Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
   
            DETAILED ACTION

1.	This action is responsive to:  an original application filed on 20 August 2021.	
2.	Claims 1-16 are currently pending and claims 1, 15 and 16 are independent claims. 

Information Disclosure Statement

3.	The information disclosure statement (IDS) submitted are following the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

            Priority

4.	Priority claimed from provisional application no.62/663,132, filed on 26 April 2018.

          Drawings

5.	The drawings filed on 20 August 2021 are accepted by the examiner. 

                                          Claim Rejections - 35 USC § 102

6.	The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –	
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention
Claims 1 and 7-16 are rejected 35 U.S.C §102 (a)(1) as being anticipated by Demirjian et al. (US Publication No. 20170366566), hereinafter Demirjian.  

Regarding claim 1: 
A method for controlling authorization to a protected entity, comprising: receiving an access request for access to the protected entity, wherein the access request is received from a client device (Demirjian, ¶39).
in response to the access request, causing the client device to perform an admission process that includes performing at least one game (Demirjian, ¶35, 29).
monitoring a distributed database to identify at least one admission transaction designating admission criteria (Demirjian, ¶40, 47, 42)
determining if the admission criteria satisfy a set of conditions for accessing the protected entity (Demirjian, ¶71, 19).
identifying, on the distributed database, completion results of the at least one game, wherein whether the admission criteria satisfies the set of conditions for accessing the protected entity is determined based on the results of the at least one game (Demirjian, ¶43-44).
and granting access to the client device when the admission criteria satisfies the set of conditions, wherein the access granted is access to the protected entity (Demirjian, abstract).
Regarding claim 7: 
wherein the protected entity includes at least one of: a network element and a computing element accessed by the client (Demirjian, ¶51).
Regarding claim 8: 
further comprising: extracting a unique client identifier from the received access request; wherein the unique client identifier does not reveal any information about a user of the client device (Demirjian, ¶46).
Regarding claim 9: 
wherein the at least one game is shared with the client over the distributed database, wherein an access policy is selected based on the protected entity, wherein the access policy designates at least one of: the at least one game, the protected entity, a resource within the protected entity, and a scope of the at least one game (Demirjian, ¶35).
Regarding claim 10: 
wherein causing the client device to perform an admission process further comprises: causing the client to spend a first sum of a specified type of access tokens (Demirjian, ¶46).
Regarding claim 11: 
further comprising: causing the client to convert a first-type of access tokens into access tokens of a second-type based on a conversion value, wherein the conversion value is determined based on at least one access parameter; and causing the client to spend a second sum of the second-type of access tokens to access the protected entity (Demirjian, ¶46).
Regarding claim 12: 
wherein the first-type of access tokens and the second-type access tokens are different types, wherein of the first-type of access token and the second-type of access token are cryptocurrency tokens having different cryptographic identities (Demirjian, ¶217).
Regarding claim 13: 
wherein the method is performed by a gateway connected to the protected entity (Demirjian, ¶57).
Regarding claim 14: 
wherein the access request for access to the protected entity is for access to at least one resource of the protected entity and wherein the access granted to the client is only for the at least one resource of the protected entity (Demirjian, ¶59).
Regarding claim 15: 
receiving an access request for access to the protected entity, wherein the access request is received from a client device (Demirjian, ¶39).
in response to the access request, causing the client device to perform an admission process that includes performing at least one game (Demirjian, ¶29, 35).
monitoring a distributed database to identify at least one admission transaction designating admission criteria (Demirjian, ¶40, 42, 47).
determining if the admission criteria satisfy a set of conditions for accessing the protected entity; (Demirjian, ¶19, 17).
identifying, on the distributed database, completion results of the at least one game, wherein whether the admission criteria satisfies the set of conditions for accessing the protected entity is determined based on the results of the at least one game (Demirjian, ¶43-44). 
and granting access to the client device when the admission criteria satisfies the set of conditions, wherein the access granted is access to the protected entity (Demirjian, abstract).
Regarding claim 16: 
a processing circuitry; and a memory, the memory containing instructions that, when executed by the processing circuitry, configure the system to: receive an access request for access to the protected entity, wherein the access request is received from a client device (Demirjian, ¶39).
 in response to the access request, cause the client device to perform an admission process that includes performing the at least one game (Demirjian, ¶29, 35). 
monitor a distributed database to identify at least one admission transaction designates admission criteria (Demirjian, ¶40, 42, 47).
determine if the admission criteria satisfy a set of conditions for accessing the protected entity (Demirjian, ¶71, 19).
identify, on the distributed database, completion results of the at least one game, wherein whether the admission criteria satisfies the set of conditions for accessing the protected resource is determined based on the results of the at least one game (Demirjian, ¶43-44). 
and grant access to the client device when the admission criteria satisfies the set of conditions, wherein the access granted is access to the protected entity (Demirjian, abstract).
Claim Rejections - 35 USC § 103
	
