DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 6 recites the limitation "a time determined by the server…" in line 3 of claim 6.  There is insufficient antecedent basis for this limitation in the claim.  Any claim not specifically addressed above is being rejected as incorporating the deficiencies of a claim upon which it depends.
Claim 6 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the 
Claim 6 depends on claim 5 and recites “a time determined by the data module and a time determined by the server”. This raises a question whether or not this is actually referring to the time which is determined independently by the data module and the server as it is recited in parent claim 5.
This makes the claim ambiguous and not clear. For this reason the scope of this particular claim can’t be determined.  

Dependent claims 7-8 which depends on the above parent claim 6 carries the deficiencies of the parent claim are rejected likewise.


Response to Arguments
Regarding applicant’s argument on page 12 and 13 that “The above-mentioned features of claim 1 are not rendered obvious over the applied art.  For example, Applicant respectfully submits that none of the cited references teach or suggest a server and data module (1.3., two separate entities communicatively coupled over a data network) that each separately generate respective first and second authentication keys based on a private key and a time, as it is in claim 1.”  Examiner respectfully disagrees and explains that his interpretation of the claim language with regards to the reference Spencer et al. (US Patent No. 9,980,140), sever communicating with client device and data module respectively are 
Applicant’s argument with respect to claim interpretation of claims 1-4 under 35 U.S.C. 112(f) is persuasive and thus the claim interoperation under 35 U.S.C. 112(f) is withdrawn as the applicant has made it clearer while referring to the specification that is consistent with the scope and of the language of the claims.
Applicant’s argument with respect to rejection of claim 1-4 under 35 U.S.C. 112(b) is persuasive based on clarifications made by the applicant for data module as a network-connected software application and/or device such as the Remote Link 102 in figure 15.  Thus, the rejection under 35 U.S.C. 112(b) is withdrawn.
Applicant’s argument with respect to rejection of claim(s) 1-19 have been considered but are moot because of the new ground of rejection does not rely on any reference applied in prior reference applied in prior rejection of record for any teachings or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-7, 11-12, 14, and 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Haider et al. (US PGPUB No. 2015/0032633) in view of Spencer et al. (US Patent No. 9,980,140).

Regarding claim 1. Haider does disclose, a data monitoring system comprising: 
a server communicatively coupled to a client device and a data module via a data network, wherein the server is configured to [Haider, para. 0041, FIG.1, ccording to one aspect of at least one embodiment, the invention relates to an authentication system for the authentication of a particular mobile electronic device(e.g., client device) (wherein a plurality of mobile electronic devices is basically connected to the system and is to be authenticated) against a central server (e.g., a server) for the secure exchange of medical data between device and server, wherein the server for its part exchanges data with a clinical system and has access to a repository (e.g., data module) containing clinical or medical data (also including patient data)]: 
store a private key of a public-private key pair associated with the data module [Haider, para. 0052, 0109, FIG. 1, The key can be part of a symmetric encryption method and is then used concordantly by the encryption unit on the patient's cell phone and by the decryption unit on the server.  (Para. 0109), the key (e.g, private key) is part of a cryptological method and can be designed as a symmetric key or as an asymmetric key pair 40, 40' (e.g., public-private key pair).];
receive a request from the client device for authenticated access to the data module [Haider, para. 0023-0028, (Examiner note that the repository is the data module where the medical data are stored), In at least one embodiment, the following steps are executed on the part of the registry for authentication purposes: [0024] The message with the signature and the device ID are received and where necessary (optionally) symmetrically decrypted (Examiner interprets that the private key stored on the server is used for decryption). [0025] the device ID is acquired. [0026] with the device ID acquired, access is effected to the central protected memory in order to read out the corresponding key (associated with the device ID) in each case. [0027] Decryption of the signature takes place using the key which has been read out. [0028] the decrypted device ID with time stamp is read out as the decryption result. The decryption unit can now compare the decryption result with the received device ID for a match. When a match occurs the authentication process is considered successful and an access to the repository can be executed. In order to find the data records in the repository, the device ID and/or further identifying labels associated with the device ID are used.]; and
 generate a first authentication key based at least on the private key and a time, wherein the first authentication key is used to allow authenticated access to the data module [Haider, para. 0078-0081, (examiner notes that as illustrated in FIG. 4, in symmetric encryption the key 40 (e.g., private key) is an identical match with the key 40' (e.g., a public key), In asymmetric encryption the key 40 is preferably a private key and the key 40' the corresponding public key of the key pair.) the following method steps are executed on the device for authentication purposes: [0079] firstly a signature is generated. The signature comprises at least an encrypted form of a concatenation of the device ID and a time stamp. [0080] the signature is sent with the device ID and where applicable with a message from the device to the registry. [0081] the signature is sent together with the device ID and where applicable a message and optionally symmetrically encrypted and instead the encryption result is sent.  (Para. 0112, FIG. 1), to this end the encryption unit V generates a signature prototype SIG-UB prior to the sending of each message. The signature prototype is generated by the encryption unit V by concatenating the device ID 50 and a time stamp 60. The concatenated data record is then encrypted using the key 40.]; 

