Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Office Action is in response to the reply filed on 6/21/2022. Claims 1-20 are pending. This Office Action is Final.

Response to Arguments
A) Applicant’s amendments and arguments regarding the rejection of claim 1, under 35 USC 101 as being directed to non-statutory subject matter for no hardware element found within the claimed system, has been considered and deemed persuasive.  As a result, this rejection has been withdrawn.

B) Applicant’s amendments and arguments regarding the rejection of claim 1, under 35 USC 101 as being directed to non-statutory subject matter for encompassing a transitory media, has been considered and deemed persuasive.  As a result, this rejection has been withdrawn. 

C) Applicant argues that Smith fails to disclose, teach or even suggest “at least one authorized node constructed and arranged to execute a consensus protocol for validating and verifying a blockchain transaction and to extract at least one of a signature or feature of a detected cyberattack for the blockchain transaction and mining the transaction to a blockchain network,” regarding claim 1.  Examiner respectfully disagrees.  
Examiner submits that Smith teaches “at least one authorized node constructed and arranged to execute a consensus protocol for validating and verifying a blockchain transaction and to extract at least one of a signature or feature of a detected cyberattack for the blockchain transaction and mining the transaction to a blockchain network.”  Smith, Paragraph 0052 recites “The trust threshold analyzer 510 of the illustrated example is also to configure the distributed transaction application 115 to use the diffuse trust topology in response to determining that the processing node 105 is to be isolated from the centralized trust topology. For example, trust threshold analyzer 510 monitors telemetry data locally to detect possible attacks, irregular patterns associated with interactions with the centralized trust authority 125, errors associated with peer attestations and/or other actions taken to further isolate the node 105 from its peers in the cluster of nodes implementing the centralized trust topology. If any such attack signatures are satisfied, the trust threshold analyzer 510 may transition transaction processing from the centralized trust topology to the diffuse trust topology. This enables the processing node 105 to continue processing transactions by relying upon the alternative diffuse trust topology associated with the public blockchain.”
Applicant’s argue that the detection and extraction of attacks are performed external to the blockchain.  However, there is nothing explicitly recited in the claim language that states this limitation.  The recited limitation states that an authorized node performs the steps, which is what Smith explicitly recites in paragraph 0052.  As a result Smith teaches the limitations argued above.  


	D) Applicant argues that Dayan fails to disclose, teach or even suggest, “at least one unauthorized node prohibited from executing the consensus protocol and from validating and verifying a blockchain transaction but authorized to retrieve the at least one of the signature or feature from the blockchain network,” regarding claim 1.  Examiner respectfully disagrees.
	Examiner submits that Dayan teaches “at least one unauthorized node prohibited from executing the consensus protocol and from validating and verifying a blockchain transaction but authorized to retrieve the at least one of the signature or feature from the blockchain network.” Dayan, Col 5 lines 49-57 recites “FIG. 5. If it is determined that a signature record 420 does not match a valid record in the blockchain at a computer 302, 304 or in the database 362 attached to server 310, the signature record is not included in the latest block to be bundled and broadcasted. The unmatched signature record is broadcast to all other agents and identity services to identify the rogue or unauthorized computer attached to the network so that an authorized computer or server will not communicate with the unauthorized computer.”
	Applicant’s argue that an unauthorized node is to gain from the consortium by retrieving stored attack features or signatures and does not attempt to submit transactions but instead retrieve transactions by other unauthorized nodes.  However, there is no explicit recitation of these submitted limitations.  The recited limitations merely state that an unauthorized node is prohibited from validating transactions and is capable of receiving security features.  Dayan recites a node that is identified as unauthorized those will not be allowed to perform any validating functions, but is still capable of receiving broadcast messages regarding security.  This would read on the limitation as recited.  There is no explicit recitation of a limitation where an unauthorized node retrieves transactions or retrieves attack information.  Retrieval is an active step that is not explicitly recited.  As a result Dayan teaches the limitations recited above.