7.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 2-6 are rejected under 35 U.S.C §103 as being unpatentable over Demirjian and in view of Frank et al. (US Publication No. 20160224803), hereinafter Frank.
Regarding claim 2: 
Demirjian does not explicitly suggest, further comprising: determining a bias to the client based on the completion results, wherein the determined bias is utilized for a cyber-security assessment of the client, wherein whether the admission criteria satisfies the set of conditions for accessing the protected entity is determined based further on the determined bias; however, in a same filed of endeavor Frank discloses this teaching (Frank, abstract).
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to include the method of access control of Demirjian with the method of user behavior/bias modeling in Frank to identify user behavior accurately or generate recommendation or provide service to the user, stated by Frank at ¶683.

Regarding claim 3: 
Demirjian does not explicitly suggest, wherein the bias includes any one of: a cognitive bias, a behavioral bias, and an intent bias; wherein each type of bias is defined to detect a cyber-security threat; wherein the cyber-security threat is any one of: account takeover, denial of inventory, denial of service, and anti-scraping; however, in a same filed of endeavor Frank discloses this teaching (Frank, ¶27, 64).
Same motivation for combining the respective features of Demirjian and Frank applies herein, as discussed in the rejection of claim 1.

Regarding claim 4: 
Demirjian does not explicitly suggest, wherein granting access to the client device further comprises: determining a drift from a previously determined bias, wherein the determined bias is continuously reevaluated for any action performed by the client; and denying access when the drift from the previously established bias is determined; however, in a same filed of endeavor Frank discloses this teaching (Frank, FIG. 16).
Same motivation for combining the respective features of Demirjian and Frank applies herein, as discussed in the rejection of claim 2.

Regarding claim 5: 
Demirjian does not explicitly suggest, wherein granting access to the client further comprises: determining if the client executes the at least one game, the at least one game being defined in an access policy; and denying access to the protected entity when the client did not execute the at least one game defined in the access policy; however, in a same filed of endeavor Frank discloses this teaching (Frank, ¶889, 209).
Same motivation for combining the respective features of Demirjian and Frank applies herein, as discussed in the rejection of claim 2.

Regarding claim 6: 
Demirjian does not explicitly suggest, wherein granting access to the client an access further comprises: determining if completion results of the game executed by the client have been deposited on the distributed database; and denying access to the protected entity when no completion results have been deposited; however, in a same filed of endeavor Frank discloses this teaching (Frank, ¶100, 340-341).
Same motivation for combining the respective features of Demirjian and Frank applies herein, as discussed in the rejection of claim 2.

   Conclusion

8.	The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Monjour Rahim whose telephone number is (571)270-3890. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (in USA or CANANDA) or 571-272-1000.

/Monjur Rahim/
Patent Examiner
United States Patent and Trademark Office
Art Unit: 2436; Phone: 571.270.3890
E-mail: monjur.rahim@uspto.gov
Fax: 571.270.4890