DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-12 of this US application are presented for examination.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 12/7/2020.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Objections
Claims 1 and 9 are objected to because of the following informalities:  
Regarding claim 1, the abbreviation “CI/CD” in line 2 should be spelled out before using its abbreviation form.
Regarding claim 9, the abbreviation “CI/CD” in line 2 should be spelled out before using its abbreviation form.
Claim 9 also recites a limitation “wherein the remote computing devices” which is in-completed sentence.
Appropriate correction is required.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-12 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being incomplete for omitting essential steps, such omission amounting to a gap between the steps.  See MPEP § 2172.01.  
Regarding claim 1, the omitted steps are: adding identity and/or artifact test results to the blockchain pending verification (see Fig. 3, 302, [0037]), performing consensus to validate the metadata with peers (see Fig. 3, 303, [0037]), and approving block (see Fig. 3, 304, [0037]).
Regarding claims 7 and 11, the omitted steps are: adding identity and/or artifact test results to the blockchain pending verification (see Fig. 3, 302, [0037]), performing consensus to validate the metadata with peers (see Fig. 3, 303, [0037]), approving block (see Fig. 3, 304, [0037]) and adding packaged metadata in block into the corresponding ledger (see Fig. 3, 305, [0037]).
Dependence claims 2-6, 8-10 and 12 are also rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph based on dependency to independence claims 1, 7 and 11.


Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1, 7 and 11 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. 
Step 1: Claim 1 recites “A method”. The claim recites a series of steps and therefore is a process. 
Claim 7 recites “A system”. The claim recites the system comprising a memory and a processor and therefore is a machine. 
Claim 11 recites “A non-transitory storage-storage medium storing instructions” and therefore it is a manufacture.
Step 2A Prong One: 
Claim 1 recites the limitation “creating” which specifically recites “creating at least one blockchain ledger to capture the metadata from the different stages of the CI/CD pipeline;” These limitations are processes that, under their broadest reasonable interpretation, covers performance of the limitation in the mind, but for the recitation of generic computer components. That is, other reciting a “automated CI/CD pipeline”, nothing in the claim element precludes the step from practically being performed in a human mind or with the aid of pen and paper. For example, “creating” in the context of this claim encompasses a user mentally, and with the aid of pen writing down plurality records and/or information into a sheet of paper.
Furthermore, the claim recites the limitation “generating” which specifically recite “generating, a chain-of-custody for the software artifacts based on the metadata from the CI/CD pipeline.” These limitations are processes that, under their broadest reasonable interpretation, covers performance of the limitation in the mind, but for the recitation of generic computer components. That is, other reciting a “automated CI/CD pipeline”, nothing in the claim element precludes the step from practically being performed in a human mind or with the aid of pen and paper. For example, “generating” in the context of this claim encompasses a user mentally, and with the aid of pen writing down plurality records and/or information into a chain of custody (e.g. a sheet of paper) which provides proof against tampering.
If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind, then it falls within the “Mental Processes” grouping of abstract ideas(concepts performed in the human mind including an observation, evaluation, judgment and opinion).

Claims 7 and 11 recite the limitation “generating” which specifically recite “generating, a chain-of-custody for the software artifacts based on the metadata from the CI/CD pipeline.” These limitations are processes that, under their broadest reasonable interpretation, covers performance of the limitation in the mind, but for the recitation of generic computer components. That is, other reciting a “automated CI/CD pipeline”, nothing in the claim element precludes the step from practically being performed in a human mind or with the aid of pen and paper. For example, “generating” in the context of this claim encompasses a user mentally, and with the aid of pen writing down plurality records and/or information into a chain of custody (e.g. a sheet of paper) which provides proof against tampering.
If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind, then it falls within the “Mental Processes” grouping of abstract ideas(concepts performed in the human mind including an observation, evaluation, judgment and opinion).

Step 2A Prong Two: The judicial exception is not integrated into a practical application. The claims recite the additional elements “at least one automated CI/CD pipeline” and “create at least one blockchain”. This limitation amounts to selecting a particular data source or type of data to be manipulated (see MPEP 2106.05(g)).
Step 2B: The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above, the additional element of using a “memory”, a “processor” or a “non-transitory computer-storage medium” to perform both the steps amounts to no more than mere instructions to apply the exception using generic computer components (See MPEP 2106.05(f)). Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claims are not patent eligible.

