DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

 This Final Office Action is in response to amendment filed on 05/13/2022.
	Claims 1, 3, 9, 11-13 and 18-20 have been amended. Claims 1-20 remain pending in the application. 

Response to Amendment

The amendment filed 05/13/2022 has been entered. Claims 1, 3, 9, 11-13 and 18-20 have been amended. Claims 1-20 remain pending in the application.
Applicant’s amendments to the Drawings have overcome the objections previously set forth in the Non-Final Office Action mailed on 02/24/2022. The objection has been withdrawn in view of the amended Drawings.
Applicant’s amendments to the Specifications have overcome the objections previously set forth in the Non-Final Office Action mailed on 02/24/2022. The objection has been withdrawn in view of the amended Specifications.
Applicant’s amendments to the claims have overcome the 35 USC § 112f Claim interpretation previously set forth in the Non-Final Office Action mailed on 02/24/2022. The claim interpretation has been withdrawn in view of the amended Claims.
Applicant’s amendments to the claims have overcome the 35 USC § 112 rejection previously set forth in the Non-Final Office Action mailed on 02/24/2022. The rejection has been withdrawn in view of the amended Claims.
Applicant’s amendments to the claims have overcome the 35 USC § 101 rejection previously set forth in the Non-Final Office Action mailed on 02/24/2022. The rejection has been withdrawn in view of the amended Claims.


Response to Arguments

 Regarding Applicant’s arguments, on page 9-14 of the remark filed on 05/13/2022, on the newly added limitations of independent Claims 1, 13 and 20: based at least on determining whether the function is associated with a function access control rule; based at least on determining whether the function access control rule specifies the user as being authorized to call the function;”, arguments are persuasive.
Therefore, the 35 U.S.C. 103 rejection over Barski et al. (U.S Pub. No. 20190065593) in further view of Chan et al. (U.S Pub. No. 20210194697), has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made under 35 U.S.C. § 103 in view of the following prior art: Krishnan et al. (U.S Pub. No. 20200076818) in conjunction with Barski et al. (U.S Pub. No. 20190065593) and Chan et al. (U.S Pub. No. 20210194697). Please refer to the 35 U.S.C. 103 section below for a detailed explanation.
	For the reasons stated above and the new ground(s) of rejection under 35 U.S.C. 103 below, Examiner respectfully disagrees with Applicant’s argument, see Applicant’s Remarks Page 9-14, regarding allowance of the application. Examiner asserts that claims 1-20 are rejected for the reasons stated above in conjunction with the new ground(s) of rejection under 35 U.S.C. 103 below.
	Conclusion: Barski –Chan- Krishnan teaches the aforementioned limitations of independent claims 1, 13 and 20 rendering the claim limitations obvious before the effective date of the claimed invention.

Claim Rejections - 35 USC § 103


In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claims 1-5, and 13-14, is/are rejected under 35 U.S.C. 103 as being unpatentable over Barski et al. (U.S Pub. No. 20190065593, hereinafter referred to as “Barski”)
and Chan et al. (U.S Pub. No. 20210194697, hereinafter referred to as “Chan”) in further view of Krishnan et al. (U.S Pub. No. 20200076818, hereinafter referred to as “Krishnan”)


Regarding Independent Claim 1 (Currently Amended), Barski teaches a system for providing on-chain access control, the system comprising: (Par. (0006) “a “three tier system” for management of access permission and control. In such models, a database server houses registry data, including data describing the registrants (e.g., the names and address of registered healthcare professionals, in a healthcare registry system), data describing the registry rules (e.g., requirements for obtaining or renewing a license for a healthcare professional, in a healthcare registry system), and data describing access rules”; system (three tier system) providing on-chain access control (management of access permission and control)), (Par. (0012-0015) “the features and functionality of the present disclosure may be applied to data-management systems other than registry systems. For example, the features and functionality may be deployed as any or all of:: [..] a distributed ledger is a blockchain. A blockchain is a series of data structures, referred to as blocks. Each block contains a set of one or more data records and a header. The header includes a hash derived from the contents of the data records of the given block. Each subsequent block in the blockchain includes,”; system for providing on-chain (blockchain/distributed ledger corresponding to data-management system)) 
at least one hardware processor; and (Figure 2 label 210; processor 210))
at least one hardware memory storing instructions that, when executed by the at least one hardware processor, cause the system to: (Par. (0053-0054) “The processor(s) 210 can be configured to execute computer-readable program instructions 216 that are stored in the data storage 212 and are executable to provide the functionality described herein. [..] data storage 212 may include or take the form of one or more computer-readable storage media that can be read or accessed by the one or more processors 210. The one or more computer-readable storage media can include volatile and/or non-volatile storage components,”; computer readable data storage (data storage 212), executed by the at least one processing device (processor 210 executes instructions associated with data storage)) 
 	deploy an executable file on a record of transactions, wherein the executable file comprises a metadata repository and a function that, when executed, adds a transaction to the record of transactions; (Par. (0019) “these computer programs are referred to as “contracts” and are given an address and recorded in the blockchain. The program code that makes up a contract cannot be changed without destroying the integrity of the entire blockchain. As such, these contracts are more secure and immutable than traditional computer programs”; executable file (contracts associated with computer program/program code)), (Par. (0024) “sending [..]  program code into the distributed ledger, where the processing nodes (e.g., node 201) encodes the contract into the ledger at the next available address.”; deploying an executable file on a record of transactions (sending [..] program code into the distributed ledger)), (Par. (0037) “a storage contract containing registry data”; executable file (contract) on a record of transaction (registry data) comprises a metadata repository (registry data of registry)), (Par. (0030) “registry system may also have encoded in a second set of contracts a second set of rules related to government or another regulatory body's regulations that define how and when registration occurs”; executable file comprises a metadata repository (contract corresponding to registry system)), (Par. (0083) “the regulations contract 522 contains program code 524 [..] to carry out the functions associated with the regulations contract described above.”; executable file (contract) comprises a function (contract associated with program code and function)), 
(Par. (0094-0097) “contract may contain specific functions, which when called, operate to submit a Merkle proof to the storage contract and, once verified, to store the legacy data in the data storage associated with the storage contract. [..] cause a new record to be added to the registry reflecting the requested modification. Such a record would, as a result, no longer be a legacy record, and would instead be a part of the on-ledger registry. To help mitigate any confusion, the client access device may then cause the off-ledger legacy data to be modified to remove the record or records now existing in the on-ledger registry”; executable file comprises a function (contract contains specific functions) when executed (when called) add a transaction to the record of transaction (submit a proof [..] to store data in the data storage [..[] cause a new record to be added))
 (Examiner notes: In the instant application the specification states on Par. (0006) that an executable file could be a smart contract. Therefore it will be broadly and reasonable interpreted that any contract/smart contract that contains metadata and program code on the blockchain meets the claim limitation.))
responsive to receiving a call of the function, determine whether the function is access-controlled; (Par. (0037) “The program code, when executed by the computing device, causes the computing device to execute the permissions contract to facilitate a determination that a given user is permitted to make a given type of modification to the registry data in the storage contract”; responsive to receiving the call of the function (program code when executed) determine whether the function is access controlled (a determination that a given user is permitted)), (Par. (0073) “The program code may be further executed [..] to call the permissions contract in order to facilitate a determination of whether the given user is permitted to make the requested modification. The program code may be further executed by the computing device to call the regulations contract in order to facilitate a determination of whether the requirements, if any, have been fulfilled”; receiving a call of the function (to call the permission/regulation contracts) determine whether the function is access-controlled (determination of whether the given user is permitted))
 	when the function is access-controlled, determine whether a user associated with the function call is authorized to call the function; and (Par. (0059-0062) “User A” is permitted to read registry data, but not manipulate registry data; [0060] “User B” is permitted to read and manipulate registry data  [..] permissions contract contains program code associated with the user permissions. In one implementation, the program code may contain instructions for determining [..] whether a given user is permitted to access or modify certain registry data. [..] he program code may be executed by a computing device (e.g., node 201) to receive an indication of a given user (e.g., “User A”) and a given request to access or modify certain registry data. The program code may be further executed by the computing device to make a determination, based on the user permissions, whether the given user is permitted to access or modify the registry data in accordance with the request. Other functions”; when the function is access controlled (program code associated with permissions) determine whether a user associated with a function call is authorized (determination whether a given user is permitted to access or modify data/ User A is permitted))
when the user is authorized: (Par. (0059-0060) ““User A” is permitted to read registry data, but not manipulate registry data; [0060] “User B” is permitted to read and manipulate registry data”; when a user is authorized (User A is permitted))
route the transaction to the record of transactions. (Par. (0007) “the application server may further validate the client's permissions, and if permitted, transmit the requested transaction to the database server.”; route the transaction to the record of transaction (transmit the [..] transaction to the database)), (Par. (0051-0052) “may publish transaction destined for the distributed ledger [.] the nodes are able to receive publications of transactions [..] add those transactions to the relevant distributed ledger.”; route the transaction to the record of transaction (publish transaction to ledger/ receive transactions to be added to distributed ledger)), (Examiner notes: In the instant application the specification on Par. (0033) the routing of the transaction is referring to the transaction information being sent to the blockchain ledger. Therefore it will be broadly and reasonable interpreted as such))
However Barski does not explicitly teach based at least on determining whether the function is associated with a function access control rule; based at least on determining whether the function access control rule specifies the user as being authorized to call the function; assemble the transaction based on information included in the function call; and
Wherein Chan teaches assemble the transaction based on information included in the function call; and (Par. (0064-0066) “a blockchain to implement a function. The blockchain is used to provide a record of the execution of the function and/or a result of its result. A function can be a subroutine or procedure (i.e. a process or portion of logic) which is applied to a set of inputs   [..] to construct a blockchain transaction which acts as a function, where the transaction output(s) are conditional or dependent on the information embedded in the transaction input(s) [..]  he Function Input(s) can be locked in, before applying the Function logic and updating the Function Output(“; assemble a transaction (construct a blockchain transaction) based on information included in the function call (which acts as a function/ sets of inputs or function inputs that result in applying function logic))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Chan within the teachings of Barski to include assembling the transaction based on information included in the function call because of the analogous concept of verification of program or source code using a blockchain network. Chan includes a process of assembling or constructing a blockchain transaction based on information such as inputs included in the function logic or function call. This is important because by putting together a transaction based on the specific function call it allows the user the ability to have access control such as read/ write calls on the application and prevents any random entity from being able to call a function that modifies or changes the state of the  blockchain transaction. This proves importance in the software development cycle as indication of which transaction corresponds to which function call and in return allows the system to detect early on the permitted users that can update, makes changes, rights to deploy or have access to the application based on the function calls. By assembling the transaction based on information that includes the function calls it provides a monitoring or governance to software applications for institutions such as financial banks, government agency and medical providers that have confidential or sensitive information and want to regulate access based on specific function call included in the transaction. This further enhances the blockchain network in regards to access controls and assures user that high credibility and trust is established with each transaction for a multitude of users.
However Barski and Chan do not explicitly teach based at least on determining whether the function is associated with a function access control rule; based at least on determining whether the function access control rule specifies the user as being authorized to call the function;
Wherein Krishnan teaches based at least on determining whether the function is associated with a function access control rule; (Par. (0063) “First, the function checks assigned_users set to find if there is a role with the requested permission that is authorized for the user. If there is no such role, it returns false as activation failure. If roles are present and could be activated within the session risk_threshold, it asks the user to select a role”; determining where the function is associated with a function access control rule ( checking the function is assigned to a role of the user based on permissions))
based at least on determining whether the function access control rule specifies the user as being authorized to call the function; (Par. (0061) “a user can invoke this function to access a permission. Note that, this is the first step of the flowchart shown in FIG. 3. This function takes a access request of the user in a session and calls CheckAccess to verify if the necessary role is activated in that session. If CheckAccess returns true it allows the user request and deny otherwise.”; based on determining whether the function access control rule specifies the user as being authorized ( user can invoke function based on permission after a request is verified)), (Par. (0037) “which is the set of currently activated roles in session s. If so, the system returns otherwise, it checks the assigned_roles set that contains all roles authorized for u. The request is simply denied if role r is not present in assigned_roles..sup.3 Otherwise, the system compares if addition of r increases present risk of the session beyond the risk threshold. If not, the activation is allowed”; determining whether the function access control rules specifies (checks if the assign roles are authorized)), (Par. (0059) “it also contains administrative functions to create and maintain elements and system functions for session activity management. In the following, note that a regular user can only call the CreateSession and PerformTask functions. All the other functions are administrative/system functions. In the function parameter, NAME is an abstract data type whose elements represent identifiers of various entities in the RBAC system”; authorized to call the function (regular users can only call [..] functions))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Krishnan within the teachings of Barski and Chan to include determining whether the function is associated with a function access control rule and determining whether the function access control rule specifies the user as being authorized to call the function because of the analogous concept of access control based rules applied to logic, functions or source code applications for secure protection. Krishnan includes a process of determining whether the function that is to be called is associated with a access control rule. This is significant because in private sector business, educational institution, medical facilities or government agencies classified or personal information must be allocated and signed rules by the admin without giving unwarranted access to customers or clients. By also determining which user is authorized to call the function clarity and distinct structure is created only allowing the user with the specific permission or rule to be able to call the function. This eliminates errors such as overwriting code or logic by users and conflict with admins in charge allocating access rights. This provides assurances to users that their data would not be compromised altered or affect because of the identifying or checking factor of the accurate permission of rule to the specified user. 

