CTNF 17/933,614 CTNF 89261 DETAILED ACTION This Office Action is sent in response to Applicant’s Communication received 4/6/2026 for application number 17/933,614 . Claims 1-15 are pending. Notice of Pre-AIA or AIA Status 07-03-aia AIA 15-10-aia The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA. Claim Rejections - 35 USC § 103 07-06 AIA 15-10-15 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 07-20-aia AIA The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 07-23-aia AIA The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. 07-20-02-aia AIA This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. 07-21-aia AIA Claim (s) 1-2, 5-6, 9-10, and 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Singh (US 2023/0224306 A1) in view of Lietz et al. (US 2016/0036795 A1) . In reference to claim 1 , Singh discloses a system, comprising: a processor configured to receive data from a data source (transaction data and smart contract data is received, para. 0032, 41) … and to copy … initial contract baseline data to be current smart contract baseline data (an initial smart contract can be created and stored in a distributed ledger, para. 0039).; a memory in communication with the processor and storing instructions that, when executed by the processor, are configured (fig. 1B) to store current smart contract baseline data (smart contracts are stored in database, para. 0004, 0028, 0037); an artificial neural network including a plurality of nodes configured as a plurality of layers (a “deep learning engine” is a neural network with a plurality of nodes and layers, para. 0028) to determine a new data feed in the received data, and, responsive to the determination of a new data feed in the received data, (the deep learning engine determines if event features match or do not match an existing smart contract, para. 0035-39; if the event features do not match an existing smart contract, it is new data in the feed) to update the current smart contract baseline data (when features of the smart contract do not match an existing contract, the existing contracts are updated by generating a new smart contract and write it to the distributed ledger, para. 0052, 0039); a smart contract monitoring subsystem configured to, responsive to a determination of no new data feed in the received data, monitor a computer resource asset using the current smart contract baseline data (IoT devices, or assets, have their transaction data monitored for compliance with smart contracts, para. 0035-40); and a remediation subsystem configured to remediate access of the computer resource asset to a computer network (compliance with smart contracts is determined, and device can either be allowed to proceed with transaction or stopped, para. 0040-41, 0049-51). However, Singh does not explicitly teach [the data] including initial smart contract baseline data from a cybersecurity source selected from the group consisting of an encryption algorithm, an authentication mechanism, and a security standard, wherein the initial smart contract baseline data is selected from the group consisting of: an operating system (OS) version number, a latest software patch, and a secure protocol, and to copy the initial contract baseline data to be current smart contract baseline data. Lietz teaches [the data] including initial smart contract baseline data from a cybersecurity source selected from the group consisting of an encryption algorithm (policy can include encryption key length, para. 0052), an authentication mechanism (authentication algorithm requirements, para. 0052), and a security standard, wherein the initial smart contract baseline data is selected from the group consisting of: an operating system (OS) version number (OS version, para. 0052), a latest software patch, and a secure protocol (communications protocol, para. 0052). It would have been obvious to one of ordinary skill in art, having the teachings of Singh and Lietz before the earliest effective filing date, to modify the smart contract of Singh to include the data types of Lietz. One of ordinary skill in the art would have been motivated to modify the smart contract of Singh to include the data types of Lietz because it helps better secure network devices (Lietz, para. 0001-04). In reference to claim 2 , Singh discloses the system of claim 1, wherein the memory stores the current smart contract baseline data in a blockchain (para. 0039). In reference to claim 5 , Singh discloses the system of claim 1, wherein the data source includes: an intelligence source; an organization standard; a vulnerability result; the training data; and initial smart contract baseline data (initial contract data is stored, para. 0004, 0028, 0037). In reference to claim 6 , Singh discloses the system of claim 1, wherein the artificial neural network is trained by training data to determine the new data feed in the received data (deep learning engine is trained, para. 0028), and to update the current smart contract baseline data from the new data feed (deep learning engine updates data using feedback data, para. 0052). In reference to claim 9 , this claim is directed to a method associated with the system claimed in claim 1 and is therefore rejected under a similar rationale. In reference to claim 10 , this claim is directed to a method associated with the system claimed in claim 2 and is therefore rejected under a similar rationale. In reference to claim 13 , this claim is directed to a method associated with the system claimed in claim 6 and is therefore rejected under a similar rationale . 