TECHNIQUES TO PROVIDE SECURE CRYPTOGRAPHIC AUTHENTICATION OF CONTACTLESS CARDS BY DISTRIBUTED ENTITIES

§101 §103

Detailed Action Claims 1-20 are pending and are examined. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Status of Claims Claims 1, 12, and 19 are currently amended. Claims 2 and 4 are cancelled. Claims 21 and 22 are newly added. Response to Remarks 35 U.S.C. § 101 Remark 1: Applicant’s representative asserted “The Final Office Action alleges that claim 1 is directed to the "certain methods of organizing human activity" and "mental processes" subject matter grouping of abstract ideas. The Final Office Action asserts that claim 1 also recites the following additional elements: "a distributed network authentication system,""a client node,""a distributed ledger node in data communication with the client node, wherein the distributed ledger contains a database storing a mapping,""a client device,""database," and "at least one selected from the group of a validation node and a validation node address." Final Office Action, page 7. Applicant respectfully submits that the claimed subject matter does not fall into one of the enumerated subject matter groupings, e.g., mathematical groupings, certain methods of organizing human activity, and mental processes. See MPEP § 2106.04(a) (specifying enumerated subject matter groupings). More specifically, under Step 2A, Prong One of the framework set forth in Alice, Applicant respectfully submits that the claims are not directed to certain methods of organizing human activity. For example, claim 1, as amended, recites: A distributed network authentication system, comprising: a client node; and a distributed ledger node in data communication with the client node, wherein the distributed ledger contains a database storing a mapping; and wherein the client node is configured to: receive, from a client device, an authentication request, and responsive to the authentication request, transmit, to the distributed ledger node, a query comprising an identifier, and wherein the distributed ledger node is configured to: receive, from the client node, the query, submit the query to the database, receive, from the database responsive to the query, an identification of at least one selected from the group of a validation node and a validation node address of the validation node, wherein the validation node is distinct from the distributed ledger node and the validation node is associated with the identifier, transmit, to the client node, the identification; and wherein the client node is further configured to transmit the identification to the client device for communicating with the validation node. Applicant submits that claim 1 is not directed to a method of organizing human activity or a mental process. In contrast, claim 1 recites a distributed network authentication system including "a client node" and "a distributed ledger node in data communication with the client node, wherein the distributed ledger contains a database storing a mapping," where the client node is configured to "receive, from a client device, an authentication request" and "responsive to the authentication request, transmit, to the distributed ledger node, a query comprising an identifier." Claim 1 further recites that the distributed ledger node is configured to "receive, from the client node, the query,""submit the query to the database,""receive, from the database responsive to the query, an identification of at least one selected from the group of a validation node and a validation node address of the validation node, wherein the validation node is distinct from the distributed ledger node and the validation node is associated with the identifier," and "transmit, to the client node, the identification." Claim 1 further recites that "the client node is further configured to transmit the identification to the client device for communicating with the validation node." Accordingly, Applicant submits that claim 1 is not directed to a method of organizing human activity or mental process. Moreover, assuming arguendo that claim 1 was directed to a method of organizing human activity, "not all methods of organizing human activity are abstract ideas." MPEP § 2106.04(a)(2)(II), citing In re Marco Guldenaar Holding B. V., 911 F.3d 1157, 1160-61, 129 USPQ2d 1008, 1011 (Fed. Cir. 2018) ("'a defined set of steps for combining particular ingredients to create a drug formulation' is not a certain 'method of organizing human activity"'). MPEP § 2106.04 provides that, if the claimed subject matter does not fall into one of the subject matter groupings noted above, then the claim is patent eligible except in rare circumstances as in MPEP § 2106.04(III)(C). For at least the reasons set forth above, Applicant submits that claim 1 is patent-eligible.” (Applicant Arguments, 2026-03-11). Response to Remark 1: Applicant argues that claim 1 does not recite an abstract idea because it is framed as a distributed network authentication system using a client node, a distributed ledger node, a database storing a mapping, and a validation node. We are not persuaded. In substance, claim 1 is a process for organizing and routing authentication activity based on identity information, which falls within certain methods of organizing human activity, and it also can be performed mentally or with pen and paper by receiving identifying information, consulting a directory or lookup table, selecting the proper validator, and relaying that result. The recited client node, distributed ledger node, database, client device, and validation node do not remove the claim from the abstract idea category because they merely provide a technological setting in which the abstract routing and identification logic is performed. Remark 2: Applicant’s representative asserted “assuming arguendo that the claimed subject matter is directed to an abstract idea, the analysis proceeds to Prong Two of the Step 2A analysis. Under Prong Two, "examiners should evaluate whether the claim as a whole integrates the recited judicial exception into a practical application of the exception." MPEP §2106.04(d). The MPEP states that "[a] claim that integrates a judicial exception into a practical application will apply, rely on, or use the judicial exception in a manner that imposes a meaningful limit on the judicial exception, such that the claim is more than a drafting effort designed to monopolize the judicial exception." Id. Applicant submits that the claimed subject matter, if considered directed to a judicial exception, integrates the judicial exception into a practical application, includes subject matter that imposes a meaningful limit on the judicial exception, and is more than a drafting effort designed to monopolize the judicial exception. In considering if the claims are directed to a practical application, the MPEP has provided exemplary considerations including: " An additional element reflects an improvement in the functioning of a computer, or an improvement to other technology or technical field (citing MPEP §§ 2106.04(d)(1) and 2106.05(a)); " Applying or using the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception (citing MPEP § 2106.05(e)). The Final Office Action alleges that the claims recite additional elements that "merely serve as a tool to perform the abstract idea." Final Office Action, page 7. Contrary to the allegations in the Final Office Action and as discussed above, the claimed subject matter includes additional elements. The additional elements are recited in claim 1 in a specific technical implementation in a meaningful way beyond merely serving as a tool to perform the alleged abstracted idea as.” (id). Response to Remark 2: Applicant argues that the claims integrate that idea into a practical application because the recited architecture purportedly improves routing, decouples personalization from validation, and scales across multiple issuing and validator entities. We are not persuaded. The additional elements recited in claim 1 are recited at a high level of generality and perform only generic data-processing and communication functions, such as receiving, transmitting, querying, and returning information. The claim does not recite any specific improvement to the functioning of a computer, distributed ledger, database, network protocol, or authentication mechanism itself; rather it uses conventional computer and network components as tools to implement the abstract idea of identifier-based routing to an appropriate validator. The alleged benefits of decoupling and scalability describe an asserted advantage of the abstract routing scheme, not a technological improvement arising from a specific claimed technical solution. Remark 3: Applicant’s representative asserted “Even if, arguendo, claim 1 is directed to an abstract idea under the analysis of Step 2A, which Applicant contends that it is not, the claim includes "significantly more" than any alleged abstract idea and, therefore, would satisfy Step 2B of the Alice framework. For example, the elements recited in claim 1 include a distributed ledge node that contains a database storing a mapping, and the distributed ledge node submits a query to the database and receiving an identification of a validation node and/or the address of the validation node. The Final Office Action asserts that claim 1 does not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements "merely serve as a tool to perform an abstract idea, and generally links the use of the judicial exception to a particular technological environment." Final Office Action, page 8. However, Applicant submits that the claimed invention recites limitations that provide improvements to a technology or technical field. For example, using the identifier for mapping to the proper validation node for performing the authentication provides for decoupling between personalization and validation of a contactless card that may be implemented to provide the identifier. Therefore, the routing responsive to the authentication request, which uses the identifier provided by the client node and the mapping stored by the distribution ledger, is scalable across many issuing entities and validator entities. Specification, paragraphs [0142]-[0143]. Paragraph [0141] of the specification describes that the identifier: ...permits the data payload 1100 to be routed to the appropriate issuing entity for validation (or to the appropriate validator entity if different than the issuing entity). This allows for the decoupling of the issuing entity or the entity that performed personalization of the transmitting device (e.g., when the transmitting device is a contactless card, the contactless card issuing entity) from the validator entity. Accordingly, any validator entity authorized to perform validator, not just the issuing entity or the entity that performed personalization of the transmitting device can be identified in the issuer identification field 1104. Applicant notes that the Final Office Action "should consider whether the claim purport(s) to improve the functioning of the computer itself or "any other technology or technical field." Alice, 134 S. Ct. 2347, 2359, 110 USPQ2d 1976, 1984 (2014). For example, in Affinity Labs of Tex. v. DirecTV, LLC, the Federal Circuit indicated that "an advance in the process of downloading content for streaming" is an improvement in existing technology. Affinity Labs, 838 F.3d 1253, 1256, 120 USPQ2d 1201, 1202 (Fed. Cir. 2016). Thus, like in Affinity Labs, the claimed combination of additional elements recited by claim 1 presents a system that improves a technology. Based at least on the reasons above, amended claim 1 is directed toward patent- eligible subject matter under 35 U.S.C. § 101.” (id). Response to Remark 3: Applicant argues the claim 1 recites significantly more because it includes a distributed ledger node containing a database storing a mapping and because the identifier is used to obtain an identification of a validator node or validation node address. We are not persuaded. The additional elements, considered individually and as an ordered combination, amount to no more than generic computer implementation of the abstract idea: a request is received, an identifier is used to query a mapping, a corresponding validator is identified, and the result is forwarded. That sequence is routine and conventional information processing, and the claim does not recite any specialized hardware, unconventional data structure, specific query technique, technical protocol improvement, or other non-generic implementation details that would amount to significantly more than the abstract idea itself. Nor does the ordered combination transform the claim into patent-eligible subject matter, because the claimed components operate in their expected manner to carry out the abstract routing and identification concept. Accordingly, this contention is unpersuasive. 