DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1.This is a Final Office Action in response to applicant’s amendment filed on December 30, 2025. At this time, claims 1-20 have been cancelled. Claims 32-39 have been withdrawn. Claims 21 and 39 have been amended. Therefore, claims 21-31 and 39-40 are pending and addressed below.
Response to Amendments
As to Claims 21-31 and 39-40, Applicants’ amendment of independent Claims 21 and 39 with newly added feature “ wherein the quarantine component is a network component operating as predicted within the telecommunications network“ [Claims 21-31 and 39-40] have necessitated a new ground(s) of rejection in this Office action. Therefore, Applicants’ arguments filed on 12/30/2025 have been fully considered but are moot in view of the new ground(s) of rejection because the arguments do not apply to any of the updated reference(s) being used in the current rejection.
Examiner’s Note
Applicant is urged to cancel claims 32-38 as they are non-elected claims.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 21-23, 25-31 and 39-40 are rejected under 35 U.S.C 103 as being unpatentable over Griffin, US pat. No US 20210211468 A1 in view of Hussain, US 20180211043 A1.
21. Griffin discloses a non-transitory computer-readable medium whose contents, (See Griffin, abstract; A plurality of compliance event logs are captured over a first time period for a plurality of subscribers of the blockchain facilitator. Each of the logs includes a plurality of field-level components. Each of the components are time stamped via a trusted time stamp token.) when executed by a network component of a telecommunications network, causes the network component to perform a method, (See Griffin, [0004]; A server system is in operative communication with the blockchain system. The server system includes a processor and instructions stored in non-transitory machine-readable media.) the method comprising: provisioning the network component as a quarantine component designated to determine whether at least one node in the telecommunications network has been compromised by a cybersecurity attack to the telecommunications network; (See Griffin, [0025]; the blockchain facilitator 20 provides operations, monitors the operations, generates incident reports in accordance with any findings and decommissions the services, either for a particular subscriber or holistically. The blockchain facilitator's 20 day-to-day operations, internal monitoring and incident reporting are all published to the event blockchain)
performing, via a node of the network component, a blockchain operation with a blockchain that tracks activities within the telecommunications network; (See Griffin [0025]; As shown in FIG. 1, the blockchain facilitator 20 provides operations, monitors the operations, generates incident reports in accordance with any findings and decommissions the services, either for a particular subscriber or holistically. The blockchain facilitator's 20 day-to-day operations, internal monitoring and incident reporting are all published to the event blockchain. Each event log is selectively encrypted and accessible for monitoring by entities that possess the proper credentials. The decommissioning of the service to a single subscriber is published to the blockchain and reviewable by the departing subscriber 60 and/or auditor 80. The published policy and event blockchains allow for a subscriber 60 or auditor 80 to accept, monitor, and decommission the services of the blockchain facilitator 20.)
determining whether the target network component has been compromised by the cybersecurity attack to the telecommunications network based on the performed blockchain operation; (See Griffin [0025-0027]; the blockchain facilitator's 20 day-to-day operations, internal monitoring and incident reporting are all published to the event blockchain. Each event log is selectively encrypted and accessible for monitoring by entities that possess the proper credentials. The decommissioning of the service to a single subscriber is published to the blockchain and reviewable by the departing subscriber 60 and/or auditor 80. The published policy and event blockchains allow for a subscriber 60 or auditor 80 to accept, monitor, and decommission the services of the blockchain facilitator 20) and performing a corrective action within the telecommunications network upon the
determination. (See Griffin, 0039] The compliance event information circuit 120 is structured to organize and publish the information related to the compliance events of the blockchain facilitator in the course of providing services to the blockchain facilitator's subscribers. For example, compliance event information may define that at time A the blockchain facilitator detected a Denial of Service (“DoS”) attack on the services provided to Subscriber A and that at time B the DoS attack was mitigated.)