07-21-aia AIA Claim (s) 3-4, 7-8, 11-12, and 14-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Singh (US 2023/0224306 A1) in view of Lietz et al. (US 2016/0036795 A1) and Higbee et al. (US 10,469,517 B1) . In reference to claim 3 , Singh and Lietz do not explicitly teach the system of claim 1, wherein remediation subsystem remediates the access by automatically disconnecting the computer resource asset from the computer network. Higbee teaches the system of claim 1, wherein the remediation subsystem remediates the access by automatically disconnecting the computer resource asset from the computer network (device can automatically be taken offline, i.e. disconnected, col. 10, lines 44-56). It would have been obvious to one of ordinary skill in art, having the teachings of Singh, Lietz, and Higbee before the earliest effective filing date, to modify the remediation as disclosed by Singh to include the disconnection as taught by Higbee. One of ordinary skill in the art would have been motivated to modify the remediation of Singh to include the disconnection of Higbee because it can help manage vulnerabilities of network connected devices (col. 1, lines 26-45). In reference to claim 4 , Singh and Lietz do not explicitly teach the system of claim 1, further comprising: an output device configured to output information to a user, wherein remediation subsystem remediates the access by generating an alert as the outputted information, and wherein the user disconnects the computer resource asset from the computer network. Higbee the system of claim 1, further comprising: an output device configured to output information to a user, wherein the remediation subsystem remediates the access by generating an alert as the outputted information, and wherein the user disconnects the computer resource asset from the computer network (notification can be displayed to user for disconnected device, col. 5, line 61 – col. 6, line 4). It would have been obvious to one of ordinary skill in art, having the teachings of Singh, Lietz, and Higbee before the earliest effective filing date, to modify the remediation as disclosed by Singh to include the disconnection as taught by Higbee. One of ordinary skill in the art would have been motivated to modify the remediation of Singh to include the disconnection of Higbee because it can help manage vulnerabilities of network connected devices (col. 1, lines 26-45). In reference to claim 7 , Singh and Lietz do not explicitly teach the system of claim 1, wherein the smart contract monitoring subsystem determines a vulnerability or a security configuration weakness of the computer resource asset. Higbee teaches the system of claim 1, wherein the smart contract monitoring subsystem determines a vulnerability or a security configuration weakness of the computer resource asset (vulnerability of device, col. 5, line 7 - col. 6, line 4). It would have been obvious to one of ordinary skill in art, having the teachings of Singh, Lietz and Higbee before the earliest effective filing date, to modify the remediation as disclosed by Singh to include the vulnerability detection as taught by Higbee. One of ordinary skill in the art would have been motivated to modify the remediation of Singh to include the vulnerability detection of Higbee because it can help manage vulnerabilities of network connected devices (col. 1, lines 26-45). In reference to claim 8 , Higbee further teaches the system of claim 7, wherein the remediation subsystem, responsive to the determined vulnerability or a security configuration weakness, remediates the access of the computer resource asset to the computer network (responsive to vulnerability of device, device is disconnected, col. 5, line 7 - col. 6, line 4). In reference to claim 11 , this claim is directed to a method associated with the system claimed in claim 3 and is therefore rejected under a similar rationale. In reference to claim 12 , this claim is directed to a method associated with the system claimed in claim 4 and is therefore rejected under a similar rationale. In reference to claim 14 , this claim is directed to a method associated with the system claimed in claim 7 and is therefore rejected under a similar rationale. In reference to claim 15 , this claim is directed to a method associated with the system claimed in claim 8 and is therefore rejected under a similar rationale. Response to Arguments Applicant’s arguments with respect to claim(s) 1 and 9 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Please see new reference Lietz above, which teaches the new limitations. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to Andrew T. Chiusano whose telephone number is (571)272-5231. The examiner can normally be reached M-F, 10am-6pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Tamara Kyle can be reached at 571-272-4241. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /ANDREW T CHIUSANO/Primary Examiner, Art Unit 2144 Application/Control Number: 17/933,614 Page 2 Art Unit: 2144 Application/Control Number: 17/933,614 Page 3 Art Unit: 2144 Application/Control Number: 17/933,614 Page 4 Art Unit: 2144 Application/Control Number: 17/933,614 Page 5 Art Unit: 2144 Application/Control Number: 17/933,614 Page 7 Art Unit: 2144 Application/Control Number: 17/933,614 Page 8 Art Unit: 2144