DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
This office action is in response to applicant’s RCE amendment filed, 22 September 2022, of application filed, with the above serial number, on 22 September 2020 in which claims 1, 2, 8-10, 16-20 have been amended. Claims 1-20 are pending in the application. 

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claim(s) 1-20 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Ventura et al (hereinafter “Ventura”, 2018/0101842).
As per Claim 1, Ventura discloses a data control device, comprising: 
a network interface configured to communicate with a provisioning service device (at least Fig. 2; 220), wherein: 
the provisioning service device is configured to modify a user account (at least paragraph 61; a user computing entity 30 may be a computing entity configured for user interaction (e.g., via a user interface thereof) for providing an order to a system corresponding to the distributed ledger, to perform administrative functions corresponding to the distributed ledger (e.g., create new user accounts within the distributed ledger, request data access be granted to a user account, and/or the like); and 
the provisioning service device is associated with a group within an enterprise (at least paragraph 63; the user accounts and access thereto may be limited to individuals, computing entities, and/or groups associated with and/or having membership in a particular organization, company, institution, group, and/or the like. For example, a user account with administrative capabilities and/or functions may need to create new user accounts and/or provide permission for the creation of new user accounts); 
a memory (at least Fig. 2; 210-215) operable to store: 
a service request log configured to store information associated with received service requests for modifying user accounts (at least paragraph 74-76; submitting FSM record or message posted into a FSM record block; FSM record and/or message may correspond to the creation of a new user account, the granting of permission to a particular set of data to a user account (e.g., the FSM record and/or message may provide the user account with a DAK), and/or other administrative action for managing a user account); 
an event log configured to store processing status information for service requests (at least paragraph 71, 74-76; FSM record blocks have a common structure that is used for storing FSM records and/or messages corresponding to application activity events, business activity events, use account events; FSM record and/or message comprises event information/data (e.g., one or more of an event field, time and date fields, and/or other fields comprising information/data corresponding to the event) and domain object information/data (e.g., one or more domain object fields) comprising a status of each of the identified domain objects as a results of the event. For example, the domain object information/data may identify each domain object involved and/or affected by the event, indicate a current status of the domain object as a result of the event, comprise an event counter corresponding to the domain object); and 
a status log configured to store current status information for user accounts, wherein the current status information comprises a plurality of account identifiers that are each linked to a current status for a user account (at least paragraph 65-69, 89, 108; local wallet 608 of a first node computing entity 200A stores information about user accounts; the user directory manager 504 is a sub-component of the user manager 502 that performs the interactions with the user directory activity ledger 602. For example, the user directory manager 504 may generate, publish, and/or post FSM record blocks to the user directory activity ledger 602, access and/or read data from the user directory activity ledger 602, and/or the like. In an example embodiment, the framework layer 500 comprises a file ledger manager (FLM) 506; FSM records may further provide intrinsic bi-temporal primitives, according to an example embodiment. For example, a current status of a domain object and a status of the domain object at a particular point in time may be easily determined based on the FSM records stored in the distributed ledger. For example, the versioning of the domain objects and the corresponding event counter allow for the current or a previous state at a particular time of a domain object to be efficiently determined; application activity ledger 604 within the user directory activity ledger 602 and store information/data corresponding to events related to user accounts that are stored within the user activity ledger 602 and that occur within and/or relate to the application 402); and
a processor operably coupled to the network interface and the memory (at least Fig. 2; 205), configured to: 
receive a service request for a user account from a network device, wherein the network device is different from the provisioning service device, wherein the network device does not directly interact with the provisioning service device (at least paragraph 75, 113, 68-69; each FSM record and/or message corresponds to one event, one snapshot, one user account event; the user interface of a user computing entity 30 (network device) may receive user input providing a create user request and provide (e.g., transmit) the create user request to the first node computing entity 200A (provisioning service device); a framework layer 500 acts as an intermediary (does not directly interact) between the application layer 400 and the protocol layer 600. For example, the framework layer 500 provides infrastructure and support services to the application layer 400 and abstracts the file system, distributed ledger network 100, and internode messaging capabilities of the protocol layer 600. For example, the framework layer acts as an intermediary between the services and operations of the applications 402 and the FSM record blocks stored in the ledger; the create user request is passed to the user directory manager 504 of the first node computing entity 200A (provisioning service device). For example, the user directory manager 504 operating on the first node computing entity 200A may receive the create user request. At 1406, the user directory manager 504 generates, creates, and/or the like the user information/data); and