35 U.S.C. § 102 and § 103 Remark 1: Applicant argues “The Final Office Action notes that Salman does not teach or suggest, and cites column 13, lines 1-4 and 32-35, column 2, lines 37-41, and column 3, lines 50-57, of Rice in reference to "and a validation node address of the validation node, wherein the validation node is distinct from the distributed ledger node and the validation node is associated with the identifier," as recited by claim 1. Final Office Action, p. 29. Rice describes content data is provided to a content validation network comprising a plurality of content validation nodes, one or more of the content validation nodes performs a validation process on the content, and storing a hash of the content and a key associated with the content validation node. The cited portions of Rice do not describe receiving an identifier of a validation node and/or an identifier of a validation node address of the validation node, wherein the validation node is distinct from the distributed ledger node and the validation node is associated with the identifier. Therefore, a distribution ledger node receiving "an identification of at least one selected from the group of a validation node and a validation node address of the validation node, wherein the validation node is distinct from the distributed ledger node and the validation node is associated with the identifier" is not taught or suggested in the cited references. Applicant also notes that Salman fails to teach or suggest a validation node that is distinct from a distributed ledger node. The Final Office Action compares both the "validation node" and the "distributed ledger node" of claim 1, which are distinct nodes, to Salman's authentication server system 200. Final Office Action, p. 28. Therefore, Salman fails to teach or suggest a validation node distinct from the distributed ledger node. Salman also does not teach or suggest receiving "an identification of at least one selected from the group of a validation node and a validation node address of the validation node." The Final Office Action cites paragraph [0038] and [0039] of Salman, which describes that the authentication server system can verify a signature using a public key associated with a blockchain address transmitted by the client device. However, a public key associated with a blockchain address is not an identification of a validation node or an identification of a validation node address of the validation node. Nonetheless, in an effort to expedite prosecution, claim 1 has been amended to recite "wherein the client node is further configured to communicate with the validation node using the identification." Applicant respectfully submits that amended claim 1 contains allowable subject matter. As Salman and Rice do not teach or suggest receiving "an identification of at least one selected from the group of a validation node and a validation node address of the validation node, wherein the validation node is distinct from the distributed ledger node and the validation node is associated with the identifier," the cited references also do not teach or suggest "wherein the client node is further configured to transmit the identification to the client device for communicating with the validation node." . . .Office Action discusses Salman's NAD 195 in reference to "the client node" of claim 1. Final Office Action, p. 25. However, Salman does not teach or suggest that the NAD 195 transmits the identification to the client device. Therefore, Salman fails to teach or suggest that the client node transmits the identification to the client device for communicating with the validation node.”. (id). Response to Remark 1: Examiner respectfully disagrees, as the currently cited references (e.g. Salman and Rice) teach “and wherein the client node is further configured to transmit the identification to the client device for communicating with the validation node.”, as shown at least in col. 7, ln. 15-29, col. 4, ln. 17-27, and Abstract of Rice, and as further outlined in paragraphs 54-55 of this action. Indeed, Salman supplies the claimed architecture in which a client-side/intermediary node receives an authentication request from a client device and communicates with the blockchain-side authorization infrastructure using the clients identifier, while Rice supplies the further step of taking validator-related information obtained from the validation network and passing it onward to the end user device. In Rice, the validation wrapper device obtains content validation results from content validation node 220 or from the blockchain used by the node, and then provides validation data to the content provider device and/or the user device, including data that causes display of a validation indicator and even a network address or ‘click here to learn more’ style interface for follow-on interaction. Accordingly, this contention is unpersuasive. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1, 3, and 5-22 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Claims 1, 3, and 5-11 Step 1 Claims 1, 3, and 5-11 are directed to a computer-implemented system (i.e., machine, and manufacture). Therefore, these claims fall within the four statutory categories of invention, and thus must be further analyzed at Step 2A to determine if the claims are directed to a judicial exception (See MPEP 2106.03, subsection II). Step 2A Prong One In Prong One examiners evaluate whether the claim recites a judicial exception, i.e., whether a law of nature, natural phenomenon, or abstract idea is set forth or described in the claim. Claim 1 recites (i.e., sets forth or describes) an abstract idea of identification of authenticating entities. Specifically, but for the additional elements, the claim under its broadest reasonable interpretation recites limitations grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The certain method of organizing human activity grouping is used to describe fundamental economic principles or practices, commercial or legal interactions, and managing personal behavior or relationships or interactions between people. Fundamental economic principles or practices are relating to the economy and commerce, or recite hedging, insurance, and mitigating risks. Commercial or legal interactions recite agreements in the form of contracts, legal obligations, advertising, marketing or sales activities or behaviors, and business relations. Managing personal behavior or relationships or interactions between people recite social activities, teaching, and following rules or instructions. See MPEP § 2106.04(a)(2), subsection II. Also, but for the additional elements, the claim under its broadest reasonable interpretation recites limitations grouped within the “mental processes” grouping of abstract ideas. The mental processes abstract idea grouping is defined as concepts performed in the human mind, and examples of mental processes recite observations, evaluations, judgments, and opinions. Claims recite a mental process when they recite limitations that can practically be performed in the human mind, with or without the use of a physical aid. The use of a physical aid to help perform a mental step does not negate the mental nature of the limitation, but simply accounts for variations in memory capacity from one person to another. Further, claims can recite a mental process even if they are claimed as being performed on a computer. See MPEP § 2106.04(a)(2), subsection III. The claim limitations reciting the abstract ideas are grouped within the “certain methods of organizing human activity” and “mental processes” grouping of abstract ideas because the limitations recite fundamental economic principles or practices, as they recite mitigating risk, commercial or legal interactions, as they recite sales activities or behaviors, and concepts that can practically be performed in the human mind, with or without the use of a physical aid. More specifically, the following underlined claim elements recite abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). A distributed network authentication system, comprising: a client node; and a distributed ledger node in data communication with the client node, wherein the distributed ledger contains a database storing a mapping; and wherein the client node is configured to: receive, from a client device, an authentication request, and responsive to the authentication request, transmit, to the distributed ledger node, a query comprising an identifier, and wherein the distributed ledger node is configured to: receive, from the client node, the query, submit the query to the database, receive, from the database responsive to the query, an identification of at least one selected from the group of a validation node and a validation node address of the validation node, wherein the validation node is distinct from the distributed ledger node and the validation node is associated with the identifier, and transmit, to the client node, the identification and wherein the client node is further configured to transmit the identification to the client device for communicating with the validation node. Step 2A Prong Two In Prong Two, examiners evaluate whether the claim as a whole integrates the exception into a practical application of that exception. A claim that integrates a judicial exception into a practical application will apply, rely on, or use the judicial exception in a manner that imposes a meaningful limit on the judicial exception, such that the claim is more than a drafting effort designed to monopolize the judicial exception. Here, claim 1 as a whole, looking at the identified additional elements individually and in combination, does not integrate the judicial exception into a practical application. First, the non-underlined additional elements merely serve as a tool to perform the abstract idea (MPEP § 2106.05(f)). Additionally, regarding the specification and claims, there is no improvement in the functioning of a computer or an improvement to other technology or technical field present (MPEP §§ 2106.04(d)(1) and 2106.05(a)), there is no applying or using the judicial exception to effect a particular treatment or prophylaxis for a disease or medical condition present (MPEP § 2106.04(d)(2)), there is no implementing the judicial exception with or using the judicial exception in conjunction with a particular machine or manufacture that is integral to the claim present (MPEP § 2106.05(b)), there is no effecting a transformation or reduction of a particular article to a different state or thing present (MPEP § 2106.05(c)), and there is no applying or using the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment present, such that the claim as a whole is more than a drafting effort designed to monopolize the exception (MPEP § 2106.05(e)). Thus, the claim as a whole is directed to a judicial exception and thus requires further analysis at Step 2B to determine if the claim as a whole, amounts to significantly more than the exception itself (See MPEP 2106.04, subsection II). Step 2B Step 2B determines whether the claim as a whole amount to significantly more than the exception itself. Evaluating additional elements to determine whether they amount to an inventive concept requires considering them both individually and in combination to ensure that they amount to significantly more than the judicial exception itself. Here, the additional elements, taken individually and in combination, do not result in claim 1, as a whole, amounting to significantly more than the judicial exception. As discussed previously with respect to Step 2A, the additional elements merely serve as a tool to perform an abstract idea, and generally links the use of the judicial exception to a particular technological environment. Thus, there is no inventive concept in the claim and thus the claim is not eligible, warranting a rejection for lack of subject matter eligibility and concluding the eligibility analysis. Dependent Claims Claims 3, and 5-11 have also been analyzed. However, the subject matter of these claims also fails to recite patent eligible subject matter for the following reasons: Claim 3 recites the following underlined claim elements as abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The claim recites the abstract idea of authenticating a request from a user. In other words, it recites limitations grouped within the “certain methods of organizing human activity” and “mental processes” grouping of abstract ideas. The non-underlined additional elements fail to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea (MPEP § 2106.05(f)). The distributed network authentication system of claim 1, further comprising: the validation node, wherein the validation node is configured to: communicate with the client device, and perform an authentication relating to the authentication request. Claim 5 recites the following underlined claim elements as abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The claim recites additional details of the authentication process. In other words, it recites limitations grouped within the “certain methods of organizing human activity” and “mental processes” grouping of abstract ideas. The distributed network authentication system of claim 3, wherein the authentication includes at least one selected from the group of a routing number, a software version number, and an applet version number. Claim 6 recites the following underlined claim elements as abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The non-underlined additional elements fail to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea (MPEP § 2106.05(f)). The distributed network authentication system of claim 1, wherein the authentication request comprises an application programming interface (API) call between the client device and the client node. Claim 7 recites the following underlined claim elements as abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The non-underlined additional elements fail to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea (MPEP § 2106.05(f)). The distributed network authentication system of claim 1, wherein the mapping includes at least one selected from the group of a mapping between the validation node address and the 56 validation node, a mapping between a routing number and the validation node address, and a mapping between a routing number and the validation node. Claim 8 recites the following underlined claim elements as abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The claim recites the abstract idea of validation permissions. In other words, it recites limitations grouped within the “certain methods of organizing human activity” and “mental processes” grouping of abstract ideas. The non-underlined additional elements fail to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea (MPEP § 2106.05(f)). The distributed network authentication system of claim 1, wherein: the mapping includes a digital signature associated with an entity, and the entity is permissioned to validate for a particular routing number. Claim 9 recites the following underlined claim elements as abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The non-underlined additional elements fail to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea (MPEP § 2106.05(f)). The distributed network authentication system of claim 1, wherein the mapping includes at least one selected from the group of a software version number and an applet version number. Claim 10 recites the following underlined claim elements as abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The non-underlined additional elements fail to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea (MPEP § 2106.05(f)). The distributed network authentication system of claim 9, wherein the at least one selected from the group of a software version number and an applet version number identifies the validation node. Claim 11 recites the following underlined claim elements as abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The non-underlined additional elements fail to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea (MPEP § 2106.05(f)). The