generate the request for authenticated access to the data module [Haider, para. 0054, FIG. 1, the resulting signature is then (preferably likewise initiated by the encryption unit) conveyed from the patient's local cell phone in the form of a message to the server. The message can contain requests for access to data and where applicable also further commands which can be resolved on the server side.]; and 
transmit the request to the server [Haider. Para. 0054, 0101, FIG. 1, the message can contain requests for access to data (data inside the repository) and where applicable also further commands which can be resolved on the server side. The signature, optionally with a message, is conveyed by the cell phone over the mobile network or by a network provider to the server. The device ID is also transmitted in plain text in this situation. (Para. 0101, FIG. 1), the devices in question are cell phones or other mobile radio devices G. The mobile radio devices or smartphones G exchange data with a central server over the internet and/or over a mobile network (which is operated by any mobile radio network operator).]; and 

Haider further discloses, store the private key of the public-private key pair associated with the data module [Haider, para. 0109, FIG. 1, the key (e.g, private key) is part of a cryptological method and can be designed as a symmetric key or as an asymmetric key pair 40, 40' (e.g., public-private key pair). Both the key 40 and also the device ID 50 are stored in hidden form in a program memory 30 of the device G.]; 
receive data from a medical device [Haider, para. 0080-0081, the signature is sent with the device ID (e.g., data form the medical device) and where applicable with a message from the device to the registry. [0081] The signature is sent together with the device ID and where applicable a message and optionally symmetrically encrypted and instead the encryption result is sent.];
 generate a second authentication key based at least on the private key and the time [Haider, para. 00113-0114, 0126, FIG.1-2, (Examiner notes that the symmetric encryption is providing the second authentication key), the signature prototype SIG-UB can also comprise yet further authentication data records 51. The further authentication data records 51 can for example be invariant patient-specific data records (demographic data, biometric data etc.). In this case the device ID 50, the time stamp 60 and the further authentication data records 51 are linked to each other and subsequently encrypted. All messages N which are to be transmitted from the device G to the central server or to the registry 10 are signed with the signature SIG--in other words the encryption of SIG-UB.  (Para. 0126), As part of each communication or each data request the encryption unit V then sends the signed concatenation of patient number and time stamp 60 (with both the patient number and therefore also the time stamp 60 for example being post-encrypted using a symmetric encryption method) to the registry 10. The time stamp 60 is thus transmitted encrypted as part of the signature SIG with regard to each message in order to have a variable portion of the message which has to be resolved by the server or the decryption unit E in order to be able to better avert attacks by unauthorized persons--who could use a copy of an earlier SIG.]; and
 in response to determining that the second authentication key generated by the data module and the first authentication key generated by the server match, grant the client device authenticated access to the data module [Haider, 0122-0123, (examiner notes that signature prototype SIG- is the second authentication key), In an alternative development the key 40' is not stored in the repository 12 (this is also possible if the storage area is access-protected) but in a separate memory to which the registry 10 has access. The decryption key 40' is associated in a one-to-one manner with the encryption key 40 and is part of an asymmetric encryption. As a rule it involves an asymmetric key pair comprising a private key and a public key. [0123] In this situation the private key cannot be viewed and is stored in hidden form in the program memory 30 of the device G, while the public key 40' is stored in a central memory. In this embodiment the memory (for example the repository 12) comprises an association table between device ID 50 and key 40, 40'. After the associated decryption key 40' has been released in each case it is forwarded to the decryption unit E. Thereupon the decryption unit E can decrypt the signature SIG, resulting in the signature prototype SIG-UB, in order to then perform the authentication process by comparison (as already described above).  (Para. 0124), On successful authentication an access can again be performed to the repository 12 in order to read in and preferably to encrypt in encrypted form (normally with the public key 40') the specifically requested data record and transmit it via the registry 10 to the device G. The encrypted data is identified in FIG. 3 by the oval label "ENC (DATA)".].  
Haider does not explicitly disclose, the data module including a user interface configured to display data and receive a user input, wherein the data module is configured to
However, Spencer does disclose, the data module including a user interface configured to display data and receive a user input, wherein the data module is configured to [Spencer, Col. 1 and 2, lines 62-67 and 1-2 and  Col. 9, lines 15-19, For example, a drug delivery device, such as an insulin pump, may have a limited user interface that includes one or more lights (e.g., LED lights) to provide status information for the device, but may not include a display that would be capable of readily outputting information or a user interface through which a user could provide input to configure secure connections and communication with other devices, such as smartphones.  (Col. 9, lines 15-19), the controller 104 can provide a user interface through which a user can input a unique identifier for the device 106, which may be identified on the device 106 or other associated materials (e.g., product package).].
Haider and Spenser are in the same field of endeavor as they both are pertaining to field of medical technology and information technology and generally relates to an authentication system for the authentication of mobile electronic devices against a central server for the secure exchange of medical data.
Therefore, it would have been obvious to one ordinary skill in art before the effective date of claimed invention to modify the teachings of Haider that relates to an 

