing network.” And “when a user at the computing device 102 calls a smart contract to be executed, the call can cause each respective node in the computing network that maintains a copy of the electronic ledger 106 to separately execute the called contract and to update the ledger 106 based on any transactions that result from the calling and execution of the contract. For example, a doctor may call a first smart contract from her computer 102. The call may be broadcast to all nodes in the network, and both the computer 102 and other network nodes may separately execute the first smart contract. During execution of the first smart contract, a second smart contract may be called by the first smart contract. Each node in the computing network may then execute the second smart contract. As a result of executing the first and second smart contracts, the states of one or more user accounts, smart contracts, or both may be changed (e.g., a new medical record may be assigned to a patient or access to a medical record may be given to a third party)”).  

As to claim 18, Giordano et al. teaches a system to execute at a host organization, wherein the system comprises: a memory to store instructions (See Giordano et al., paragraphs 42, 57-58 and 92, wherein Giordano teaches “the decentralized filesystem 112 is configured to allow peer-to-peer sharing of medical records among participants in the records management system”); a processor to execute instructions; 
wherein the system is configurable to execute the instructions via the processor to carry out operations including: operating a blockchain interface to the blockchain on behalf of a plurality of tenants of the host organization, wherein each one of the plurality of tenants operate as a participating node with access to the blockchain (See Giordano et al., paragraphs 42, 57-59 and 92, wherein Giordano teaches “the decentralized filesystem 112 is configured to allow peer-to-peer sharing of medical records among participants in the records management system. For example, when a doctor creates a medical record that is added to a patient's smart contract, the medical record may initially be hosted by one or more computers associated with the doctor that created the record. If the patient later selects to access the record, the record may be retrieved from the doctor's computers and provided to one or more computers associated with the patient. Subsequent parties that access the record may then obtain the record from the doctor, the patient, or both”); 
receiving, from a user device communicably interfaced with the system, input for adding a Claims-185 -Attorney Docket No.: 37633.6335 (A4358US)plurality of authorized network participants to a declared application, wherein the network participants are granted access rights to the declared application (See Giordano et al., paragraphs 3, 18-25, 42, 57-59 and 92, wherein Giordano teaches “the ledger also stores program modules, referred to as smart contracts, which allow participants in a distributed medical records management network to interact with the ledger and with each other. For example, doctors, patients, pharmacists, and insurers may be issued role-specific smart contracts that allow the participants to invoke various records management events on the network. A doctor, for instance, may use his or her smart contract to add or retrieve a medical record from a patient. Conversely, a patient's smart contract may identify a collection of medical records owned by the patient that reflect the patient's medical history or medical profile. The patient's smart contract may comprise code that, when executed, sends data to an authorized user's smart contract (e.g., the smart contract of a patient's attending physician) that allows the authorized user to access the patient's medical records” and “Each respective node of the plurality of nodes of the computing network can add to the respective instance of the electronic ledger an entry that indicates information about the request to access the medical record of the patient”); 
updating a blockchain asset on the blockchain having encoded therein as defined metadata for the declared application, a plurality of entity types declared for the application and one or more new field definitions declared for each of the plurality of entity types, wherein the update to the blockchain asset specifies the plurality of authorized network participants for the declared application (See Giordano et al., paragraphs 52, 64-68, wherein Giordano teaches “In order for the user to create a new smart contract for himself or herself, the user may call another smart contract (e.g., a factory contract) on the network that specifically configured to create new smart contracts for users. To call the factory contract, a transaction may be sent from the user's account to the factory contract via the factory contract's address on the network. The factory contract may then be executed using values of any parameters included in the call to the contract, such as values indicating the user account to which the new contract is to be assigned and values indicating the type of contract to be created. In the process of creating a new contract for a user, the factory contract may automatically call none, one, or more other contracts on the network”); 
deploying an executable install package to each of the plurality of authorized network participants for the declared application (See Giordano et al., paragraphs 47-49, wherein Giordano discloses “to create a smart contract, a participant on the network may write source code for the program that they wish to deploy on the network. The source code may be compiled to executable code (e.g., byte code) and packaged in a transaction that is broadcasted across the distributed computing network. As with any transaction, the respective nodes in the network may separately validate the transaction, and if valid, the transaction may be provided in a block that is permanently appended to the blockchain of the ledger 106. Thus, each node in the computing network that stores the distributed ledger may include a copy of the executable code for the smart contract. In some implementations, smart contracts may be programs that can store data, maintain state, interact with other smart contracts, interact with programs and resources off of the blockchain, or that can perform a combination of these operations. For example, a patient's smart contract may comprise code for a computer program that stores data indicating one or more medical records belonging to the patient. The patient's smart contract may include, in some instances, program code for adding records to the patient's medical history, removing records, amending records, and for granting permission to others to access the patient's records”); and 
wherein the executable install package retrieves the metadata for the declared application from the blockchain and displays GUIs specific to the declared application which are auto generated by the executable install package based on the retrieved metadata (See Giordano et al., paragraphs 47-49 and 53-54, wherein Giordano discloses “to create a smart contract, a participant on the network may write source code for the program that they wish to deploy on the network. The source code may be compiled to executable code (e.g., byte code) and packaged in a transaction that is broadcasted across the distributed computing network.” And “when a user at the computing device 102 calls a smart contract to be executed, the call can cause each respective node in the computing network that maintains a copy of the electronic ledger 106 to separately execute the called contract and to update the ledger 106 based on any transactions that result from the calling and execution of the contract. For example, a doctor may call a first smart contract from her computer 102. The call may be broadcast to all nodes in the network, and both the computer 102 and other network nodes may separately execute the first smart contract. During execution of the first smart contract, a second smart contract may be called by the first smart contract. Each node in the computing network may then execute the second smart contract. As a result of executing the first and second smart contracts, the states of one or more user accounts, smart contracts, or both may be changed (e.g., a new medical record may be assigned to a patient or access to a medical record may be given to a third party)”).  


