Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Claims 1, 4, 5, 11, 14, 15, 16, 19, and 20 have been amended.
Claims 3, 6-10, 13, and 18 have been canceled.
Claims 1, 2, 4, 5, 11, 12, 14, 15, 16, 17, 19, and 20 are allowed. 
Rejection of claims 1, 4, 5, 11, 14, 16, and 19 under 112(b) has been withdrawn based on applicant’s amendments and remarks. 
Drawing objection to figure 4 has been overcome based on filed corrections.

Drawings
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they include the following reference character(s) not mentioned in the description: Fig. 8 reference 10.  Corrected drawing sheets in compliance with 37 CFR 1.121(d), or amendment to the specification to add the reference character(s) in the description in compliance with 37 CFR 1.121(b) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.


Response to Arguments
Applicant’s remarks and amendments submitted on August 24, 2022 for application 16/958,029 have been considered and are persuasive. Therefore, the previous claim rejections have been withdrawn.
EXAMINER’S AMENDMENT
An examiner’s amendment to the record correcting a grammatical error appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee. 
The application has been amended as follows: minor typographical corrections in claim 1. 
Please amend claim 1 as follows:
1. (Currently Amended) A method for cross-domain logical isolation and secure access control in the Internet of Things (IoT), comprising: 
S1, receiving an identity authentication request from a host outside a domain by a target IoT gateway in the domain, packaging the identity authentication request into a release requesting data packet, and broadcasting the release requesting data packet to all IoT gateways in the domain excluding the target IoT gateway;
 S2, authenticating the release requesting data packet by all IoT gateways in the domain to generate respective identity authentication results;
 S3, once a first IoT gateway in the domain generates the identity authentication result, initiating a distributed consensus procedure based on a distributed consensus mechanism such that all IoT gateways in the domain calculate respective legal digital strings that are conformity with the distributed consensus mechanism, in response to determining that both the identity authentication result and the legal digital string are obtained by a second IoT gateway in the domain while other IoT gateways in the domain have not obtained both the identity authentication result and the legal digital string, and sending the identity authentication result and the legal digital string obtained by the second IoT gateway to the other IoT gateways in the domain, wherein the first IoT gateway is the same as or different from the second IoT gateway; 
S4, when respective IoT gateways in the domain reach a consensus by verifying the identity authentication result and the legal digital string with the distributed consensus mechanism and a node synchronization mechanism, writing and storing the identity authentication result into a new block of a blockchain; and 
S5, determining, by the target IoT gateway whether the identity authentication result exists by scanning a blockchain that is synchronously updated and stored locally through the node synchronization mechanism, when the identity authentication result exists, sending the identity authentication result to the host, and when the identity authentication result does not exist, continuing the scanning.

11. (currently amended) A device for cross-domain logical isolation and secure access control in the Internet of Things (IoT), comprising: 
a processor, and 
a memory, configured to store instructions thereon, 
wherein when the instructions are executed by the processor, the processor is configured to: 
when receiving an identity authentication request from a host outside the domain, control a target IoT gateway in the domain to package the identity authentication request into a release requesting data packet, and broadcast the release requesting data packet to all IoT gateways in the domain excluding the target IoT gateway; 
control each IoT gateway in the domain to authenticate the release requesting data packet to generate a respective identity authentication result; 
once generating the identity authentication result by a first IoT gateway in the domain, control the first IoT gateway to initiate a distributed consensus procedure based on a distributed consensus mechanism such that all IoT gateways in the domain calculate respective legal digital strings that are conformity with the distributed consensus mechanism, in response to determining that both the identity authentication result and the legal digital string are obtained by a second IoT gateway in the domain while other IoT gateways in the domain have not obtained both the identity authentication result and the legal digital string, and send the identity authentication result and the legal digital string obtained by the second IoT gateway to the other IoT gateways in the domain, wherein the first IoT gateway is the same as or different from the second IoT gateway; 
when respective IoT gateways in the domain reach a consensus by verifying the identity authentication result and the legal digital string through the distributed consensus mechanism and a node synchronization mechanism, control the respective IoT gateways to write and store the identity authentication result into a new block of a blockchain; and 
control the target IoT gateway to determine whether the identity authentication result exists by scanning a blockchain that is synchronously updated and stored locally through the node synchronization mechanism, when the identity authentication result exists, send the identity authentication result to the host, and when the identity authentication result does not exist, continue the scanning.