Griffin does not appear to explicitly disclose provisioning the network component as a quarantine component designated to determine whether at least one node in the telecommunications network has been compromised by a cybersecurity attack to the telecommunications network, wherein the quarantine component is a network component operating as predicted within the telecommunications network;
receiving a message at the network component from a target network component;
However, Husain discloses provisioning the network component as a quarantine component designated to determine whether at least one node in the telecommunications network has been compromised by a cybersecurity attack to the telecommunications network, (See Husain, [0019] The client node 102a can potentially be exposed to computer viruses by virtue of having interconnectivity with outside machines. As protection, the client node 102a can include, for example, security software 107 for executing operations to scan for the presence of and to clean off any computer viruses. An exemplary security software 107 is the SparkSecure® product, by SparkCognition, Inc., Austin, Tex. [0026] In another embodiment, the security content in question is added to blockchain network 101 by individual endpoint systems or servers, such as client node 102a, that are equipped with security software that can identify security transgressions. For example in some embodiments, the security software 107 can identify an IP address that corresponds to a brute force attack directed at the system in question. In some embodiments, the security software 107 can identify a host name corresponding to a source from where a known malware file was downloaded. Upon detection of a security transgression, the client node 102a (also referred to as an endpoint system) can update the relevant information to the blockchain network 101 for use by the other nodes 102a-g.)wherein the quarantine component is a network component operating as predicted within the telecommunications network; (See Husain, [0017] The networked computing environment 100 includes a blockchain network 101 composed of plurality of nodes 102a-g, including a client node 102a, via one or more connections 103. The blockchain network 101 provides client services, such as information retrieval and file serving. [0019] The client node 102a can potentially be exposed to computer viruses by virtue of having interconnectivity with outside machines. As protection, the client node 102a can include, for example, security software 107 for executing operations to scan for the presence of and to clean off any computer viruses. An exemplary security software 107 is the SparkSecure® product, by SparkCognition, Inc., Austin, Tex) receiving a message at the network component from a target network component; (Husain, [0020] Security software 107 must be periodically updated with new computer virus definitions to continue to provide up-to-date anti-virus protection. Thus, the client node 102 can include a SecureUpdateClient 104 module that executes an updating service. The SecureUpdateClient 104 module integrates with security software 107, an API update module 105, and a blockchain client 106 to obtain the security information stored in the distributed file system of the blockchain network 101, for subsequent use in performing virus scanning and cleaning. In some embodiments, such security content or information can be, for example, added by a system or user with a maintainer/administrator (sometimes referred to as a senior validator in Blockchain parlance) authorization or any other system, user, or party responsible for delivering security updates. (receiving message from target network))
Griffin and Husain are analogous art because they are from the same field of endeavor which is blockchain transaction monitoring. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Griffin with the teaching of Husain to include the quarantine component because it would have allowed in general to computer anti-virus detection and distribution and, in particular, to a Blockchain based security ledger to enable security and prevent man in the middle manipulation of content. (See Husain, [0001])
22. The combination of Griffin and Husain discloses the non-transitory computer-readable medium of claim 21, wherein the performing the corrective action further comprises: modifying one or more parameters of the target network component and mitigating the cybersecurity attack to the telecommunications network. (See Griffin, 0039] The compliance event information circuit 120 is structured to organize and publish the information related to the compliance events of the blockchain facilitator in the course of providing services to the blockchain facilitator's subscribers. For example, compliance event information may define that at time A the blockchain facilitator detected a Denial of Service (“DoS”) attack on the services provided to Subscriber A and that at time B the DoS attack was mitigated.)
23. The combination of Griffin and Husain discloses the non-transitory computer-readable medium of claim 21, wherein the method further comprises: monitoring, in real-time, activities of network components within the telecommunications network using the blockchain that tracks the activities of the telecommunications network; (See Griffin, [0026-0027]; The blockchain facilitator 20 may internally monitor the operations; the blockchain facilitator 20 can monitor on a subscriber-by-subscriber basis or holistically. For example, the blockchain facilitator 20 conducts a daily review of the data traffic for the subscriber base and encrypts the event log as restricted information accessible by the entire subscriber base. Upon monitoring the operations, the blockchain facilitator 20 may generate an incident event log for discovered issues or occurrences outside of the practices and policies.)