	E) Applicant argues that Smith fails to disclose, teach or even suggest “a signature-based intrusion detection system (IDS) node that captures a cyberattack signature of the at least one of the signature or feature,” as recited in claim 1.  Examiner respectfully disagrees.
	Examiner submits that Smith teaches “a signature-based intrusion detection system (IDS) node that captures a cyberattack signature of the at least one of the signature or feature.” Smith, Paragraph 0052 recites “The trust threshold analyzer 510 of the illustrated example is also to configure the distributed transaction application 115 to use the diffuse trust topology in response to determining that the processing node 105 is to be isolated from the centralized trust topology. For example, trust threshold analyzer 510 monitors telemetry data locally to detect possible attacks, irregular patterns associated with interactions with the centralized trust authority 125, errors associated with peer attestations and/or other actions taken to further isolate the node 105 from its peers in the cluster of nodes implementing the centralized trust topology. If any such attack signatures are satisfied, the trust threshold analyzer 510 may transition transaction processing from the centralized trust topology to the diffuse trust topology. This enables the processing node 105 to continue processing transactions by relying upon the alternative diffuse trust topology associated with the public blockchain.”.
	Examiner, interpreted the centralized trust authority 125, to be the IDS node.  In further detail, Smith Paragraph 0033 which recites in further detail “In some examples, the centralized trust authority 125 may use, for example, a whitelisting mechanism to assess and establish a trust rating or score, which determines which whitelist measurements are acceptable. As a consequence of a trust rating that is deemed undesirable, either by a policy or by some other way, the centralized trust authority 125 may react to untrustworthy nodes by isolating those nodes determined to be out of compliance with the whitelist. For example, with reference to FIG. 2, the centralized trust authority 125 provisions (represented by the directed lines 205-220) a whitelist to the processing nodes 105A-D. In such examples, the trusted execution environments 120A-D provides a secure area where whitelists are stored and evaluated by the processing nodes 105A-D, and where access by the centralized trust authority 125 is verified. Also, use of whitelists is just one of several possible trust establishment strategies. Others trust establishment strategies may include strong authentication by an embedded credential, regular and reliable software updates, a system of watchdog messages that detects tampering, location tracking and geo-fenced operation, monitoring of telemetry data that may include antivirus scan reporting, audit log reporting, network attack detection reporting, intrusion attack detection reporting etc”.  Smith’s centralized trust authority 125, teaches an additional node for IDS purposes.  As a result, Smith teaches the limitations argued above.



 	F) Applicant argues that Smith fails to disclose, teach or even suggest “wherein each of the at least one of the authorized and unauthorized nodes receives a blockchain block including the blockchain transaction, and only the authorized node validates the blockchain block,” regarding claim 3.  Examiner respectfully disagrees.
	Examiner submits Smith teaches “wherein each of the at least one of the authorized and unauthorized nodes receives a blockchain block including the blockchain transaction, and only the authorized node validates the blockchain block.” Smith, Paragraph 0052 recites “The trust threshold analyzer 510 of the illustrated example is also to configure the distributed transaction application 115 to use the diffuse trust topology in response to determining that the processing node 105 is to be isolated from the centralized trust topology. For example, trust threshold analyzer 510 monitors telemetry data locally to detect possible attacks, irregular patterns associated with interactions with the centralized trust authority 125, errors associated with peer attestations and/or other actions taken to further isolate the node 105 from its peers in the cluster of nodes implementing the centralized trust topology. If any such attack signatures are satisfied, the trust threshold analyzer 510 may transition transaction processing from the centralized trust topology to the diffuse trust topology. This enables the processing node 105 to continue processing transactions by relying upon the alternative diffuse trust topology associated with the public blockchain.”
	Applicant argues that transactions are pulled from a “pool of transaction blocks.”  However, is again something not recited in the claim language.  As this limitation is not recited, arguments regarding this are deemed as moot.   Smith was does teach the actual recited claim language of claim 3.  
	G)   Applicant argues that Smith fails to disclose, teach or even suggest “wherein the special-purpose processor of the blockchain network converts the at least one signature or feature to a standard format for storage and the at least one of the authorized and unauthorized nodes retrieves the standard formatted signature or feature from the transaction, and wherein the standard format provides compatibility with disparate IDS nodes,” regarding claim 8.  Examiner respectfully disagrees.
 	Examiner submits that Smith in combination with Dayan teaches “wherein the special-purpose processor of the blockchain network converts the at least one signature or feature to a standard format for storage and the at least one of the authorized and unauthorized nodes retrieves the standard formatted signature or feature from the transaction, and wherein the standard format provides compatibility with disparate IDS nodes.”  Examiner relied upon Smith, Paragraph 0052 recites “The trust threshold analyzer 510 of the illustrated example is also to configure the distributed transaction application 115 to use the diffuse trust topology in response to determining that the processing node 105 is to be isolated from the centralized trust topology. For example, trust threshold analyzer 510 monitors telemetry data locally to detect possible attacks, irregular patterns associated with interactions with the centralized trust authority 125, errors associated with peer attestations and/or other actions taken to further isolate the node 105 from its peers in the cluster of nodes implementing the centralized trust topology. If any such attack signatures are satisfied, the trust threshold analyzer 510 may transition transaction processing from the centralized trust topology to the diffuse trust topology. This enables the processing node 105 to continue processing transactions by relying upon the alternative diffuse trust topology associated with the public blockchain.”  Examiner focused on the Smith to teach the Special processor again.  The conversion of the format, would be taught by Dayan, which was similarly done in claim 2.  Examiner apologizes for the confusion.  Similar to the conversion limitation in claim 2, claim 8 should have included the citation of Dayan, Col. 7 Lines 11-49 recites “The known signatures are compiled in to a single block 500. See FIG. 5. Each signature record 420 is collected by placing each known signature record in the new block 608. For example, new block 608 consists of verified signature records 420 in the order received. For example, slot 502, 504, 506 up until the last record 510 received in the pre-defined time period. The number of records shown is non-limiting as the number of records received depends on the number of participating nodes connected on the internal network. Also, found in the block 500 is a cryptographic nonce 512, typically a random number used to enhance security and prevent replay attacks. An identifier can also be included to identify the chain 600 as containing authorized signatures. Similarly, this field could be used to identify a chain of unauthorized computers and servers attached to the network. Likewise, the administrator may add certain fields of their choosing, for example a timestamp, not shown, to enhance the use of the chain which are not discussed or shown in FIG. 5.”. Examiner apologizes for the misunderstanding and the rejection of claim 8 has been rewritten to properly cite Examiner’s intentions.  This is not a new rejection just meant to clarify. 