Regarding Dependent Claim 2 (Original), the combination of Barski, Chan and Krishnan teach the system of claim 1, Barski further teaches the system of claim 1, wherein the transaction modifies a state of the metadata repository on the record of transactions. (Par. (0013) “virtual machine-based registry system. In such a system, the core functions of the registry system are separated and programmed into discrete computer programs, referred to as contracts (or smart contracts), which are stored and executed on the distributed ledger to carry out the registry functions”; virtual machine-based registry system)), (Par. (0024-0025 “makes a change to the virtual machine (e.g., moves cryptocurrency from one account to another account, or reads data from or writes data to storage (e.g., data storage 354) dedicated to the contract). After this change, the virtual machine exists in a new state. And it is this virtual machine state that is recorded in the blockchain. [..] The state of the virtual machine after all transactions are executed (including cryptocurrency transfers and contract code executions) is set forth in state”; modifies a state of metadata repository (transaction executed corresponding to changes made to state of virtual machine registry))

Regarding Dependent Claim 3 (Currently Amended), the combination of Barski, Chan and Krishnan teach the system of claim 1, Barski further teaches the system of claim 2, wherein the function call comprises one of: 
a call to add first user metadata to the metadata repository;
 a call to modify second user metadata stored in the metadata repository; (Par. (0037) “a permissions contract containing program code associated with user permissions for modifying the registry data,”; a call to modify user metadata (program code associated with modifying registry data)), (Par. (0006) “a database server houses registry data, including data describing the registrants (e.g., the names and address of registered healthcare professionals, in a healthcare registry system), data describing the registry rules (e.g., requirements for obtaining or renewing a license for a healthcare professional,”; stored in the metadata repository (registry data in a database))
 a call to add first application metadata to the metadata repository;
 a call to modify second application metadata stored in the metadata repository; 
or a call to modify organization metadata stored in the metadata repository.


Regarding Dependent Claim 4 (Original), the combination of Barski, Chan and Krishnan teach the system of claim 1, Barski further teaches the system of claim 1, wherein the metadata repository is stored in the executable file. (Par. (0037) “a storage contract containing registry data,”; metadata repository (registry data of registry system) stored in the executable file (contract)), (Figure 5 labels 502 and 506; metadata repository (data storage) stored in executable file (contract))

Regarding Dependent Claim 5 (Original), the combination of Barski, Chan and Krishnan teach the system of claim 1, Barski further teaches the system of claim 1, wherein: the metadata repository comprises an off-chain metadata repository; and (Par. (0093) “the legacy data can be stored in an off-ledger, yet still publicly-accessible location, such as in a cloud- or Internet-based data storage location. As used herein, data stored in the distributed ledger registry system is referred to as “on-ledger” data. Data stored outside the distributed ledger registry system, such as data stored in cloud storage or elsewhere, is referred to as “off-ledger” data.”; metadata repository ( distributed ledger registry system) comprises an off-chain metadata repository (off-ledger [..] outside of the distributed ledger registry system))
the executable file includes an address of an interface that provides access to the off-chain metadata repository. (Par. (0006) “registry data, including data describing the registrants (e.g., the names and address of registered healthcare professionals, in a healthcare registry system)”; includes an address of an interface (registry data of contract contains names and address)), (Par. (0098) “Through the user interface, for instance, the user may request to view all or part of the registry data, change all or part of the registry data, or other similar functions.”; of an interface that provides access (user interface [..] to view all or part of the registry data)), (Par. (0096) “client access device may then retrieve from the, [..] the legacy data retrieved from the off-ledger storage location”; access to the off-chain metadata repository (access device corresponding to data from off-chain storage location)), (Par. (0031) “a storage contract that contains or points to an address of the many entries that make up the registry. This storage contract may also contain the instructions on how to access the rules in the permissions contract(s) and the rules in the regulation contract(s)”; the executable file includes an address ( contract contains an address))(Examiner notes: The instant application states in the specification on Par. (0034) that a blockchain address for example could be a user’s name or location. Therefore it will be broadly and reasonably interpreted that a name that is permitted or allowed access to view corresponding to a remote, off-chain, off-ledger storage would meet the claimed limitation.))




Regarding Independent Claim 13 (Currently Amended), claim 13 is an independent method claim that recites similar limitations to the independent system of claim 1 and the teachings of Barski, Chan and Krishnan address all the limitation discussed in independent claim 1 and is thereby rejected under the same grounds. 


Regarding Dependent Claim 14 (Original), the combination of Barski, Chan and Krishnan teach the method of claim 13, Barski further teaches the method of claim 13, wherein providing access to the metadata repository in the executable file comprises one of: (Par. (0062) “a given user is permitted to access or modify certain registry data. More specifically, but still by way of example, the program code may be executed by a computing device (e.g., node 201) to receive an indication of a given user (e.g., “User A”) and a given request to access or modify certain registry data”; providing access to the metadata repository (permitted access to access registry data)), (Par. (0037) “a storage contract containing registry data”; metadata repository (registry data corresponding to storage contract))
providing an executable file comprising the metadata repository; (Par. (0024) “Contracts, such as contract 342, may be established in any number of ways, including for instance, by sending a copy of the program code into the distributed ledger, where the processing nodes (e.g., node 201) encodes the contract into the ledger at the next available address. Contracts are invoked by sending a message to the contract's address. When a contract is invoked, the computer code in the contract executes and makes a change to the virtual machine (e.g., moves cryptocurrency from one account to another account, or reads data from or writes data to storage”; providing an executable file (contracts may be established)), (Figure 5 labels 502, 512 and 522, 516, 526 and 506; executable file comprising the metadata repository (contracts with data storage))
or providing an executable file comprising an address of an interface that provides access to an off-chain metadata repository.