16. (currently amended) A non-transitory computer readable storage medium, having instructions stored thereon, wherein when the instructions are executed by a processor, a method for cross-domain logical isolation and secure access control in the Internet of Things (IoT) is executed, wherein the method comprises: 
S1, receiving an identity authentication request from a host outside a domain by a target IoT gateway in the domain, packaging the identity authentication request into a release requesting data packet, and broadcasting the release requesting data packet to all IoT gateways in the domain excluding the target IoT gateway; 
S2, authenticating the release requesting data packet by all IoT gateways in the domain to generate respective identity authentication results;
 S3, once a first IoT gateway in the domain generates the identity authentication result, initiating a distributed consensus procedure based on a distributed consensus mechanism such that all IoT gateways in the domain calculate respective legal digital strings that are conformity with the distributed consensus mechanism, in response to determining that both the identity authentication result and the legal digital string are obtained by a second IoT gateway in the domain while other IoT gateways in the domain have not obtained both the identity authentication result and the legal digital string, and sending the identity authentication result and the legal digital string obtained by the second IoT gateway to the other IoT gateways in the domain, wherein the first IoT gateway is the same as or different from the second IoT gateway; 
S4, when respective IoT gateways in the domain reach a consensus by verifying the identity authentication result and the legal digital string through the distributed consensus mechanism and a node synchronization mechanism, writing and storing the identity authentication result into a new block of a blockchain; and 
S5, determining, by the target IoT gateway whether the identity authentication result exists by scanning a blockchain that is synchronously updated and stored locally through the node synchronization mechanism, when the identity authentication result exists, sending the identity authentication result to the host, and when the identity authentication result does not exist, continuing the scanning.

Allowable Subject Matter
Claims 1, 2, 4, 5, 11, 12, 14, 15, 16, 17, 19, and 20 are allowed. The following is an examiner’s statement of reason for allowance: the following prior arts were yielded during examination of the claims filed on August 24, 2022 in response to office action mailed on May 25, 2022. They do not explicitly teach the applicant’s claimed invention, but they are in general realm of applicant’s field of endeavor:
CHEN (US-20180212970-A): This prior art teaches of a network device receiving, from a node in an Internet-of-Things (IoT) network, an access request for a user authenticated via the node and identifies the access request as from either of a trusted node or an untrusted node in the IoT network. When the access request is from an untrusted node, the network device identifies a hash key for the access request, wherein the hash key is derived from an access list for the IoT network; broadcasts the hash key to other trusted nodes in the IoT network; and validates the access request based on a solution consensus from the other trusted nodes. When the access request is from a trusted node, the network device confirms mutual trust with the trusted node via an encrypted key exchange, and validates the access request based on the mutual trust with the trusted node.
CHEN does disclose of performing distributed authentication in a lot network. Which includes receiving an access request from a node in a loT network with an authenticated user {block 705), and identifying if the request is from a trusted node. For example, a user (or app) of a user device may login to a loT resource in a trusted network or a loT resource in an untrusted network. The loT data services may include receiving packets that are transmitted by loT devices, inspecting each packet, identifying data that can be linked to loT data carried in a packet, and aggregating the linked data. loT portal may broadcast an access list as an encrypted block in a blockchain in to other nodes in trusted domain. Each node in the trusted domain may perform, for example, a mining operation or another proof of work to verify the access list. The proof of work solutions from the trusted nodes may be compared and determined if there is a consensus. If there is a consensus for validation of the access request, process may include receiving user information and using the user information to send an access token for a loT resource associated with the request. For example, authentication control point may receive user information from the validated node and forward an access token to allow interaction with a respective loT resource. For external verification, implementations described herein use proof of work 410 to verify authentications from nodes in untrusted domains, where participating nodes work to solve difficult hashing problems, which the rest of network can then verify. Because it takes real-world computation resources to find solutions to the hashing problems, proof of work is able to use the difficulty of solving hashing function to measure how much of the network agrees on the current state. The only way to hack into the network would be to control a majority of the total computing power (e.g., CPU, memory, or bandwidth) to, for example, pretend the group of nodes disagrees with itself. Each node the trusted domain may perform, for example, a mining operation or another proof of work to verify the access list. The proof of work solutions from the trusted nodes may be compared and determined if there is a consensus.
However, CHEN does not teach calculate respective legal digital strings that are conformity with the distributed consensus mechanism, in response to determining that both the identity authentication result and the legal digital string are obtained by a second IoT gateway in the domain while other IoT gateways in the domain have not obtained both the identity authentication result and the legal digital string. S4, when respective IoT gateways in the domain reach a consensus by verifying the identity authentication result and the legal digital string with the distributed consensus mechanism and a node synchronization mechanism, writing and storing the identity authentication result into a new block of a blockchain; and S5, determining, by the target IoT gateway whether the identity authentication result exists by scanning a blockchain that is synchronously updated and stored locally through the node synchronization mechanism, when the identity authentication result exists, sending the identity authentication result to the host, and when the identity authentication result does not exist, continuing the scanning.