	F)   Applicant argues that Smith fails to disclose, teach or even suggest “wherein the at least one authorized node validates the transaction including chaining a block including the transaction to the blockchain and wherein the special-purpose process broadcasts a new current state of the ledger is broadcasted to the blockchain network,” regarding claim 9.  Examiner respectfully disagrees.
	Examiner submits Dayan teaches wherein the at least one authorized node validates the transaction including chaining a block including the transaction to the blockchain and wherein the special-purpose process broadcasts a new current state of the ledger is broadcasted to the blockchain network.  Examiner relies on Dayan, Col 5 lines 49-57 recites “FIG. 5. If it is determined that a signature record 420 does not match a valid record in the blockchain at a computer 302, 304 or in the database 362 attached to server 310, the signature record is not included in the latest block to be bundled and broadcasted. The unmatched signature record is broadcast to all other agents and identity services to identify the rogue or unauthorized computer attached to the network so that an authorized computer or server will not communicate with the unauthorized computer.”
	Applicant argues that claim 9 recites a process of chaining a validated block to the blockchain network for permanent storage, claim 9 describes how a successfully validated transaction block is appended to the blockchain network, which is not mentioned in Dayan and Smith.  However, none of these limitation are explicitly or even suggested by the limitations of claim 9.  Arguments are going to be deemed as moot.  As a result Dayan does teach the limitations of claim 9.


	

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-3, 8, 9 and 13-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Smith et al. (US 2019/0036957) in view of Dayan (US 10,826,681).

	As per claim 1, Smith teaches a computer security system, comprising: at least one authorized node constructed and arranged to execute a consensus protocol for validating and verifying a blockchain transaction and to extract at least one of a signature or feature of a detected cyberattack for the blockchain transaction and mining the transaction to a blockchain network; wherein the authorized node includes a signature-based intrusion detection system (IDS) node that captures a cyberattack signature of the at least one of the signature or feature (Smith, Paragraph 0052 recites “The trust threshold analyzer 510 of the illustrated example is also to configure the distributed transaction application 115 to use the diffuse trust topology in response to determining that the processing node 105 is to be isolated from the centralized trust topology. For example, trust threshold analyzer 510 monitors telemetry data locally to detect possible attacks, irregular patterns associated with interactions with the centralized trust authority 125, errors associated with peer attestations and/or other actions taken to further isolate the node 105 from its peers in the cluster of nodes implementing the centralized trust topology. If any such attack signatures are satisfied, the trust threshold analyzer 510 may transition transaction processing from the centralized trust topology to the diffuse trust topology. This enables the processing node 105 to continue processing transactions by relying upon the alternative diffuse trust topology associated with the public blockchain.” the centralized trust authority 125, would be the IDS node);
	and a special-purpose hardware processor of the blockchain network that facilitates a distribution of the at least one of signature or feature for cooperative intrusion detection between the at least one authorized node and the at least one unauthorized node (Smith, Paragraph 0070 recites “The processor platform 900 of the illustrated example includes a processor 912. The processor 912 of the illustrated example is hardware. For example, the processor 912 can be implemented by one or more integrated circuits, logic circuits, microprocessors or controllers from any desired family or manufacturer. The hardware processor 912 may be a semiconductor based (e.g., silicon based) device. In this example, the processor 912 implements the example distributed transaction application 115, the example trusted execution environment 120, the example public blockchain agent 130, the example trust topology selector 135, the example transaction migrator 505, the example trust threshold analyzer 510 and/or the example attestation verifier 515.”).
	But fails to teach at least one unauthorized node prohibited from executing the consensus protocol and from validating and verifying a blockchain transaction but authorized to retrieve the at least one of the signature or feature from the blockchain network.
	However, in an analogous art Dayan teaches at least one unauthorized node prohibited from executing the consensus protocol and from validating and verifying a blockchain transaction but authorized to retrieve the at least one of the signature or feature from the blockchain network (Dayan, Col 5 lines 49-57 recites “ FIG. 5. If it is determined that a signature record 420 does not match a valid record in the blockchain at a computer 302, 304 or in the database 362 attached to server 310, the signature record is not included in the latest block to be bundled and broadcasted. The unmatched signature record is broadcast to all other agents and identity services to identify the rogue or unauthorized computer attached to the network so that an authorized computer or server will not communicate with the unauthorized computer.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to combine Dayan’s Blockchain Node Initialization with Smith’s trust topology selection for distributed transaction processing in computing environments because the use of retaining a unauthorized node data, is helpful information to prevent other nodes with similar signatures.

