DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This is a non-final office action in response to applicant’s preliminary amendment filed on 12/16/2024.
Claims 1-20 are pending and being considered.
Priority
The instant application is a continuation of US application 17/545,831 filed on 12/8/2021, now US Patent No. 12,124,587 B2.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 10/21/2024, 11/7/2024, has been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, initialed and dated copy of Applicant’s IDS forms 1449 filed as stated above is/are attached to the instant Office Action.
Claim Objections
Claims 1-2, 13 are objected to because of the following informalities:
Claim 1 line 4, “instructions that are executable by the system to …” is suggested to read “instructions that are executed by the system to …”.
Claim 2 line 2, “… with the first contract” may read “… with the first smart contract”.
Similarly claim 13 line 3.
Appropriate correction is suggested.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-2, 9, 12-13, are rejected on the ground of nonstatutory double patenting as being anticipated by the corresponding claims of US Patent No. 12,124,587 B2 (hereinafter “’587”), as seen in the table below.
Claim Comparison
Instant Application 18/892,250
US Patent No. 12,124,587 B2
Claim 12 (similarly claim 1). A computer-implemented method, comprising:
deploying a policy smart contract to analyze a first smart contract, analyzing, by the policy smart contract, the first smart contract
to determine a risk score corresponding to the first smart contract;
and in response to determining that the risk score is above a threshold score, restricting users from accessing the first smart contract.
12 (or claim 1). A computer-implemented method, comprising:
deploying, by a first entity, a policy smart contract on a blockchain to analyze a first smart contract deployed by a second entity, wherein the policy smart contract is governed by a set of rules, wherein the policy smart contract performs a first assessment that includes analyzing one or more functionalities of the first smart contract and detecting for one or more vulnerabilities associated with the first smart contract based on the set of rules;
determining a risk score corresponding to the first smart contract based on the analyzing the one or more functionalities of the first smart contract and the detecting;
based on the determined risk score, determining whether to restrict one or more users of a first platform corresponding to the first entity from accessing the first smart contract by users of a first platform corresponding to the first entity.
Claim 2, 13
Claim 1
Claim 9
Claim 6
Examiner Notes
Examiner cites particular paragraphs, columns and line numbers in the references as applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant fully consider the references in entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the examiner.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1, 3, 12, 14 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Diriye et al (US20200118131A1-IDS, hereinafter, "Diriye").
Regarding claim 1, similarly claim 12, Diriye teaches:
A system, a computer-implemented method (Diriye, discloses system and method for executing blockchain transaction based on risk level of smart contract in compliance to rules, see [Abstract]), comprising: a processor; and a non-transitory computer-readable medium having stored thereon computer-executable instructions (Fig. 8, Processing unit 804, Memory 806, and [0007] non-transitory computer readable medium including instructions, that when read by a processor) that are executable by the system to cause the system to perform operations comprising:
deploying a policy smart contract to analyze a first smart contract, analyzing, by the policy smart contract, the first smart contract to determine a risk score corresponding to the first smart contract (e.g., Fig. 1, Risk Assessment Nodes/Peers 108 (i.e., policy smart contract). And [0005] The first blockchain node is configured to receive a request to transfer an asset, and generate a blockchain transaction including a smart contract identifier and one or more parameters. The second blockchain node is configured to obtain one or more rules from a smart contract that corresponds to the smart contract identifier and compare the one or more parameters to the one or more rules to obtain a risk level. And [0042] the system may learn what contract configurations to apply or compose for an individual or business, including analyzing characteristics or properties of the requested contract by analyzing the historical configurations of similar contracts and analyzing context information);
and in response to determining that the risk score is above a threshold score, restricting users from accessing the first smart contract (e.g., [0005] In response to the risk level is greater than a threshold, the second blockchain node is configured to not execute the blockchain transaction (i.e., restricting users from accessing the first smart contract). And [0079] If the calculated risk score is greater than a predetermined threshold, the risk assessment node/peer 430 provides a cancel or fix transaction notification 436 to the asset requestor node or peer 420. And [0089] At block 524, the blockchain transaction is declined if the risk level is greater than the predetermined threshold).
Regarding claim 3, similarly claim 14, Diriye teaches the system of claim 1, the method of claim 12,
Diriye further teaches: the operations further comprising: in response to determining that the risk score is below the threshold score, providing users access to the first smart contract (e.g., [0005] In response to the risk level is not greater than the threshold, the second blockchain node is configured to execute the transaction. And [0079] If the calculated risk score is less than the predetermined threshold, the risk assessment node/peer 430 provides an endorsed transaction notification 437 to the asset provider node or peer 440).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 2, 12 are rejected under 35 U.S.C. 103 as being unpatentable over Diriye as applied above to claim 1, 12 respectively, in view of Park (US20230418951A1, hereinafter, “Park”).