AGRAWAL (US-20180302222-A): This prior art teaches of a processor configured to transmit, a first signal for requesting to access an external device, to the external device, receive, a second signal for requesting to provide a token stored in the electronic device, from the external device, the token being generated based on at least part of a block chain including at least one block that is respectively associated with at least one external device that has been accessed by the electronic device, in response to the reception, transmit, information on the token, to the external device, receive, a third signal indicating allowed the access, from the external device, the third signal being transmitted from the external device in response to identifying, by the external device, to validate the token in all of the plurality of external devices, and access the external device based on the third signal.
AGRAWAL does disclose a method for updating a blockchain ledger entry in connection with a blockchain-based distributed access control in a loT network. An electronic device requests access to the zone. The user is provided access to the various nodes of the loT network if the electronic device transitions from one node to another and from one zone to another using a valid transaction trail. The electronic device is detected by any of the nodes in the zone A. The intent of the user is determined, i.e., the node in the zone with which the electronic device requests access to is also determined, the node validates the loT token based on information available in the blockchain, the node allows the transaction based on a successful validation of the loT token. Consensus is achieved based on the PoW of the user device. For a block of transactional data to be valid, the block must hash to a value less than a current target value. The current target value is based on the probability of a successful block generation. The variable cryptographic puzzle is determined based on the probability of the successful block generation. The loT token is dynamically allocated based on the sequence of transaction blocks in the blockchain. The node allows the transaction based on a successful validation of the loT token. The node further updates the loT token of the electronic device. The transaction and the updated loT token are added to the blockchain after consensus among all the nodes in the loT network, linked to the blockchain. The transaction and updated loT token are added to the blockchain using any or a combination of crypto-token protocol, a light cryptographic consensus protocol and a variable cryptographic consensus protocol.
However, AGRAWAL does not teach receiving an identity authentication request from a host outside a domain by a target IoT gateway in the domain, packaging the identity authentication request into a release requesting data packet, and broadcasting the release requesting data packet to all IoT gateways in the domain excluding the target IoT gateway;  S2, authenticating the release requesting data packet by all IoT gateways in the domain to generate respective identity authentication results; S3, once a first IoT gateway in the domain generates the identity authentication result, initiating a distributed consensus procedure based on a distributed consensus mechanism such that all IoT gateways in the domain calculate respective legal digital strings that are conformity with the distributed consensus mechanism, in response to determining that both the identity authentication result and the legal digital string are obtained by a second IoT gateway in the domain while other IoT gateways in the domain have not obtained both the identity authentication result and the legal digital string. S5, determining, by the target IoT gateway whether the identity authentication result exists by scanning a blockchain that is synchronously updated and stored locally through the node synchronization mechanism, when the identity authentication result exists, sending the identity authentication result to the host, and when the identity authentication result does not exist, continuing the scanning. 
CUI (CN-107424066-B): This prior art teaches method and a system for establishing a consensus mechanism based on a value quantity. The method comprises the steps of randomly selecting some nodes from high-value nodes as accounting nodes, then packaging transaction information by the accounting nodes, and generating blocks after consensus. The method for establishing the consensus mechanism based on the value quantity is applied to a block chain system, wherein the block chain system comprises a billing node and a common node which are in communication connection. The accounting nodes are blockchain nodes and are used for receiving user requests from the client, agreeing on results corresponding to the user requests in a blockchain to generate new blocks, and simultaneously each accounting node is also used for independently selecting new accounting nodes and agreeing on the selected accounting nodes in the blockchain. The invention can solve the technical problems of high energy consumption, easy centralization and easy bifurcation of the POS mechanism and blocking of currency circulation in the conventional POW and POS consensus mechanism.
CUI does disclose Each accounting node broadcasts the selected node list obtained to all other nodes in the block chain system. After receiving the broadcasted selected node list, each node in the selected node list acquires the block of each accounting node in the block chain system, judges whether the block height of the node is consistent with the block height of the acquired accounting node or not, the step is continuously repeated until the block height of the node is consistent with the block height of the acquired accounting node. All the accounting nodes which are not in the selected node list become common nodes, all the nodes in the selected node list become new accounting nodes and start to receive transaction requests from the user side, the transaction requests are identified in common, and blocks generated by the identification in common are added to the block chain. 