Regarding claim 2. The combination of Haider and Spencer does disclose, the system of claim 1.  Furthermore Haider does disclose, wherein the data module is further configured to, in response to determining that the second authentication key generated by the data module and the first authentication key generated by the server do not match, display a message indicating an authentication failure [Haider, para. 0090, the authentication process comprises a further additional comparison, namely a comparison of the times of day. If the device ID matches, meaning that the authentication process is considered successful, but the times, in other words the time stamp, do not match, then the device should be informed by way of a warning signal that the times of day need to be updated. According to an aspect of at least one embodiment of the invention, provision is however also made in this case that the deviation of the time stamps could possibly indicate the message having been compromised. The server is therefore also informed by means of a report that a compromised situation has possibly occurred here. Further analysis steps can be triggered here if necessary.].  

Regarding claim 3. The combination Haider and Spencer does disclose, the system of claim 1.  Haider does not disclose, wherein the data module is configured to grant authenticated access using a challenge-response protocol
However, Spencer does disclose, wherein the data module is configured to grant authenticated access using a challenge-response protocol [Spencer, Col. 13 lines 1-11, FIG. 1, Step L148, in response to receiving the challenge, the device 106 can determine an appropriate value, such as selecting an appropriate shared secret to retransmit and/or computing a value from such a shared secret, and can transmit it as a challenge response to the computer system 102, as indicated by step L (148). For example, the challenge response can include a certificate, another shared secret, and/or a value determined by the computing device 106 from one or more shared secrets. The computer system 102 can receive the challenge response and use it to determine whether the device 106 is valid/authentic.].
Therefore, it would have been obvious to one ordinary skill in art before the effective date of claimed invention to modify the teachings of Haider that relates to an authentication system for the authentication of mobile electronic devices against a central server for the secure exchange of medical data (Haider, please see abstract and para. 0002) with the teachings of Spencer (Spencer, Col. 13 lines 1-11, FIG. 1) would enable Haider to implement a challenge response protocol to further develop the secure environment where data is being exchanged.

Regarding claim 4. The combination of Haider and Spencer does disclose, the system of claim 1.  Furthermore, Haider does disclose, wherein, upon successful [Haider, para. 0028, 0064, when a match occurs the authentication process is considered successful and an access to the repository can be executed. In order to find the data records in the repository, the device ID and/or further identifying labels associated with the device ID are used.  (Para. 0064) after successful authentication, using his smartphone each patient then reaches his patient-specific entries in the repository by way of the registry.].  

Regarding claim 5. The combination of Haider and Spencer does disclose, the system of claim 1.  Furthermore, Haider does disclose, wherein the time is determined independently by the data module and the server [Haider, para. 0090, (Examiner notes that since the times do not match therefore they are independent for both server and the device), if the device ID matches, meaning that the authentication process is considered successful, but the times, in other words the time stamp, do not match, then the device should be informed by way of a warning signal that the times of day need to be updated. According to an aspect of at least one embodiment of the invention, provision is however also made in this case that the deviation of the time stamps could possibly indicate the message having been compromised. The server is therefore also informed by means of a report that a compromised situation has possibly occurred here.].

Regarding claim 6. The combination of Haider and Spencer does disclose, the system of claim 5.  Furthermore, Haider does disclose, wherein the time is determined and used to generate the second authentication key is synchronized with a time determined by the server and used to generate the first authentication key [Haider, para. 0069, (examiner notes that during the authentication process times are synchronized or predefined) in order to increase the security yet further, according to a further aspect of at least one embodiment of the invention, a time span can be preconfigured within which the authentication process must have been completed. If said preconfigured (and modifiable at any time) time span (ascertained from the difference between the decrypted time stamp from the device and the current server time on decryption) is exceeded, then an error report is output. The authentication process can be started again if necessary.].