wherein the service request comprises: 
information identifying the provisioning service device (at least paragraph 53, 106-107; addressing used in various protocols in par. 53; user account management via user directory activity ledger 602 managed by the user directory manager 504 may function as a user account and data access management tool; at least paragraph 113-114, 127-129; one or more user accounts may correspond to external applications, such as an order gateway, order management system; the order management system 1604 is configured to receive the order messages comprising order instructions from the order gateway 1602. The order management system 1604 transforms the stream of order messages comprising the order instructions into an encrypted stream of order originator directives; the user interface of a user computing entity 30 may receive user input providing a create user request and provide (e.g., transmit) the create user request to the first node computing entity 200A. In an example embodiment, the create user request may comprise a user name, group, and/or other information/data corresponding to the user. In an example embodiment, the create user request is generated via a user account having user account creation capabilities. As should be understood, in various embodiments, a create user request may be automatically generated by a user account that is not associated with a human user (e.g., by a user account corresponding to a system component or an external application)… At 1404, the create user request is passed to the user directory manager 504 of the first node computing entity 200A. For example, the user directory manager 504 operating on the first node computing entity 200A may receive the create user request.);
information identifying the network device (at least paragraph 53, 113-114; addressing used in various protocols in par. 53; the user interface of a user computing entity 30 may receive user input providing a create user request and provide (e.g., transmit) the create user request to the first node computing entity 200A. In an example embodiment, the create user request may comprise a user name, group, and/or other information/data corresponding to the user. In an example embodiment, the create user request is generated via a user account having user account creation capabilities. As should be understood, in various embodiments, a create user request may be automatically generated by a user account that is not associated with a human user (e.g., by a user account corresponding to a system component or an external application)…. At 1404, the create user request is passed to the user directory manager 504 of the first node computing entity 200A. For example, the user directory manager 504 operating on the first node computing entity 200A may receive the create user request.);
an account identifier for the user account (at least paragraph 75, 107; user ID each FSM record and/or message corresponds to one event, one snapshot, one user account event (e.g., creation of a user account, editing of a user account, providing of a DAK to a user account, and/or the like). … In an example embodiment, an FSM record and/or message may correspond to the creation of a new user account, the granting of permission to a particular set of data to a user account (e.g., the FSM record and/or message may provide the user account with a DAK), and/or other administrative action for managing a user account); and 
modification instructions for modifying the user account (at least paragraph 75; each FSM record and/or message corresponds to one event, one snapshot, one user account event (e.g., creation of a user account, editing of a user account, providing of a DAK to a user account, and/or the like). … In an example embodiment, an FSM record and/or message may correspond to the creation of a new user account, the granting of permission to a particular set of data to a user account (e.g., the FSM record and/or message may provide the user account with a DAK), and/or other administrative action for managing a user account); 
add a first entry in the service request log in response to receiving the service request, wherein the first entry in the service request log comprises information from the service request (at least paragraph 75; each FSM record and/or message, added to FSM record block in ledger, corresponds to one event, one snapshot, one user account event (e.g., creation of a user account, editing of a user account, providing of a DAK to a user account, and/or the like); 
add an entry in the event log in response to receiving the service request, wherein the entry in the event log indicates that the service request was received (at least paragraph 75; each FSM record and/or message, added to FSM record block in ledger, corresponds to one event); 