Claims 6 and 15, is/are rejected under 35 U.S.C. 103 as being unpatentable over Barski et al. (U.S Pub. No. 20190065593, hereinafter referred to as “Barski”), Chan et al. (U.S Pub. No. 20210194697, hereinafter referred to as “Chan”) and 
Krishnan et al. (U.S Pub. No. 20200076818, hereinafter referred to as “Krishnan”)
 in further view of Hook et al. (U.S Pub. No. 20140164776, hereinafter referred to as “Hook”)

Regarding Dependent Claim 6 (Original), the combination of Barski, Chan and Krishnan teach the system of claim 1, Barski further teaches the system of claim 1, wherein determining whether the user associated with the function call is authorized to call the function further comprises: (Par. (0058-0062) “user permissions may include an indication or indications that: [0059] “User A” is permitted to read registry data, but not manipulate registry data; [0060] “User B” is permitted to read and manipulate registry data [..] the program code may contain instructions for determining (or facilitating a determination by another computing device (e.g., node 201)) whether a given user is permitted to access or modify certain registry data.”; user associated with the function call is authorized (USER B is permitted to read and manipulate), determining whether the user (determining [..] whether a given user is permitted))
However Barski, Chan and Krishnan do not explicitly teach accessing the metadata repository to determine whether an address associated with the user is an address of an organization administrator role authorized to call the function.
Wherein Hook teaches accessing the metadata repository to determine whether an address associated with the user is an address of an organization administrator role authorized to call the function. (Par. (0507-0515) “The box owner may then give the name [..] the Registration Authority (RA) may check that the email address conforms to predetermined criteria, such as a sub domain and/or an identifier for the parent box, and/or that the requestor is an owner, or delegated administrator or privileged member, [..] to a repository service and/or remote service, identifies them and therefore may determine which boxes they may access.”; accessing the metadata repository (repository service [..] may access) to determine whether the address associated with the user is an address of an organization administrator role (given name and email address is checked that the requestor is a delegated administrator)), (Par. (0754-0756) “Organisations may require this capability to insure themselves against staff losses or to safeguard contents of boxes being stored on behalf of customers, for example, a bank providing a virtual vault facility.[..]  Governments may control the ability to access citizen's encrypted data by mandating key escrow [..] access management, control, and organisation may be distributed across relatively independent agents.”; organization administrator role authorized (government/organisation with ability to control access)), (Par. (0306) “A repository service may perform automated actions based on pre-defined policy and/or rules and/or schedules [..] other administrative function”; administrator role authorized to call the function ( pre-defined policy or rules corresponding to administrative function))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Hook within the teachings of Barski, Chan and Krishnan to include accessing the metadata repository to determine whether an address associated with the user is an address of an organization administrator role authorized to call the function because of the analogous concept of access control based on functions, commands or source code of the application. Hook includes a process in which the access to the repository is performed to determine whether the address with the user is an address of an admin role of an organization authorized to call the function. This is important because by implementing a storage or repository with address, names, location or identifiable information coinciding with the permissions or roles of users it securely protects the system from harm, infiltration and possible compromise due to vulnerabilities. By implementing this process only the corresponding a valid user that has admin role privileges can be detected and later call, request, command or instruction the application. This prevents data from being edited, read or modified from non-admin role users and provides a detection component that matches the user from different roles and permissions that are stored. This promotes a solution to enforcing access control logic and establishes trust and credibility for users with concerns of modification or alteration of source code or functions from illegitimate or unauthorized entities. This in return maintains the integrity of the system as a whole and distributes the correct roles to the rightful users in settings such as government agency, software developers, financial institutions and more with access to sensitive information. 


Regarding Dependent Claim 15 (Original), the combination of Barski, Chan and Krishnan teach the method of claim 13, Barski further teaches the method of claim 13, wherein determining whether the user associated with the function call is authorized to call the function comprises (Par. (0058-0062) “user permissions may include an indication or indications that: [0059] “User A” is permitted to read registry data, but not manipulate registry data; [0060] “User B” is permitted to read and manipulate registry data [..] the program code may contain instructions for determining (or facilitating a determination by another computing device (e.g., node 201)) whether a given user is permitted to access or modify certain registry data.”; user associated with the function call is authorized (USER B is permitted to read and manipulate), determining whether the user (determining [..] whether a given user is permitted))
However Barski and Chan do not explicitly teach making a call to the metadata repository for determining whether an address associated with the user matches an address of an organization administrator role authorized to call the function.
Wherein Hook teaches making a call to the metadata repository for determining whether an address associated with the user matches an address of an organization administrator role authorized to call the function. (Par. (0388) “the agent might directly write to the remote service (e.g. Remote Services 370) and/or write via a repository service (e.g. Repository Services 391).”; making a call to the metadata repository (write command to the respiratory service)), (Par. (0299-0301) “A repository service may be used to [..] include pending invitations, pending contacts, pending administrative requests [..] the beginning of a session or may be provided at the time a request is made.”; making a call (request is made) to the metadata repository (request corresponding to repository service)), (Par. (0507-0515) “The box owner may then give the name [..] the Registration Authority (RA) may check that the email address conforms to predetermined criteria, such as a sub domain and/or an identifier for the parent box, and/or that the requestor is an owner, or delegated administrator or privileged member, [..] to a repository service and/or remote service, identifies them and therefore may determine which boxes they may access.”; to determine whether the address associated with the user is an address of an organization administrator role (given name and email address is checked that the requestor is a delegated administrator)), (Par. (0754-0756) “Organisations may require this capability to insure themselves against staff losses or to safeguard contents of boxes being stored on behalf of customers, for example, a bank providing a virtual vault facility.[..]  Governments may control the ability to access citizen's encrypted data by mandating key escrow [..] access management, control, and organisation may be distributed across relatively independent agents.”; organization administrator role authorized (government/organisation with ability to control access)), (Par. (0306) “A repository service may perform automated actions based on pre-defined policy and/or rules and/or schedules [..] other administrative function”; administrator role authorized to call the function ( pre-defined policy or rules corresponding to administrative function))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Hook within the teachings of Barski, Chan and Krishnan for the reasons discussed in dependent claim 6 stated above.


Claims 7, 10 16 and 20, is/are rejected under 35 U.S.C. 103 as being unpatentable over Barski et al. (U.S Pub. No. 20190065593, hereinafter referred to as “Barski”), Chan et al. (U.S Pub. No. 20210194697, hereinafter referred to as “Chan”) and Krishnan et al. (U.S Pub. No. 20200076818, hereinafter referred to as “Krishnan”) in further view of Chapman et al. (U.S Pub. No. 20180227116, hereinafter referred to as “Chapman”)


Regarding Dependent Claim 7 (Original), the combination of Barski, Chan and Krishnan teach the system of claim 1, Barski further teaches the system of claim 1, wherein the system is further configured to: use metadata stored in the metadata repository to enforce access control logic in the application. (Par. (0058-0061) “  the permissions contract may serve to validate users and requests to access or modify the registry data. To that end, the permissions contract includes program code associated with user permissions for modifying the registry data. In one implementation, user permissions may take the form of a list of users and an associated list of access permissions of those users [..] user permissions may be specified at varying levels of granularity with respect to the registry data. For instance, the user permissions may specify that certain users have one set of permissions for certain types of registry data, yet have other, perhaps different, permissions for other types of registry data”; use metadata stored in the metadata repository  to enforce (registry data from the registry used to determine user permission based on type of registry data) , access control logic in the application (permission contract with program code corresponding to list of users and list of access permission for those users))
However Barski, Chan and Krishnan do not explicitly teach generate an application based on the executable file, wherein the application is configured to interface the record of transactions; and
Wherein Chapman teaches generate an application based on the executable file, wherein the application is configured to interface the record of transactions; and (Par. (0006) “the application server may generate a smart contract block (or code block) including references to the addresses of the smart contracts”; generate an application based on the executable file (application server generating code block that is associated with smart contract)), (Par. (0043) “the application server may provide an interactive web application for a user [..] a plurality of contract components and document components.”; generate an application (provide an interactive web application) based on an executable file (corresponding to contract)), (Par. (0017) “the user interface, the system may invoke the associated program module and database record”; wherein the application is configured (associated program) to interface the record of transactions (interface may invoke [..] database records))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Chapman within the teachings of Barski, Chan and Krishnan to include generating an application based on an executable file in which the application interfaces the record of transaction because of the analogous concept of blockchain technologies and the verification of application. Chapman includes a process in which an application is generated that is based on the executable file. This is important because by basing the application on the smart contract it links and allows the software to adhere to the rules and policies of the contract and protects the application from risk or harm. This proves important in the software development lifecycle by corresponding the set of rules and permission in the contract to correlate to the application that is created., This provides a detection mechanism for users in government agencies, private institution, legal firms, financial brokerages and more because specific roles of users such as workers in those institution would be defined and differentiate from administrators of high access individuals. By creating software that includes a set of rules based on the smart contract it further enhances application used by multiple entities and prevents unauthorized read/write access not users that don’t correspond to the rules of the contract. This maintains the integrity as a whole in the system and promotes high credibility to access control logic. 

Regarding Dependent Claim 10 (Original), the combination of Barski, Chan and Krishnan teach the system of claim 1, Barski further teaches the system of claim 7, wherein: the record of transactions is a blockchain; (Par. (0016) “an example blockchain. As depicted, portion 100 includes at least three blocks 101, 102, and 103. Each block includes a respective header 110, 120, and 130, and data records 113, 114, 115, 123, 124, 125, 133, 134, and 135. Although only three records are shown with each example block, those skilled in the art will realize that each block will in practice typically contain more than three records”; blockchain corresponding to data records))
the blockchain is accessible by one or more users included a plurality of organizations; (Par. (0021) “transactions are typically published to participating entities, referred to as nodes. FIG. 2 depicts an example arrangement (discussed in further detail herein below) of nodes that may maintain a distributed ledger. Generally, nodes 201, 202, and/or 203 receive, through the communication network(s) 250, additions (such as desired transactions) to the distributed ledger,”; the blockchain is accessible to one or more users (transaction published to participating entities/nodes; nodes 201, 202, 203 receive through communication networks)), (Par. (0012-13) “the features and functionality may be deployed as any or all of: [..] a merchant or a shipping operation; an employee and/or payroll database; a ticketing system for management of ticket sales, usable for instance, by a venue hosting a concert, performing arts, or sports function, or by a common carrier, such as an airline, ground transportation operation, or sea farer; an enrollment management system, usable for instance by a University, public or private secondary school, or any system for managing assets, registrations, bookings, enrollments, or statuses; a supply chain management system, usable for instance, by a drug manufacturer for managing the ingredients of a given manufactured medication [..] by a medical provider to manage the protocols for care administered to patients; a data conditioning system, usable for instance, by an organization that endeavors to collect and curate data [..] will be described herein by way of example to a government registry system; but those of skill in the art should understand that the present disclosure is applicable to any or all of the foregoing examples”; plurality of organizations (medical providers, ticketing, shipping, transportations, government etc.)
and the plurality of organizations is in a consortium. (Par. (0012-13) “the features and functionality may be deployed as any or all of: [..] a merchant or a shipping operation; an employee and/or payroll database; a ticketing system for management of ticket sales, usable for instance, by a venue hosting a concert, performing arts, or sports function, or by a common carrier, such as an airline, ground transportation operation, or sea farer; an enrollment management system, usable for instance by a University, public or private secondary school, or any system for managing assets, registrations, bookings, enrollments, or statuses; a supply chain management system, usable for instance, by a drug manufacturer for managing the ingredients of a given manufactured medication [..] by a medical provider to manage the protocols for care administered to patients; a data conditioning system, usable for instance, by an organization that endeavors to collect and curate data [..] will be described herein by way of example to a government registry system; but those of skill in the art should understand that the present disclosure is applicable to any or all of the foregoing examples”; plurality of organization in a consortium (any or all of the foregoing examples of government organization, medical provider, shipping, ticketing etc.))