	As per claim 2, Smith in combination with Dayan teaches the computer security system of claim 1, Dayan further teach wherein IDS node converts the cyberattack signature to a standard format for electronic storage for (Dayan, Col. 7 Lines 11-49 recites “The known signatures are compiled in to a single block 500. See FIG. 5. Each signature record 420 is collected by placing each known signature record in the new block 608. For example, new block 608 consists of verified signature records 420 in the order received. For example, slot 502, 504, 506 up until the last record 510 received in the pre-defined time period. The number of records shown is non-limiting as the number of records received depends on the number of participating nodes connected on the internal network. Also, found in the block 500 is a cryptographic nonce 512, typically a random number used to enhance security and prevent replay attacks. An identifier can also be included to identify the chain 600 as containing authorized signatures. Similarly, this field could be used to identify a chain of unauthorized computers and servers attached to the network. Likewise, the administrator may add certain fields of their choosing, for example a timestamp, not shown, to enhance the use of the chain which are not discussed or shown in FIG. 5.”)
	and wherein the special-purpose processor facilitates the distribution of the converted cyberattack signature and feature to all IDS nodes of the at least one authorized node or the at least one unauthorized node in real-time or near real-time (Dayan, Col 5 lines 49-57 recites “ FIG. 5. If it is determined that a signature record 420 does not match a valid record in the blockchain at a computer 302, 304 or in the database 362 attached to server 310, the signature record is not included in the latest block to be bundled and broadcasted. The unmatched signature record is broadcast to all other agents and identity services to identify the rogue or unauthorized computer attached to the network so that an authorized computer or server will not communicate with the unauthorized computer.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to combine Dayan’s Blockchain Node Initialization with Smith’s trust topology selection for distributed transaction processing in computing environments because the use of retaining an unauthorized node data, is helpful information to prevent other nodes with similar signatures.

	As per claim 3, Smith in combination with Dayan teaches the computer security system of claim 1, Smith further teaches wherein each of the at least one of the authorized and unauthorized nodes receives a blockchain block including the blockchain transaction, and only the authorized node validates the blockchain block (Smith, Paragraph 0052 recites “The trust threshold analyzer 510 of the illustrated example is also to configure the distributed transaction application 115 to use the diffuse trust topology in response to determining that the processing node 105 is to be isolated from the centralized trust topology. For example, trust threshold analyzer 510 monitors telemetry data locally to detect possible attacks, irregular patterns associated with interactions with the centralized trust authority 125, errors associated with peer attestations and/or other actions taken to further isolate the node 105 from its peers in the cluster of nodes implementing the centralized trust topology. If any such attack signatures are satisfied, the trust threshold analyzer 510 may transition transaction processing from the centralized trust topology to the diffuse trust topology. This enables the processing node 105 to continue processing transactions by relying upon the alternative diffuse trust topology associated with the public blockchain.”).

	As per claim 8, Smith in combination with Dayan teaches the computer security system of claim 1, Smith further teaches wherein the special-purpose processor (Smith, Paragraph 0052 recites “The trust threshold analyzer 510 of the illustrated example is also to configure the distributed transaction application 115 to use the diffuse trust topology in response to determining that the processing node 105 is to be isolated from the centralized trust topology. For example, trust threshold analyzer 510 monitors telemetry data locally to detect possible attacks, irregular patterns associated with interactions with the centralized trust authority 125, errors associated with peer attestations and/or other actions taken to further isolate the node 105 from its peers in the cluster of nodes implementing the centralized trust topology. If any such attack signatures are satisfied, the trust threshold analyzer 510 may transition transaction processing from the centralized trust topology to the diffuse trust topology. This enables the processing node 105 to continue processing transactions by relying upon the alternative diffuse trust topology associated with the public blockchain.”)
	And Dayan further teaches of the blockchain network converts the at least one signature or feature to a standard format for storage and the at least one of the authorized and unauthorized nodes retrieves the standard formatted signature or feature from the transaction, and wherein the standard format provides compatibility with disparate IDS nodes (Dayan, Col. 7 Lines 11-49 recites “The known signatures are compiled in to a single block 500. See FIG. 5. Each signature record 420 is collected by placing each known signature record in the new block 608. For example, new block 608 consists of verified signature records 420 in the order received. For example, slot 502, 504, 506 up until the last record 510 received in the pre-defined time period. The number of records shown is non-limiting as the number of records received depends on the number of participating nodes connected on the internal network. Also, found in the block 500 is a cryptographic nonce 512, typically a random number used to enhance security and prevent replay attacks. An identifier can also be included to identify the chain 600 as containing authorized signatures. Similarly, this field could be used to identify a chain of unauthorized computers and servers attached to the network. Likewise, the administrator may add certain fields of their choosing, for example a timestamp, not shown, to enhance the use of the chain which are not discussed or shown in FIG. 5.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to combine Dayan’s Blockchain Node Initialization with Smith’s trust topology selection for distributed transaction processing in computing environments because the use of retaining an unauthorized node data, is helpful information to prevent other nodes with similar signatures.