Claim Rejections - 35 USC § 103
7.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

8.	Claims 2, 4-5, 13, 15-16, 19, and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Giordano et al. (U.S. Patent Application Publication No. 2017/0300627), in view of Li et al. (U.S. Patent No. 10,528,551).
As to claims 2, 13 and 19, Giordano et al. teaches using a network service and authorization (See Giordano et al., paragraphs 42, 57-59 and 92, wherein Giordano teaches “the decentralized filesystem 112 is configured to allow peer-to-peer sharing of medical records among participants in the records management system. For example, when a doctor creates a medical record that is added to a patient's smart contract, the medical record may initially be hosted by one or more computers associated with the doctor that created the record. If the patient later selects to access the record, the record may be retrieved from the doctor's computers and provided to one or more computers associated with the patient). Giordano et al., however, does not explicitly teach wherein at least one of the plurality of authorized network participants for the declared application is a tenant of the host organization which subscribes to on-demand cloud services from the host organization; and wherein at least one of the plurality of authorized network participants for the declared application is a non-customer partner of the host organization which does not subscribe to any on-demand cloud services from the host organization.  
Li et al. teaches a system and method for providing a representational state transfer proxy service for a blockchain cloud service (See abstract), in which he teaches wherein at least one of the plurality of authorized network participants for the declared application is a tenant of the host organization which subscribes to on-demand cloud services from the host organization (See Li et al., column 10, lines 54-65, wherein Li discloses “a fabric-CA server can provide a membership service for a fabric. The fabric-CA server can comprise three parts: authentication for user, authorization for accessing a Blockchain (a group of peers and orders) and a CA server which could deliver certificate to application client, peer and order. fabric-CA can utilize a certificate to implement authentication and authorization. The certificate include two types: enroll certificate for authentication and transaction certificate for authorization. In accordance with an embodiment, an identity service, such as IDCS, can also provide authentication and authorization”; Also see Li et al., column 42, lines 64-33, wherein Li teaches “features of the present invention are implemented in the cloud as part of, or as a service of, a cloud computing system based on shared, elastic resources delivered to users in a self-service, metered manner using Web technologies. Characteristics of the cloud may include, for example: on-demand self-service; broad network access; resource pooling; rapid elasticity; and measured service”); and wherein at least one of the plurality of authorized network participants for the declared application is a non-customer partner of the host organization which does not subscribe to any on-demand cloud services from the host organization (See Li et al., column 8, line 64-column 9, line 45 and column 12, lines 4-52 and column 13, lines 47-53, wherein Li discloses “an embodiment, the distributed ledger protocol of the fabric is run by peers. The fabric distinguishes between two kinds of peers: A validating peer is a node on the network responsible for running consensus, validating transactions, and maintaining the ledger. On the other hand, a non-validating peer is a node that functions as a proxy to connect clients (issuing transactions) to validating peers. A non-validating peer does not execute transactions but it may verify them. Some key features of the fabric release include permissioned blockchain with immediate finality which runs arbitrary smart contracts called chaincode”).  
Giordano et al. and Li et al. are from the analogous art of blockchain management. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention having the teachings of Giordano et al. and Li et al. to have combined Giordano et al. and Li et al.. The motivation to combine Giordano et al. and Li et al. is to provide a representational state transfer proxy service for interactions between client applications and a blockchain cloud service (See Li et al., column 1, lines 31-37). Therefore, it would have been obvious to one skilled in the art to combine Giordano et al. and Li et al..