Regarding claim 7. The combination of Haider and Spencer does disclose, the system of claim 6.  Furthermore, Haider does disclose,  wherein the time determined by the data module and the time determined by the server are synchronized by rounding, by the data module, the time determined by the data module to a time interval and rounding, by the server, the time determined by the server to the time interval such that the time determined by the data module and the time determined by the server are the same [Haider, para. 0082-0087, (Examiner interprets that when the result of authentication match therefore, the time stamp as the part of the process needs to match or be the same), in at least one embodiment, the following steps are executed on the part of the registry for authentication purposes: [0083] The message with the signature and the device ID are received and where necessary (optionally) symmetrically decrypted. [0084] the device ID is acquired. [0085] with the device ID acquired, access is effected to the central protected memory in order to read out the corresponding key (associated with the device ID) in each case. [0086] Decryption of the signature takes place using the key which has been read out. [0087] the decrypted device ID with time stamp is read out as the decryption result. The decryption unit can now compare the decryption result with the received device ID for a match. When a match occurs the authentication process is considered successful and an access to the repository can be executed. In order to find the data records in the repository, the device ID and/or further identifying labels associated with the device ID are used].

Regarding claim 11. The combination of Haider and Spencer does disclose, the system of claim 1. Haider does not disclose, wherein the request for authenticated access to the data module includes additional information for instructing the data module.
However, Spencer does disclose, wherein the request for authenticated access to the data module includes additional information for instructing the data module [Spencer, Col. 15, lines 20-47 FIG. 2, the device 206 can communicate with the computer system 202 using a communication channel that passes through the controller 204. For instance, the controller 204 can establish a network connection with the device 206 over the network 228 and another network connection with the computer system 202 over another network 258 (e.g., internet, WAN, LAN, mobile data network, Wi-Fi network, or any combination thereof), and can retransmit communication between the device 206 and the computer system 202. Such pass-through communication can be encrypted from endpoint to endpoint by the device 206 (using the encryption chipset 209) and the computer system 202 so as to make the communication private (indecipherable to the controller 204 and any other computing devices along the communication path). For example, all packets transmitted by the device 206 to the computer system 202 can be encrypted with AES in GCM mode, and all packets transmitted by the computer system 202 to the device 206 can be encrypted with AES in GCM mode as well. The communication over the network 228 can using additional layers of encryption, such as BLE with 128 bit AES encryption. The communication over the network 258 can also include additional layers of encryption, such as a secure socket layer (SSL) between the computer system 202 and the controller 204. In some cases, the network 228 and the network 258 can be different communication networks, while in other cases the network 228 and the network 258 can be the same communication network.].  
Therefore, it would have been obvious to one ordinary skill in art before the effective date of claimed invention to modify the teachings of Haider that relates to an authentication system for the authentication of mobile electronic devices against a central server for the secure exchange of medical data (Haider, please see abstract and para. 0002) with the teachings of Spencer (Spencer, Col. 15, lines 20-47 FIG. 2) would enable Haider to further secure the exchange between the client the server and the repository or data module when communication is enabled to add additional information.

Regarding claim 12. The combination of Haider and Spencer does disclose, the system of claim 11.  Haider does not disclose, wherein the additional information includes a request for access to the data module.
 However, Spencer does disclose, wherein the additional information includes a request for access to the data module [Spencer, Col. 9, lines 33-50, FIG. 1 and Col. 24, lines 21-35, FIG. 3 and FIG. 6, Component 616, in response to receiving the request to register the device 106 with the controller 104 and its associated user, the computer system 102 can verify the controller and user (e.g., verify username and password, verify authentication certificate for the controller 104 and/or its application), and can check whether the device is already registered, as indicated by step C (122). For example, the computer system 102 can be programmed to restrict registration of each device to a single user account. However, the computer system 102 may permit each user account to register multiple devices and/or multiple controllers… (Col. 24, lines 21-35, FIG. 3 and FIG. 6, Component 616), the device 302 can authenticate on a crypto processor with certificate, such as authenticating against a crypto processor file system node (dependent on crypto processor). For example, the device 306 can access a crypto processor file system (614), which can unlock device and application information (616), such as a device policy, an app certificate, computer system authentication keys, application authentication keys, a computer system certificate, and/or a device certificate. Such values may have been encrypted by the crypto processor on the device 306 with a random AES key and the user's password, and may have been stored in an operating system keychain. Such decrypted values can be used to determine whether the user and the app on the controller 304 are authentic/valid (618).].  
Therefore, it would have been obvious to one ordinary skill in art before the effective date of claimed invention to modify the teachings of Haider that relates to an authentication system for the authentication of mobile electronic devices against a central server for the secure exchange of medical data (Haider, please see abstract and para. 0002) with the teachings of Spencer (Spencer, Col. 9, lines 33-50, FIG. 1 and Col. 24, lines 21-35, FIG. 3 and FIG. 6) would enable Haider to further secure the exchange between the client the server and the repository or data module when communication is enabled to add additional information.