Regarding Dependent Claim 16 (Original), claim 16 recites similar limitations to dependent claim 7 and the teachings of Barski, Chan, Krishnan and Chapman address all the limitations discussed in dependent claim 7 and are thereby rejected under the same grounds. 

Regarding Independent Claim 20 (Currently Amended), Barski teaches a computer readable storage device including computer readable instructions, which when executed by a hardware processor, configure the hardware processor to: ((Par. (0053-0054) “The processor(s) 210 can be configured to execute computer-readable program instructions 216 that are stored in the data storage 212 and are executable to provide the functionality described herein. [..] data storage 212 may include or take the form of one or more computer-readable storage media that can be read or accessed by the one or more processors 210. The one or more computer-readable storage media can include volatile and/or non-volatile storage components,”; computer readable storage device (data storage 212), executed by a processing unit (processor 210 executes instructions associated with data storage))
deploy an executable file on a record of transactions comprising a metadata repository and at least one function that, ((Par. (0019) “these computer programs are referred to as “contracts” and are given an address and recorded in the blockchain. The program code that makes up a contract cannot be changed without destroying the integrity of the entire blockchain. As such, these contracts are more secure and immutable than traditional computer programs”; executable file (contracts associated with computer program/program code)), (Par. (0024) “sending [..]  program code into the distributed ledger, where the processing nodes (e.g., node 201) encodes the contract into the ledger at the next available address.”; deploying an executable file on a record of transactions (sending [..] program code into the distributed ledger)), (Par. (0037) “a storage contract containing registry data”; executable file (contract) on a record of transaction (registry data) comprises a metadata repository (registry data of registry)), (Par. (0030) “registry system may also have encoded in a second set of contracts a second set of rules related to government or another regulatory body's regulations that define how and when registration occurs”; executable file comprises a metadata repository (contract corresponding to registry system)), (Examiner notes: In the instant application the specification states on Par. (0006) that an executable file could be a smart contract. Therefore it will be broadly and reasonable interpreted that any contract/smart contract that contains metadata and program code on the blockchain meets the claim limitation.))
when executed, modifies a state of the metadata repository, wherein the metadata repository is one of: ((Par. (0013) “virtual machine-based registry system. In such a system, the core functions of the registry system are separated and programmed into discrete computer programs, referred to as contracts (or smart contracts), which are stored and executed on the distributed ledger to carry out the registry functions”; virtual machine-based registry system)), (Par. (0024-0025 “makes a change to the virtual machine (e.g., moves cryptocurrency from one account to another account, or reads data from or writes data to storage (e.g., data storage 354) dedicated to the contract). After this change, the virtual machine exists in a new state. And it is this virtual machine state that is recorded in the blockchain. [..] The state of the virtual machine after all transactions are executed (including cryptocurrency transfers and contract code executions) is set forth in state”; modifies a state of metadata repository (transaction executed corresponding to changes made to state of virtual machine registry))
an on-chain metadata repository included in the executable file; (Figure 5 labels 502 and 506; on-chain metadata repository (label 506) included in the executable file  (label 506 is in contract 502)), (Par. (0037) “a storage contract containing registry data,”; metadata repository (registry data of registry system) stored in the executable file (contract)), (Figure 5 labels 502 and 506; metadata repository (data storage) stored in executable file (contract))
or an off-chain metadata repository, wherein an address of an interface for accessing the off-chain metadata repository is included in the executable file; 
responsive to receiving a call of the at least one function, determine whether the at least one function is access-controlled; ((Par. (0037) “The program code, when executed by the computing device, causes the computing device to execute the permissions contract to facilitate a determination that a given user is permitted to make a given type of modification to the registry data in the storage contract”; responsive to receiving the call of the function (program code when executed) determine whether the function is access controlled (a determination that a given user is permitted)), (Par. (0073) “The program code may be further executed [..] to call the permissions contract in order to facilitate a determination of whether the given user is permitted to make the requested modification. The program code may be further executed by the computing device to call the regulations contract in order to facilitate a determination of whether the requirements, if any, have been fulfilled”; receiving a call of the function (to call the permission/regulation contracts) determine whether the function is access-controlled (determination of whether the given user is permitted))
when the at least one function is access-controlled, determine whether a user associated with the function call is authorized to call the at least one function; (Par. (0059-0062) “User A” is permitted to read registry data, but not manipulate registry data; [0060] “User B” is permitted to read and manipulate registry data  [..] permissions contract contains program code associated with the user permissions. In one implementation, the program code may contain instructions for determining [..] whether a given user is permitted to access or modify certain registry data. [..] he program code may be executed by a computing device (e.g., node 201) to receive an indication of a given user (e.g., “User A”) and a given request to access or modify certain registry data. The program code may be further executed by the computing device to make a determination, based on the user permissions, whether the given user is permitted to access or modify the registry data in accordance with the request. Other functions”; when the function is access controlled (program code associated with permissions) determine whether a user associated with a function call is authorized (determination whether a given user is permitted to access or modify data/ User A is permitted))
when the user is authorized: (Par. (0059-0060) ““User A” is permitted to read registry data, but not manipulate registry data; [0060] “User B” is permitted to read and manipulate registry data”; when a user is authorized (User A is permitted))
route the state-modifying transaction to the record of transactions for modifying the state of the metadata repository; ((Par. (0007) “the application server may further validate the client's permissions, and if permitted, transmit the requested transaction to the database server.”; route the transaction to the record of transaction (transmit the [..] transaction to the database)), (Par. (0051-0052) “may publish transaction destined for the distributed ledger [.] the nodes are able to receive publications of transactions [..] add those transactions to the relevant distributed ledger.”; route the transaction to the record of transaction (publish transaction to ledger/ receive transactions to be added to distributed ledger)), (Examiner notes: In the instant application the specification on Par. (0033) the routing of the transaction is referring to the transaction information being sent to the blockchain ledger. Therefore it will be broadly and reasonable interpreted as such))
use metadata stored in the metadata repository to enforce access control logic in the application. ((Par. (0058-0061) “  the permissions contract may serve to validate users and requests to access or modify the registry data. To that end, the permissions contract includes program code associated with user permissions for modifying the registry data. In one implementation, user permissions may take the form of a list of users and an associated list of access permissions of those users [..] user permissions may be specified at varying levels of granularity with respect to the registry data. For instance, the user permissions may specify that certain users have one set of permissions for certain types of registry data, yet have other, perhaps different, permissions for other types of registry data”; use metadata stored in the metadata repository  to enforce (registry data from the registry used to determine user permission based on type of registry data) , access control logic in the application (permission contract with program code corresponding to list of users and list of access permission for those users))
However Barski does not explicitly teach based at least on determining whether the function is associated with a function access control rule; based at least on determining whether the function access control rule specifies the user as being authorized to call the function; assemble a state-modifying transaction based on information included in the function call; and generate an application based on the executable file; and
Wherein Chan teaches assemble a state-modifying transaction based on information included in the function call; and ((Par. (0064-0066) “a blockchain to implement a function. The blockchain is used to provide a record of the execution of the function and/or a result of its result. A function can be a subroutine or procedure (i.e. a process or portion of logic) which is applied to a set of inputs   [..] to construct a blockchain transaction which acts as a function, where the transaction output(s) are conditional or dependent on the information embedded in the transaction input(s) [..]  he Function Input(s) can be locked in, before applying the Function logic and updating the Function Output(“; assemble a transaction (construct a blockchain transaction) based on information included in the function call (which acts as a function/ sets of inputs or function inputs that result in applying function logic))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Chan within the teachings of Barski to include assembling the transaction based on information included in the function call because of the analogous concept of verification of program or source code using a blockchain network. Chan includes a process of assembling or constructing a blockchain transaction based on information such as inputs included in the function logic or function call. This is important because by putting together a transaction based on the specific function call it allows the user the ability to have access control such as read/ write calls on the application and prevents any random entity from being able to call a function that modifies or changes the state of the  blockchain transaction. This proves importance in the software development cycle as indication of which transaction corresponds to which function call and in return allows the system to detect early on the permitted users that can update, makes changes, rights to deploy or have access to the application based on the function calls. By assembling the transaction based on information that includes the function calls it provides a monitoring or governance to software applications for institutions such as financial banks, government agency and medical providers that have confidential or sensitive information and want to regulate access based on specific function call included in the transaction. This further enhances the blockchain network in regards to access controls and assures user that high credibility and trust is established with each transaction for a multitude of users.
However Barski and Chan do not explicitly teach based at least on determining whether the function is associated with a function access control rule; based at least on determining whether the function access control rule specifies the user as being authorized to call the function generate an application based on the executable file; and
Wherein Krishnan teaches based at least on determining whether the function is associated with a function access control rule; (Par. (0063) “First, the function checks assigned_users set to find if there is a role with the requested permission that is authorized for the user. If there is no such role, it returns false as activation failure. If roles are present and could be activated within the session risk_threshold, it asks the user to select a role”; determining where the function is associated with a function access control rule ( checking the function is assigned to a role of the user based on permissions))
based at least on determining whether the function access control rule specifies the user as being authorized to call the function (Par. (0061) “a user can invoke this function to access a permission. Note that, this is the first step of the flowchart shown in FIG. 3. This function takes a access request of the user in a session and calls CheckAccess to verify if the necessary role is activated in that session. If CheckAccess returns true it allows the user request and deny otherwise.”; based on determining wther the function access control rule specifies the user as being authorized ( user can invoke function based on permission after a request is verified)), (Par. (0037) “which is the set of currently activated roles in session s. If so, the system returns otherwise, it checks the assigned_roles set that contains all roles authorized for u. The request is simply denied if role r is not present in assigned_roles..sup.3 Otherwise, the system compares if addition of r increases present risk of the session beyond the risk threshold. If not, the activation is allowed”; determining whether the function access control rules specifies (checks if the assign roles are authorized)), (Par. (0059) “it also contains administrative functions to create and maintain elements and system functions for session activity management. In the following, note that a regular user can only call the CreateSession and PerformTask functions. All the other functions are administrative/system functions. In the function parameter, NAME is an abstract data type whose elements represent identifiers of various entities in the RBAC system”; authorized to call the function (regular users can only call [..] functions))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Krishnan within the teachings of Barski and Chan to include determining whether the function is associated with a function access control rule and determining whether the function access control rule specifies the user as being authorized to call the function because of the analogous concept of access control based rules applied to logic, functions or source code applications for secure protection. Krishnan includes a process of determining whether the function that is to be called is associated with a access control rule. This is significant because in private sector business, educational institution, medical facilities or government agencies classified or personal information must be allocated and signed rules by the admin without giving unwarranted access to customers or clients. By also determining which user is authorized to call the function clarity and distinct structure is created only allowing the user with the specific permission or rule to be able to call the function. This eliminates errors such as overwriting code or logic by users and conflict with admins in charge allocating access rights. This provides assurances to users that their data would not be compromised altered or affect because of the identifying or checking factor of the accurate permission of rule to the specified user. 
However Barski, Chan and Krishnan do not explicitly teach generate an application based on the executable file; and 
Wherein Chapman teaches generate an application based on the executable file; and ((Par. (0006) “the application server may generate a smart contract block (or code block) including references to the addresses of the smart contracts”; generate an application based on the executable file (application server generating code block that is associated with smart contract)), (Par. (0043) “the application server may provide an interactive web application for a user [..] a plurality of contract components and document components.”; generate an application (provide an interactive web application) based on an executable file (corresponding to contract))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Chapman within the teachings of Barski, Chan and Krishnan for the reasons discussed in dependent claim 7 stated above.