Claims 4-6 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. 
Step 1: Claims 4-6 recite “A method”. The claims recite a series of steps and therefore is a process. 
Step 2A Prong One:
Regarding claim 4, the claims recite the limitation “to build” which specifically recite “at least one blockchain ledger is created to build an immutable and non-repudiatable encrypted block”. These limitations are processes that, under their broadest reasonable interpretation, covers performance of the limitation in the mind, but for the recitation of generic computer components. That is, other reciting a “automated CI/CD pipeline”, nothing in the claim element precludes the step from practically being performed in a human mind or with the aid of pen and paper. For example, “to build” in the context of this claim encompasses a user mentally, and with the aid of pen writing down plurality encrypted records and/or information into a paper book. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind, then it falls within the “Mental Processes” grouping of abstract ideas(concepts performed in the human mind including an observation, evaluation, judgment and opinion).

Regarding claim 5, the claims recite the limitation “can be queried” which specifically recite “the blockchain ledger can be queried to provide chain-of-custody and provenance data for the software artifact that has been built or deployed using a CI/CD pipeline”. These limitations are processes that, under their broadest reasonable interpretation, covers performance of the limitation in the mind, but for the recitation of generic computer components. That is, other reciting a “automated CI/CD pipeline”, nothing in the claim element precludes the step from practically being performed in a human mind or with the aid of pen and paper. For example, “can be queried” in the context of this claim encompasses a user mentally, and with the aid of pen looking for chain-of-custody record and/or information in the paper book. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind, then it falls within the “Mental Processes” grouping of abstract ideas(concepts performed in the human mind including an observation, evaluation, judgment and opinion).

Regarding claim 6, the claims recite the limitation “generated” which specifically recite “the blockchain is generated by a server, and wherein the blockchain is a chain-of-custody”. These limitations are processes that, under their broadest reasonable interpretation, covers performance of the limitation in the mind, but for the recitation of generic computer components. That is, other reciting a “server”, nothing in the claim element precludes the step from practically being performed in a human mind or with the aid of pen and paper. For example, “generated” in the context of this claim encompasses a user mentally, and with the aid of pen writing down plurality records and/or information into a chain of custody (e.g. a sheet of paper) which provides proof against tampering. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind, then it falls within the “Mental Processes” grouping of abstract ideas(concepts performed in the human mind including an observation, evaluation, judgment and opinion).
Step 2A Prong Two: The judicial exception is not integrated into a practical application.
Step 2B: The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above, the additional element of using a “memory”, a “processor” or a “non-transitory computer-storage medium” to perform both the steps amounts to no more than mere instructions to apply the exception using generic computer components (See MPEP 2106.05(f)). Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claims are not patent eligible.


Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 7-8 and 11-12 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Mercuri et al. (U.S. Publication Number 20190013934, hereafter referred to as “Mercuri”).
Regarding claim 7, Mercuri teaches A system comprising: 
at least one processor ([0041] and Fig. 1: discussing about one or more processors 163); and 
memory storing instructions configured to instruct the at least one processor to ([0043] and Fig. 1: discussing about memory 103 stores, among other data, one or more applications. The applications, when executed by the one or more processors, operate to perform functionality on the computing device.):
create at least one blockchain ([0054]: discussing about the system that may create, deploy and manage a blockchain object); and 
generate a chain-of-custody for the software artifacts based on at least one blockchain ([0054]: discussing about the system may provide a record storage system that facilitates a proof of custody, proof of chain of custody and a proof against tampering for a record. For example, FIG. 3 shows a record 165 and the corresponding hash of the record stored as a blockchain object 108.).

Regarding claim 8, Mercuri teaches wherein at least one blockchain comprises blockchain components, and wherein the instructions are further configured to instruct at least one processor to initiate the blockchain components to provide a software chain-of-custody ([0023]: The system may also generate a hash of the metadata to establish a proof of chain of custody. The system may thus provide foundation for the evidence when presented in a legal proceeding by ensuring the record meets the standards necessary to establish a legal foundation for the evidence in a legal proceeding. [0033]: For example, the blockchain may include hashes of the record of the fish including when the fish was caught, the consortium participant (e.g., fisherman) who caught the fish, the consortium participant who handled the fish and the market the fish was shipped to and the like. The system may authenticate the chain of custody and inform the consumer and provide information about the fish. The use of the blockchain allows transparency in authenticating the chain of custody of the fish in the consortium promoting sustainable fishing.).
Claim 11 is rejected under the same rationale as claim 7. Mercuri also teaches a non-transitory computer-storage medium storing instructions configured to instruct at least one computing device ([0043] and Fig. 1: discussing about memory 103 stores, among other data, one or more applications. The applications, when executed by the one or more processors, operate to perform functionality on the computing device.).