Regarding claim 14. The combination of Haider and Spencer does disclose, the system of claim 11.  Haider does not disclose, wherein the additional information includes a request for the data module to enter a maintenance mode.
However, Spencer does disclose, wherein the additional information includes a request for the data module to enter a maintenance mode [Spencer, Col. 29, lines 9-21, Col. 17, lines 1-7, FIG. 2, the controller application 252 can be programmed to transmit control signals to the device 206, to receive operational data from the device 206 (e.g., data describing operations that are performed and user feedback (active and/or passive feedback) in response to the operations), to determine updates to operational models (e.g., dosing models) that are used by the device 206, and to transmit control signals to use the updated operational models.  (Col. 29, lines 9-21), the mobile computing device 60 provides a user interface (e.g., graphical user interface (GUI), speech-based user interface, motion-controlled user interface) through which users can provide information regarding maintenance activities and/or review upcoming scheduled maintenance tasks. Although mobile computing device 60 is depicted in FIG. 9A as including the primary user interface, with a limited user interface available on controller 900, in some cases methods, devices, and systems provided herein can have a primary user interface as part of pump assembly 15 and can operate with a mobile computing device 60 acting as a secondary user interface.].
Therefore, it would have been obvious to one ordinary skill in art before the effective date of claimed invention to modify the teachings of Haider that relates to an authentication system for the authentication of mobile electronic devices against a central server for the secure exchange of medical data (Haider, please see abstract and para. 0002) with the teachings of Spencer (Spencer, Col. 29, lines 9-21, Col. 17, lines 1-7, FIG. 2) would enable Haider to further secure the exchange between the client the server and the repository or data module when communication is enabled to add additional information such as enter a maintenance mode.

Regarding claim 17. The combination of Haider and Spencer does disclose, the system of claim 1. Haider does not disclose, wherein the private key is loaded into the data module during at least one of manufacturing or distribution of the data module.
However, Spencer does disclose, wherein the private key is loaded into the data module during at least one of manufacturing or distribution of the data module [Spencer, Col. 7, lines 62-67 and Col. 8, lines 1-12, the computer system 102 can have previously received information 112 for the device 106 that is stored in a data repository 110 (e.g., databases, data server system, cloud-based storage system) that is accessible to the computer system 102. The information 112 can include a variety of details regarding the device 106, such as a unique identifier (e.g., serial number, assigned unique identifier), product information (e.g., model number, manufacture date, ship date, point of sale, firmware/operating system version, MAC address for the device 106), secure communication information (e.g., public encryption key for the device 106), authentication information (e.g., authentication certificate, other secret value), and/or other appropriate information that can be used to communicate with the device 106. The information 112 can be generated and populated into the data repository 110 from before sale/distribution of the device 106 (e.g., populated during a manufacturing/production process).].  
Therefore, it would have been obvious to one ordinary skill in art before the effective date of claimed invention to modify the teachings of Haider that relates to an authentication system for the authentication of mobile electronic devices against a central server for the secure exchange of medical data (Haider, please see abstract and para. 0002) with the teachings of Spencer (Spencer, Col. 7, lines 62-67 and Col. 8, lines 1-12) would enable Haider to implement a secure environment so that the client, the server and the repository or data module when a manufacturing or distribution of the data module is included.

Regarding claim 18. The combination of Haider and Spencer does disclose, the system of claim 17.  Haider does disclose, wherein the private key is further stored by the server after the private key is loaded into the data module. [Haider, para. 0059, for the encryption in the context of signature generation an asymmetric encryption of the personal data by the central server is normally provided for the particular device. To this end, according to at least one embodiment of the invention the private key is stored in protected fashion ("hidden") in the device and an associated public key is stored on the server. The association of the key pair (public key, private key) is either made available by a third-party supplier or is stored in the central server.].