identifying, during the real-time monitoring of the network components, atypical activities
associated with the target network component; (See Griffin, [0039] The compliance event information circuit 120 is structured to organize and publish the information related to the compliance events of the blockchain facilitator in the course of providing services to the blockchain facilitator's subscribers. For example, compliance event information may define that at time A the blockchain facilitator detected a Denial of Service (“DoS”) attack on the services provided to Subscriber A and that at time B the DoS attack was mitigated. The compliance event information circuit 120 organizes the compliance information as it is generated, facilitating the time stamping of the data and determining the commands for the encryption circuit 122 to selectively restrict the information. For example, the compliance event information circuit 120 would receive the DoS event information upon detection, send the information to the time stamp request circuit 124 to receive a time stamp token and determine that the DoS attack occurred on Subscribers A and B's services, requiring the DoS data information to be encrypted in accordance with the encryption algorithms used for Subscriber A and Subscriber B, respectively.) and determining, based on the identified atypical activities, that the target network component is potentially compromised by the cybersecurity attack. (See Husain [0032]) Griffin and Husain are analogous art because they are from the same field of endeavor which is blockchain transaction monitoring. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Griffin with the teaching of Husain to include the event trigger because it would have allowed it would have allowed in general to computer anti-virus detection and distribution and, in particular, to a Blockchain based security ledger to enable security and prevent man in the middle manipulation of content. (See Husain, [0001])
24. The combination of Griffin and Husain discloses the non-transitory computer-readable medium of claim 21, wherein the node of the network component includes a Javascript script that acts as a blockchain agent of the network component that is configured to operate as a distributed node for the blockchain. (See Husain, [0021] )
Griffin and Husain are analogous art because they are from the same field of endeavor which is blockchain. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Griffin with the teaching of Husain to include the component because it would have allowed in general to computer anti-virus detection and distribution and, in particular, to a Blockchain based security ledger to enable security and prevent man in the middle manipulation of content. (See Husain, [0001])
25. The combination of Griffin and Husain discloses the non-transitory computer-readable medium of claim 21, wherein the method further comprises: performing, by the node of the network component, a transaction to the blockchain that includes a hash of a previous block in the blockchain, a timestamp for the transaction, (See Griffin, [0016] A blockchain is a publicly viewable, append-only, distributed ledger. A blockchain includes multiple blocks, each containing data and a hash of the previous block, thereby linking the blocks in the blockchain. See also [0032]) and transaction data that identifies whether the target network component was determined to be compromised. (See Griffin [0025-0027]; the blockchain facilitator's 20 day-to-day operations, internal monitoring and incident reporting are all published to the event blockchain. Each event log is selectively encrypted and accessible for monitoring by entities that possess the proper credentials. The decommissioning of the service to a single subscriber is published to the blockchain and reviewable by the departing subscriber 60 and/or auditor 80. The published policy and event blockchains allow for a subscriber 60 or auditor 80 to accept, monitor, and decommission the services of the blockchain facilitator 20.)
26. The combination of Griffin and Husain discloses the non-transitory computer-readable medium of claim 21, wherein performing a blockchain operation with the blockchain that tracks activities within the telecommunications network includes comparing contents of the message received from the target network component with contents of previous messages transmitted from the target network component and contained by the blockchain. (See Griffin, [0044])
27. The combination of Griffin and Husain discloses the non-transitory computer-readable medium of claim 21, wherein performing a blockchain operation with the blockchain that tracks activities within the telecommunications network includes comparing identification information within the message received from the target network component with identification information of previous messages transmitted from the target network component and contained by the blockchain. (See Husain, [0024]; See also Griffin, [0044]) Griffin and Husain are analogous art because they are from the same field of endeavor which is blockchain transaction monitoring. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Griffin with the teaching of Husain to include the component because it would have allowed in general to computer anti-virus detection and distribution and, in particular, to a Blockchain based security ledger to enable security and prevent man in the middle manipulation of content. (See Husain, [0001])
28. The combination of Griffin and Husain discloses the non-transitory computer-readable medium of claim 21, wherein determining whether the target network component has been compromised by the cybersecurity attack to the telecommunications network based on the performed blockchain operation includes determining that the target network component has been compromised when information within the message does not match information contained by transactions of the blockchain that are associated with the target network component. (See Husain, [0024]; See also Griffin, [0044]) Griffin and Husain are analogous art because they are from the same field of endeavor which is blockchain transaction monitoring. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Griffin with the teaching of Husain to include the component because it would have allowed in general to computer anti-virus detection and distribution and, in particular, to a Blockchain based security ledger to enable security and prevent man in the middle manipulation of content. (See Husain, [0001])
31. The combination of Griffin and Husain discloses the non-transitory computer-readable medium of claim 21, wherein the method further comprises:
upon determining that the target network component has not been compromised, adding a transaction of the determination to the blockchain that tracks activities within the telecommunications network. (See Griffin [0025]; As shown in FIG. 1, the blockchain facilitator 20 provides operations, monitors the operations, generates incident reports in accordance with any findings and decommissions the services, either for a particular subscriber or holistically. The blockchain facilitator's 20 day-to-day operations, internal monitoring and incident reporting are all published to the event blockchain. Each event log is selectively encrypted and accessible for monitoring by entities that possess the proper credentials. The decommissioning of the service to a single subscriber is published to the blockchain and reviewable by the departing subscriber 60 and/or auditor 80. The published policy and event blockchains allow for a subscriber 60 or auditor 80 to accept, monitor, and decommission the services of the blockchain facilitator 20. See also SUBHEDAR, [0003] )
Griffin and Husain are analogous art because they are from the same field of endeavor which is blockchain transaction monitoring. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Griffin with the teaching of Husain to include the component because it would have allowed in general to computer anti-virus detection and distribution and, in particular, to a Blockchain based security ledger to enable security and prevent man in the middle manipulation of content. (See Husain, [0001])