Claims 8 and 17, is/are rejected under 35 U.S.C. 103 as being unpatentable over Barski et al. (U.S Pub. No. 20190065593, hereinafter referred to as “Barski”), Chan et al. (U.S Pub. No. 20210194697, hereinafter referred to as “Chan”) Krishnan et al. (U.S Pub. No. 20200076818, hereinafter referred to as “Krishnan”) and Chapman et al. (U.S Pub. No. 20180227116, hereinafter referred to as “Chapman”) in further view of Nadig et al. (U.S Pub. No. 20180121026, hereinafter referred to as “Nadig”)

Regarding Dependent Claim 8 (Original), the combination of Barski, Chan and Krishnan teach the system of claim 1, Barski further teaches store the one or more user roles with one or more addresses of users associated with the one or more user roles in the metadata repository; and (Par. (0079) “data storage 516 may contain a list of user permissions. Program code 514 may contain instructions executable by a computing device (e.g., computing device 201) to carry out the functions associated with the permissions contract described above”; store the one or more user roles (data storage contains a list of user permissions) with one or more user roles in the metadata repository (permissions in data storage)), (Par.  (0031) “This data storage location may contain the addresses of the one or more permissions contracts and the addresses of the one or more rules contracts.”; one or more user roles with one or more addresses (addresses corresponding to permissions and one or more rules that is stored in the repository (data storage)))
However Barski, Chan and Krishnan do not explicitly teach the system of claim 7, wherein generating the application further comprises: receiving configuration metadata for the application, wherein the configuration metadata defines one or more user roles associated with an authorization to interact with the application; generate code for the application including a reference to call the metadata repository for enforcing access control associated with the one or more user roles.
Wherein Chapman teaches the system of claim 7, wherein generating the application further comprises: Par. (0006) “the application server may generate a smart contract block (or code block) including references to the addresses of the smart contracts”; generate an application based on the executable file (application server generating code block that is associated with smart contract)), (Par. (0043) “the application server may provide an interactive web application for a user [..] a plurality of contract components and document components.”; generate an application (provide an interactive web application) based on an executable file (corresponding to contract))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Chapman within the teachings of Barski, Chan and Krishnan to include generating an application based on an executable file because of the analogous concept of blockchain technologies and the verification of application. Chapman includes a process in which an application is generated that is based on the executable file. This is important because by basing the application on the smart contract it links and allows the software to adhere to the rules and policies of the contract and protects the application from risk or harm. This proves important in the software development lifecycle by corresponding the set of rules and permission in the contract to correlate to the application that is created., This provides a detection mechanism for users in government agencies, private institution, legal firms, financial brokerages and more because specific roles of users such as workers in those institution would be defined and differentiate from administrators of high access individuals. By creating software that includes a set of rules based on the smart contract it further enhances application used by multiple entities and prevents unauthorized read/write access not users that don’t correspond to the rules of the contract. This maintains the integrity as a whole in the system and promotes high credibility to access control logic. 
However Barski, Chan, Krishnan and Chapman do not explicitly teach receiving configuration metadata for the application, wherein the configuration metadata defines one or more user roles associated with an authorization to interact with the application; generate code for the application including a reference to call the metadata repository for enforcing access control associated with the one or more user roles.
Wherein Nadig teaches receiving configuration metadata for the application, wherein the configuration metadata defines one or more user roles associated with an authorization to interact with the application; (Par. (0007) “receiving a response to the API request including a variation metamodel associated with the context information; parsing the response to identify a property included in the variation schema and metadata associated with the property;”; receiving configuration metadata (receiving API request and metadata)), (Par. (0018) “metamodel defines content items of an entity type using metadata describing rules for processing the content items.”; metadata defines one or more user roles (metadata associated with rules))
(Par. (0045) “the metadata associated with a property can be considered a set of rules dictating whether the property is editable,”; metadata defines one or more user roles (metadata associated with a set of rules on editing))
generate code for the application including a reference to call the metadata repository for enforcing access control associated with the one or more user roles. (Par. (0005) “to generate application source code to support a workflow according to the operational requirements for the new variation of the workflow. Generating new application source code I”; generating code for the application (generating application source code)), (Par. (0016) “Application programming interfaces (APIs) [..] an use to build software applications using features provided by a software system. These features may include, [..] an API function call to write data to a data repository, the API service can receive unformatted data from a user and verify the data against rules in the source code associated with a particular version of a workflow”; including a reference to call the metadata repository ( API function call to a data repository) for enforcing access control associated with one or more user roles (verify data against rules in the source code))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Nadig within the teachings of Barski, Chan, Krishnan and Chapman to include receiving configuration metadata, in which the metadata defines one or more user roles associated with an authorization to interact with the application and generate code for the application that includes a reference to a call to the repository for enforcing access control logic with one or more user roles because of the analogous concept of verifying access and permission rights of software applications. Nadig includes a process in which configuration metadata that represents  one or more user roles is received and the generation of code for the application is performed that includes a reference to a call to the repository for enforcing access control logic with one or more user roles. This is significant because by creating program code that is tied or linked with a reference to a function call, logic, or command it provides clarity to users in the software development stages as well as entities utilizing the application that the code generated is based off certain roles, permission and rules. By receiving metadata that corresponds to the function or code of the application and thereby linking the code to specific roles users in government agencies, private-sector companies, medical, financial or legal institutions have a means for protecting confidential information and only allowing users with specific roles or access to view software based on these roles. This separates the administrators or management for these institutions using program code from the workers or other users with less privileges or access. This in returns prevents the overwriting, or unauthorized read access privileges from illegitimate or invalid users and provides a sense of control for users with concerns of the distribution of access rights. 


Regarding Dependent Claim 17 (Original), claim 17 recites similar limitations to dependent claim 8 and the teachings of Barski, Chan, Krishnan Chapman and Nadig address all the limitations discussed in dependent claim 8 and are thereby rejected under the same grounds. 


Claims 9 and 18, is/are rejected under 35 U.S.C. 103 as being unpatentable over Barski et al. (U.S Pub. No. 20190065593, hereinafter referred to as “Barski”), Chan et al. (U.S Pub. No. 20210194697, hereinafter referred to as “Chan”) Krishnan et al. (U.S Pub. No. 20200076818, hereinafter referred to as “Krishnan”) and Chapman et al. (U.S Pub. No. 20180227116, hereinafter referred to as “Chapman”) in further view of Hedge et al. (U.S Pub. No. 20200412768, hereinafter referred to as “Hedge”)