As to claims 4, 15 and 21, Giordano et al. as modified, teaches wherein at least one of the plurality of authorized network participants for the declared application is a non-customer partner of the host organization which does not subscribe to any on-demand cloud services from the host organization (See Li et al., column 9, lines 14-67); and wherein updating the blockchain asset on the blockchain with the plurality of authorized network participants for the declared application comprises specifying, for the non-customer partner within the metadata transacted onto the blockchain each of: (i) an IP address or IP address range permissible for the non-customer partner of the host organization having been added as an authorized network participant for the declared application (See Li et al., column 21, lines 31-37; column 23, lines 1-60); and (ii) a shared public key required from the non-customer partner responsive to a challenge by the declared application prior to the declared application granting access to the non-customer partner of the host organization (See Li et al., column 8, lines 5-15 and column 11, lines 46-62, wherein Li discloses “the HYPERLEDGER FABRIC implements security through support for certificate authorities (CAs) for TLS certificates, enrollment certificates and transaction certificates. Public Key Infrastructure is used to generate cryptographic certificates which are tied to organizations, network components, and end users or client applications. As a result, data access control can be manipulated and governed on the broader network and on channel levels. This “permissioned” feature of HYPERLEDGER FABRIC, coupled with the existence and capabilities of channels, satisfies privacy and confidentiality needs in multi-party enterprise systems.” Also see column 14, lines 50-56).  

As to claims 5 and 16, Giordano et al. as modified, teaches wherein deploying the executable install package to each of the plurality of authorized network participants for the declared application comprises deploying a generic executable install package (See Giordano et al., paragraphs 47-49, wherein Giordano discloses “to create a smart contract, a participant on the network may write source code for the program that they wish to deploy on the network. The source code may be compiled to executable code (e.g., byte code) and packaged in a transaction that is broadcasted across the distributed computing network. As with any transaction, the respective nodes in the network may separately validate the transaction, and if valid, the transaction may be provided in a block that is permanently appended to the blockchain of the ledger 106. Thus, each node in the computing network that stores the distributed ledger may include a copy of the executable code for the smart contract. In some implementations, smart contracts may be programs that can store data, maintain state, interact with other smart contracts, interact with programs and resources off of the blockchain, or that can perform a combination of these operations. For example, a patient's smart contract may comprise code for a computer program that stores data indicating one or more medical records belonging to the patient. The patient's smart contract may include, in some instances, program code for adding records to the patient's medical history, removing records, amending records, and for granting permission to others to access the patient's records”); and wherein the generic executable install package retrieves the metadata from the blockchain for the declared application and self configures based on the metadata retrieved (See Giordano et al., paragraphs 46-47, 52-53 and 60-64, wherein Giordano discloses “when a new record is added to the system, the record may be stored on the filesystem 112 and may be indexed by a hash value computed based on the content of the record and, in some instances, further based on metadata associated with the record (e.g., a timestamp indicating the date and time the data was created, identifying information of the doctor that created the record, and/or identifying information of the patient to whom the record belongs)”; Also see Li et al., Figure 5 and column 12, lines 53-62; column 14, lines 15-32, column 20, lines 53-64; column 44-63, wherein Li discloses “a chaincode architecture, in accordance with an embodiment. More specifically, the figure illustrates a chaincode architecture which allows a client 530 to install chaincode and run transactions in container runtime service environment 500 according to an embodiment. Step 1, Client 530 installs chaincode source code to a Peer 1, 510”).   