query the status log using the account identifier to determine a current status of the user account (at least paragraph 65-69, 89; domain object may then be “versioned” by the event counter corresponding to that domain object. For example, if the event counter for a first domain object is at 5, the fifth version of the first domain object is the current version and the first, second, third, and fourth versions of the first domain object correspond to the state of the first domain object at previous points in time and as a result of previous events; application activity ledger 604 within the user directory activity ledger 602 and store information/data corresponding to events related to user accounts that are stored within the user activity ledger 602 and that occur within and/or relate to the application 402); 
apply the modification instructions from the service request to the current status of the user account to update the current status of the user account (at least paragraph 65-69, 89, 75; domain object may then be “versioned” by the event counter corresponding to that domain object, such that an FSM record that is received has a domain object of a user account event, edits the user account accordingly to a new status and versions the record in the ledger); 
modify the current status of the user account in the status log based on the updated current status of the user account (at least paragraph 65-69, 89, 75; domain object may then be “versioned” by the event counter corresponding to that domain object, such that an FSM record that is received has a domain object of a user account event, edits the user account accordingly to a new status and versions the record in the ledger); 
identify the provisioning service device that is associated with the user account based on the information identifying the provisioning service device (at least paragraph 61, 66, 106-107, 112; posting and/or publishing the FSM record block shown in FIG. 13 will create a user account in user activity directory ledger 602 in accordance with the add/edit user message 612 and will share a key with one or more user accounts in accordance with the share key message 614; the distributed ledger may be used to manage user accounts. For example, user accounts may be created, generated, and/or the like by a user manager 502 operating in the framework layer 500 of the node computing entity 200, 200′. In an example embodiment, access to various information/data stored in an FSM record block, FSM record and/or message, and/or a field thereof may be granted and/or provided to a user account by providing a user with a data access key via the distributed ledger. Additionally, according to an example embodiment, information/data provided as part of an FSM record and/or message and/or the FSM record and/or message itself may be authenticated via the signing of the information/data and/or the FSM record and/or message with a user authentication key. For example, the user directory activity ledger 602 managed by the user directory manager 504 may function as a user account and data access management tool); 
determine a device type for the provisioning service device (at least paragraph 106, 127-129; one or more user accounts may correspond to external applications, such as an order gateway, order management system; the order management system 1604 is configured to receive the order messages comprising order instructions from the order gateway 1602. The order management system 1604 transforms the stream of order messages comprising the order instructions into an encrypted stream of order originator directives; the order gateway 1602 receives order instructions. For example, the order instructions may be received via a network interface and/or communication interface of the user computing entity 30. In an example embodiment, the order instructions are received via a well-defined protocol (e.g., FIX, REST, Web Socket, and/or/the like). The order gateway 1602 may be configured to perform basic syntactic validation of the order instructions, authenticate the order originator, and transform the order instructions and/or at least a portion thereof into an order message comprising order instructions and having an encrypted common internal message format. The order gateway 1602 then provides the order message to the order management system 1604. In an exmaple embodiment, the order gateway 1602 provides an event stream comprising a stream of order messages to the order management system 1604 as a binary event stream);
determine service instructions for the provisioning service device based on the updated current status of the user account, wherein the service instructions identify actions for the provisioning service device to perform on the user account (at least paragraph 61, 66, 106, 112; a common block structure may be used to record activity events (e.g., business activities and/or events, transactions, and/or the like), user account events (e.g., creation of new user accounts, a data access grant being provided to a user account, and/or the like), and for generating and recording system snapshots. In an example embodiment, a snapshot is a composite record of eligible domain objects and indicates the state of each of the eligible domain objects at the time the snapshot is generated. The eligible domain objects are determined from the set of system domain objects based on eligibility rules that may be application dependent, as is described in more detail below. In an example embodiment, activity events and the corresponding transaction information/data is comprehensively and sequentially recorded so as to enable the business rules and/or data governance to be deterministic. For example, the comprehensive and sequential recording of the activity events allows the exact state of one or more domain objects to be definitively determined at a current time and/or at a particular time in the past; an add/edit user message 612 may comprise user information/data such as a user id and/or other user information/data and one or more commands corresponding to the user information/data. For example, the user information/data (e.g., as shown in FIG. 11A) may be provided for a new user account along with a command to create the new user account. In another example, the user name of an existing user account may be changed by providing the user id for the existing user account, a new user name for the existing user account, and a command to update the user information/data of the user account accordingly); 