Regarding claim 12, Mercuri teaches wherein the blockchain is configured using declarative configuration files ([0035]: discussing about the configuration file may include details of the blockchain id the blockchain object is deployed on. The configuration file may be specific to a record. The configuration file may be stored in the system and/or on the blockchain.).


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2 and 6 are rejected under 35 U.S.C. 103 as being unpatentable over Adams et al. (U.S. Publication Number 2020/0026510, hereafter referred to as “Adams”) in view of Mercuri et al. (U.S. Publication Number 20190013934, hereafter referred to as “Mercuri”).  
Regarding claim 1, Adams teaches A method comprising:
creating, by at least one automated CI/CD pipeline ([0046]: discussing about the data may be used to monitor resource usage. The move to automation in software delivery with increased adoption of Continuous Integration (CI) and Continuous Delivery (CD) methods has resulted in an increase in the amount of hardware compute and storage resources required to support it.), at least one blockchain ledger to capture the metadata from the different stages of the CI/CD pipeline ([0007], [0010]-[0012]: discussing about the metadata artifact may refer to the software development lifecycle event, the metadata artifact may be received over a message bus, the metadata store may maintain an immutable record of the metadata artifact, and the metadata store may include a blockchain-based distributed ledger).
Adams does not explicitly teach generating, a chain-of-custody for the software artifacts based on the metadata from the CI/CD pipeline.
Mercuri teaches generating, a chain-of-custody for the software artifacts based on the metadata from the CI/CD pipeline ([0023]: The system may also generate a hash of the metadata to establish a proof of chain of custody.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the method for distributed ledger-based software supply chain management of Adams with the teaching about  proof of chain of custody of Mercuri because it would provide foundation for the evidence when presented in a legal proceeding by ensuring the record meets the standards necessary to establish a legal foundation for the evidence in a legal proceeding (Mercuri, [0023]).

Regarding claim 2, Adams in view of Mercuri teaches a blockchain transaction client that is used to capture and initiate a transaction with the metadata from the Cl/CD stage, wherein the metadata comprises identity information, results from the tests performed on the created software artifacts or the deployment context related to the running of the created software artifact (Adams, [0070]-[0071] and Fig. 2: In step 205, a software development lifecycle event occurs. Examples include creating a requirement or defect record in a planning system, committing a line of code in a source code management tool, a software build, completion of a test or scan, deployment to an end system, a process starting on a server, etc. In step 210, a software tool that is involved in the software development lifecycle may create a metadata artifact for the event. [0073] and Fig. 2: discussing about in step 230, the controller may write the metadata artifact to a metadata store. In one embodiment, the metadata store may maintain an immutable record, such as a blockchain-based ledger).

Regarding claim 6, Adams in view of Mercuri teaches wherein the blockchain is generated by a server (Mercuri, [0047]: discussing about data centers configured to host and support operations, including tasks of a generating, deploying, interfacing, and managing the blockchain object; [0048]: discussing about a data center comprising a plurality of servers), and wherein the blockchain is a chain-of-custody (Mercuri, [0140]: discussing about the hash of metadata associated with the file in the record provides the foundation for chain of custody and proof against tampering. For example, the hash of metadata may be deployed on the blockchain 120.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the method for distributed ledger-based software supply chain management of Adams with the teaching about  proof of chain of custody of Mercuri because it would provide foundation for the evidence when presented in a legal proceeding by ensuring the record meets the standards necessary to establish a legal foundation for the evidence in a legal proceeding (Mercuri, [0023]).

Claims 3-5 are rejected under 35 U.S.C. 103 as being unpatentable over Adams in view of Mercuri, and further in view of Brashers (U.S. Publication Number 2018/0082296).  
Regarding claim 3, Adams in view of Mercuri teaches the method of claim 1 as discussed above. Adams in view of Mercuri does not explicitly teach wherein the metadata transmitted using the blockchain transaction client installed in a CI/CD pipeline stage is validated by the consensus mechanism of a blockchain to determine if the metadata presents a validated dataset that can be added to the blockchain.
Brashers teaches wherein the metadata transmitted using the blockchain transaction client installed in a CI/CD pipeline stage is validated by the consensus mechanism of a blockchain to determine if the metadata presents a validated dataset that can be added to the blockchain ([0069]: discussing about data pipelines; [0073]: discussing about this process may take all of the metadata transactions for a given ledger that have not been committed, and validate them).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the method for distributed ledger-based software supply chain management of Adams and Mercuri with the teaching about validating transactions of Brashers because it would enhance data integrity by validating the transactions to see if the transactions comply with the series of predefined rules (Brashers, [0010]).

