Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Office Action is in response to the instant Application 17/012,644 filed on 9/4/2020. Claims 1-20 are pending. This Office Action is Non-Final.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 15-20 are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.
Regarding claim 15; claims 15 is rejected under 35 U.S.C. 101 because the claims is directed to non-statutory subject matter.  Claim 15 recites a computer program product comprising “[a] computer-readable storage medium”.  Under a recent precedential opinion, the scope of the recited “computer readable storage medium” encompasses transitory media such as signals or carrier waves, where, as here the Specification does not limit the computer readable storage medium to non-transitory forms.  See Ex parte Mewherter, 107 USPQ2d 1857, 1862 (PTAB 2013) (precedential) (holding recited machine-readable storage medium ineligible under § 35 U.S.C. 101 since it encompassed transitory media).  The Examiner respectfully suggests that the claim be amended to either “A non-transitory computer-readable storage medium” or “a computer-readable storage device” to make the claim statutory under 35 USC 101; (emphasis added). 
Regarding claims 16-20; claims 16-20 are also rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter for the same reasons.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.








Claims 1, 2, 8, 9, 15 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Fallah et al. (US 2021/0218710) in view of Adams et al. (US 2015/0096020).

	As per claim 1, Fallah teaches a method for rate limiting of JavaScript functions, the method comprising: monitoring network traffic between one or more devices on a first network and a second network; receiving a data endpoint request from one of the one or more devices (Fallah, Paragraph 0079 recites “Use of tokens in this manner also enables creation of a record of requests received from a given device.” By having a record of received requests, Fallah is effectively teaching the monitoring of requests);
	 in response to the data endpoint matching one of the plurality of data endpoints on the ledger, comparing the first data endpoint request to the rate limit associated with the matching data endpoint on the ledger; determining the rate limit associated with the data endpoint for [[the javascript function]] request has been exceeded; logging [[the javascript function]] request in the ledger; and blocking [[the javascript function]] request (Fallah, Paragraph 0079 recites “The separate ledger thus provides another source of data for performing audits of device activity. Of course, denial of service attacks may be mitigated using known techniques as well.”).
	But Fallah fails to explicitly teach a javascript function and receiving a JavaScript function request from the data endpoint of the data endpoint request; comparing the JavaScript function request to a ledger, the ledger having a rate limit associated with one or more JavaScript functions for a plurality of data endpoints, the rate limit defining a threshold number of JavaScript functions requests allowed for each of the plurality of data endpoints in a period of time.
	However, in an analogous art Adams explicitly teaches a javascript function and receiving a JavaScript function request from the data endpoint of the data endpoint request; comparing the JavaScript function request to a ledger, the ledger having a rate limit associated with one or more JavaScript functions for a plurality of data endpoints, the rate limit defining a threshold number of JavaScript functions requests allowed for each of the plurality of data endpoints in a period of time (Adams, Paragraph 0012 recites “As shown in FIG. 1, a security device, acting as an intermediary between client devices and a network device that is the target of a DoS attack, may receive a large quantity of requests from the client devices. The security device may detect that the network device is the subject of a DoS attack, such as by detecting that a quantity of received requests satisfies a threshold (e.g., more than 100,000 requests per second). As further shown in FIG. 1, after the security device determines that the network device is the subject of a DoS attack, the security device may receive an additional request from a client device (e.g., intended for the network device). The security device may provide a computationally expensive problem (e.g., using code, such as HTML code, JavaScript, etc.) to the client device based on receiving the request.” Adams does not teach a ledger but is relied upon to teach the monitoring of Javascript functions in a certain time frame to determine if the requests are legitimate or an attack.).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Adams’s limiting the efficacy of a denial of service attack by increasing client resource demands with Fallah’s security management for networked client devices using a distributed ledger service because the use of limiting requests in a time frame is a good way to determine if a DDOS attack is occurring.
	As per claim 2, Fallah in combination with Adams teaches the method according to claim 1, Adams further teaches wherein blocking the javascript function request includes: returning a falsified value to the data endpoint (Adams, Paragraph 0036 recites “As further shown in FIG. 4, process 400 may include providing the computationally expensive problem to the client device (block 440), and receiving a solution to the computationally expensive problem (block 450). For example, security device 230 may provide, to client device 210, information that identifies a computationally expensive problem. The computationally expensive problem may be provided as code (e.g., a script, such as JavaScript), and the code may cause client device 210 to perform the computationally expensive problem, and/or to generate a solution to the computationally expensive problem. In some implementations, security device 230 may randomize the code and/or obfuscate the code so that the code is difficult for an attacker to detect. In this way, code provided to a first client device 210 may be different than code provided to a second client device 210 (e.g., even if the code represents the same computationally expensive problem). In some implementations, the code may include intentional errors, and the presence of such errors in the solution may be verified by security device 230 when verifying the solution.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Adams’s limiting the efficacy of a denial of service attack by increasing client resource demands with Fallah’s security management for networked client devices using a distributed ledger service because the use of limiting requests in a time frame is a good way to determine if a DDOS attack is occurring.