39. As to claim 39, the claim is rejected under the same rationale as claim 21. See the rejection of claim 1 above.
40. The combination of Griffin and Husain discloses the method of claim 39, wherein the method further comprises: upon determining that the at least one network component has not been compromised, adding a transaction of the determination to the blockchain that tracks transactions of the telecommunications network. (See Griffin [0025]; As shown in FIG. 1, the blockchain facilitator 20 provides operations, monitors the operations, generates incident reports in accordance with any findings and decommissions the services, either for a particular subscriber or holistically. The blockchain facilitator's 20 day-to-day operations, internal monitoring and incident reporting are all published to the event blockchain. Each event log is selectively encrypted and accessible for monitoring by entities that possess the proper credentials. The decommissioning of the service to a single subscriber is published to the blockchain and reviewable by the departing subscriber 60 and/or auditor 80. The published policy and event blockchains allow for a subscriber 60 or auditor 80 to accept, monitor, and decommission the services of the blockchain facilitator 20. )
Griffin and Husain are analogous art because they are from the same field of endeavor which is blockchain transaction monitoring. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Griffin with the teaching of Husain to include the event trigger because it would have allowed in general to computer anti-virus detection and distribution and, in particular, to a Blockchain based security ledger to enable security and prevent man in the middle manipulation of content. (See Husain, [0001])
Claims 29-30 are rejected under 35 U.S.C 103 as being unpatentable over Griffin, US pat. No US 20210211468 A1 in view of Husain, US pat.No US 20180211043 A1 in further view of SUBHEDAR, US pat. No 20160300227.
29. The combination of Griffin and Husain does not appear to explicitly disclose the non-transitory computer-readable medium of claim 21, wherein the network component is a gateway component, an Evolved Node B (eNodeB) component, or charging component of the telecommunications network. However, SUBHEDAR discloses wherein the network component is a gateway component, an Evolved Node B (eNodeB) component, or charging component of the telecommunications network. (See SUBHEDAR, [0021-0022])) Griffin, Husain and SUBHEDAR are analogous art because they are from the same field of endeavor which is blockchain transaction monitoring. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Griffin and Husain with the teaching of SUBHEDAR to include the event trigger because it would have allowed for tracking, predicting, and mitigating advanced persistent threats in networks. (See SUBHEDAR, [0001])
30. The combination of Griffin and Husain does not appear to explicitly disclose discloses the non-transitory computer-readable medium of claim 21, wherein the target network component is a gateway component, a base station, a cell site, or an access point associated with the telecommunications network. However, SUBHEDAR discloses wherein the target network component is a gateway component, a base station, a cell site, or an access point associated with the telecommunications network. (See SUBHEDAR, [0021-0022])) Griffin and SUBHEDAR are analogous art because they are from the same field of endeavor which is blockchain transaction monitoring. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Griffin with the teaching of SUBHEDAR to include the component because it would have allowed for tracking, predicting, and mitigating advanced persistent threats in networks. (See SUBHEDAR, [0001])
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Ajayi, US 20200112572 A1, title “ BLOCKCHAIN ARCHITECTURE FOR COMPUTER SECURITY APPLICATIONS. “
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSNEL JEUDY whose telephone number is (571)270-7476. The examiner can normally be reached M-F 10:00-8:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Arani T Taghi can be reached at (571)272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
Date: 3/17/2026 /JOSNEL JEUDY/Primary Examiner, Art Unit 2438