Regarding Dependent Claim 9 (Currently Amended), the combination of Barski, Chan and Krishnan teach the system of claim 1, Barski further teaches the system of claim 7, wherein the system is further configured to: 
responsive to receiving a call in the application associated with a state-modifying transaction to the record of transactions: ((Par. (0037) “The program code, when executed by the computing device, causes the computing device to execute the permissions contract to facilitate a determination that a given user is permitted to make a given type of modification to the registry data in the storage contract”; responsive to receiving the call of the function (program code when executed)), (Par. (0024-0025) “makes a change to the virtual machine (e.g., moves cryptocurrency from one account to another account, or reads data from or writes data to storage (e.g., data storage 354) dedicated to the contract). After this change, the virtual machine exists in a new state. And it is this virtual machine state that is recorded in the blockchain   [..] block 301 contains a list of certain transactions 313, which may include transfers of cryptocurrency from one account to another and/or calls to various contracts. The state of the virtual machine after all transactions are executed (including cryptocurrency transfers and contract code executions) is set forth in state 315.”; receiving a call of a function (transfer of calls to various contracts) associated with a state-modifying transaction ( changes to the virtual machine to a new state corresponding to a list of transaction))
the state-modifying transaction (Par. (0022-0024) “Each block also includes transactions, 313, 323, and 333, account lists 314, 324, 334 and the current state of the virtual machine 315, 325, and 335. [..] executes and makes a change to the virtual machine (e.g., moves cryptocurrency from one account to another account, or reads data from or writes data to storage (e.g., data storage 354) dedicated to the contract). After this change, the virtual machine exists in a new state. And it is this virtual machine state that is recorded in the blockchain.”; state-modifying transaction (block/ transaction with current state of Virtual machine that is changed into a new state))
route the state-modifying transaction to the record of transactions. (Par. (0007) “the application server may further validate the client's permissions, and if permitted, transmit the requested transaction to the database server.”; route the transaction to the record of transaction (transmit the [..] transaction to the database)), (Par. (0051-0052) “may publish transaction destined for the distributed ledger [.] the nodes are able to receive publications of transactions [..] add those transactions to the relevant distributed ledger.”; route the transaction to the record of transaction (publish transaction to ledger/ receive transactions to be added to distributed ledger)), (Examiner notes: In the instant application the specification on Par. (0033) the routing of the transaction is referring to the transaction information being sent to the blockchain ledger. Therefore it will be broadly and reasonable interpreted as such))
However Barski, Chan, Krishnan and Chapman do not explicitly teach make a call to the metadata repository for determining whether an address associated with a requestor of …. matches the address of a user associated with the one or more user roles; and when the address associated with the requestor matches the address of a user associated with the one or more user roles.
Wherein Hedge teaches make a call to the metadata repository for determining whether an address associated with a requestor of …. matches the address of a user associated with the one or more user roles; and (Par. (0026) “a requesting entity generating access requests, which can include requests to read or write data to storage units in the DSN.”; make a call to the metadata repository (requests to read or write data to the storage)), (Par. (0067) “Determining whether the set of required conditions is met can include determining corresponding attributes of the request [..] and/or requesting entity, [..] these attributes can be compared to the corresponding custom policy parameters such as the specific IP address or range of IP addresses to which access is granted, the one or more specific user-agents to which access is granted, one or more HMACs, tokens, and/or usernames to which access is granted, the one or more object types to which access is granted, the one or more object names to which access is granted, the one or more object name prefixes to which access is granted, the one or more access request types to which access is granted,”; determining whether an address associated with a requestor (determining the set of required conditions is met with attributes of requesting entity (attributes with address and names of requesting entity) matches the address of a user associated with the one or more user roles (attributes can be compared to the IP address of the one or more specific user-agents to which access is granted))
when the address associated with the requestor matches the address of a user associated with the one or more user roles, (Par. (0068) “The method can proceed to step 951, which includes determining whether the extracted policy parameters indicate a required IP address range and/or indicate any IP address requirements. If so, the method proceeds to step 952, which includes determining whether the IP address of the requesting entity 910 from which the request message was received is in the corresponding IP address range indicated in the policy parameters. This can include determining an X-Forwarded-For within and/or associated with the request message, and determining if the corresponding IP address meets the IP address requirements of the policy parameters”; when the address associated with the requestor matches the address of a user associated with one or more rules (determining the address of the requesting entity corresponding to the policy parameter)
(Par. (0069) “agents allowed to access the one or more objects of the pre-signed URL. If so, the method proceeds to step 954, which includes determining whether a user-agent associated with the request message matches and/or compares favorably to the user-agent policy.”; matches the address of a user associated with the one or more user roles (user-agents with policy matches request message with attributes of addresses, names, etc.))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Hedge within the teachings of Barski, Chan, Krishnan and Chapman to include making a call to the repository to determine the address of the requestor matches the address of the user associated with the roles because of the analogous concept of allocating access rights associated with source code of applications. Hedge includes a process in which a call command or request is made to the repository to determine the address of a requestor matches the address of a user associated with one or more roles. This is significant because it prevents the system from giving unwarranted or unauthorized access to entities in the system or outside because the rightful roles, permissions and privileges would be checked or identified ahead of time based on an address, name, location or identifiable information already stored. This securely protects the system from possible forgery or compromise because in government agencies, legal firms, software development or private sector institutions databases with user or employee information can be matched to entities with the correct set of roles. This separates the managers or high clearances users from individuals with lesser roles or permission. This leads to data being viewed, modified edited or accessed by the right or valid users and prevents data errors in the system because of the assigned roles that are matched.



Regarding Dependent Claim 18 (Currently Amended) claim 18 recites similar limitations to dependent claim 9 and the teachings of Barski, Chan, Krishnan, Chapman and Hedge address all the limitations discussed in dependent claim 9 and are thereby rejected under the same grounds. 


Claim 11, is/are rejected under 35 U.S.C. 103 as being unpatentable over Barski et al. (U.S Pub. No. 20190065593, hereinafter referred to as “Barski”), Chan et al. (U.S Pub. No. 20210194697, hereinafter referred to as “Chan”), Krishnan et al. (U.S Pub. No. 20200076818, hereinafter referred to as “Krishnan”) Chapman et al. (U.S Pub. No. 20180227116, hereinafter referred to as “Chapman”) and Thekadath et al. (U.S Pub. No. 20200379979, hereinafter referred to as “Thekadath”) in further view of Chee et al. (U.S Pub. No. 20200204345, hereinafter referred to as “Chee”)

	Regarding Dependent Claim 11 (Currently Amended), the combination of Barski, Chan and Krishnan teach the system of claim 1, Barski further teaches the system of claim 10, further comprising a replicator, wherein the system is further configured to: (Par. (0099 “the nodes (e.g., nodes 201, 202, and/or 203) validating the transactions and generating the Ethereum blockchain to execute the storage contract. In accordance with the examples described above, the storage contract calls and therefore causes the permissions contract to be executed”; a replicator (nodes corresponding to the validation of transactions and storage contract that contain program code))
receive an indication of a request from a user in the consortium for source code of the application, wherein: (Par. (0068) “to receive an indication of a given request to modify certain registry data. The program code may be further executed”; receive an indication of a request (receive an indication of a given request) for source code of the application (modify certain registry data)), (Par. (0073) “the storage contract may also contain program code that facilitates [..] the registry data”; source code of the application ( program code corresponding to registry data))
the source code is stored in an off-chain storage, and (Par. (0093-0094) “the legacy data can be stored in an off-ledger, yet still publicly-accessible location, such as in a cloud- or Internet-based data storage location. As used herein, data stored in the distributed ledger registry system is referred to as “on-ledger” data. Data stored outside the distributed ledger registry system, such as data stored in cloud storage or elsewhere, is referred to as “off-ledger” data. These legacy records are organized into a Merkle tree, and the Merkle root is stored in the storage contract of the distributed ledger registry system. [..] the portions of the legacy data into data that is stored in the storage contract”; source code (legacy data corresponding to storage contract) is stored in an off-chain storage (stored in an off-ledger)), (Par. (0074) “the storage contract 502 contains program code 504”; storage contract associated with legacy data contains program code)) (Examiner Notes: In the instant application the specification does not provide a clear example or definition of what the replicator represents, the specification only states on Par. (0041) that replicator 224 of the drawings of Figure 2 represents or is configured to provide increase security and enable verification of source code. Therefore it will be broadly and reasonably interpreted that a replicator is an entity, module or component corresponding to the validation or verification of source code. Examiner suggest amending the claim to give a clear example of definition of what the replicator is to further enhance the scope of the claim))
	However Barski, Chan, Krishnan and Chapman do not explicitly teach store an address of the replicator in the metadata repository; the request is directed to the address of the replicator; use the replicator to access the source code; and provide the source code to the user for enabling verification of the source code by the user.
	Wherein Thekadath teaches store an address of the replicator in the metadata repository; (Par. (0074) “The identifier database 165C can store information about the first node computer's identifiers, such as an address identifier and one or more class identifiers.”; store an address of the replicator (store information about the first node such as an address)) in a metadata repository (database))
 the request is directed to the address of the replicator; (Par. (0078) “request message including information about the first node, such as an address,”; request directed to the address (request corresponding information about a first node such as an address))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Thekadath within the teachings of Barski, Chan, Krishnan and Chapman to include the storing of an address of the replicator in the repository and request being directed to an address of the replicator because of the analogous concept of blockchain technologies and the verification of software applications. Thekadath includes a process in which the storage of an address, name, title, location of a replicator is stored inside a repository and the request being directed towards an address of the replicator. This is important because by utilizing a replicator that is responsible for verifying code or software the system is protected from tampering, compromise of modification of any application. By further linking the address, name or identifiable information corresponding to the replicator entity the system has a detection component to be able to identify the rightful and valid entity that is to verify the appropriate software. This prevents mishandling of the software and links the request to reach the appropriate entity based on the correct address. This assures users in government agencies, financial institutions and software development companies that the application are being communicated to the rightful and valid entity based on the address stored.
However Barski, Chan, Krishnan Chapman and Thekadath do not explicitly teach use the replicator to access the source code; and provide the source code to the user for enabling verification of the source code by the user.
Wherein Chee teaches 50Attorney Docket No.: 14917.3826US01 11407271-US-NP use the replicator to access the source code; and (Par. (0073) “FIG. 6D illustrates a common interface for accessing logic and data of a blockchain, according to example embodiments. Referring to the example of FIG. 6D, an application programming interface (API) gateway 662 provides a common interface for accessing blockchain logic (e.g., smart contract 630 or other chaincode) and data (e.g., distributed ledger, etc.) In this example, the API gateway 662 is a common interface for performing transactions (invoke, queries, etc.) on the blockchain by connecting one or more entities 652 and 656 to a blockchain peer”; use the replicator (one or more entities 652 and 656) to access the source code (accessing blockchain logic (e.g. [..] chaincode)), (Par. (0063) “chaincode may be made available in source code form.”; chaincode corresponding to source code))
provide the source code to the user for enabling verification of the source code by the user. (Par. (0085) “the transaction data stored within block data 734 may include one or more of a type of the transaction, a version, a timestamp (e.g., final calculated timestamp, etc.), a channel ID of the distributed ledger 720, a transaction ID, an epoch, a payload visibility, a chaincode path (deploy tx), a chaincode name, a chaincode version, input (chaincode and functions),”; transaction includes chaincode and functions)), (Par. (0027) “When a client sends the transaction to the peers specified in the endorsement policy, the transaction is executed to validate the transaction. After validation, the transactions enter an ordering phase in which a consensus protocol”; provide the source code to the requesting user (sends the transaction with chaincode and functions to peers)), (Par. (0048) “initiate the transaction 291 by constructing and sending a request to the peer node 281”; to the requesting user (request corresponding to peer node)), (Par. (0065) “   [..] the verification can be done independently and in a transparent manner, application source code will be provided”; provide the source code [..] for enabling verification of the source code (verification corresponding to application source code that is provided)), (Par. (0047) “endorsing peer 281 may verify [..]  a trust anchor chaincode function to initiate the transaction. The output may include the chaincode results, a set of key/value versions that were read in the chaincode (read set), and the set of keys/values that were written in chaincode (write set).”; verification of the source code by the user (endorsing peer verifies chaincode))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Chee within the teachings of Barski, Chan, Krishnan, Chapman and Thekadath to include using a replicator to access the source code and provide the source code to the requesting user for verification of the source code because of the analogous concept of verifying application software using blockchain technologies. Chee includes a process in which the replicator access the source code, this is important because by having an entity or component responsible for checking the source code before it is deployed are sent back to the user in communication it prevents the system from malware, possible vulnerabilities and unwarranted modification or tampering. By then providing the source code back to the requesting user it ensures the contents of the code with specific commands and instructions are verified and checked. This proves importance with companies and agencies with concerns of access control and distributing the wrong read/write or access privileges to certain users. By verifying or having access to the source code before the functions/ code are sent back to the requesting user it provides a regulation and system of checks to identify within the code which roles and permissions are assigned to which users corresponding to the application. This proves vital in the request and communication for sensitive or confidential information that should only be viewed or modified to users, admins or entities with high roles or privileges to prevent overwriting or editing source code and pertinent data. 