Regarding claims 8 and 15, claims 8 and 15 are directed to a system and a computer program product associated with the method of claim 1. Claims 8 and 15 are of similar scope to claim 1, and are therefore rejected under similar rationale.

Regarding claims 9 and 16, claims 9 and 16 are directed to a system and a computer program product associated with the method of claim 2. Claims 9 and 16 are of similar scope to claim 2, and are therefore rejected under similar rationale.


Claims 3, 4, 10, 11, 17 and 18  is/are rejected under 35 U.S.C. 103 as being unpatentable over Fallah et al. (US 2021/0218710) and Adams et al. (US 2015/0096020) and in further view of Ragnoli et al. (US 11,294,727).

	As per claim 3, Fallah in combination with Adams teaches the method according to claim 1, but fails to teach wherein the ledger is maintained in a memory by a wrapper function.
	However, in an analogous art Ragnoli teaches wherein the ledger is maintained in a memory by a wrapper function (Ragnoli, Col. 9 lines 55-64, recites “The accelerator cryptographic 426 may implement functionalities and interfaces required to add a new cryptographic module in a blockchain. For example, in an HLF system, the accelerator cryptographic 426 may include implementing blockchain crypto service provider (“BCCSP”) interfaces by using the functions exposed and implemented by a fabric wrapper module. The accelerator cryptographic 426 uses functions exported from a fabric wrapper component to implement one or more required functionalities.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Ragnoli’s Resolving Cryptographic Bottlenecks For Distributed Multi-signature Contracts Shared With Cryptographic Accelerators By Switching Between Local And Accelerator Cryptographic Libraries with Fallah’s security management for networked client devices using a distributed ledger service because the use of a wrapper grants the ability to implement one or more required functionalities. 

	As per claim 4, Fallah in combination Adams and Ragnoli with method according to claim 3, Ragnoli further teaches wherein the ledger operates using a ledger logic, the ledger logic and wrapper function being deployed on the data endpoint using a javascript file (Ragnoli, Col. 9 lines 48-54, recites “The accelerator wrappers 470 may provide a wrapper around the functions implemented in the accelerator cryptographic library 450. In a select type of accelerators, the accelerator wrappers 470 may hides the notion of C/C++ implementation and would provide the same functionalities as the accelerator crypto library in go language using cgo directives.” If implemented in C/C++, it would be an obvious variation to use Javascript).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Ragnoli’s Resolving Cryptographic Bottlenecks For Distributed Multi-signature Contracts Shared With Cryptographic Accelerators By Switching Between Local And Accelerator Cryptographic Libraries with Fallah’s security management for networked client devices using a distributed ledger service because the use of a wrapper grants the ability to implement one or more required functionalities. 

Regarding claims 10 and 17, claims 10 and 17 are directed to a system and a computer program product associated with the method of claim 3. Claims 10 and 17 are of similar scope to claim 3, and are therefore rejected under similar rationale.

Regarding claims 11 and 18, claims 11 and 18 are directed to a system and a computer program product associated with the method of claim 4. Claims 11 and 18 are of similar scope to claim 4, and are therefore rejected under similar rationale.



Claims 5, 6, 12, 13, 19 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Fallah et al. (US 2021/0218710) and Adams et al. (US 2015/0096020) and in further view of Braghin et al. (US 2021/0049281).