format the service instructions based on the device type of the provisioning service device (at least paragraph 53, 67, 127-129; order instructions received in a protocol, order gateway performs syntax validation, transforms order instructions into an order message having an encrypted common internal message format; protocol layer 600 may further comprise a local file storage 606. The local file storage 606 may comprise one or more data structures stored locally by a node computing entity 200, 200′. For example, the local file storage 606 may comprise one or more ledger files corresponding to the distributed ledger. In an example embodiment, the local file storage 606 may comprise a local wallet 608 for locally storing one or more keys (e.g., DAKs, user authentication keys, user signing keys, user encryption keys, user decryption keys, and/or the like), user information/data corresponding to one or more user accounts, and/or the like; one or more user accounts may correspond to external applications, such as an order gateway, order management system; the order management system 1604 is configured to receive the order messages comprising order instructions from the order gateway 1602. The order management system 1604 transforms the stream of order messages comprising the order instructions into an encrypted stream of order originator directives; the order gateway 1602 receives order instructions. For example, the order instructions may be received via a network interface and/or communication interface of the user computing entity 30. In an example embodiment, the order instructions are received via a well-defined protocol (e.g., FIX, REST, Web Socket, and/or/the like). The order gateway 1602 may be configured to perform basic syntactic validation of the order instructions, authenticate the order originator, and transform the order instructions and/or at least a portion thereof into an order message comprising order instructions and having an encrypted common internal message format. The order gateway 1602 then provides the order message to the order management system 1604. In an example embodiment, the order gateway 1602 provides an event stream comprising a stream of order messages to the order management system 1604 as a binary event stream); 
send the formatted service instructions to the provisioning service device (at least paragraph 61, 66, 106, 112; a common block structure may be used to record activity events (e.g., business activities and/or events, transactions, and/or the like), user account events (e.g., creation of new user accounts, a data access grant being provided to a user account, and/or the like), and for generating and recording system snapshots. In an example embodiment, a snapshot is a composite record of eligible domain objects and indicates the state of each of the eligible domain objects at the time the snapshot is generated. The eligible domain objects are determined from the set of system domain objects based on eligibility rules that may be application dependent, as is described in more detail below. In an example embodiment, activity events and the corresponding transaction information/data is comprehensively and sequentially recorded so as to enable the business rules and/or data governance to be deterministic. For example, the comprehensive and sequential recording of the activity events allows the exact state of one or more domain objects to be definitively determined at a current time and/or at a particular time in the past; an add/edit user message 612 may comprise user information/data such as a user id and/or other user information/data and one or more commands corresponding to the user information/data. For example, the user information/data (e.g., as shown in FIG. 11A) may be provided for a new user account along with a command to create the new user account. In another example, the user name of an existing user account may be changed by providing the user id for the existing user account, a new user name for the existing user account, and a command to update the user information/data of the user account accordingly);
add a second entry in the event lot in response to sending the formatted service instructions to the provisioning service device, wherein the second entry in the event lot indicates that the formatted service instructions have been sent to the provisioning service device for further processing (at least paragraph 75; Each FSM record and/or message of the FSM record and/or message set corresponding to an event occurring within and/or corresponding to the application 402; par. 80-81; the application 402 operating on the second node computing entity 200B may validate (or verify) the FSM record block; a FSM record block validation message may be provided by the second node computing entity 200B. For example, the framework layer 500 operating on the second node computing entity 200B may determine that the FSM record block is validated and provide (e.g., transmit) a FSM record block validation message indicating the validation and/or verification of the FSM record block (e.g., via one or more networks 135, 135B). The first node computing entity 200A may receive the FSM record block validation message; par. 117 “the add/edit user message and/or an FSM record block comprising the add/edit user message is posted and/or published to the distributed ledger (e.g., the user activity directory ledger 602) … may perform a validation and/or consensus procedure to post and/or publish the add/edit user message and/or an FSM record block comprising the add/edit user message to the user activity directory ledger 602”); 