	As per claim 9, Smith in combination with Dayan teaches the computer security system of claim 8, Dayan further teaches wherein the at least one authorized node validates the transaction including chaining a block including the transaction to the blockchain and wherein the special-purpose process broadcasts a new current state of the ledger is broadcasted to the blockchain network (Dayan, Col 5 lines 49-57 recites “ FIG. 5. If it is determined that a signature record 420 does not match a valid record in the blockchain at a computer 302, 304 or in the database 362 attached to server 310, the signature record is not included in the latest block to be bundled and broadcasted. The unmatched signature record is broadcast to all other agents and identity services to identify the rogue or unauthorized computer attached to the network so that an authorized computer or server will not communicate with the unauthorized computer.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to combine Dayan’s Blockchain Node Initialization with Smith’s trust topology selection for distributed transaction processing in computing environments because the use of retaining an unauthorized node data, is helpful information to prevent other nodes with similar signatures.

	As per claim 13, Smith teaches a method for tracking cyberattacks, comprising: detecting a cyberattack using an intrusion detection system (Smith, Paragraph 0052 recites “The trust threshold analyzer 510 of the illustrated example is also to configure the distributed transaction application 115 to use the diffuse trust topology in response to determining that the processing node 105 is to be isolated from the centralized trust topology. For example, trust threshold analyzer 510 monitors telemetry data locally to detect possible attacks, irregular patterns associated with interactions with the centralized trust authority 125, errors associated with peer attestations and/or other actions taken to further isolate the node 105 from its peers in the cluster of nodes implementing the centralized trust topol/ogy. If any such attack signatures are satisfied, the trust threshold analyzer 510 may transition transaction processing from the centralized trust topology to the diffuse trust topology. This enables the processing node 105 to continue processing transactions by relying upon the alternative diffuse trust topology associated with the public blockchain.”);
	extracting, by an authorized node of a combination of authorized nodes and unauthorized nodes at least one signature or feature from the cyberattack; attaching by the authorized node the extracted at least one signature or feature to a blockchain (Smith, Paragraph 0070 recites “The processor platform 900 of the illustrated example includes a processor 912. The processor 912 of the illustrated example is hardware. For example, the processor 912 can be implemented by one or more integrated circuits, logic circuits, microprocessors or controllers from any desired family or manufacturer. The hardware processor 912 may be a semiconductor based (e.g., silicon based) device. In this example, the processor 912 implements the example distributed transaction application 115, the example trusted execution environment 120, the example public blockchain agent 130, the example trust topology selector 135, the example transaction migrator 505, the example trust threshold analyzer 510 and/or the example attestation verifier 515.”) and
	wherein the authorized node includes a signature-based intrusion detection system (IDS) node that captures a cyberattack signature of the at least one of the signature or feature (Smith, Paragraph 0052 recites “The trust threshold analyzer 510 of the illustrated example is also to configure the distributed transaction application 115 to use the diffuse trust topology in response to determining that the processing node 105 is to be isolated from the centralized trust topology. For example, trust threshold analyzer 510 monitors telemetry data locally to detect possible attacks, irregular patterns associated with interactions with the centralized trust authority 125, errors associated with peer attestations and/or other actions taken to further isolate the node 105 from its peers in the cluster of nodes implementing the centralized trust topology. If any such attack signatures are satisfied, the trust threshold analyzer 510 may transition transaction processing from the centralized trust topology to the diffuse trust topology. This enables the processing node 105 to continue processing transactions by relying upon the alternative diffuse trust topology associated with the public blockchain.” the centralized trust authority 125, would be the IDS node).
	But fails to teach updating a blockchain ledger with a new block including the at extracted at least one signature or feature; and distributing data regarding the updated blockchain ledger to all nodes of the combination of authorized and unauthorized nodes.
	However, in an analogous art Dayan teaches updating a blockchain ledger with a new block including the at extracted at least one signature or feature; and distributing data regarding the updated blockchain ledger to all nodes of the combination of authorized and unauthorized nodes (Dayan, Col 5 lines 49-57 recites “ FIG. 5. If it is determined that a signature record 420 does not match a valid record in the blockchain at a computer 302, 304 or in the database 362 attached to server 310, the signature record is not included in the latest block to be bundled and broadcasted. The unmatched signature record is broadcast to all other agents and identity services to identify the rogue or unauthorized computer attached to the network so that an authorized computer or server will not communicate with the unauthorized computer.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to combine Dayan’s Blockchain Node Initialization with Smith’s trust topology selection for distributed transaction processing in computing environments because the use of retaining an unauthorized node data, is helpful information to prevent other nodes with similar signatures.