9.	Claims 6-8,10-11, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Giordano et al. (U.S. Patent Application Publication No. 2017/0300627), in view of Smith et al.  (U.S. Patent No. 2019/0132350).
As to claims 6 and 17, Giordano et al. as modified, teaches, “to create a smart contract, a participant on the network may write source code for the program that they wish to deploy on the network. The source code may be compiled to executable code (e.g., byte code) and packaged in a transaction that is broadcasted across the distributed computing network. As with any transaction, the respective nodes in the network may separately validate the transaction, and if valid, the transaction may be provided in a block that is permanently appended to the blockchain of the ledger 106. Thus, each node in the computing network that stores the distributed ledger may include a copy of the executable code for the smart contract. In some implementations, smart contracts may be programs that can store data, maintain state, interact with other smart contracts, interact with programs and resources off of the blockchain, or that can perform a combination of these operations. For example, a patient's smart contract may comprise code for a computer program that stores data indicating one or more medical records belonging to the patient. The patient's smart contract may include, in some instances, program code for adding records to the patient's medical history, removing records, amending records, and for granting permission to others to access the patient's records” (See Giordano et al., paragraphs 47-49).  Giordano et al. as modified, however, does not explicitly teach transmitting a GUI to a blockchain administrator's user device prompting for distribution configuration information of the executable install package; receiving input from the blockchain administrator's user device via the GUI specifying all permissible network participants for the declared application; wherein one or more of the permissible network participants for the declared application are tenants of the host organization which subscribe to cloud computing services from the host organization; and Claims- 181 - Attorney Docket No.: 37633.6335 (A4358US)wherein an additional one or more of the permissible network participants for the declared application are non-tenant partner organizations which do not subscribe to cloud computing services from the host organization, each being identified by at least an Internet Protocol (IP) address or IP address range.   
Smith et al. teaches system and method for validation of distributed data storage systems (See abstract), in which he teaches transmitting a GUI to a blockchain administrator's user device prompting for distribution configuration information of the executable install package (See Smith et al., Table 6 and paragraph 155, wherein Smith discloses “The community operates and administers the blockchain, and one or more participants can provide consensus…A permissioned network refers to a blockchain model that requires permission to join, read, write to, operate and administer. Multiple participants administer the blockchain under consortium or group leadership. There may be restrictions on how participants can contribute to the system state or consensus of transactions. In one or more examples network layer 508 can also include private blockchains. In a private blockchain, only a centralized entity or single participant has permission to write to the blockchain); receiving input from the blockchain administrator's user device via the GUI specifying all permissible network participants for the declared application (See Smith et al., paragraph 155, wherein Smith discloses “The community operates and administers the blockchain, and one or more participants can provide consensus…A permissioned network refers to a blockchain model that requires permission to join, read, write to, operate and administer. Multiple participants administer the blockchain under consortium or group leadership. There may be restrictions on how participants can contribute to the system state or consensus of transactions. In one or more examples network layer 508 can also include private blockchains. In a private blockchain, only a centralized entity or single participant has permission to write to the blockchain. Platform architects can decide how to assign permissions”); wherein one or more of the permissible network participants for the declared application are tenants of the host organization which subscribe to cloud computing services from the host organization; and Claims- 181 - Attorney Docket No.: 37633.6335 (A4358US)wherein an additional one or more of the permissible network participants for the declared application are non-tenant partner organizations which do not subscribe to cloud computing services from the host organization, each being identified by at least an Internet Protocol (IP) address or IP address range (See Smith et al., Table 6 and paragraph 155, wherein Smith discloses “The community operates and administers the blockchain, and one or more participants can provide consensus…A permissioned network refers to a blockchain model that requires permission to join, read, write to, operate and administer. Multiple participants administer the blockchain under consortium or group leadership. There may be restrictions on how participants can contribute to the system state or consensus of transactions. In one or more examples network layer 508 can also include private blockchains. In a private blockchain, only a centralized entity or single participant has permission to write to the blockchain).
Giordano et al. as modified and Smith et al. are from the analogous art of blockchain management. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention having the teachings of Giordano et al. as modified and Smith et al. to have combined Giordano et al. as modified and Smith et al.. The motivation to combine Giordano et al. as modified and Smith et al. is to provide the most real time data available to blockchain participants in the network and can eliminate the need for data reconciliation (See Smith et al., paragraphs 8-9). Therefore, it would have been obvious to one skilled in the art to combine Giordano et al. as modified and Smith et al..
 