distributed network authentication system of claim 9, wherein the at least one selected from the group of a software version number and an applet version number identifies the validation node address. Claim 21 recites the following underlined claim elements as abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The non-underlined additional elements fail to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea (MPEP § 2106.05(f)). The distributed network authentication system of claim 1, wherein the validation node is associated with a routing number indicating an entity controlling at least one key for performing an authentication responsive to the authentication request. Claim 22 recites the following underlined claim elements as abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The non-underlined additional elements fail to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea (MPEP § 2106.05(f)). The distributed network authentication system of claim 21, wherein the mapping indicates an association between the validation node and the routing number. Claims 12-18 Step 1 Claims 12-18 are directed to a computer-implemented method (i.e., process). Therefore, these claims fall within the four statutory categories of invention, and thus must be further analyzed at Step 2A to determine if the claims are directed to a judicial exception (See MPEP 2106.03, subsection II). Step 2A Prong One In Prong One examiners evaluate whether the claim recites a judicial exception, i.e., whether a law of nature, natural phenomenon, or abstract idea is set forth or described in the claim. Claim 12 recites (i.e., sets forth or describes) an abstract idea of identification of authenticating entities. Specifically, but for the additional elements, the claim under its broadest reasonable interpretation recites limitations grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The certain method of organizing human activity grouping is used to describe fundamental economic principles or practices, commercial or legal interactions, and managing personal behavior or relationships or interactions between people. Fundamental economic principles or practices are relating to the economy and commerce, or recite hedging, insurance, and mitigating risks. Commercial or legal interactions recite agreements in the form of contracts, legal obligations, advertising, marketing or sales activities or behaviors, and business relations. Managing personal behavior or relationships or interactions between people recite social activities, teaching, and following rules or instructions. See MPEP § 2106.04(a)(2), subsection II. Also, but for the additional elements, the claim under its broadest reasonable interpretation recites limitations grouped within the “mental processes” grouping of abstract ideas. The mental processes abstract idea grouping is defined as concepts performed in the human mind, and examples of mental processes recite observations, evaluations, judgments, and opinions. Claims recite a mental process when they recite limitations that can practically be performed in the human mind, with or without the use of a physical aid. The use of a physical aid to help perform a mental step does not negate the mental nature of the limitation, but simply accounts for variations in memory capacity from one person to another. Further, claims can recite a mental process even if they are claimed as being performed on a computer. See MPEP § 2106.04(a)(2), subsection III. The claim limitations reciting the abstract ideas are grouped within the “certain methods of organizing human activity” and “mental processes” grouping of abstract ideas because the limitations recite fundamental economic principles or practices, as they recite mitigating risk, commercial or legal interactions, as they recite sales activities or behaviors, and concepts that can practically be performed in the human mind, with or without the use of a physical aid. More specifically, the following underlined claim elements recite abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). A method performed by a distributed network authentication system comprising a client node and a distributed ledger node, the method comprising: receiving, by the client node from a client device, an authentication request; responsive to the authentication request, transmitting, by the client node to the distributed ledger node, a query comprising an identifier, receiving, by the distributed ledger node from the client node, the query, submitting, by the distributed ledger node, the query to the database, receiving, by the distributed ledger node from the database responsive to the query, an identification of at least one selected from the group of a validation node and a validation node address of the validation node, wherein the validation node is distinct from the distributed ledger node and the validation node is associated with the identifier, and transmitting, by the distributed ledger node to the client node, the identification and transmitting, by the client node to the client device, the identification for communicating with the validation node. Step 2A Prong Two In Prong Two, examiners evaluate whether the claim as a whole integrates the exception into a practical application of that exception. A claim that integrates a judicial exception into a practical application will apply, rely on, or use the judicial exception in a manner that imposes a meaningful limit on the judicial exception, such that the claim is more than a drafting effort designed to monopolize the judicial exception. Here, claim 12 as a whole, looking at the identified additional elements individually and in combination, does not integrate the judicial exception into a practical application. First, the non-underlined additional elements merely serve as a tool to perform the abstract idea (MPEP § 2106.05(f)). Additionally, regarding the specification and claims, there is no improvement in the functioning of a computer or an improvement to other technology or technical field present (MPEP §§ 2106.04(d)(1) and 2106.05(a)), there is no applying or using the judicial exception to effect a particular treatment or prophylaxis for a disease or medical condition present (MPEP § 2106.04(d)(2)), there is no implementing the judicial exception with or using the judicial exception in conjunction with a particular machine or manufacture that is integral to the claim present (MPEP § 2106.05(b)), there is no effecting a transformation or reduction of a particular article to a different state or thing present (MPEP § 2106.05(c)), and there is no applying or using the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment present, such that the claim as a whole is more than a drafting effort designed to monopolize the exception (MPEP § 2106.05(e)). Thus, the claim as a whole is directed to a judicial exception and thus requires further analysis at Step 2B to determine if the claim as a whole, amounts to significantly more than the exception itself (See MPEP 2106.04, subsection II). Step 2B Step 2B determines whether the claim as a whole amount to significantly more than the exception itself. Evaluating additional elements to determine whether they amount to an inventive concept requires considering them both individually and in combination to ensure that they amount to significantly more than the judicial exception itself. Here, the additional elements, taken individually and in combination, do not result in claim 12, as a whole, amounting to significantly more than the judicial exception. As discussed previously with respect to Step 2A, the additional elements merely serve as a tool to perform an abstract idea, and generally links the use of the judicial exception to a particular technological environment. Thus, there is no inventive concept in the claim and thus the claim is not eligible, warranting a rejection for lack of subject matter eligibility and concluding the eligibility analysis. Dependent Claims Claims 13-18 have also been analyzed. However, the subject matter of these claims also fails to recite patent eligible subject matter for the following reasons: Claim 13 recites the following underlined claim elements as abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The claim recites the abstract idea of authenticating a request from a user. In other words, it recites limitations grouped within the “certain methods of organizing human activity” and “mental processes” grouping of abstract ideas. The non-underlined additional elements fail to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea (MPEP § 2106.05(f)). The method of claim 12, wherein: the distributed network authentication system further comprises the validation node, and the method further comprises: communicating, by the client device, with the validation node, and performing, by the validation node, an authentication relating to the authentication request. Claim 14 recites the following underlined claim elements as abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The claim recites the abstract idea of authenticating a request from a user. In other words, it recites limitations grouped within the “certain methods of organizing human activity” and “mental processes” grouping of abstract ideas. The non-underlined additional elements fail to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea (MPEP § 2106.05(f)). The method of claim 13, wherein: the validation node comprises a hardware security module storing one or more keys, and the authentication is performed using the one or more keys. Claim 15 recites the following underlined claim elements as abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The claim recites the abstract idea of notification of routing updates. In other words, it recites limitations grouped within the “certain methods of organizing human activity” and “mental processes” grouping of abstract ideas. The non-underlined additional elements fail to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea (MPEP § 2106.05(f)). The method of claim 12, further comprising transmitting, by the client node to the distributed ledger node, a message updating one or more routing paths for one or more routing numbers. Claim 16 recites the following underlined claim elements as abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The claim recites the abstract idea of routing paths based on user permissions. In other words, it recites limitations grouped within the “certain methods of organizing human activity” and “mental processes” grouping of abstract ideas. The non-underlined additional elements fail to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea (MPEP § 2106.05(f)). The method of claim 15, wherein the client node is assigned one or more permissions allowing the update of the one or more routing paths for the one or more routing numbers. Claim 17 recites the following underlined claim elements as abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The claim recites the abstract idea of routing paths based on user permissions. In other words, it recites limitations grouped within the “certain methods of organizing human activity” and “mental processes” grouping of abstract ideas. The non-underlined additional elements fail to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea (MPEP § 2106.05(f)). The method of claim 16, wherein: the one or more permissions are assigned for one or more entities associated with the client node, and the one or more entities are associated with the one or more routing paths for the one or more routing numbers. Claim 18 recites the following underlined claim elements as abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The claim recites the abstract idea of validating user permissions. In other words, it recites limitations grouped within the “certain methods of organizing human activity” and “mental processes” grouping of abstract ideas. The non-underlined additional elements fail to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea (MPEP § 2106.05(f)). The method of claim 17, further comprising, prior to updating the one or more routing paths for one or more routing numbers, validating, by the distributed ledger node, the one or more permissions. Claim 19 Step 1 Claim 19 is directed to a non-transitory computer-readable medium (i.e., manufacture). Therefore, the claim falls within the four statutory categories of invention, and thus must be further analyzed at Step 2A to determine if the claim is directed to a judicial exception (See MPEP 2106.03, subsection II). Step 2A Prong One In Prong One examiners evaluate whether the claim recites a judicial exception, i.e., whether a law of nature, natural phenomenon, or abstract idea is set forth or described in the claim. Claim 19 recites (i.e., sets forth or describes) an abstract idea of identification of authenticating entities. Specifically, but for the additional elements, the claim under its broadest reasonable interpretation recites limitations grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The certain method of organizing human activity grouping is used to describe fundamental economic principles or practices, commercial or legal interactions, and managing personal behavior or relationships or interactions between people. Fundamental economic principles or practices are relating to the economy and commerce, or recite hedging, insurance, and mitigating risks. Commercial or legal interactions recite agreements in the form of contracts, legal obligations, advertising, marketing or sales activities or behaviors, and business relations. Managing personal behavior or relationships or interactions between people recite social activities, teaching, and following rules or instructions. See MPEP § 2106.04(a)(2), subsection II. Also, but for the additional elements, the claim under its broadest reasonable interpretation recites limitations grouped within the “mental processes” grouping of abstract ideas. The mental processes abstract idea grouping is defined as concepts performed in the human mind, and examples of mental processes recite observations, evaluations, judgments, and opinions. Claims recite a mental process when they recite limitations that can practically be performed in the human mind, with or without the use of a physical aid. The use of a physical aid to help perform a mental step does not negate the mental nature of the limitation, but simply accounts for variations in memory capacity from one person to another. Further, claims can recite a mental process even