receive a confirmation message from the provisioning service device, wherein the confirmation message indicates that the provisioning service device has completed updating the user account based on the formatted service instructions (at least paragraph 75; Each FSM record and/or message of the FSM record and/or message set corresponding to an event occurring within and/or corresponding to the application 402; par. 80-81; par. 117“the add/edit user message and/or an FSM record block comprising the add/edit user message is posted and/or published to the distributed ledger (e.g., the user activity directory ledger 602) … may perform a validation and/or consensus procedure to post and/or publish the add/edit user message and/or an FSM record block comprising the add/edit user message to the user activity directory ledger 602”); and 
add a third entry in the event lot in response to receiving the confirmation message, wherein the third entry in the event lot indicates that servicing of the user account is complete (at least paragraph 75; Each FSM record and/or message of the FSM record and/or message set corresponding to an event occurring within and/or corresponding to the application 402; par. 80-81; at least paragraph 118; the user directory manager 504 operating on the second node computing entity 200B receives the add/edit user message (e.g., via the communication interface 220 of the second node computing entity 200B) from the user activity directory ledger 602. At 1420, the user directory manager 504 operating on the second node computing entity 200B processes the add/edit user message).
As per Claim 2. The device of claim 1, wherein: the memory is further operable to store validation rules that identify a set of requirements for passing validation; and the processor is further configured to: compare information from the service request to the set of requirements for passing validation; determine the information from the service request satisfies the set of requirements for passing validation before querying the status log to determine the current status of the user account; and add a fourth entry in the event log in response to the service request passing validation (at least paragraph 117, 78; FSM record block may be provided for validation; the user directory manager 504 and/or FLM 506 operating on the first node computing entity 200A may perform a validation and/or consensus procedure to post and/or publish the add/edit user message and/or an FSM record block comprising the add/edit user message to the user activity directory ledger 602).
As per Claim 3. The device of claim 1, wherein: determining the service instructions comprises: identifying a first set of account settings based on the current status of the user account; identifying a second set of account settings based on the updated current status of the user account; and determining instructions for transitioning from the first set of account settings to the second set of account settings (at least paragraph 65-66, 112; version of the user account domain object; the user information/data (e.g., as shown in FIG. 11A) may be provided for a new user account along with a command to create the new user account. In another example, the user name of an existing user account may be changed by providing the user id for the existing user account, a new user name for the existing user account, and a command to update the user information/data of the user account accordingly).
As per Claim 4. The device of claim 1, wherein: determining the service instructions comprises: identifying a first account balance based on the current status of the user account; identifying a second account balance based on the updated current status of the user account; and determining instructions from transitioning from the first account balance to the second account balance (at least paragraph 3, 66, 108; business transactions for distributed ledger stored in local wallet).
As per Claim 5. The device of claim 1, wherein: determining the service instructions comprises: identifying a first set of accounts that are associated with a user based on the current status of the user account; identifying a second set of accounts that are associated with the user based on the updated current status of the user account; and determining instructions for transitioning from the first set of accounts to the second set of accounts (at least paragraph 75, 112-113; FSM record and/or message may correspond to the creation of a new user account, the granting of permission to a particular set of data to a user account (e.g., the FSM record and/or message may provide the user account with a DAK), and/or other administrative action for managing a user account).
As per Claim 6. The device of claim 5, wherein transitioning from the first set of accounts to the second set of accounts comprises adding a new account to the user account (at least paragraph 75, 112-113; FSM record and/or message may correspond to the creation of a new user account, the granting of permission to a particular set of data to a user account (e.g., the FSM record and/or message may provide the user account with a DAK), and/or other administrative action for managing a user account).