As to claim 7, Giordano et al. as modified, teaches wherein the method further comprises: retrieving the metadata for the declared application based on an IP address from which the executable install package is run; and challenging a user having run the executable install package for a shared public key as a challenge prior to granting access to the declared application (See Giordano et al., paragraphs 47-49, wherein Giordano discloses “to create a smart contract, a participant on the network may write source code for the program that they wish to deploy on the network. The source code may be compiled to executable code (e.g., byte code) and packaged in a transaction that is broadcasted across the distributed computing network. As with any transaction, the respective nodes in the network may separately validate the transaction, and if valid, the transaction may be provided in a block that is permanently appended to the blockchain of the ledger 106. Thus, each node in the computing network that stores the distributed ledger may include a copy of the executable code for the smart contract. In some implementations, smart contracts may be programs that can store data, maintain state, interact with other smart contracts, interact with programs and resources off of the blockchain, or that can perform a combination of these operations; Also, see Smith et al., Table 6 and Table 12  and paragraph 155, wherein Smith discloses “The community operates and administers the blockchain, and one or more participants can provide consensus…A permissioned network refers to a blockchain model that requires permission to join, read, write to, operate and administer. Multiple participants administer the blockchain under consortium or group leadership. There may be restrictions on how participants can contribute to the system state or consensus of transactions. In one or more examples network layer 508 can also include private blockchains. In a private blockchain, only a centralized entity or single participant has permission to write to the blockchain).   

As to claim 8, Giordano et al. as modified, teaches wherein the method further comprises: receiving, at the host organization, a request to install the declared application by a remote computing device executing the executable install package; wherein the executable install package is void of any application code associated with the declared application and further wherein the executable install package does not specify the declared application to be installed at the remote computing device; performing a look-up at the host organization responsive to receiving the request to install the declared application to determine which one of a plurality of declared applications available from the host organization is to be installed at the remote computing device via the executable install package, wherein the look-up identifies the declared application to be installed based on an IP address of the remote computing device; issuing a challenge from the host organization to the remote computing device for a shared public key; and retrieving the metadata for the declared application determined by the host organization to be installed based responsive to receiving the shared public key responsive to the challenge and transmitting the retrieved metadata to the remote computing device in fulfillment of installing the declared application via the executable install package  (See Giordano et al., paragraphs 47-49, wherein Giordano discloses “to create a smart contract, a participant on the network may write source code for the program that they wish to deploy on the network. The source code may be compiled to executable code (e.g., byte code) and packaged in a transaction that is broadcasted across the distributed computing network. As with any transaction, the respective nodes in the network may separately validate the transaction, and if valid, the transaction may be provided in a block that is permanently appended to the blockchain of the ledger 106. Thus, each node in the computing network that stores the distributed ledger may include a copy of the executable code for the smart contract. In some implementations, smart contracts may be programs that can store data, maintain state, interact with other smart contracts, interact with programs and resources off of the blockchain, or that can perform a combination of these operations; Also, see Smith et al., Table 6 and Table 12  and paragraph 155, wherein Smith discloses “The community operates and administers the blockchain, and one or more participants can provide consensus…A permissioned network refers to a blockchain model that requires permission to join, read, write to, operate and administer. Multiple participants administer the blockchain under consortium or group leadership. There may be restrictions on how participants can contribute to the system state or consensus of transactions. In one or more examples network layer 508 can also include private blockchains. In a private blockchain, only a centralized entity or single participant has permission to write to the blockchain).  