Regarding claim 4, Adams in view of Mercuri and Brashers teaches wherein at least one blockchain ledger is created to build an immutable and non-repudiatable encrypted block (Brashers, [0073]: discussing about this process may take all of the metadata transactions for a given ledger that have not been committed, and validate them, encrypt them).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the method for distributed ledger-based software supply chain management of Adams and Mercuri with the teaching about validating transactions of Brashers because it would enhance data integrity by validating the transactions to see if the transactions comply with the series of predefined rules (Brashers, [0010]).

Regarding claim 5, Adams in view of Mercuri and Brashers teaches where the blockchain ledger can be queried to provide chain-of-custody and provenance data for the software artifact that has been built or deployed using a CI/CD pipeline (Adams, [0046]: discussing about the data may be used to monitor resource usage. The move to automation in software delivery with increased adoption of Continuous Integration (CI) and Continuous Delivery (CD) methods has resulted in an increase in the amount of hardware compute and storage resources required to support it. Mercuri, [0029]: discussing about the system may retrieve both the first blockchain object and the message; [0140]: discussing about the hash of metadata associated with the file in the record provides the foundation for chain of custody and proof against tampering. For example, the hash of metadata may be deployed on the blockchain 120.).

Claims 9-10 are rejected under 35 U.S.C. 103 as being unpatentable over Mercuri et al. (U.S. Publication Number 20190013934, hereafter referred to as “Mercuri”) in view of Adams et al. (U.S. Publication Number 2020/0026510, hereafter referred to as “Adams”).  
Regarding claim 9, Mercuri teaches the system of claim 7 as discussed above. Mercuri also teaches wherein the blockchain based chain-of-custody further links to at least one pipeline located on one or more remote computing devices, and wherein the remote computing devices ([0054]: discussing about the system may provide a record storage system that facilitates a proof of custody, proof of chain of custody and a proof against tampering for a record. For example, FIG. 3 shows a record 165 and the corresponding hash of the record stored as a blockchain object 108. [0048]: discussing about a data center comprising a plurality of servers).
Mercuri does not explicitly teach wherein the blockchain based chain-of-custody further links to at least one CI/CD pipeline located on one or more remote computing devices, and wherein the remote computing devices.
Adams teaches wherein the blockchain based chain-of-custody further links to at least one CI/CD pipeline located on one or more remote computing devices, and wherein the remote computing devices ([0046]: discussing about the data may be used to monitor resource usage. The move to automation in software delivery with increased adoption of Continuous Integration (CI) and Continuous Delivery (CD) methods has resulted in an increase in the amount of hardware compute and storage resources required to support it. [0070]: In step 205, a software development lifecycle event occurs. Examples include creating a requirement or defect record in a planning system, committing a line of code in a source code management tool, a software build, completion of a test or scan, deployment to an end system, a process starting on a server, etc.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the method proof of chain of custody of Mercuri with the teaching about Continuous Integration (CI) and Continuous Delivery (CD) method of Adams because combining the traceability data with operational data and business data may provide insights in terms of costs and effectiveness of solutions (Adams, [0047]).

Regarding claim 10, Mercuri in view of Adams teaches wherein at least one blockchain comprises a blockchain client and which links to at least one CI/CD pipeline and sends out metadata related to the pipeline stages using remote calls (Adams, [0046]: discussing about the data may be used to monitor resource usage. The move to automation in software delivery with increased adoption of Continuous Integration (CI) and Continuous Delivery (CD) methods has resulted in an increase in the amount of hardware compute and storage resources required to support it. [0094]: discussing about any client server system that provides communication. [0007], [0010]-[0012]: discussing about the metadata artifact may refer to the software development lifecycle event, the metadata artifact may be received over a message bus, the metadata store may maintain an immutable record of the metadata artifact, and the metadata store may include a blockchain-based distributed ledger).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the method proof of chain of custody of Mercuri with the teaching about Continuous Integration (CI) and Continuous Delivery (CD) method of Adams because combining the traceability data with operational data and business data may provide insights in terms of costs and effectiveness of solutions (Adams, [0047]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Lai et al. (US 20200344233 A1) discloses that the transaction has a specific transaction type, for instance, defined as a blockchain storage transaction type, which triggers execution of a smart contract to perform validation of the transaction and specifically to perform validation of the data or metadata within the asset being added to or transacted onto the blockchain.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PHONG H NGUYEN whose telephone number is (571)270-1766. The examiner can normally be reached Monday-Friday, 8:30am-5pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Vital Pierre can be reached on 571-272-4215. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/PHONG H NGUYEN/            Primary Examiner, Art Unit 2162       

December 2, 2022