Claim 12, is/are rejected under 35 U.S.C. 103 as being unpatentable over Barski et al. (U.S Pub. No. 20190065593, hereinafter referred to as “Barski”), Chan et al. (U.S Pub. No. 20210194697, hereinafter referred to as “Chan”), Krishnan et al. (U.S Pub. No. 20200076818, hereinafter referred to as “Krishnan”), Chapman et al. (U.S Pub. No. 20180227116, hereinafter referred to as “Chapman”), Thekadath et al. (U.S Pub. No. 20200379979, hereinafter referred to as “Thekadath”) and Chee et al. (U.S Pub. No. 20200204345, hereinafter referred to as “Chee”) in further view of Magill et al. (U.S Pub. No. 20180046571, hereinafter referred to as “Magill”)

Regarding Dependent Claim 12 (Currently Amended), the combination of Barski, Chan and Krishnan teach the system of claim 1, Barski further teaches the system of claim 11, wherein the replicator is further configured to: (Par. (0099 “the nodes (e.g., nodes 201, 202, and/or 203) validating the transactions and generating the Ethereum blockchain to execute the storage contract. In accordance with the examples described above, the storage contract calls and therefore causes the permissions contract to be executed”; a replicator (nodes corresponding to the validation of transactions and storage contract that contain program code))
replicate the source code; (Par. (0024) “a copy of the program code”; replicate the source code (copy of the program code))
store the replica of the source code in the off-chain storage; and (Par. (0024) “by sending a copy of the program code into the distributed ledger,”; store the replica of the source code (copy of program code sent to distributed ledger)), (Par. (0093) “data can be stored in an off-ledger, yet still publicly-accessible location, such as in a cloud- or Internet-based data storage location. As used herein, data stored in the distributed ledger registry system is referred to as “on-ledger” data. Data stored outside the distributed ledger registry system, such as data stored in cloud storage or elsewhere, is referred to as “off-ledger” data.”; in an off-chain storage ( data stored on distributed ledger corresponding to on-ledger and off-ledger))
another user in the consortium (Par. (0012-0013) “a supply chain management system, usable for instance, by a drug manufacturer for managing the ingredients of a given manufactured medication; a protocol management system, usable for instance, by a medical provider to manage the protocols for care administered to patients; a data conditioning system, usable for instance, by an organization that endeavors to collect and curate data for use in machine learning applications; among other examples. [..] to a government registry system; but those of skill in the art should understand that the present disclosure is applicable to any or all of the foregoing examples”; another user in consortium (organizations such as government registry, medical provider, supply chain etc. [..] applicable to all of the examples))
the other user in the consortium (Par. (0012-0013) “a supply chain management system, usable for instance, by a drug manufacturer for managing the ingredients of a given manufactured medication; a protocol management system, usable for instance, by a medical provider to manage the protocols for care administered to patients; a data conditioning system, usable for instance, by an organization that endeavors to collect and curate data for use in machine learning applications; among other examples. [..] to a government registry system; but those of skill in the art should understand that the present disclosure is applicable to any or all of the foregoing examples”; another user in consortium (organizations such as government registry, medical provider, supply chain etc. [..] applicable to all of the examples))(Examiner Notes: In the instant application the specification does not provide a clear example or definition of what the replicator represents, the specification only states on Par. (0041) that replicator 224 of the drawings of Figure 2 represents or is configured to provide increase security and enable verification of source code. Therefore it will be broadly and reasonably interpreted that a replicator is an entity, module or component corresponding to the validation or verification of source code. Examiner suggest amending the claim to give a clear example of definition of what the replicator is to further enhance the scope of the claim))
However Barski, Chan, Krishnan and Chapman do not explicitly teach receive, …….. source code of another application configured to interface the record of transactions; add an address of the replicator to the metadata repository for enabling …… to access and verify the source code of the application.
Wherein Thekadath teaches add an address of the replicator to the metadata repository ((Par. (0074) “The identifier database 165C can store information about the first node computer's identifiers, such as an address identifier and one or more class identifiers.”; add an address of the replicator (store information about the first node such as an address)) in a metadata repository (database))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Thekadath within the teachings of Barski, Chan, Krishnan and Chapman to include the storing of an address of the replicator in the repository because of the analogous concept of blockchain technologies and the verification of software applications. Thekadath includes a process the adding of an address, name, title, location of a replicator is stored inside a repository. This is important because by utilizing a replicator that is responsible for verifying code or software the system is protected from tampering, compromise of modification of any application. By further linking the address, name or identifiable information corresponding to the replicator entity the system has a detection component to be able to identify the rightful and valid entity that is to verify the appropriate software. This prevents mishandling of the software and links the request to reach the appropriate entity based on the correct address. This assures users in government agencies, financial institutions and software development companies that the application are being communicated to the rightful and valid entity based on the address stored.
However Barski, Chan, Krishnan Chapman and Thekadath do not explicitly teach receive, …….. source code of another application configured to interface the record of transactions; for enabling …… to access and verify the source code of the application.
Wherein Chee teaches for enabling …… to access and verify the source code of the application. (Par. (0073) “FIG. 6D illustrates a common interface for accessing logic and data of a blockchain, according to example embodiments. Referring to the example of FIG. 6D, an application programming interface (API) gateway 662 provides a common interface for accessing blockchain logic (e.g., smart contract 630 or other chaincode) and data (e.g., distributed ledger, etc.) In this example, the API gateway 662 is a common interface for performing transactions (invoke, queries, etc.) on the blockchain by connecting one or more entities 652 and 656 to a blockchain peer”; for enabling to access the source code (accessing blockchain logic (e.g. [..] chaincode)), (Par. (0063) “chaincode may be made available in source code form.”; chaincode corresponding to source code)), (Par. (0085) “the transaction data stored within block data 734 may include one or more of a type of the transaction, a version, a timestamp (e.g., final calculated timestamp, etc.), a channel ID of the distributed ledger 720, a transaction ID, an epoch, a payload visibility, a chaincode path (deploy tx), a chaincode name, a chaincode version, input (chaincode and functions),”; transaction includes chaincode and functions)) (Par. (0065) “the verification can be done independently and in a transparent manner, application source code will be provided”; provide the source code [..] for enabling to verify the source code (verification corresponding to application source code that is provided)), (Par. (0047) “endorsing peer 281 may verify [..]  a trust anchor chaincode function to initiate the transaction. The output may include the chaincode results, a set of key/value versions that were read in the chaincode (read set), and the set of keys/values that were written in chaincode (write set).”; verification of the source code by the user (endorsing peer verifies chaincode))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Chee within the teachings of Barski, Chan, Krishnan Chapman and Thekadath to include enabling access and verifying the source code because of the analogous concept of verifying application software using blockchain technologies. Chee includes a process in which enabling access and verifying the source code is performed. This is important because by having an entity or component responsible for checking the source code before it is deployed are sent back to the user in communication it prevents the system from malware, possible vulnerabilities and unwarranted modification or tampering. By then providing the source code back to the requesting user it ensures the contents of the code with specific commands and instructions are verified and checked. This proves importance with companies and agencies with concerns of access control and distributing the wrong read/write or access privileges to certain users. By verifying or having access to the source code before the functions/ code are sent back to the requesting user it provides a regulation and system of checks to identify within the code which roles and permissions are assigned to which users corresponding to the application. This proves vital in the request and communication for sensitive or confidential information that should only be viewed or modified to users, admins or entities with high roles or privileges to prevent overwriting or editing source code and pertinent data. 
However Barski, Chan, Krishnan and Chapman, Thekadath and Chee do not explicitly teach receive, …….. source code of another application configured to interface the record of transactions;
Wherein Magill teaches receive, …….. source code of another application configured to interface the record of transactions; (Par. (0004) “the plurality of modified source code files and the plurality of executable software units. Degrees of functional interaction between portions of modified source code files corresponding to the obtained change history records and portions of a source code file corresponding to the symptomatic executable software unit are then determined.”; receive source code of another application ( obtained source code of a plurality of source code files of a plurality of software units)), (Par. (0045) “application programs 740 can include code used to [..] display user interfaces for carrying out queries, updates, etc., of the binary change records”; application configured to interface record of transactions (programs corresponding to displaying/ interfacing records))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Magill within the teachings of Barski, Chan, Krishnan Chapman, Thekadath and Chee to include receiving source code of another application that is configured to interface the record of a transaction because of the analogous concept of verifying source codes of applications to a multitude of users in a system. Magill includes a process in which source code of another application is received corresponding to the interface of records. This is important because it provides flexibility and innovation in the system to be able to accept source code from different applications. This serves high significance in software developers and companies that can compare source code from one application received with other to identify possible malware or vulnerabilities. By receiving another application with source code it allows users to be able to distinguish the access rights of one source of source code from one application in contrast with another application source code. This creates identifiable differences as to which users have upgraded/updated, have rights to deploy, read/write access and so forth between different source codes received. This further enhances the verification and distribution of access rights based on source codes in the system and allows the comparison to detect state-changes or modification from application to application.  