As to claim 10, Giordano et al. as modified, teaches wherein a blockchain administrator defines a permissible Internet Protocol (IP) address or a Claims- 182 - Attorney Docket No.: 37633.6335 (A4358US)permissible IP address range for the declared application; wherein the declared application is prohibited from being installed via the deployable install package for any IP address which does not match the permissible IP address or permissible IP address range defined by the blockchain administrator; wherein a declared application having previously been installed on a computing device at the permissible IP address or the permissible IP address range is prohibited from continued operation if a current IP address of the computing device does not match the permissible IP address or the permissible IP address range due to the IP address of the computing device being changed to a non-permissible IP address or due to the permissible IP address or the permissible IP address range being modified at the host organization by the blockchain administrator; and wherein the declared application, when executed at any non-permissible IP address, returns a message indicating the location associated with the IP address of the computing device being utilized is not an authorized network participant for any declared application (See Giordano et al., paragraphs 47-49, wherein Giordano discloses “to create a smart contract, a participant on the network may write source code for the program that they wish to deploy on the network. The source code may be compiled to executable code (e.g., byte code) and packaged in a transaction that is broadcasted across the distributed computing network. As with any transaction, the respective nodes in the network may separately validate the transaction, and if valid, the transaction may be provided in a block that is permanently appended to the blockchain of the ledger 106. Thus, each node in the computing network that stores the distributed ledger may include a copy of the executable code for the smart contract. In some implementations, smart contracts may be programs that can store data, maintain state, interact with other smart contracts, interact with programs and resources off of the blockchain, or that can perform a combination of these operations; Also, see Smith et al., Table 6 and Table 12  and paragraph 155, wherein Smith discloses “The community operates and administers the blockchain, and one or more participants can provide consensus…A permissioned network refers to a blockchain model that requires permission to join, read, write to, operate and administer. Multiple participants administer the blockchain under consortium or group leadership. There may be restrictions on how participants can contribute to the system state or consensus of transactions. In one or more examples network layer 508 can also include private blockchains. In a private blockchain, only a centralized entity or single participant has permission to write to the blockchain).  

As to claim 11, Giordano et al. as modified, teaches receiving a permissible Internet Protocol (IP) address or a permissible IP address range for the declared application at the host organization from a blockchain administrator; and transacting the permissible IP address or the permissible IP address range onto the blockchain as deployment configuration information for the declared application, storing the deployment configuration information as metadata on the blockchain (See Giordano et al., paragraphs 47-49, wherein Giordano discloses “to create a smart contract, a participant on the network may write source code for the program that they wish to deploy on the network. The source code may be compiled to executable code (e.g., byte code) and packaged in a transaction that is broadcasted across the distributed computing network. As with any transaction, the respective nodes in the network may separately validate the transaction, and if valid, the transaction may be provided in a block that is permanently appended to the blockchain of the ledger 106. Thus, each node in the computing network that stores the distributed ledger may include a copy of the executable code for the smart contract. In some implementations, smart contracts may be programs that can store data, maintain state, interact with other smart contracts, interact with programs and resources off of the blockchain, or that can perform a combination of these operations; Also, see Smith et al., Table 6 and Table 12  and paragraph 155, wherein Smith discloses “The community operates and administers the blockchain, and one or more participants can provide consensus…A permissioned network refers to a blockchain model that requires permission to join, read, write to, operate and administer. Multiple participants administer the blockchain under consortium or group leadership. There may be restrictions on how participants can contribute to the system state or consensus of transactions. In one or more examples network layer 508 can also include private blockchains. In a private blockchain, only a centralized entity or single participant has permission to write to the blockchain).  

Conclusion
9.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to MELLISSA M OHBA whose telephone number is (571)272-4076. The examiner can normally be reached 9:30-6:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashish Thomas can be reached on (571)-272-0631. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





5/3/2022
Mmo
/MELLISSA M. OHBA/Examiner, Art Unit 2164