	As per claim 14,  Smith in combination with Dayan teaches the method of claim 13, Dayan further teaches converting the at least one signature or feature to a standard format; electronically storing the converted standard format of the at least one signature or feature in the blockchain; and retrieving by at least one of the authorized and unauthorized nodes the stored standard formatted signature or feature (Dayan, Col. 7 Lines 11-49 recites “The known signatures are compiled in to a single block 500. See FIG. 5. Each signature record 420 is collected by placing each known signature record in the new block 608. For example, new block 608 consists of verified signature records 420 in the order received. For example, slot 502, 504, 506 up until the last record 510 received in the pre-defined time period. The number of records shown is non-limiting as the number of records received depends on the number of participating nodes connected on the internal network. Also, found in the block 500 is a cryptographic nonce 512, typically a random number used to enhance security and prevent replay attacks. An identifier can also be included to identify the chain 600 as containing authorized signatures. Similarly, this field could be used to identify a chain of unauthorized computers and servers attached to the network. Likewise, the administrator may add certain fields of their choosing, for example a timestamp, not shown, to enhance the use of the chain which are not discussed or shown in FIG. 5.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to combine Dayan’s Blockchain Node Initialization with Smith’s trust topology selection for distributed transaction processing in computing environments because the use of retaining an unauthorized node data, is helpful information to prevent other nodes with similar signatures.

	As per claim 15,  Smith in combination with Dayan teaches the method of claim 14, Smith and Dayan  further teaches wherein converting the at least one signature or feature to the standard format comprises: converting the cyberattack signature to the standard format; and capturing by an anomaly-based IDS node a cyberattack feature of the at least one of the signature or feature and converting the cyberattack feature to the standard format (Dayan, Col. 7 Lines 11-49 recites “The known signatures are compiled in to a single block 500. See FIG. 5. Each signature record 420 is collected by placing each known signature record in the new block 608. For example, new block 608 consists of verified signature records 420 in the order received. For example, slot 502, 504, 506 up until the last record 510 received in the pre-defined time period. The number of records shown is non-limiting as the number of records received depends on the number of participating nodes connected on the internal network. Also, found in the block 500 is a cryptographic nonce 512, typically a random number used to enhance security and prevent replay attacks. An identifier can also be included to identify the chain 600 as containing authorized signatures. Similarly, this field could be used to identify a chain of unauthorized computers and servers attached to the network. Likewise, the administrator may add certain fields of their choosing, for example a timestamp, not shown, to enhance the use of the chain which are not discussed or shown in FIG. 5.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to combine Dayan’s Blockchain Node Initialization with Smith’s trust topology selection for distributed transaction processing in computing environments because the use of retaining an unauthorized node data, is helpful information to prevent other nodes with similar signatures.

	As per claim 16, Smith in combination with Dayan teaches the method of claim 14, Dayan further teaches monitoring for a type field in the transaction to determine whether to rearrange the transaction to a standard format, to validate the transaction, or to remove the transaction (Dayan, Col. 7 Lines 11-49 recites “The known signatures are compiled in to a single block 500. See FIG. 5. Each signature record 420 is collected by placing each known signature record in the new block 608. For example, new block 608 consists of verified signature records 420 in the order received. For example, slot 502, 504, 506 up until the last record 510 received in the pre-defined time period. The number of records shown is non-limiting as the number of records received depends on the number of participating nodes connected on the internal network. Also, found in the block 500 is a cryptographic nonce 512, typically a random number used to enhance security and prevent replay attacks. An identifier can also be included to identify the chain 600 as containing authorized signatures. Similarly, this field could be used to identify a chain of unauthorized computers and servers attached to the network. Likewise, the administrator may add certain fields of their choosing, for example a timestamp, not shown, to enhance the use of the chain which are not discussed or shown in FIG. 5.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to combine Dayan’s Blockchain Node Initialization with Smith’s trust topology selection for distributed transaction processing in computing environments because the use of retaining an unauthorized node data, is helpful information to prevent other nodes with similar signatures.