Regarding claim 19. Haider does disclose, a method of securely monitoring a data module receiving data from a medical device, the method comprising [Haider, para. 0041, FIG.1, according to one aspect of at least one embodiment, the invention relates to an authentication system for the authentication of a particular mobile electronic device(e.g., client device) (wherein a plurality of mobile electronic devices is basically connected to the system and is to be authenticated) against a central server (e.g., a server) for the secure exchange of medical data between device and server, wherein the server for its part exchanges data with a clinical system and has access to a repository (e.g., data module) containing clinical or medical data (also including patient data)] :
storing, at server, a private key of public-private key pair associated with a data module [Haider, para. 0052, 0109, FIG. 1, The key can be part of a symmetric encryption method and is then used concordantly by the encryption unit on the patient's cell phone and by the decryption unit on the server.  (Para. 0109), the key (e.g, private key) is part of a cryptological method and can be designed as a symmetric key or as an asymmetric key pair 40, 40' (e.g., public-private key pair).];
receiving, at the server, a request from a client device for access to the data module [Haider, para. 0023-0028, In at least one embodiment, the following steps are executed on the part of the registry for authentication purposes: [0024] The message with the signature and the device ID are received and where necessary (optionally) symmetrically decrypted. [0025] the device ID is acquired. [0026] with the device ID acquired, access is effected to the central protected memory in order to read out the corresponding key (associated with the device ID) in each case. [0027] Decryption of the signature takes place using the key which has been read out. [0028] the decrypted device ID with time stamp is read out as the decryption result. The decryption unit can now compare the decryption result with the received device ID for a match. When a match occurs the authentication process is considered successful and an access to the repository can be executed. In order to find the data records in the repository, the device ID and/or further identifying labels associated with the device ID are used.]
generating, at the server, a first authentication key based at least on the private key and a time, wherein the first authentication key is used to allow authenticated access to data module [Haider, para. 0078-0081, (examiner notes that signature in an encrypted form with a time stamp is private key and a time for start of authentication) the following method steps are executed on the device for authentication purposes: [0079] Firstly a signature is generated. The signature comprises at least an encrypted form of a concatenation of the device ID and a time stamp. [0080] the signature is sent with the device ID and where applicable with a message from the device to the registry. [0081] the signature is sent together with the device ID and where applicable a message and optionally symmetrically encrypted and instead the encryption result is sent.  (Para. 0112, FIG. 1), to this end the encryption unit V generates a signature prototype SIG-UB prior to the sending of each message. The signature prototype is generated by the encryption unit V by concatenating the device ID 50 and a time stamp 60. The concatenated data record is then encrypted using the key 40.];
receiving, at the server, an indication from the data module that the first authentication key generated at the server was entered [Haider, para. 0111, FIG. 2, After the encryption unit V has been installed locally on the device G, the user can on the first occasion subject himself to a registration process by way of the encryption unit V. The encryption unit V can subsequently be used in order to sign messages and thereby to authenticate the patient on the central registry 10 to enable accessing of the repository 12 in authenticated form to be performed. (Para. 0120), following successful authentication the registry 10 can then perform an access to the repository 12. As a rule the access is indexed by way of the device ID 50 in order to find the patient-specific and relevant data records in the repository 12 and convey them to the device G of the patient.]; and 
In response to determining the first authentication key generated by the server and a second authentication key generated by the data module match, granting the client device authenticated access to the data module [Haider, 0122-0123, (examiner notes that signature prototype SIG- is the second authentication key), In an alternative development the key 40' is not stored in the repository 12 (this is also possible if the storage area is access-protected) but in a separate memory to which the registry 10 has access. The decryption key 40' is associated in a one-to-one manner with the encryption key 40 and is part of an asymmetric encryption. As a rule it involves an asymmetric key pair comprising a private key and a public key. [0123] In this situation the private key cannot be viewed and is stored in hidden form in the program memory 30 of the device G, while the public key 40' is stored in a central memory. In this embodiment the memory (for example the repository 12) comprises an association table between device ID 50 and key 40, 40'. After the associated decryption key 40' has been released in each case it is forwarded to the decryption unit E. Thereupon the decryption unit E can decrypt the signature SIG, resulting in the signature prototype SIG-UB, in order to then perform the authentication process by comparison (as already described above).  (Para. 0124), On successful authentication an access can again be performed to the repository 12 in order to read in and preferably to encrypt in encrypted form (normally with the public key 40') the specifically requested data record and transmit it via the registry 10 to the device G. The encrypted data is identified in FIG. 3 by the oval label "ENC (DATA)".],
wherein the second authentication key generated by the data module is generated based at least on the private key and the time [Haider, para. 00113-0114, FIG.1, the signature prototype SIG-UB can also comprise yet further authentication data records 51. The further authentication data records 51 can for example be invariant patient-specific data records (demographic data, biometric data etc.). In this case the device ID 50, the time stamp 60 and the further authentication data records 51 are linked to each other and subsequently encrypted. All messages N which are to be transmitted from the device G to the central server or to the registry 10 are signed with the signature SIG--in other words the encryption of SIG-UB.].
Therefore, it would have been obvious to one ordinary skill in art before the effective date of claimed invention to modify the teachings of Haider that relates to an authentication system for the authentication of mobile electronic devices against a central server for the secure exchange of medical data (Haider, please see abstract and para. 0002) with the teachings of Spencer (Spencer, Col. 1 and 2, lines 62-67 and 1-2 and Col. 9, lines 15-19) that would enable to provide an interface for the medical device  so that client/patent can enter/exchange data to the server and the medical database in a secure environment. 