if they are claimed as being performed on a computer. See MPEP § 2106.04(a)(2), subsection III. The claim limitations reciting the abstract ideas are grouped within the “certain methods of organizing human activity” and “mental processes” grouping of abstract ideas because the limitations recite fundamental economic principles or practices, as they recite mitigating risk, commercial or legal interactions, as they recite sales activities or behaviors, and concepts that can practically be performed in the human mind, with or without the use of a physical aid. More specifically, the following underlined claim elements recite abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). A non-transitory computer-readable medium comprising instructions for execution by a distributed network authentication system comprising a distributed ledger node containing a database, wherein, when executed, the instructions cause the distributed network authentication system to perform procedures comprising: receiving, from a client node, a query comprising an identifier, submitting the query to the database, receive, from the database responsive to the query, an identification of at least one selected from the group of a validation node and a validation node address of the validation node, wherein the validation node is distinct from the distributed ledger node and the validation node is associated with the identifier, and transmit, to the client device via the client node, the identification for communicating with the validation node. Step 2A Prong Two In Prong Two, examiners evaluate whether the claim as a whole integrates the exception into a practical application of that exception. A claim that integrates a judicial exception into a practical application will apply, rely on, or use the judicial exception in a manner that imposes a meaningful limit on the judicial exception, such that the claim is more than a drafting effort designed to monopolize the judicial exception. Here, claim 1 as a whole, looking at the identified additional elements individually and in combination, does not integrate the judicial exception into a practical application. First, the non-underlined additional elements merely serve as a tool to perform the abstract idea (MPEP § 2106.05(f)). Further, the additional element “digital” generally links the use of the judicial exception to a particular technological environment, that being of digital assets (MPEP § 2106.05(h)). Additionally, regarding the specification and claims, there is no improvement in the functioning of a computer or an improvement to other technology or technical field present (MPEP §§ 2106.04(d)(1) and 2106.05(a)), there is no applying or using the judicial exception to effect a particular treatment or prophylaxis for a disease or medical condition present (MPEP § 2106.04(d)(2)), there is no implementing the judicial exception with or using the judicial exception in conjunction with a particular machine or manufacture that is integral to the claim present (MPEP § 2106.05(b)), there is no effecting a transformation or reduction of a particular article to a different state or thing present (MPEP § 2106.05(c)), and there is no applying or using the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment present, such that the claim as a whole is more than a drafting effort designed to monopolize the exception (MPEP § 2106.05(e)). Thus, the claim as a whole is directed to a judicial exception and thus requires further analysis at Step 2B to determine if the claim as a whole, amounts to significantly more than the exception itself (See MPEP 2106.04, subsection II). Step 2B Step 2B determines whether the claim as a whole amount to significantly more than the exception itself. Evaluating additional elements to determine whether they amount to an inventive concept requires considering them both individually and in combination to ensure that they amount to significantly more than the judicial exception itself. Here, the additional elements, taken individually and in combination, do not result in claim 1, as a whole, amounting to significantly more than the judicial exception. As discussed previously with respect to Step 2A, the additional elements merely serve as a tool to perform an abstract idea, and generally links the use of the judicial exception to a particular technological environment. Thus, there is no inventive concept in the claim and thus the claim is not eligible, warranting a rejection for lack of subject matter eligibility and concluding the eligibility analysis. Claim 20 Step 1 Claim 20 is directed to a computer-implemented system (i.e., machine). Therefore, the claim falls within the four statutory categories of invention, and thus must be further analyzed at Step 2A to determine if the claim is directed to a judicial exception (See MPEP 2106.03, subsection II). Step 2A Prong One In Prong One examiners evaluate whether the claim recites a judicial exception, i.e., whether a law of nature, natural phenomenon, or abstract idea is set forth or described in the claim. Claim 20 recites (i.e., sets forth or describes) an abstract idea of identification of authenticating entities. Specifically, but for the additional elements, the claim under its broadest reasonable interpretation recites limitations grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The certain method of organizing human activity grouping is used to describe fundamental economic principles or practices, commercial or legal interactions, and managing personal behavior or relationships or interactions between people. Fundamental economic principles or practices are relating to the economy and commerce, or recite hedging, insurance, and mitigating risks. Commercial or legal interactions recite agreements in the form of contracts, legal obligations, advertising, marketing or sales activities or behaviors, and business relations. Managing personal behavior or relationships or interactions between people recite social activities, teaching, and following rules or instructions. See MPEP § 2106.04(a)(2), subsection II. Also, but for the additional elements, the claim under its broadest reasonable interpretation recites limitations grouped within the “mental processes” grouping of abstract ideas. The mental processes abstract idea grouping is defined as concepts performed in the human mind, and examples of mental processes recite observations, evaluations, judgments, and opinions. Claims recite a mental process when they recite limitations that can practically be performed in the human mind, with or without the use of a physical aid. The use of a physical aid to help perform a mental step does not negate the mental nature of the limitation, but simply accounts for variations in memory capacity from one person to another. Further, claims can recite a mental process even if they are claimed as being performed on a computer. See MPEP § 2106.04(a)(2), subsection III. The claim limitations reciting the abstract ideas are grouped within the “certain methods of organizing human activity” and “mental processes” grouping of abstract ideas because the limitations recite fundamental economic principles or practices, as they recite mitigating risk, commercial or legal interactions, as they recite sales activities or behaviors, and concepts that can practically be performed in the human mind, with or without the use of a physical aid. More specifically, the following underlined claim elements recite abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The non-transitory computer-readable medium of claim 19, wherein: the distributed network authentication system further comprises the client node, and the procedures further comprise: receiving, by the client node from a client device, an authentication request, and responsive to the authentication request, transmitting, by the client node to the distributed ledger node, the query. Step 2A Prong Two In Prong Two, examiners evaluate whether the claim as a whole integrates the exception into a practical application of that exception. A claim that integrates a judicial exception into a practical application will apply, rely on, or use the judicial exception in a manner that imposes a meaningful limit on the judicial exception, such that the claim is more than a drafting effort designed to monopolize the judicial exception. Here, claim 20 as a whole, looking at the identified additional elements individually and in combination, does not integrate the judicial exception into a practical application. First, the non-underlined additional elements merely serve as a tool to perform the abstract idea (MPEP § 2106.05(f)). Additionally, regarding the specification and claims, there is no improvement in the functioning of a computer or an improvement to other technology or technical field present (MPEP §§ 2106.04(d)(1) and 2106.05(a)), there is no applying or using the judicial exception to effect a particular treatment or prophylaxis for a disease or medical condition present (MPEP § 2106.04(d)(2)), there is no implementing the judicial exception with or using the judicial exception in conjunction with a particular machine or manufacture that is integral to the claim present (MPEP § 2106.05(b)), there is no effecting a transformation or reduction of a particular article to a different state or thing present (MPEP § 2106.05(c)), and there is no applying or using the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment present, such that the claim as a whole is more than a drafting effort designed to monopolize the exception (MPEP § 2106.05(e)). Thus, the claim as a whole is directed to a judicial exception and thus requires further analysis at Step 2B to determine if the claim as a whole, amounts to significantly more than the exception itself (See MPEP 2106.04, subsection II). Step 2B Step 2B determines whether the claim as a whole amount to significantly more than the exception itself. Evaluating additional elements to determine whether they amount to an inventive concept requires considering them both individually and in combination to ensure that they amount to significantly more than the judicial exception itself. Here, the additional elements, taken individually and in combination, do not result in claim 20, as a whole, amounting to significantly more than the judicial exception. As discussed previously with respect to Step 2A, the additional elements merely serve as a tool to perform an abstract idea, and generally links the use of the judicial exception to a particular technological environment. Thus, there is no inventive concept in the claim and thus the claim is not eligible, warranting a rejection for lack of subject matter eligibility and concluding the eligibility analysis. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Salman et al. (US 20210021597A1) (hereinafter “Salman”) in view of Rice et al. (US10250381B1) (hereinafter “Rice”) As per Claim 1, 12 and 19, Salman teaches: A distributed network authentication system, comprising: a client node; (“Network access device (NAD) 195 may be configured to provide an entry point to the network for a client device 100 accessing the network.” (Para. 0025); “the NAD 195 may mediate communication between the client device 100 and the authentication server system 200 (e.g., using EAP over RADIUS) during the operations of method 400” (Para. 0033); “as depicted by FIG. 1, depending upon whether the signature was successfully validated, a grant/denial of network access 104 may occur. The NAD 195 may enforce this authentication determination.” (Para. 0039)) and a distributed ledger node (“the authentication server system 200 may authenticate the client using the client's blockchain identity that is persisted on the blockchain network 300” (Para. 0026); “An authentication server system 200 may include a machine readable medium 210, a processing device 220, and a transceiver 230. Machine readable medium 210 may store a blockchain address 211 corresponding to the authentication server system, and a private key 212 and public key 213 corresponding to the blockchain address 211” (Para. 0031 – 0032); “authentication server system 200 may use blockchain network 300 to determine if the private key used by the client device to sign the challenge message (e.g., private key 113) is associated with the blockchain address (e.g., blockchain address 112) transmitted by the client device by attempting to verify the signed response to the challenge message using a public key (e.g., public key 114) corresponding to the blockchain address.” (Para. 0038)) in data communication with the client node (“A client device 100 may be any networked device that is provisioned a blockchain address and accesses a network that has access managed by an authentication server system 200.” (Para. 0024); “At operation 410, the authentication server system 200 receives a blockchain address transmitted by the client device 100 during network access authentication, the blockchain address corresponding to a blockchain network. For example, device 100 may provide a stored client blockchain address 112 in conjunction with network access request 101 as its identity for authentication purposes. In various implementations, the device client device 100 provides only blockchain address 112 as the identity for the purpose of network access authentication. In other implementations, client device 100 may provide blockchain address 112 in addition to a centralized identity. For example, the client device 100 may provide user credentials (e.g., username and password) in addition to blockchain address 112. The user credentials may correspond to credentials stored in a centralized database managed off-chain by server system 200.” (Para. 0034); , wherein the distributed ledger contains a database storing a mapping; and; (“Implementations of the disclosure are directed to leveraging distributed ledger networks to provide a novel way to authenticate and authorize client devices for network access. In accordance with a first set of implementations, a client may be authenticated for network access by using an authentication server to authenticate the client using the client's blockchain address that is persisted in a blockchain network. In such embodiments, the authentication server may participate as a validator node in the blockchain network.” (Para. 0019-0020); “the authentication server system 200 may authenticate the client using the client's blockchain identity that is persisted on the blockchain network 300. The authentication server