Regarding claim 2, similarly claim 13, Diriye teaches the system of claim 1, the method of claim 12,
While Diriye does not specifically teach the following, in the same field of endeavor Park teaches:
wherein the analyzing the first smart contract comprises detecting a set of vulnerabilities of at least one of policies or functionalities associated with the first contract (Park, discloses apparatus and method for analyzing vulnerabilities of smart contract code, see [Abstract]. And [0033] the method including: a first step of extracting meta-information about input code (i.e., functionalities associated with the first contract), which is source code of a smart contract; a second step of converting the input code into an intermediate representation language based on the meta-information extracted in the first step; a third step of detecting whether there is vulnerable code or a rule violation case …).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Park in the database transaction compliance of Diriye by analyzing vulnerabilities of smart contract code. This would have been obvious because the person having ordinary skill in the art would have been motivated for generating a final vulnerability model by detecting a vulnerability based on the vulnerable code or the rule violation case detected (Park, [Abstract], [0012]).
Claims 4, 15 are rejected under 35 U.S.C. 103 as being unpatentable over Diriye as applied above to claim 1, 12 respectively, in view of Braghin et al (US20210049281A1-IDS, hereinafter, “Braghin”).
Regarding claim 4, similarly claim 15, Diriye teaches the system of claim 1, the method of claim 12,
Diriye further teaches: the operations further comprising: analyzing: a set of smart contracts (e.g., [0042] In some sense, the system may learn what contract configurations to apply or compose for an individual or business, including analyzing characteristics or properties of the requested contract by analyzing the historical configurations of similar contracts and analyzing context information);
While Diriye does not specifically teach the following, in the same field of endeavor Braghin teaches:
analyzing … attacks on a subset of the set of smart contracts (Braghin, discloses system and method for reducing risk of smart contracts in blockchains, see [Abstract]. And [0024] The one or more smart contracts may be accepted or rejected from the secondary blockchain to the primary blockchain according to a risk assessment (i.e., analyzing) to recursive call attack vulnerabilities); and assessing a set of vulnerabilities of the set of smart contracts (e.g., [0071] The smart contract component 440, in association with the blockchain component 460, may accept or reject one or more smart contracts from a secondary blockchain to a primary blockchain according to a risk assessment to recursive call attack vulnerabilities).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Braghin in the database transaction compliance of Diriye by accepting or rejecting smart contracts based on a risk assessment of attack vulnerabilities. This would have been obvious because the person having ordinary skill in the art would have been motivated for reducing risk of smart contracts in blockchains (Braghin, [Abstract]).
Claims 5-8, 11, 16-19 are rejected under 35 U.S.C. 103 as being unpatentable over Diriye as applied above to claim 1, 12 respectively, in view of Karia et al (US20200364358A1, hereinafter, “Karia”).
Regarding claim 5, similarly claim 16, Diriye teaches the system of claim 1, the method of claim 12,
While Diriye does not specifically teach the following, in the same field of endeavor Karia teaches:
the operations further comprising: determining, using a machine learning algorithm, one or more recommendations corresponding to the first smart contract; and providing the one or more recommendations to an entity associated with the first smart contract (Karia, discloses cognitive system and method for managing consent to user data, see [Title]/[Abstract]. And [0049] The system also includes a cognitive engine 140 (also referred to as a cognitive decision engine) which is a cognitive learning and feedback system (i.e., machine learning algorithm). The cognitive engine 140 includes an artificial intelligence (AI) engine 142 that takes input from the entities 130, the blockchain 110, and other sources 150 …, and predicts whether consent and access to user data is allowed based on context Here, the cognitive engine 140 may create or otherwise dynamically control the smart contract 112 to retrieve data from the blockchain (database system 114) based on the context. Furthermore, the cognitive engine 140 may suggest improvements (i.e., recommendations) to the smart contract 112 via an admin blockchain node).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Karia in the database transaction compliance of Diriye by including an artificial intelligence engine in a cognitive decision engine. This would have been obvious because the person having ordinary skill in the art would have been motivated for predicting whether consent and access to user data is allowed based on context and providing implicit consent to user data stored on the blockchain based on context associated with the consent (Karia, [Abstract], [0001], [0049]).
Regarding claim 6, similarly claim 17, Diriye-Karia combination teaches the system of claim 5, the method of claim 16,
Karia further teaches: the operations further comprising: determining whether the first smart contract has been updated based on the one or more recommendations ([0051] The cognitive engine 140 may predict whether consent (implied consent) is given to an entity 130 based on context surrounding a given situation. The prediction of data sharing may also be performed for new participants thus enabling intelligent onboarding of various participants adding new nodes and updating the smart contract 112 accordingly); and in response to determining that the first smart contract has been updated based on the one or more recommendations, analyzing, by the policy smart contract, the first smart contract to determine a new risk score ([0051] For example, based on parental control set by a customer, advertisements that have not been expressly blocked by a child may be prevented such that only appropriate content is shared with the child. The cognitive engine 140 may also include a feedback loop that takes user feedback in contextual cases where implicit consent has been offered & there is some feedback that has been provided by the user for the same). Same motivation as presented in claim 5, 16 would apply.