As per Claim 7. The device of claim 1, wherein the entry in the service request log for the service request comprises: a service request identifier that uniquely identifies the received service request; a source identifier that identifies a source of the received service request; an action type based on the modification instructions; and the account identifier for the user account (at least paragraph 107, Fig. 11).
As per Claim 8. The device of claim 1, wherein the first entry in the event log for receiving the service request comprises: a service request identifier that uniquely identifies the received service request; and a service request status identifier that identifies the current processing status of the received service request as new (at least paragraph 66, 74; FSM record and/or message comprises event information/data (e.g., one or more of an event field, time and date fields, and/or other fields comprising information/data corresponding to the event) and domain object information/data (e.g., one or more domain object fields) comprising a status of each of the identified domain objects as a results of the event. For example, the domain object information/data may identify each domain object involved and/or affected by the event, indicate a current status of the domain object as a result of the event, comprise an event counter corresponding to the domain object).
Claims 9-20 do not, in substance, add or define any additional limitations over claims 1-8 and therefore are rejected for similar reasons, supra.

Response to Arguments
Applicant's arguments filed 22 September 2022 have been fully considered but they are not persuasive.
Applicant argues Ventura does not disclose the limitations added to amended claim 1 as Ventura’s user entity 30 is equated to the provisioning service device of claim 1.
However, as noted in the Final Rejection response to arguments: 
the specification recites the provisioning service device to be:
[0032] The provisioning service device 106 may be one or more network devices that are configured to store and to manage a plurality of user accounts 126. Examples of provisioning service devices 106 include, but are not limited to, computers, databases, memories, servers, or any other suitable type of networking device. For example, the provisioning service device 106 may be a database that is configured to store information that is associated with a plurality of user accounts 126 for an enterprise (e.g. a business)…

Thus, the provisioning service device is a memory or database storing the user account data. 
Ventura teaches the amended limitation receive a service request for a user account from a network device, wherein the network device is different from the provisioning service device, wherein the network device does not directly interact with the provisioning service device as Ventura teaches in at least paragraph 75, 113, 68-69, that the user administrator requesting to create the account such as from entity 30 is a separate device from the actual provisioning device creating the account- user directory manager 504 of the first node computing entity 200A. In other words, the entity 30 requests to create the account, the intermediary framework layer 500 over each of the network devices 200A,B,C verifies the request (not directly) and if verified the entity 200A’ creates the user account according to the user directory manager 504 which provisions the account creation.
This is mapped above in the rejection to Ventura in at least paragraph 75, 113, 68-69: each FSM record and/or message corresponds to one event, one snapshot, one user account event; the user interface of a user computing entity 30 (network device) may receive user input providing a create user request and provide (e.g., transmit) the create user request to the first node computing entity 200A (provisioning service device); a framework layer 500 acts as an intermediary (does not directly interact) between the application layer 400 and the protocol layer 600. For example, the framework layer 500 provides infrastructure and support services to the application layer 400 and abstracts the file system, distributed ledger network 100, and internode messaging capabilities of the protocol layer 600. For example, the framework layer acts as an intermediary between the services and operations of the applications 402 and the FSM record blocks stored in the ledger; the create user request is passed to the user directory manager 504 of the first node computing entity 200A (provisioning service device). For example, the user directory manager 504 operating on the first node computing entity 200A may receive the create user request. At 1406, the user directory manager 504 generates, creates, and/or the like the user information/data).
With regard to the second and third entries stored in the event log, Ventura teaches each event is recorded in the distributed ledger, where each message being sent is recorded as a block, from the user entity 30 to 200A is recorded in a block, the validation is recorded in a block, the processing of the creation is recorded as a block etc., see par. 75, 80-81, 117-118. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GREGORY TODD whose telephone number is (303)297-4763. The examiner can normally be reached 8:30-5 MST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas Taylor can be reached on 571-272-3889. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/GREGORY TODD/Primary Examiner, Art Unit 2443