Claim 19, is/are rejected under 35 U.S.C. 103 as being unpatentable over Barski et al. (U.S Pub. No. 20190065593, hereinafter referred to as “Barski”), Chan et al. (U.S Pub. No. 20210194697, hereinafter referred to as “Chan”), Krishnan et al. (U.S Pub. No. 20200076818, hereinafter referred to as “Krishnan”) Szturo  et al. (U.S Pub. No. 20200356635, hereinafter referred to as “Szturo”), Thekadath et al. (U.S Pub. No. 20200379979, hereinafter referred to as “Thekadath”) in further view of Chee et al. (U.S Pub. No. 20200204345, hereinafter referred to as “Chee”) 

	Regarding Dependent Claim 19 (Currently Amended), the combination of Barski, Chan and Krishnan teach the method of claim 13, Barski further teaches the method of claim 13, further comprising: replicating the source code; (Par. (0024) “a copy of the program code”; replicate the source code (copy of the program code))
storing the replica of the source code in an off-chain storage; and (Par. (0024) “by sending a copy of the program code into the distributed ledger,”; store the replica of the source code (copy of program code sent to distributed ledger)), (Par. (0093) “data can be stored in an off-ledger, yet still publicly-accessible location, such as in a cloud- or Internet-based data storage location. As used herein, data stored in the distributed ledger registry system is referred to as “on-ledger” data. Data stored outside the distributed ledger registry system, such as data stored in cloud storage or elsewhere, is referred to as “off-ledger” data.”; in an off-chain storage ( data stored on distributed ledger corresponding to on-ledger and off-ledger))
the off-chain storage (Par. (0093) “data can be stored in an off-ledger, yet still publicly-accessible location, such as in a cloud- or Internet-based data storage location. As used herein, data stored in the distributed ledger registry system is referred to as “on-ledger” data. Data stored outside the distributed ledger registry system, such as data stored in cloud storage or elsewhere, is referred to as “off-ledger” data.”; in an off-chain storage ( data stored on distributed ledger corresponding to on-ledger and off-ledger))
	However Barski, Chan and Krishnan do not explicitly teach sending a request to another user for source code of another application configured to interface the record of transactions; adding, to the metadata repository, an address of an interface to the ….. storage for enabling the other user to access and verify the source code of the other application.
Wherein Szturo teaches sending a request to another user for source code of another application configured to interface the record of transactions; (Par. (0004) “Receiving [..] a source code update request. [..] Evaluating the changed portion of the programming source code may be initiated when the programming source code is part of a source code update request.”; sending a request to another user for source code of another application (receiving a source code request)), (Par. (0066) “a time when the user makes a request to merge a change to the source code 306 into a master source code.”; sending a request to another user for source code (user makes a request corresponding to source code)), (Par. (0078) “a translation associated with a branched source code may be triggered when the user submits a request”; sending a request for source code (submits a request corresponding to source code)), (Par. (0040) “the commerce management engine 136 may post a request, such as to a predefined callback URL. The body of this request may contain a new state of the object and a description of the action or event.”; sending a request to another user for source code (post a request that contains object, action)), (Par. (0026) “The administrator 114 may also include interfaces for managing applications (Apps) installed on the merchant's account; settings applied to a merchant's online store 138 and account”; another application (managing applications)), (Par. (0017) “‘merchants’ and ‘customers’, and describes their roles as such, the e-commerce platform 100 should be understood to more generally support users in an e-commerce environment”; another user (merchants and customers corresponding to users)), (Par. (0036) “applications 142A-B may deliver functionality to a merchant through the interface 140A-B, such as where an application 142A-B is able to surface transaction data to a merchant (e.g., App: “Engine, surface my app data in mobile and web admin using the embedded app SDK”; application configured to interface the record of transactions (applications interface to surface transactions))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Szturo within the teachings of Barski and Chan to include sending a request to another user for source code of another application because of the analogous concept of verifying source codes of applications corresponding to transaction conducted by multiple users in a system. Szturo includes a process in which sending a request to another user for source code of another application. This is important because it provides flexibility and innovation in the system to be able to accept source code from different applications. This serves high significance in software developers and companies that can compare source code from one application received with other to identify possible malware or vulnerabilities. By receiving another application with source code it allows users to be able to distinguish the access rights of one source of source code from one application in contrast with another application source code. This creates identifiable differences as to which users have upgraded/updated, have rights to deploy, read/write access and so forth between different source codes received. This further enhances the verification and distribution of access rights based on source codes in the system and allows the comparison to detect state-changes or modification from application to application.  
However Barski, Chan, Krishnan and Szturo do not explicitly teach adding, to the metadata repository, an address of an interface to the ….. storage for enabling the other user to access and verify the source code of the other application.
Wherein Thekadath teaches adding, to the metadata repository, an address of an interface to the ….. storage (Par. (0074) “The identifier database 165C can store information about the first node computer's identifiers, such as an address identifier and one or more class identifiers.”; add an address (store information about the first node such as an address)) to the metadata repository (database))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Thekadath within the teachings of Barski, Chan, Krishnan and Szturo to include the adding of an address in the repository because of the analogous concept of blockchain technologies and the verification of software applications. Thekadath includes a process the adding of an address, name, title, inside a repository. This is important because by utilizing a replicator that is responsible for verifying code or software the system is protected from tampering, compromise of modification of any application. By further linking the address, name or identifiable information corresponding to the replicator entity the system has a detection component to be able to identify the rightful and valid entity that is to verify the appropriate software. This prevents mishandling of the software and links the request to reach the appropriate entity based on the correct address. This assures users in government agencies, financial institutions and software development companies that the application are being communicated to the rightful and valid entity based on the address stored.
However Barski, Chan, Krishnan, Szturo and Thekadath do not explicitly teach for enabling the other user to access and verify the source code of the other application.
Wherein Chee teaches for enabling the other user to access and verify the source code of the other application ((Par. (0073) “FIG. 6D illustrates a common interface for accessing logic and data of a blockchain, according to example embodiments. Referring to the example of FIG. 6D, an application programming interface (API) gateway 662 provides a common interface for accessing blockchain logic (e.g., smart contract 630 or other chaincode) and data (e.g., distributed ledger, etc.) In this example, the API gateway 662 is a common interface for performing transactions (invoke, queries, etc.) on the blockchain by connecting one or more entities 652 and 656 to a blockchain peer”; for enabling another user  authorized to access the application (one or more entities accessing blockchain logic (e.g. [..] chaincode)), (Par. (0063) “chaincode may be made available in source code form.”; chaincode corresponding to source code)), (Par. (0085) “the transaction data stored within block data 734 may include one or more of a type of the transaction, a version, a timestamp (e.g., final calculated timestamp, etc.), a channel ID of the distributed ledger 720, a transaction ID, an epoch, a payload visibility, a chaincode path (deploy tx), a chaincode name, a chaincode version, input (chaincode and functions),”; transaction includes chaincode and functions)), (Par. (0065) “the verification can be done independently and in a transparent manner, application source code will be provided”; verify the source code (verification corresponding to application source code that is provided)), (Par. (0041) “The blockchain configuration may include one or more applications 224”; of the other application (one or more applications))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Chee within the teachings of Barski, Chan, Krishnan Szturo and Thekadath to include for enabling another user authorized to access the other application to access and verify the source code of the other application. Chee includes a process in which for enabling another user authorized to access the other application to access and verify the source code of the other application is performed. This is important because by having an entity or component responsible for checking the source code before it is deployed are sent back to the user in communication it prevents the system from malware, possible vulnerabilities and unwarranted modification or tampering. By then providing the source code back to the requesting user it ensures the contents of the code with specific commands and instructions are verified and checked. This proves importance with companies and agencies with concerns of access control and distributing the wrong read/write or access privileges to certain users. By verifying or having access to the source code before the functions/ code are sent back to the requesting user it provides a regulation and system of checks to identify within the code which roles and permissions are assigned to which users corresponding to the application. This proves vital in the request and communication for sensitive or confidential information that should only be viewed or modified to users, admins or entities with high roles or privileges to prevent overwriting or editing source code and pertinent data. 

Relevant Prior Art

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

Aunger; Charles (U.S Pub. No. 20180211059) “TRUST BASED ACCESS TO RECORDS VIA ENCRYPTED PROTOCOL COMMUNICATIONS WITH AUTHENTICATION SYSTEM”. Considered this reference because it addressed a de-centralized database system that compares the address of replicators or verifiers of source code to gain access to the program

Karande; Advait D.. (U.S Pub. No. 20200201918) “SYNCHRONIZED CONTENT REPLICATION”. Considered this application because it relates to the receiving of commands, instructions or source code like contents and using a replicator to verify the code.

Huang; Enshen (U.S Pub.  No. 20220038289) “MULTI-ACCESS EDGE COMPUTING NODE WITH DISTRIBUTED LEDGER”. Considered this application because it addressed a blockchain ledger with multitudes of nodes that validate logic or codes of programs.

Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  

A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Applicants are encouraged to take advantage of the After Final Consideration Pilot 2.0 (AFCP 2.0) which authorizes non-production time for consideration of responses filed after a final rejection. The purpose of the pilot is to compact prosecution of the case. The request must include 1) A signed AFCP request form (PTO/SB/434 or equivalent) that includes a statement that applicant is requesting consideration under the AFCP; 2) An amendment to at least one independent claim that does not broaden the scope of the independent claim in any aspect; and 3) A statement that applicant is willing and available to participate in any interview initiated by the examiner concerning the present response.  In the limited amount of non-production time if the examiner’s consideration of a proper AFCP 2.0 request and response does not result in a determination that all pending claims are in condition for allowance, the examiner will request an interview with the applicant to discuss the response. For more info, please visit http://www.uspto.gov/patent/initiatives/after-final-consideration-pilot-20

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASSAN A HUSSEIN whose telephone number is (571)272-3554. The examiner can normally be reached on 7:30am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/H.A.H./Examiner, Art Unit 2497

/Jeremy S Duffield/Primary Examiner, Art Unit 2498