Claims 8-9, 13, and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Haider et al. (US PGPUB No. 2015/0032633) in view of Spencer et al. (US PATENT # 9980140) further in view of Meriac et al. (US PGPUB # 2017/0222815).

Regarding claim 8. The combination of Haider and Spencer does disclose, thesystem of claim 7.  Haider and Spencer does not disclose, wherein the time interval is adjustable to set a floor or ceiling of acceptable synchronization precision.  
However, Meriac does teach, wherein the time interval is adjustable to set a floor or ceiling of acceptable synchronization precision [Meriac, para. 0193, as the time values of timers 421 and 423 are synchronised, the time value within the data communication 431 from the server 402 should match the time value generated by timer 421. (Matching includes being within an allowable time window to take account of any delays/latency in the communication between server and client device).].
Therefore, it would have been obvious to one ordinary skill in art before the effective date of claimed invention to modify the teachings of Haider that relates to an authentication system for the authentication of mobile electronic devices against a central server for the secure exchange of medical data (Haider, please see abstract and para. 0002) with the teachings of Spencer that discloses security and secure communication between medical devices and other computing devices such as a computer system and/or smartphones (Spencer, please see the abstract and Col. 1 lines 15-19) along with teachings of Meriac (Meriac, para. 0193) that would enable Haider and Spencer because it is desired that  such communications can be trusted and relied upon to prevent and/or detect security risks and attempted acts of intrusion by third parties. Techniques are described to address such problems (Meriac, paragraph 0002).

Regarding claim 9. The combination of Haider and Spencer does disclose, the system of claim 1.  Haider and Spencer does not disclose, wherein the time includes at least one of TAI, UTC, and UNIX time.  
However, Meriac does teach, wherein the time includes at least one of TAI, UTC, and UNIX time [Meriac. Para. 0191, the client device 401 comprises a timer 421 within the trusted region 404 whilst the server 402 comprises a timer 423, whereby the timers 421/423 generate a synchronised common time value (for example a UNIX time value).].
Therefore, it would have been obvious to one ordinary skill in art before the effective date of claimed invention to modify the teachings of Haider that relates to an authentication system for the authentication of mobile electronic devices against a central server for the secure exchange of medical data (Haider, please see abstract and para. 0002) with the teachings of Spencer that discloses security and secure communication between medical devices and other computing devices such as a computer system and/or smartphones (Spencer, please see the abstract and Col. 1 lines 15-19) and with teachings of Meriac (Meriac, para. 0191) that would enable Haider and Spencer because it is desired that  such communications can be trusted and relied upon to prevent and/or detect security risks and attempted acts of intrusion by third parties. Techniques are described to address such problems (Meriac, paragraph 0002).

Regarding claim 13. The combination of Haider and Spencer does disclose, the system of claim 11.  Haider and Spencer does not disclose, wherein the additional information includes the time, the time being determined by the server.  
[Meriac, para. 0165, FIG. 4, on timeout of the watchdog timer, the crypto-watchdog 405 may initiate a response operation (e.g. via an API), such as a security related action, which may comprise, but is not limited to, initiating a reset of the processor or an application, initiating a re-flash of the device firmware, requesting a firmware download from the server or from another device, performing a status check of the client device, disabling one or more functional elements and/or reporting an error to a user and/or server if communication is still possible and/or switching a boot source.].
Therefore, it would have been obvious to one ordinary skill in art before the effective date of claimed invention to modify the teachings of Haider that relates to an authentication system for the authentication of mobile electronic devices against a central server for the secure exchange of medical data (Haider, please see abstract and para. 0002) with the teachings of Spencer that discloses security and secure communication between medical devices and other computing devices such as a computer system and/or smartphones (Spencer, please see the abstract and Col. 1 lines 15-19) and with teachings of Meriac (Meriac, para. 0165, FIG. 4) that would enable Haider and Spencer because it is desired that  such communications can be trusted and relied upon to prevent and/or detect security risks and attempted acts of intrusion by third parties. Techniques are described to address such problems (Meriac, paragraph 0002).