system 200 may be configured to participate in the blockchain network 300 as a validator node.” (Para. 0026)) wherein the client node is configured to: receive, from a client device, an authentication request, and responsive to the authentication request, transmit, to the distributed ledger node, a query, and wherein the distributed ledger node is configured to: receive, from the client node, (“For example method 400 may be implemented by processing device 220 of authentication server system 200 executing instructions 214. Prior to implementing method 400, the client device 100 may initiate a network access authentication attempt with the NAD 195. As such, it should be noted that the NAD 195 may mediate communication between the client device 100 and the authentication server system 200 (e.g., using EAP over RADIUS) during the operations of method 400. Alternatively, authentication server system 200 may directly communicate with client device 100 during method 400. For example NAD 195 may be directly integrated into authentication server system 200.” (Para. 0033); “At operation 410, the authentication server system 200 receives a blockchain address transmitted by the client device 100 during network access authentication, the blockchain address corresponding to a blockchain network.” (Para. 0034). the query comprising an identifier, (“the term “blockchain address” refers to an identifier for a respective receiver or a sender in a blockchain recorded transaction. For example, a unique blockchain addresses may be associated with a client.” (Para. 0015); “An authentication server system 600 operated by a network service provider may initiate a query 714 to the smart contract 710 to retrieve the information set in the smart contract 710 against the blockchain address.” (Para. 0046); “At operation 830, the authentication server system 600 verifies that client credentials are linked with the provided client blockchain address in the smart contract 710 deployed on the blockchain network 700. The authentication server system 600 may query the smart contract 710 for this information. At operation 840, the authentication server system 600 may query the smart contract 710 to determine whether the network access service requested by the client associated with the credentials and blockchain address can be provided to the client.” (Para. 0052); “Machine readable medium 210 may store a blockchain address 211 corresponding to the authentication server system, and a private key 212 and public key 213 corresponding to the blockchain address 211.” (Para. 0032). submit the query to the database, receive, from the database responsive to the query, an identification of at least one selected from the group of a . . . (“Blockchain network 300 may include a plurality of nodes (e.g., authentication server system 200 and other blockchain nodes 350 and other components as needed depending on the type of blockchain implementation) that may validate transactions used to prove the identity of a client device for authentication purposes.” (Para. 0027); “The authentication server system 200 being a node on blockchain network 300 may enable it to act as a transaction validator, including validating authentication requests and authorization requests for service” (Para. 0038); “Smart contract 710 may be replicated across each copy of a blockchain stored by a permissioned node on blockchain network 700. For example, authentication server 600 and other blockchain nodes 720 may each store a copy of a blockchain including an instance of smart contract 710.” (Para. 0043)) and transmit, to the client node, the identification. (“The authentication server system 200 being a node on blockchain network 300 may enable it to act as a transaction validator, including validating authentication requests and authorization requests for service, further discussed below.” (Para. 0038); “the authentication server system 200 uses at least the blockchain network 300 to determine if the signature used to sign the response to the challenge message is associated with the blockchain address transmitted by the client device. For example authentication server system 200 may use blockchain network 300 to determine if the private key used by the client device to sign the challenge message (e.g., private key 113) is associated with the blockchain address (e.g., blockchain address 112) transmitted by the client device by attempting to verify the signed response to the challenge message using a public key (e.g., public key 114) corresponding to the blockchain address.” (Para. 0038); “Upon successful validation of the signature, the authentication server 200 may deem the authentication as successful and allow network access to the client device 100.” (Para. 0039)). Salman does not disclose: “and a validation node address of the validation node, wherein the validation node is distinct from the distributed ledger node and the validation node is associated with the identifier.” (claim 1). However, as per Claim 1, Rice in the analogous art of blockchain-based authentication systems, teaches: “and a validation node address of the validation node, wherein the validation node is distinct from the distributed ledger node and the validation node is associated with the identifier.”. (“For example, content validation node 220 may access or generate (e.g., using processor 320, memory 330, storage component 340, and/or the like) a blockchain associated with the content data.” (Col. 13, ln. 1-4); “The genesis block may include, for example, a timestamp, and an index value associated with the content provider or the content (e.g., an identifier associated with the content or content provider).” (Col. 13, ln. 32-35); “provide the content data to a content validation network, the content validation network including a plurality of content validation nodes, the content validation network implementing a blockchain network that includes a smart contract for performing content validation.” (Col. 2, ln. 37-41); “The content validation node may then execute a validation process to assess the validity of the content, and store data indicative of a validation result along with storing a hash (or other indicia) of the content and storing a key associated with the content validation node assessing the validity (e.g., for identification, traceability, compensation, and/or the like). The content validation node may append a transaction including the aforementioned information to a block of the content validation blockchain network.” (Col. 3, ln. 50-57)) It would have been obvious to one of ordinary skill in the art before the effective filing date to combine the method of Salman, authenticating network-access clients using a blockchain/distributed ledger that stores client identifiers such as blockchain addresses and is queried to retrieve cryptographic data for validating signatures, with the technique of Rice, using dedicated content-validation nodes whose keys are recorded in blockchain transactions together with content or provider identifiers to provide traceability and an association between each validator and the corresponding identifier, to include configuring Salman’s distributed ledger so that, in response to a identifier-based query, it returns an identification of a validation node that is distinct from the ledger node and associated with that identifier. Therefore, the incentives of modularizing ledger storage and validation, improving scalability and routing, and enabling traceable association between identifiers and validators would have provided a reason to make this adaptation, and the claimed arrangement results from applying known blockchain patterns from Rice to Salman’s authentication system in a predicable manner. Salman does not disclose: “and wherein the . . . is further configured to transmit the identification to the client device for communicating with the validation node.” (claim 1). However, as per Claim 1, Rice in the analogous art of blockchain-based authentication systems, teaches: “and wherein the . . . is further configured to transmit the identification to the client device for communicating with the validation node.”. (“the device may obtain, from the content validation network, validation results associated with the content, and provide, to a user device, data that causes display of a validation indicator with the content.” (Abstract); “a validation wrapper device may interface with the content validation nodes of the content validation network to facilitate the display of the status of the content. For example, the validation wrapper device may provide a service (e.g., a website, an application, a browser extension, file server, and/or the like) capable of obtaining content validation information from the content validation network (e.g., from the blockchain, or the content validation node) and providing the content provider and/or a user device with the data that enables the content provider and/or user device to display the status of the content (e.g., directly, through a website, via email, through an application, through a browser extension, and/or the like).” (Col. 4, ln. 17-27); “the content validation node may provide the content validation data to the content provider device. In some implementations, a validation wrapper device may receive the content validation data (e.g., by accessing the blockchain where the content validation data is stored, or by receiving the content validation data from the content validation node) and provide, or otherwise make available, the content validation data to the content provider device and/or a user device. In the example implementation 100, the content validation data includes data that causes a web page displaying the article to change its background and to also include the language, “Validated Jan. 1, 2018,” to be displayed with the news article. The content validation data may, in this example, include a network address for a web page constructed by the content validation wrapper device.” (Col. 7, ln. 15-29)) It would have been obvious to one of ordinary skill in the art before the effective filing date to combine the method of Salman, in which a client-facing authentication component queries a distributed ledger using an identifier and receives identification information used in the authentication process, with the technique of Rice, in which validator-related information obtained from a content validation network is forwarded to a user device, to include transmitting the identification from the client node to the client device for communicating with the validation node. Therefore, the incentives of enabling the client device to directly use validator identification returned from the ledger would have provided a reason to make this adaptation, and the invention resulted from application of the prior knowledge in a predictable manner. As per Claim 2, Salman teaches: The distributed network authentication system of claim 1, wherein the client node is further configured to transmit the identification to the client device. (“Machine readable medium 210 may store a blockchain address 211 corresponding to the authentication server system, and a private key 212 and public key 213 corresponding to the blockchain address 211. Machine readable medium 210 may also store instructions 214, that when executed by a processing device 220, authenticate a user of client device 100 in accordance with implementations of the disclosure. Transceiver 230 may be to communicate with client device 100 (e.g., via NAD 195). Transceiver 230 may also be to communicate with the blockchain network 300 as part of the process of verifying the identity of the user of client device 100 during authentication.” (Para. 0032); “The authentication server system 200 being a node on blockchain network 300 may enable it to act as a transaction validator, including validating authentication requests and authorization requests for service, further discussed below.” (Para. 0038); “Upon successful validation of the signature, the authentication server 200 may deem the authentication as successful and allow network access to the client device 100. Alternatively, if the signature is not successfully validated, the authentication server 200 may not allow the client device 100 to access the network. For example, as depicted by FIG. 1, depending upon whether the signature was successfully validated, a grant/denial of network access 104 may occur. The NAD 195 may enforce this authentication determination.” (Para. 0039)). As per Claim 3, Salman teaches: The distributed network authentication system of claim 1, further comprising: the validation node, wherein the validation node is configured to: communicate with the client device, and perform an authentication relating to the authentication request. (“Upon successful validation of the signature, the authentication server 200 may deem the authentication as successful and allow network access to the client device 100.” (Para. 0039); “if the signature is not successfully validated, the authentication server 200 may not allow the client device 100 to access the network. For example, as depicted by FIG. 1, depending upon whether the signature was successfully validated, a grant/denial of network access 104 may occur. The NAD 195 may enforce this authentication determination.” (Para. 0039)). As per Claim 4, Salman teaches: The distributed network authentication system of claim 3, wherein the validation node is associated with the validation node address. (“Machine readable medium 210 may store a blockchain address 211 corresponding to the authentication server system, and a private key 212 and public key 213 corresponding to the blockchain address 211. Machine readable medium 210 may also store instructions 214, that when executed by a processing device 220, authenticate a user of client device 100 in accordance with implementations of the disclosure. Transceiver 230 may be to communicate with client device 100 (e.g., via NAD 195). Transceiver 230 may also be to communicate with the blockchain network 300 as part of the process of verifying the identity of the user of client device 100 during authentication.” (Para. 0032); “the authentication server system 200 may authenticate the client using the client's blockchain identity that is persisted on the blockchain network 300. The authentication server system 200 may be configured to participate in the blockchain network 300 as a validator node. Advantageously, in the proposed system, the client associated with client device 