However, CUI does not teach receiving an identity authentication request from a host outside a domain by a target IoT gateway in the domain, packaging the identity authentication request into a release requesting data packet, and broadcasting the release requesting data packet to all IoT gateways in the domain excluding the target IoT gateway;  S2, authenticating the release requesting data packet by all IoT gateways in the domain to generate respective identity authentication results; S3, once a first IoT gateway in the domain generates the identity authentication result, initiating a distributed consensus procedure based on a distributed consensus mechanism such that all IoT gateways in the domain calculate respective legal digital strings that are conformity with the distributed consensus mechanism, in response to determining that both the identity authentication result and the legal digital string are obtained by a second IoT gateway in the domain while other IoT gateways in the domain have not obtained both the identity authentication result and the legal digital string S4, when respective IoT gateways in the domain reach a consensus by verifying the identity authentication result and the legal digital string with the distributed consensus mechanism and a node synchronization mechanism, writing and storing the identity authentication result into a new block of a blockchain.
DENNIS (GB-2577751-A): This prior art teaches a method comprising receiving, at a participant node, a node participation document comprising a list of node identifiers that uniquely identify each node in the blockchain and receiving, at the participant, a true random number associated with a current time interval. Further, at the participant, a leader node is selected for the current time interval from the nodes listed in the node participation document based on a numerical disparity between the random number and the node identifiers from the node participation document; and sending, from the participant, any new transactions for inclusion in the blockchain system to the determined leader node in the current time interval. The node identifier closest to the random number may be selected as the leader node. The leader node is the only node that can generate new blocks during the corresponding time interval to be validly appended to the blockchain.
DENNIS does disclose a random number is generated and the selected node is the node 12 for which the difference between the random number and a numerical representation of the unique node identifier or other unique public identity (if not already in a numerical format) is closest to zero, the selected node will then be considered to be the leader node. The leader node, which may also be referred to as a confirming node, will then be recognized by the blockchain system as having the right to validly confirm any new transactions and write or generate the corresponding new blocks that are to be included in and appended to the end of the blockchain. If the participant node is determined, by a consensus protocol of the blockchain system, to be a leader node that can generate one or more new blocks to be validly appended to the blockchain of the blockchain system, the method further comprises: receiving, at the leader node, from the nodes participating in the blockchain system, new transactions for inclusion in the blockchain system; confirming, at the leader node, the received new transactions by searching for corresponding unspent transaction outputs in the blockchain system; generating, at the leader node, a new block comprising the confirmed new transactions and appending this block to a local blockchain stored at the leader node; and broadcasting, from the leader node, the new block to all of the nodes participating in the blockchain system.
However, DENNIS does not teach S1, receiving an identity authentication request from a host outside a domain by a target IoT gateway in the domain, packaging the identity authentication request into a release requesting data packet, and broadcasting the release requesting data packet to all IoT gateways in the domain excluding the target IoT gateway; S2, authenticating the release requesting data packet by all IoT gateways in the domain to generate respective identity authentication results; S4, when respective IoT gateways in the domain reach a consensus by verifying the identity authentication result and the legal digital string with the distributed consensus mechanism and a node synchronization mechanism, writing and storing the identity authentication result into a new block of a blockchain; and  S5, determining, by the target IoT gateway whether the identity authentication result exists by scanning a blockchain that is synchronously updated and stored locally through the node synchronization mechanism, when the identity authentication result exists, sending the identity authentication result to the host, and when the identity authentication result does not exist, continuing the scanning.

Therefore, none of the prior arts of record independently or in-combination discloses all the
limitation of the independent claims 1, 11, and 16 as recited in the amended set of claims being
examined.
Furthermore, the independent claims are allowable over the prior arts of record. The dependent claims being definite, further limiting, and fully enabled by the specification are also allowed by virtue of their dependence on the independent claims.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferable accompany the issue fee. Such submissions should be labeled “Comments on Statement of Reasons for Allowance”
In most cases, the examiner's actions and the applicant's replies make evident the reasons for allowance, satisfying the "record as a whole" proviso of the rule. This is particularly true when applicant fully complies with 37 CFR 1.111 (b) and (c) and 37 CFR 1.133(b). Thus, where the examiner's actions clearly point out the reasons for rejection and the applicant's reply explicitly presents reasons why claims are patentable over the reference, the reasons for allowance are in all probability evident from the record and no statement should be necessary. Conversely, where the record is not explicit as to reasons, but allowance is in order, then a logical extension of 37 CFR 1.111 and 1.133 would dictate that the examiner should make reasons of record and such reasons should be specific.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AFAQ ALI whose telephone number is (571)272-1571. The examiner can normally be reached Mon - Fri 7:30am - 5:30pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/AFAQ ALI/Examiner, Art Unit 2434                                                                                                                                                                                                        
/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434