	As per claim 5, Fallah in combination with Adams teaches the method according to claim 1, but fails to teach assigning a risk score to the plurality of data endpoints on the ledger, the risk score correlating to a privacy risk associated with each of the plurality of data endpoints.
	However, in an analogous art Braghin teaches assigning a risk score to the plurality of data endpoints on the ledger, the risk score correlating to a privacy risk associated with each of the plurality of data endpoint (Braghin, Paragraph 0099 recites “ The operations of method 700 may provide a signature to the one or more smart contracts, assign a risk score to the one or more smart contracts according to a determined risk of the recursive call attack vulnerabilities, assign a confidence score to the one or more smart contracts indicating a degree of accuracy of the assigned risk score, assign one or more attributes to the one or more contracts accepted to the primary blockchain, and/or monitor the one or more contracts on the primary blockchain using the one or more attributes.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Braghin’s  reducing risk of smart contracts in a blockchain with Fallah’s security management for networked client devices using a distributed ledger service because this would reduce the risk of smart contracts in a blockchain 

	As per claim 6, Fallah in combination with Adams and Braghin teaches the method according to claim 5, Braghin further teaches wherein the rate limit for each of the plurality of data endpoints is based on the risk score associated with each of the plurality of data endpoints (Braghin, Paragraph 0099 recites “ The operations of method 700 may provide a signature to the one or more smart contracts, assign a risk score to the one or more smart contracts according to a determined risk of the recursive call attack vulnerabilities, assign a confidence score to the one or more smart contracts indicating a degree of accuracy of the assigned risk score, assign one or more attributes to the one or more contracts accepted to the primary blockchain, and/or monitor the one or more contracts on the primary blockchain using the one or more attributes.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Braghin’s  reducing risk of smart contracts in a blockchain with Fallah’s security management for networked client devices using a distributed ledger service because this would reduce the risk of smart contracts in a blockchain.

Regarding claims 12 and 19, claims 12 and 19 are directed to a system and a computer program product associated with the method of claim 5. Claims 12 and 19 are of similar scope to claim 5, and are therefore rejected under similar rationale.

Regarding claims 13 and 20, claims 13 and 20 are directed to a system and a computer program product associated with the method of claim 6. Claims 13 and 20 are of similar scope to claim 6, and are therefore rejected under similar rationale.

Claims 7 and 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Fallah et al. (US 2021/0218710) and Adams et al. (US 2015/0096020) and in further view of Watson et al. (US 2016/0330229).

	As per claim 7, Fallah in combination with Adams teaches the method according to claim 1, but fails to teach enabling a user to disable the rate limit for a user designated data endpoint.
	However, in an analogous art Watson teaches enabling a user to disable the rate limit for a user designated data endpoint (Watson, Paragraph 0030 recites “The security rules that control service access are embodied in the software on the Gateway LRUs and are controlled centrally. Thus, they can only be changed by the system supplier or owner with a valid software update. However, some level of configurable and run-time control is allowed of the service set identifier (SSID) for each WAP 26. These include changing the allowed rate limits (up to and including disabling of an SSID). These can be carried out by network commands using a known or proprietary protocol. In this regard, the system 10 includes at least one vehicle WAP 26, and preferably several WAPs on large vehicles, such as wide-body aircraft, for ensuring adequate signal strength throughout a passenger cabin. Each WAP 26 includes at least one radio 28, and typically several radios, for use by PEDs 24 in the vehicle 12 to establish a wireless communication link 27 and transmit and receive data wirelessly over the network 20 via a WAP. More particularly, each WAP 26 broadcasts an SSID for use by a PED in connecting to a WAP.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Watson’s identifying and disabling a rogue access point in a public wireless environment with Fallah’s security management for networked client devices using a distributed ledger service because the ability to disable a rate limit, would offer flexibility in special circumstances.


Regarding claim 14, claim 14 is directed to a system and a computer program product associated with the method of claim 7. Claim 14 is of similar scope to claim 7, and are therefore rejected under similar rationale.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODERICK TOLENTINO whose telephone number is (571)272-2661. The examiner can normally be reached Mon- Fri 8am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

RODERICK . TOLENTINO
Examiner
Art Unit 2439



/RODERICK TOLENTINO/Primary Examiner, Art Unit 2439