Regarding claim 7, similarly claim 18, Diriye-Karia combination teaches the system of claim 6, the method of claim 17,
Diriye further teaches: wherein if the new risk score is below the threshold score, providing users access to the first smart contract (e.g., [0088] At block 520, the blockchain transaction is approved if the risk level is less than a predetermined threshold).
Regarding claim 8, similarly claim 19, Diriye-Karia combination teaches the system of claim 5, the method of claim 16,
Karia further teaches: the operations further comprising automatically updating the first smart contract based on the one or more recommendations ([0051] The cognitive engine 140 may predict whether consent (implied consent) is given to an entity 130 based on context surrounding a given situation. The prediction of data sharing may also be performed for new participants thus enabling intelligent onboarding of various participants adding new nodes and updating the smart contract 112 accordingly. For example, based on parental control set by a customer, advertisements that have not been expressly blocked by a child may be prevented such that only appropriate content is shared with the child. The cognitive engine 140 may also include a feedback loop that takes user feedback in contextual cases where implicit consent has been offered & there is some feedback that has been provided by the user for the same). Same motivation as presented in claim 5, 16 would apply.
Regarding claim 11, Diriye-Karia combination teaches the system of claim 5,
Karia further teaches: wherein the entity is a decentralized entity (e.g., [0049] Furthermore, the cognitive engine 140 may suggest improvements (i.e., recommendations) to the smart contract 112 via an admin blockchain node (i.e., decentralized entity)). Same motivation as presented in claim 5 would apply.
Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Diriye-Park as applied above to claim 2, further in view of Park et al (US20230102756A1, hereinafter, “Park2”).
Regarding claim 9, Diriye-Park combination teaches the system of claim 2,
The combination of Diriye-Park does not specifically teach, in the same field of endeavor Park2 teaches:
wherein the detecting a set of vulnerabilities includes detecting one or more decentralized finance (DeFi) related vulnerabilities associated with the first smart contract (Park2, discloses system and method for card-originated payment transaction to the smart contract for processing the transaction, see [Abstract]. And [0090] In addition to utilizing the payment configurations 410 to select from the decentralized finance platforms 416a-416n, in one or more embodiments, the aggregator layer 408 also communicates with the cryptocurrency monitoring manager 412 to select from the decentralized finance platforms 416a-416n. Specifically, the cryptocurrency monitoring manager 412 monitors a market volatility of specific cryptocurrencies. The aggregator layer 408 can obtain volatility measures from the cryptocurrency monitoring manager 412 and determine a risk profile of cryptocurrencies or decentralized finance platforms based on the volatility measures).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Park2 in the database transaction compliance of Diriye-Park by determining risk profile of cryptocurrencies or decentralized finance platforms based on the volatility measures. This would have been obvious because the person having ordinary skill in the art would have been motivated for card transaction rerouting system to select a decentralized finance platform for a particular payment transaction based on the payment configurations (Park2, [Abstract], [0090-91]).
Claims 10, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Diriye-Braghin as applied above to claim 4, 15 respectively, further in view of Karia et al (US20200364358A1, hereinafter, “Karia”).
Regarding claim 10, similarly claim 20, Diriye-Braghin combination teaches the system of claim 4, the method of claim 15,
The combination of Diriye-Braghin does not specifically teach, in the same field of endeavor Karia teaches:
the operations further comprising: determining, using a machine learning algorithm, one or more recommendations corresponding to the first smart contract based on the assessed vulnerabilities of the set of smart contracts; and providing the one or more recommendations to an entity associated with the first smart contract (Karia, discloses cognitive system and method for managing consent to user data, see [Title]/[Abstract]. And [0049] The system also includes a cognitive engine 140 (also referred to as a cognitive decision engine) which is a cognitive learning and feedback system (i.e., machine learning algorithm). The cognitive engine 140 includes an artificial intelligence (AI) engine 142 that takes input from the entities 130, the blockchain 110, and other sources 150 …, and predicts whether consent and access to user data is allowed based on context Here, the cognitive engine 140 may create or otherwise dynamically control the smart contract 112 to retrieve data from the blockchain (database system 114) based on the context. Furthermore, the cognitive engine 140 may suggest improvements (i.e., recommendations) to the smart contract 112 via an admin blockchain node).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Karia in the database transaction compliance of Diriye-Braghin by including an artificial intelligence engine in a cognitive decision engine. This would have been obvious because the person having ordinary skill in the art would have been motivated for predicting whether consent and access to user data is allowed based on context and providing implicit consent to user data stored on the blockchain based on context associated with the consent (Karia, [Abstract], [0001], [0049]).
Citation of References
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following references are cited but not been replied upon for this office action:
Kim (US20210334363A1) discloses secure authentication on a source code for smart contract.
Ragnoli et al (US20200050768A1) discloses system and method for risk assessment of asset leaks in a blockchain.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL M LEE whose telephone number is (571)272-1975. The examiner can normally be reached on M-F: 8:30AM - 5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MICHAEL M LEE/Primary Examiner, Art Unit 2436