100 may not require any network connectivity during authentication. Additionally, the client may not be required to carry out any transaction on the blockchain network for the purpose of authentication.” (Para. 0026). As per Claim 5, Salman teaches: The distributed network authentication system of claim 3, wherein the authentication includes at least one selected from the group of a routing number, (“Machine readable medium 210 may store a blockchain address 211 corresponding to the authentication server system, and a private key 212 and public key 213 corresponding to the blockchain address 211. Machine readable medium 210 may also store instructions 214, that when executed by a processing device 220, authenticate a user of client device 100 in accordance with implementations of the disclosure. Transceiver 230 may be to communicate with client device 100 (e.g., via NAD 195). Transceiver 230 may also be to communicate with the blockchain network 300 as part of the process of verifying the identity of the user of client device 100 during authentication.” (Para. 0032); “as part of an authentication process, further described below, the client device 100 may provide blockchain address 112 to NAD 195 and sign a response message using private key 113.” (Para. 0030). a software version number, and an applet version number (“the authentication server system 200 receives a blockchain address transmitted by the client device 100 during network access authentication, the blockchain address corresponding to a blockchain network. For example, device 100 may provide a stored client blockchain address 112 in conjunction with network access request 101 as its identity for authentication purposes. In various implementations, the device client device 100 provides only blockchain address 112 as the identity for the purpose of network access authentication. In other implementations, client device 100 may provide blockchain address 112 in addition to a centralized identity. For example, the client device 100 may provide user credentials (e.g., username and password) in addition to blockchain address 112.” (Para. 0034). As per Claim 6, Salman teaches: The distributed network authentication system of claim 1, wherein the authentication request comprises an application programming interface (API) call (“the NAD 195 may mediate communication between the client device 100 and the authentication server system 200 (e.g., using EAP over RADIUS) during the operations of method 400” (Para. 0033); “an authentication challenge message is transmitted from the authentication server system 200 to the client device 100” (Para. 0035). between the client device and the client node. (“The authentication challenge message may include a randomly generated string. The client device 100 may respond by creating a response message including a signature created using private key 113 associated with the client blockchain address 112. For example, a signature may be created by using the private key 113 to apply a hash function to the randomly generated string or the randomly generated string and a secret value. The response message may include the hash value and the randomly generated string.” (Para. 0036). As per Claim 7, Salman teaches: The distributed network authentication system of claim 1, wherein the mapping includes at least one selected from the group of a mapping between the validation node address and the 56 validation node, a mapping between a routing number and the validation node address, and a mapping between a routing number and the validation node. (“Machine readable medium 210 may store a blockchain address 211 corresponding to the authentication server system, and a private key 212 and public key 213 corresponding to the blockchain address 211. Machine readable medium 210 may also store instructions 214, that when executed by a processing device 220, authenticate a user of client device 100 in accordance with implementations of the disclosure. Transceiver 230 may be to communicate with client device 100 (e.g., via NAD 195). Transceiver 230 may also be to communicate with the blockchain network 300 as part of the process of verifying the identity of the user of client device 100 during authentication.” (Para. 0032); the authentication server system 200 uses at least the blockchain network 300 to determine if the signature used to sign the response to the challenge message is associated with the blockchain address transmitted by the client device. For example authentication server system 200 may use blockchain network 300 to determine if the private key used by the client device to sign the challenge message (e.g., private key 113) is associated with the blockchain address (e.g., blockchain address 112) transmitted by the client device by attempting to verify the signed response to the challenge message using a public key (e.g., public key 114) corresponding to the blockchain address. Given the response message, the signature, and retrieved public key, authentication server system 200 may determine the authenticity of the response. As part of this verification, authentication server system 200 may retrieve the public key from the blockchain network 300. Alternatively, the authentication server system 200 may comprises a data store of public keys associated with blockchain network 300. The authentication server system 200 being a node on blockchain network 300 may enable it to act as a transaction validator, including validating authentication requests and authorization requests for service” (Para. 0038); “Blockchain network 300 may include a plurality of nodes (e.g., authentication server system 200 and other blockchain nodes 350 and other components as needed depending on the type of blockchain implementation) that may validate transactions used to prove the identity of a client device for authentication purpose” (Para. 0027). As per Claim 8, Salman teaches: The distributed network authentication system of claim 1, wherein: the mapping includes a digital signature associated with an entity, and the entity is permissioned to validate for a particular routing number. (“the authentication server system 200 uses at least the blockchain network 300 to determine if the signature used to sign the response to the challenge message is associated with the blockchain address transmitted by the client device. For example authentication server system 200 may use blockchain network 300 to determine if the private key used by the client device to sign the challenge message (e.g., private key 113) is associated with the blockchain address (e.g., blockchain address 112) transmitted by the client device by attempting to verify the signed response to the challenge message using a public key (e.g., public key 114) corresponding to the blockchain address. Given the response message, the signature, and retrieved public key, authentication server system 200 may determine the authenticity of the response. As part of this verification, authentication server system 200 may retrieve the public key from the blockchain network 300. Alternatively, the authentication server system 200 may comprises a data store of public keys associated with blockchain network 300. The authentication server system 200 being a node on blockchain network 300 may enable it to act as a transaction validator, including validating authentication requests and authorization requests for service.” (Para. 0038); “The authentication challenge message may include a randomly generated string. The client device 100 may respond by creating a response message including a signature created using private key 113 associated with the client blockchain address 112. For example, a signature may be created by using the private key 113 to apply a hash function to the randomly generated string or the randomly generated string and a secret value. The response message may include the hash value and the randomly generated string.” (Para. 0036). As per Claim 9, Salman teaches: The distributed network authentication system of claim 1, wherein the mapping includes at least one selected from the group of a software version number (“Machine readable medium 210 may store a blockchain address 211 corresponding to the authentication server system, and a private key 212 and public key 213 corresponding to the blockchain address 211. Machine readable medium 210 may also store instructions 214, that when executed by a processing device 220, authenticate a user of client device 100 in accordance with implementations of the disclosure. Transceiver 230 may be to communicate with client device 100 (e.g., via NAD 195). Transceiver 230 may also be to communicate with the blockchain network 300 as part of the process of verifying the identity of the user of client device 100 during authentication” (Para. 0032); and an applet version number. (“Machine readable medium 110 may also store instructions 117, that when executed by a processing device 120, enable the client device 100 to authenticate in accordance with implementations described herein. For example, as part of an authentication process, further described below, the client device 100 may provide blockchain address 112 to NAD 195 and sign a response message using private key 113” (Para. 0030); “Blockchain network 300 may include a plurality of nodes (e.g., authentication server system 200 and other blockchain nodes 350 and other components as needed depending on the type of blockchain implementation) that may validate transactions used to prove the identity of a client device for authentication purposes. Some or all blockchain nodes may store a respective copy of a blockchain that contains a chronologically ordered, back-linked list of blocks, including the aforementioned transactions. In some implementations, nodes on blockchain network 300 may be able to write transactions, but not verify transactions. It should be appreciated that although a single authentication server system 200 is illustrated in the example of FIG. 1, other blockchain nodes 350 may also operate as an authentication server.” (Para. 0027). As per Claim 10, Salman teaches: The distributed network authentication system of claim 9, wherein the at least one selected from the group of a software version number (“Machine readable medium 210 may store a blockchain address 211 corresponding to the authentication server system, and a private key 212 and public key 213 corresponding to the blockchain address 211. Machine readable medium 210 may also store instructions 214, that when executed by a processing device 220, authenticate a user of client device 100 in accordance with implementations of the disclosure. Transceiver 230 may be to communicate with client device 100 (e.g., via NAD 195). Transceiver 230 may also be to communicate with the blockchain network 300 as part of the process of verifying the identity of the user of client device 100 during authentication.” (Para. 0032)); and an applet version number identifies the validation node. (“the authentication server system 200 may authenticate the client using the client's blockchain identity that is persisted on the blockchain network 300. The authentication server system 200 may be configured to participate in the blockchain network 300 as a validator node. Advantageously, in the proposed system, the client associated with client device 100 may not require any network connectivity during authentication.” (Para. 0026); “the authentication server system 200 uses at least the blockchain network 300 to determine if the signature used to sign the response to the challenge message is associated with the blockchain address transmitted by the client device. For example authentication server system 200 may use blockchain network 300 to determine if the private key used by the client device to sign the challenge message (e.g., private key 113) is associated with the blockchain address (e.g., blockchain address 112) transmitted by the client device by attempting to verify the signed response to the challenge message using a public key (e.g., public key 114) corresponding to the blockchain address. Given the response message, the signature, and retrieved public key, authentication server system 200 may determine the authenticity of the response. As part of this verification, authentication server system 200 may retrieve the public key from the blockchain network 300. Alternatively, the authentication server system 200 may comprises a data store of public keys associated with blockchain network 300. The authentication server system 200 being a node on blockchain network 300 may enable it to act as a transaction validator, including validating authentication requests and authorization requests for service” (Para. 0038)). As per Claim 11, Salman teaches: The distributed network authentication system of claim 9, wherein the at least one selected from the group of a software version number (“Machine readable medium 210 may store a blockchain address 211 corresponding to the authentication server system, and a private key 212 and public key 213 corresponding to the blockchain address 211. Machine readable medium 210 may also store instructions 214, that when executed by a processing device 220, authenticate a user of client device 100 in accordance with implementations of the disclosure. Transceiver 230 may be to communicate with client device 100 (e.g., via NAD 195). Transceiver 230 may also be to communicate with the blockchain network 300 as part of the process of verifying the identity of the user of client device 100 during authentication.” (Para. 0032)); and an applet version number identifies the validation node address. (“the authentication server system 200 uses at least the blockchain network 300 to determine if the signature used to sign the response to the challenge message is associated with the blockchain address transmitted by the client device. For example authentication server system 200 may use blockchain network 300 to determine if the private key used by the client device to sign the challenge message (e.g., private key 113) is associated with the blockchain address (e.g., blockchain address 112) transmitted by the client device by attempting to verify the signed response to the challenge message using a public key (e.g., public key 114) corresponding to the blockchain address. Given the response message, the signature, and retrieved public key, authentication server system 200 may determine the authenticity of the response. As part of this verification, authentication server system 200 may retrieve