	Regarding claim 17, claim 17 is directed to a similar method associated with the method of claim 13 respectively. Claim 17 is similar in scope to claim 13, respectively, and are therefore rejected under similar rationale. 

	Regarding claim 18, claim 18 is directed to a similar method associated with the method of claim 14 respectively. Claim 18 is similar in scope to claim 14, respectively, and are therefore rejected under similar rationale. 

	Regarding claim 19, claim 19 is directed to a similar method associated with the method of claim 15 respectively. Claim 19 is similar in scope to claim 15, respectively, and are therefore rejected under similar rationale. 

	Regarding claim 20, claim 20 is directed to a similar method associated with the method of claim 16 respectively. Claim 20 is similar in scope to claim 16, respectively, and are therefore rejected under similar rationale. 

Claims 4-7 and 10-12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Smith et al. (US 2019/0036957) and Dayan (US 10,826,681) and in further view of Pacella et al. (US 2018/0352033).

	As per claim 4, Smith in combination with Dayan teaches the computer security system of claim 1, but fails to teach a database for storing smart contracts and their application binary interfaces (ABIs) for retrieving a transaction address by the at least one authorized node and the at least one unauthorized node from the blockchain network.
	However, in an analogous art Pacella teaches a database for storing smart contracts and their application binary interfaces (ABIs) for retrieving a transaction address by the at least one authorized node and the at least one unauthorized node from the blockchain network (Pacella, Paragraph 0035 recites “IG. 4 is a diagram illustrating exemplary logical components of framework 330. As shown in FIG. 4, framework 330 may include a virtual consensus network module 405, anti-collusion module 410, a block anomaly detection module 415, a smart contracts module 420, an API/ABI module 425, a blockchain node template 430, a key managers module 435, an identification (ID) services module 440, a state channels module 445, a discovery module 450, a client management module 455, an analytics module 460, a development operations (dev ops) tools module 465, a multi-language module 470, a resource manager module 475, a services index module 480, and a message broker module 485. In one implementation, the modules described in connection with FIG. 4 may be performed by one or more components of service nodes 130. In another implementation, the modules described in connection with FIG. 4 may be performed by services nodes in conjunction with administrative server 122 and micro-services platform 124. Some or all of the modules of FIG. 4 may be included, for example, in an application (e.g., software), stored in memory 230 and executed by processor 220.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to combine Pacella’s blockchain micro-services framework Initialization with Smith’s trust topology selection for distributed transaction processing in computing environments because the use of application interfaces helps with network integration.

	As per claim 5, Smith in combination with Dayan and Pacella teaches the computer security system of claim 4, Dayan further teaches wherein the at least one authorized node has read and write access to the database and the at least one (unauthorized) authorized node has read-only access to the database (Dayan, Col 5 lines 49-57 recites “ FIG. 5. If it is determined that a signature record 420 does not match a valid record in the blockchain at a computer 302, 304 or in the database 362 attached to server 310, the signature record is not included in the latest block to be bundled and broadcasted. The unmatched signature record is broadcast to all other agents and identity services to identify the rogue or unauthorized computer attached to the network so that an authorized computer or server will not communicate with the unauthorized computer.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to combine Dayan’s Blockchain Node Initialization with Smith’s trust topology selection for distributed transaction processing in computing environments because the use of retaining an unauthorized node data, is helpful information to prevent other nodes with similar signatures.

	As per claim 6, Smith in combination with Dayan and Pacella teaches the computer security system of claim 4, Pacella further teaches wherein the at least one authorized node and unauthorized node request the transaction address and ABI of a blockchain block including the blockchain transaction to obtain new content of the block including the at least one of the signature or feature (Pacella, Paragraph 0035 recites “IG. 4 is a diagram illustrating exemplary logical components of framework 330. As shown in FIG. 4, framework 330 may include a virtual consensus network module 405, anti-collusion module 410, a block anomaly detection module 415, a smart contracts module 420, an API/ABI module 425, a blockchain node template 430, a key managers module 435, an identification (ID) services module 440, a state channels module 445, a discovery module 450, a client management module 455, an analytics module 460, a development operations (dev ops) tools module 465, a multi-language module 470, a resource manager module 475, a services index module 480, and a message broker module 485. In one implementation, the modules described in connection with FIG. 4 may be performed by one or more components of service nodes 130. In another implementation, the modules described in connection with FIG. 4 may be performed by services nodes in conjunction with administrative server 122 and micro-services platform 124. Some or all of the modules of FIG. 4 may be included, for example, in an application (e.g., software), stored in memory 230 and executed by processor 220.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to combine Pacella’s blockchain micro-services framework Initialization with Smith’s trust topology selection for distributed transaction processing in computing environments because the use of application interfaces helps with network integration.