the public key from the blockchain network 300. Alternatively, the authentication server system 200 may comprises a data store of public keys associated with blockchain network 300. The authentication server system 200 being a node on blockchain network 300 may enable it to act as a transaction validator, including validating authentication requests and authorization requests for service” (Para. 0038). As per Claim 13, Salman teaches: The method of claim 12, wherein: the distributed network authentication system further comprises the validation node, and the method further comprises: communicating, by the client device, with the validation node, and performing, by the validation node, an authentication relating to the authentication request. (“Upon successful validation of the signature, the authentication server 200 may deem the authentication as successful and allow network access to the client device 100.” (Para. 0039); “if the signature is not successfully validated, the authentication server 200 may not allow the client device 100 to access the network. For example, as depicted by FIG. 1, depending upon whether the signature was successfully validated, a grant/denial of network access 104 may occur. The NAD 195 may enforce this authentication determination.” (Para. 0039); “Machine readable medium 210 may store a blockchain address 211 corresponding to the authentication server system, and a private key 212 and public key 213 corresponding to the blockchain address 211. Machine readable medium 210 may also store instructions 214, that when executed by a processing device 220, authenticate a user of client device 100 in accordance with implementations of the disclosure. Transceiver 230 may be to communicate with client device 100 (e.g., via NAD 195). Transceiver 230 may also be to communicate with the blockchain network 300 as part of the process of verifying the identity of the user of client device 100 during authentication” (Para. 0032). As per Claim 14, Salman teaches: The method of claim 13, wherein: the validation node comprises a hardware security module (“Machine readable medium 210 may store a blockchain address 211 corresponding to the authentication server system, and a private key 212 and public key 213 corresponding to the blockchain address 211. Machine readable medium 210 may also store instructions 214, that when executed by a processing device 220, authenticate a user of client device 100 in accordance with implementations of the disclosure. Transceiver 230 may be to communicate with client device 100 (e.g., via NAD 195). Transceiver 230 may also be to communicate with the blockchain network 300 as part of the process of verifying the identity of the user of client device 100 during authentication.” (Para. 0032); storing one or more keys, and the authentication is performed using the one or more keys. (“Machine readable medium 110 may also store instructions 117, that when executed by a processing device 120, enable the client device 100 to authenticate in accordance with implementations described herein. For example, as part of an authentication process, further described below, the client device 100 may provide blockchain address 112 to NAD 195 and sign a response message using private key 113.” (Para. 0030). As per Claim 15, Salman teaches: The method of claim 12, further comprising transmitting, by the client node to the distributed ledger node, a message updating one or more routing paths for one or more routing numbers. (“execution of code contained in the smart contract 710 may be triggered by a variety of inputs that may be received from client device 500 or permissioned nodes 720 (e.g., authentication server system 600) operating on blockchain network 700. For example, during a registration process, the smart contract may receive the client's credentials 711 that it uses for network authentication (e.g., username, password) and a blockchain address associated with the client (e.g., stored in a blockchain wallet). In some implementations, the client device may invoke an appropriate registration method with the smart contract 710 and provide these inputs (credentials and blockchain address) to the smart contract. As part of the registration process, the client may also specify a level of network access service 712 that the client requires and may be used during network authorization. For example, the client may specify a certain bandwidth tier (e.g. “Basic,” “Premium,” “Plus,” etc.) of network access service and/or amount of data to access for a given time period.” (Para. 0044); “An authentication server system 600 operated by a network service provider may initiate a query 714 to the smart contract 710 to retrieve the information set in the smart contract 710 against the blockchain address used by the client during the aforementioned registration process by the client. In some implementations, the authentication server system 600 may invoke the appropriate method in the smart contract 710 for this information retrieval process. An authentication server system 600 may also initiate a query 715 to deduct cryptocurrency pledged by the client for providing network access services according to the level requested by the client during the registration process discussed above. In some implementations, the authentication server system 600 may invoke the appropriate method in the smart 710 for this process for consuming the pledged cryptocurrency” (Para. 0046); “Upon execution of the code, smart contract 710 may perform certain on-chain actions 718 (e.g., register or deregister the client, deduct cryptocurrency from the client blockchain address for network access, return remaining cryptocurrency to the client blockchain address during deregistration) and/or perform certain off-chain actions 717 (e.g., cause authentication server system to authorize the client based on query 714” (Para. 0047). As per Claim 16, Salman teaches: The method of claim 15, wherein the client node is assigned one or more permissions allowing the update of the one or more routing paths for the one or more routing numbers. (“Blockchain network 300 may include a plurality of nodes (e.g., authentication server system 200 and other blockchain nodes 350 and other components as needed depending on the type of blockchain implementation) that may validate transactions used to prove the identity of a client device for authentication purposes. Some or all blockchain nodes may store a respective copy of a blockchain that contains a chronologically ordered, back-linked list of blocks, including the aforementioned transactions. In some implementations, nodes on blockchain network 300 may be able to write transactions, but not verify transactions. It should be appreciated that although a single authentication server system 200 is illustrated in the example of FIG. 1, other blockchain nodes 350 may also operate as an authentication server” (Para. 0027); “the authentication server system 200 uses at least the blockchain network 300 to determine if the signature used to sign the response to the challenge message is associated with the blockchain address transmitted by the client device. For example authentication server system 200 may use blockchain network 300 to determine if the private key used by the client device to sign the challenge message (e.g., private key 113) is associated with the blockchain address (e.g., blockchain address 112) transmitted by the client device by attempting to verify the signed response to the challenge message using a public key (e.g., public key 114) corresponding to the blockchain address. Given the response message, the signature, and retrieved public key, authentication server system 200 may determine the authenticity of the response. As part of this verification, authentication server system 200 may retrieve the public key from the blockchain network 300. Alternatively, the authentication server system 200 may comprises a data store of public keys associated with blockchain network 300. The authentication server system 200 being a node on blockchain network 300 may enable it to act as a transaction validator, including validating authentication requests and authorization requests for service” (Para. 0038); “An authentication server system 600 operated by a network service provider may initiate a query 714 to the smart contract 710 to retrieve the information set in the smart contract 710 against the blockchain address used by the client during the aforementioned registration process by the client. In some implementations, the authentication server system 600 may invoke the appropriate method in the smart contract 710 for this information retrieval process. An authentication server system 600 may also initiate a query 715 to deduct cryptocurrency pledged by the client for providing network access services according to the level requested by the client during the registration process discussed above. In some implementations, the authentication server system 600 may invoke the appropriate method in the smart 710 for this process for consuming the pledged cryptocurrency.” (Para. 0046). As per Claim 17, Salman teaches: The method of claim 16, wherein: the one or more permissions are assigned for one or more entities associated with the client node, and the one or more entities are associated with the one or more routing paths for the one or more routing numbers. (“An authentication server system 600 operated by a network service provider may initiate a query 714 to the smart contract 710 to retrieve the information set in the smart contract 710 against the blockchain address used by the client during the aforementioned registration process by the client. In some implementations, the authentication server system 600 may invoke the appropriate method in the smart contract 710 for this information retrieval process. An authentication server system 600 may also initiate a query 715 to deduct cryptocurrency pledged by the client for providing network access services according to the level requested by the client during the registration process discussed above. In some implementations, the authentication server system 600 may invoke the appropriate method in the smart 710 for this process for consuming the pledged cryptocurrency.” (Para. 0046).; “Upon execution of the code, smart contract 710 may perform certain on-chain actions 718 (e.g., register or deregister the client, deduct cryptocurrency from the client blockchain address for network access, return remaining cryptocurrency to the client blockchain address during deregistration) and/or perform certain off-chain actions 717 (e.g., cause authentication server system to authorize the client based on query 714) as discussed above” (Para. 0047); “Blockchain network 300 may include a plurality of nodes (e.g., authentication server system 200 and other blockchain nodes 350 and other components as needed depending on the type of blockchain implementation) that may validate transactions used to prove the identity of a client device for authentication purposes. Some or all blockchain nodes may store a respective copy of a blockchain that contains a chronologically ordered, back-linked list of blocks, including the aforementioned transactions. In some implementations, nodes on blockchain network 300 may be able to write transactions, but not verify transactions. It should be appreciated that although a single authentication server system 200 is illustrated in the example of FIG. 1, other blockchain nodes 350 may also operate as an authentication server.” (Para. 0027). As per Claim 18, Salman teaches: The method of claim 17, further comprising, prior to updating the one or more routing paths for one or more routing numbers, validating, by the distributed ledger node, the one or more permissions. (“the authentication server system 200 uses at least the blockchain network 300 to determine if the signature used to sign the response to the challenge message is associated with the blockchain address transmitted by the client device. For example authentication server system 200 may use blockchain network 300 to determine if the private key used by the client device to sign the challenge message (e.g., private key 113) is associated with the blockchain address (e.g., blockchain address 112) transmitted by the client device by attempting to verify the signed response to the challenge message using a public key (e.g., public key 114) corresponding to the blockchain address. Given the response message, the signature, and retrieved public key, authentication server system 200 may determine the authenticity of the response. As part of this verification, authentication server system 200 may retrieve the public key from the blockchain network 300. Alternatively, the authentication server system 200 may comprises a data store of public keys associated with blockchain network 300. The authentication server system 200 being a node on blockchain network 300 may enable it to act as a transaction validator, including validating authentication requests and authorization requests for service” (Para. 0038); “Upon execution of the code, smart contract 710 may perform certain on-chain actions 718 (e.g., register or deregister the client, deduct cryptocurrency from the client blockchain address for network access, return remaining cryptocurrency to the client blockchain address during deregistration) and/or perform certain off-chain actions 717 (e.g., cause authentication server system to authorize the client based on query 714)” (Para. 0047); “Blockchain network 300 may include a plurality of nodes (e.g., authentication server system 200 and other blockchain nodes 350 and other components as needed depending on the type of blockchain implementation) that may validate transactions used to prove the identity of a client device for authentication purposes. Some or all blockchain nodes may store a respective copy of a blockchain that contains a chronologically ordered, back-linked list of blocks, including the aforementioned transactions. In some implementations, nodes on blockchain network 300 may be able to write transactions, but not verify transactions. It should be appreciated that although a single authentication server system 200 is illustrated in the example of FIG. 1, other blockchain nodes 350 may also operate as an authentication server.” (Para. 0027). As per Claim 20, Salman teaches: The non-transitory computer-readable medium of claim 19, wherein: the distributed network authentication system further comprises the