	As per claim 7, Smith in combination with Dayan teaches the computer security system of claim 1, but fails to teach wherein the at least one authorized node verifies the transaction before the transaction is mined to the blockchain network.
	However, in an analogous art Pacella teaches wherein the at least one authorized node verifies the transaction before the transaction is mined to the blockchain network. (Pacella, Paragraph 0057 recites “A block processing unit 610 in each service node 130 may perform block processing (e.g., grouping transactions into blocks) and a mining unit 615 may perform blockchain mining operations (e.g., linking a new block to a cryptographic hash of a previous block, calculating a proof-of-work using complex algorithms, etc.) needed for verification and record-keeping.”  Appears to be verified before mined).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to combine Pacella’s blockchain micro-services framework Initialization with Smith’s trust topology selection for distributed transaction processing in computing environments because the use of application interfaces helps with network integration.

	As per claim 10, Smith in combination with Dayan teaches the computer security system of claim 9, but fails to teach a smart contract that facilitates the verification and conversion and the consensus protocol facilitates the validation.
	However, in an analogous art Pacella teaches a smart contract that facilitates the verification and conversion and the consensus protocol facilitates the validation (Pacella, Paragraph 0035 recites “IG. 4 is a diagram illustrating exemplary logical components of framework 330. As shown in FIG. 4, framework 330 may include a virtual consensus network module 405, anti-collusion module 410, a block anomaly detection module 415, a smart contracts module 420, an API/ABI module 425, a blockchain node template 430, a key managers module 435, an identification (ID) services module 440, a state channels module 445, a discovery module 450, a client management module 455, an analytics module 460, a development operations (dev ops) tools module 465, a multi-language module 470, a resource manager module 475, a services index module 480, and a message broker module 485. In one implementation, the modules described in connection with FIG. 4 may be performed by one or more components of service nodes 130. In another implementation, the modules described in connection with FIG. 4 may be performed by services nodes in conjunction with administrative server 122 and micro-services platform 124. Some or all of the modules of FIG. 4 may be included, for example, in an application (e.g., software), stored in memory 230 and executed by processor 220.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to combine Pacella’s blockchain micro-services framework Initialization with Smith’s trust topology selection for distributed transaction processing in computing environments because the use of application interfaces helps with network integration.

	As per claim 11, Smith in combination with Dayan and Pacella teaches the computer security system of claim 10, Pacella further teaches wherein the smart contract checks for a type field in the transaction to determine whether to rearrange the transaction to a standard format, to validate the transaction, or to remove the transaction (Pacella, Paragraph 0035 recites “IG. 4 is a diagram illustrating exemplary logical components of framework 330. As shown in FIG. 4, framework 330 may include a virtual consensus network module 405, anti-collusion module 410, a block anomaly detection module 415, a smart contracts module 420, an API/ABI module 425, a blockchain node template 430, a key managers module 435, an identification (ID) services module 440, a state channels module 445, a discovery module 450, a client management module 455, an analytics module 460, a development operations (dev ops) tools module 465, a multi-language module 470, a resource manager module 475, a services index module 480, and a message broker module 485. In one implementation, the modules described in connection with FIG. 4 may be performed by one or more components of service nodes 130. In another implementation, the modules described in connection with FIG. 4 may be performed by services nodes in conjunction with administrative server 122 and micro-services platform 124. Some or all of the modules of FIG. 4 may be included, for example, in an application (e.g., software), stored in memory 230 and executed by processor 220.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to combine Pacella’s blockchain micro-services framework Initialization with Smith’s trust topology selection for distributed transaction processing in computing environments because the use of application interfaces helps with network integration.

	As per claim 12, Smith in combination with Dayan and Pacella teaches the computer security system of claim 10, Dayan further teaches wherein the at least one unauthorized node includes permissionless access to join the blockchain network and to retrieve the stored at least one of the signature or feature (Dayan, Col 5 lines 49-57 recites “ FIG. 5. If it is determined that a signature record 420 does not match a valid record in the blockchain at a computer 302, 304 or in the database 362 attached to server 310, the signature record is not included in the latest block to be bundled and broadcasted. The unmatched signature record is broadcast to all other agents and identity services to identify the rogue or unauthorized computer attached to the network so that an authorized computer or server will not communicate with the unauthorized computer.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to combine Dayan’s Blockchain Node Initialization with Smith’s trust topology selection for distributed transaction processing in computing environments because the use of retaining an unauthorized node data, is helpful information to prevent other nodes with similar signatures.









Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODERICK TOLENTINO whose telephone number is (571)272-2661. The examiner can normally be reached Mon- Fri 8am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

RODERICK . TOLENTINO
Examiner
Art Unit 2439



/RODERICK TOLENTINO/Primary Examiner, Art Unit 2439