client node, (“Network access device (NAD) 195 may be configured to provide an entry point to the network for a client device 100 accessing the network.” (Para. 0025); “the NAD 195 may mediate communication between the client device 100 and the authentication server system 200 (e.g., using EAP over RADIUS) during the operations of method 400” (Para. 0033); “as depicted by FIG. 1, depending upon whether the signature was successfully validated, a grant/denial of network access 104 may occur. The NAD 195 may enforce this authentication determination.” (Para. 0039) and the procedures further comprise: (“Implementations of the disclosure are directed to leveraging distributed ledger networks to provide a novel way to authenticate and authorize client devices for network access. In accordance with a first set of implementations, a client may be authenticated for network access by using an authentication server to authenticate the client using the client's blockchain address that is persisted in a blockchain network. In such embodiments, the authentication server may participate as a validator node in the blockchain network.” (Para. 0019-0020); “the authentication server system 200 may authenticate the client using the client's blockchain identity that is persisted on the blockchain network 300. The authentication server system 200 may be configured to participate in the blockchain network 300 as a validator node.” (Para. 0026)) receiving, by the client node from a client device, an authentication request, and responsive to the authentication request, transmitting, by the client node to the distributed ledger node, (“the authentication server system 200 may authenticate the client using the client's blockchain identity that is persisted on the blockchain network 300” (Para. 0026); “An authentication server system 200 may include a machine readable medium 210, a processing device 220, and a transceiver 230. Machine readable medium 210 may store a blockchain address 211 corresponding to the authentication server system, and a private key 212 and public key 213 corresponding to the blockchain address 211” (Para. 0031 – 0032); “authentication server system 200 may use blockchain network 300 to determine if the private key used by the client device to sign the challenge message (e.g., private key 113) is associated with the blockchain address (e.g., blockchain address 112) transmitted by the client device by attempting to verify the signed response to the challenge message using a public key (e.g., public key 114) corresponding to the blockchain address.” (Para. 0038)) the query. (“For example method 400 may be implemented by processing device 220 of authentication server system 200 executing instructions 214. Prior to implementing method 400, the client device 100 may initiate a network access authentication attempt with the NAD 195. As such, it should be noted that the NAD 195 may mediate communication between the client device 100 and the authentication server system 200 (e.g., using EAP over RADIUS) during the operations of method 400. Alternatively, authentication server system 200 may directly communicate with client device 100 during method 400. For example NAD 195 may be directly integrated into authentication server system 200.” (Para. 0033); “At operation 410, the authentication server system 200 receives a blockchain address transmitted by the client device 100 during network access authentication, the blockchain address corresponding to a blockchain network.” (Para. 0034); “The authentication server system 200 being a node on blockchain network 300 may enable it to act as a transaction validator, including validating authentication requests and authorization requests for service, further discussed below.” (Para. 0038); “the authentication server system 200 uses at least the blockchain network 300 to determine if the signature used to sign the response to the challenge message is associated with the blockchain address transmitted by the client device. For example authentication server system 200 may use blockchain network 300 to determine if the private key used by the client device to sign the challenge message (e.g., private key 113) is associated with the blockchain address (e.g., blockchain address 112) transmitted by the client device by attempting to verify the signed response to the challenge message using a public key (e.g., public key 114) corresponding to the blockchain address.” (Para. 0038); “Upon successful validation of the signature, the authentication server 200 may deem the authentication as successful and allow network access to the client device 100.” (Para. 0039)). As per Claim 21, Salman teaches: The distributed network authentication system of claim 1, wherein the . . . for performing an authentication responsive to the authentication request. (“Machine readable medium 210 may store a blockchain address 211 corresponding to the authentication server system, and a private key 212 and public key 213 corresponding to the blockchain address 211. Machine readable medium 210 may also store instructions 214, that when executed by a processing device 220, authenticate a user of client device 100 in accordance with implementations of the disclosure. Transceiver 230 may be to communicate with client device 100 (e.g., via NAD 195). Transceiver 230 may also be to communicate with the blockchain network 300 as part of the process of verifying the identity of the user of client device 100 during authentication.” (Para. 0032); “the authentication server system 200 may authenticate the client using the client's blockchain identity that is persisted on the blockchain network 300. The authentication server system 200 may be configured to participate in the blockchain network 300 as a validator node. Advantageously, in the proposed system, the client associated with client device 100 may not require any network connectivity during authentication. Additionally, the client may not be required to carry out any transaction on the blockchain network for the purpose of authentication.” (Para. 0026). Salman does not disclose: “validation node is associated with a routing number indicating an entity controlling at least one key.” (claim 1). However, as per Claim 1, Rice in the analogous art of blockchain-based authentication systems, teaches: “validation node is associated with a routing number indicating an entity controlling at least one key.”. (“the device may obtain, from the content validation network, validation results associated with the content, and provide, to a user device, data that causes display of a validation indicator with the content.” (Abstract); “a validation wrapper device may interface with the content validation nodes of the content validation network to facilitate the display of the status of the content. For example, the validation wrapper device may provide a service (e.g., a website, an application, a browser extension, file server, and/or the like) capable of obtaining content validation information from the content validation network (e.g., from the blockchain, or the content validation node) and providing the content provider and/or a user device with the data that enables the content provider and/or user device to display the status of the content (e.g., directly, through a website, via email, through an application, through a browser extension, and/or the like).” (Col. 4, ln. 17-27); “the content validation node may provide the content validation data to the content provider device. In some implementations, a validation wrapper device may receive the content validation data (e.g., by accessing the blockchain where the content validation data is stored, or by receiving the content validation data from the content validation node) and provide, or otherwise make available, the content validation data to the content provider device and/or a user device. In the example implementation 100, the content validation data includes data that causes a web page displaying the article to change its background and to also include the language, “Validated Jan. 1, 2018,” to be displayed with the news article. The content validation data may, in this example, include a network address for a web page constructed by the content validation wrapper device.” (Col. 7, ln. 15-29)) It would have been obvious to one of ordinary skill in the art before the effective filing date to combine the method of Salman, in which a client-facing authentication component queries a distributed ledger using an identifier and receives identification information used in the authentication process, with the technique of Rice, in which validator-related information obtained from a content validation network is forwarded to a user device, to include transmitting the identification from the client node to the client device for communicating with the validation node. Therefore, the incentives of enabling the client device to directly use validator identification returned from the ledger would have provided a reason to make this adaptation, and the invention resulted from application of the prior knowledge in a predictable manner. As per Claim 22, Salman teaches: The distributed network authentication system of claim 21, wherein the mapping indicates an association between the . . . and the routing number. (“Machine readable medium 210 may store a blockchain address 211 corresponding to the authentication server system, and a private key 212 and public key 213 corresponding to the blockchain address 211. Machine readable medium 210 may also store instructions 214, that when executed by a processing device 220, authenticate a user of client device 100 in accordance with implementations of the disclosure. Transceiver 230 may be to communicate with client device 100 (e.g., via NAD 195). Transceiver 230 may also be to communicate with the blockchain network 300 as part of the process of verifying the identity of the user of client device 100 during authentication.” (Para. 0032); “the authentication server system 200 may authenticate the client using the client's blockchain identity that is persisted on the blockchain network 300. The authentication server system 200 may be configured to participate in the blockchain network 300 as a validator node. Advantageously, in the proposed system, the client associated with client device 100 may not require any network connectivity during authentication. Additionally, the client may not be required to carry out any transaction on the blockchain network for the purpose of authentication.” (Para. 0026). Salman does not disclose: “validation node” (claim 1). However, as per Claim 1, Rice in the analogous art of blockchain-based authentication systems, teaches: “validation node.”. (“the device may obtain, from the content validation network, validation results associated with the content, and provide, to a user device, data that causes display of a validation indicator with the content.” (Abstract); “a validation wrapper device may interface with the content validation nodes of the content validation network to facilitate the display of the status of the content. For example, the validation wrapper device may provide a service (e.g., a website, an application, a browser extension, file server, and/or the like) capable of obtaining content validation information from the content validation network (e.g., from the blockchain, or the content validation node) and providing the content provider and/or a user device with the data that enables the content provider and/or user device to display the status of the content (e.g., directly, through a website, via email, through an application, through a browser extension, and/or the like).” (Col. 4, ln. 17-27); “the content validation node may provide the content validation data to the content provider device. In some implementations, a validation wrapper device may receive the content validation data (e.g., by accessing the blockchain where the content validation data is stored, or by receiving the content validation data from the content validation node) and provide, or otherwise make available, the content validation data to the content provider device and/or a user device. In the example implementation 100, the content validation data includes data that causes a web page displaying the article to change its background and to also include the language, “Validated Jan. 1, 2018,” to be displayed with the news article. The content validation data may, in this example, include a network address for a web page constructed by the content validation wrapper device.” (Col. 7, ln. 15-29)) It would have been obvious to one of ordinary skill in the art before the effective filing date to combine the method of Salman, in which a client-facing authentication component queries a distributed ledger using an identifier and receives identification information used in the authentication process, with the technique of Rice, in which validator-related information obtained from a content validation network is forwarded to a user device, to include transmitting the identification from the client node to the client device for communicating with the validation node. Therefore, the incentives of enabling the client device to directly use validator identification returned from the ledger would have provided a reason to make this adaptation, and the invention resulted from application of the prior knowledge in a predictable manner. Conclusion The following prior art made of record and not relied upon is considered pertinent to applicant's disclosure: US Patent 9722790 (Ebrahimi), discussing methods for “managing the identity of users and of identifying those users to third parties. . . [where] logic on a first remote device receives a first transaction number and personal data transmitted from a second remote device. The first transaction number was received from a distributed public database in response to a transmission, from the second remote device, of a signed hash value and a first public key associated with a first private key on the second remote device.” Any inquiry concerning this communication or earlier communications from the examiner should be directed to Justin A. Jimenez whose telephone number is (571) 270-3080. The examiner can normally be reached on 8:30 AM - 5:00 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W. Hayes can be reached on 571-272-6708. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Justin Jimenez/ Patent Examiner, Art Unit 3697 /JOHN W HAYES/Supervisory Patent Examiner, Art Unit 3697