Regarding claim 15. The combination of Haider and Spencer does disclose, the system of claim 1.  Haider and Spencer does disclose, wherein the first and second authentication keys expire are one-time authentication keys wherein the authentication key is a one-time authentication key [Meriac, para. 0171, the crypto-watchdog 405 may require a verifiable communication from the trusted server 402 in order to reset the watchdog timer 406. In the present embodiment, the crypto-watchdog 405 is operable to generate a challenge communication 408 comprising authentication data, for example a cryptographic nonce, whereby the nonce is generated within the trusted region.].
Therefore, it would have been obvious to one ordinary skill in art before the effective date of claimed invention to modify the teachings of Haider that relates to an authentication system for the authentication of mobile electronic devices against a central server for the secure exchange of medical data (Haider, please see abstract and para. 0002) with the teachings of Spencer that discloses security and secure communication between medical devices and other computing devices such as a computer system and/or smartphones (Spencer, please see the abstract and Col. 1 lines 15-19) and with teachings of Meriac (Meriac, para. 0171) that would enable Haider and Spencer because it is desired that  such communications can be trusted and relied upon to prevent and/or detect security risks and attempted acts of intrusion by third parties. Techniques are described to address such problems (Meriac, paragraph 0002).

Regarding claim 16. The system of claim 15, wherein the first and second authentication keys expire after a period of time [Meriac, para. 0254, the instructions/commands within communications from the server to the client device may include instructions relating to the capabilities/functions/features of client devices which may be permitted or restricted for a predetermined period of time, which, depending on the requirements of the client device, could range from seconds, minutes, hours and/or days, or until subsequent reconnection with a trusted server is restored. Alternatively, capabilities/functions/features, may be permitted or restricted when connection to a trusted server is lost for a period of time.].
Therefore, it would have been obvious to one ordinary skill in art before the effective date of claimed invention to modify the teachings of Haider that relates to an authentication system for the authentication of mobile electronic devices against a central server for the secure exchange of medical data (Haider, please see abstract and para. 0002) with the teachings of Spencer that discloses security and secure communication between medical devices and other computing devices such as a computer system and/or smartphones (Spencer, please see the abstract and Col. 1 lines 15-19) and with teachings of Meriac (Meriac, para. 0254) that would enable Haider and Spencer because it is desired that  such communications can be trusted and relied upon to prevent and/or detect security risks and attempted acts of intrusion by third parties. Techniques are described to address such problems (Meriac, paragraph 0002).

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Haider et al. (US PGPUB No. 2015/0032633) in view of Spencer et al. (US PATENT # 9980140) further in view of Kohno et al. (US PGPUB # 2009/0323972).
Regarding claim 10. The combination of Haider and Spencer does disclose, system of claim 1.  Haider and Spencer does not disclose, wherein the time is current time. 
 However, Kohno does disclose, wherein the time is current time [Kohno. Para. 0097, to enable this functionality, the system precisely (but still pseudorandomly) schedules updates relative to some clock. The clock could be provided, for example, by a remote time server that the client and owner can synchronize against. Then, when the owner initializes the client, in addition to picking the cryptographic seed it also stores the current time as the initial time stamp T.sub.1. Each subsequent state also has a time stamp associated with it: T.sub.2, T.sub.3, etc. These indicate the state's scheduled send time, and T.sub.i-1 is computed by adding T.sub.i and .delta..sub.i (the pseudorandom inter-update delay). When the client is run, it reads the current time from the clock and iterates past states whose scheduled send time have already passed. (In this way the core will "catch up" the state to the schedule.) ].
Therefore, it would have been obvious to one ordinary skill in art before the effective date of claimed invention to modify the teachings of Haider that relates to an authentication system for the authentication of mobile electronic devices against a central server for the secure exchange of medical data (Haider, please see abstract and para. 0002) with the teachings of Spencer that discloses security and secure communication between medical devices and other computing devices such as a computer system and/or smartphones (Spencer, please see the abstract and Col. 1 lines 15-19) with teaching of Kohno (Kohno, para. 0097) because it would enable .

Conclusion
The prior art made of record and not relied upon is considered pertinent to application’s disclosure:
US PGPUB No. (2016/0337346) to Momchilov discloses, computer networking, remote access, and computer security. More specifically, aspects described herein relate to authentication of a user requesting to access one or more resources via a device, where the authentication may be based on a plurality of devices.
US PGPUB No. (2016/0259936) to Mukherjee discloses, a broker-based authentication system. In particular, the specification relates to a system and method for authenticating an internal system with an internal authentication mechanism based on certified responses from an external authentication system.
US PGPUB No. (2011/0158411) to Medvinsky discloses, a method of registering a plurality of client devices with a device registration server for secure data communications, a unique symmetric key is generated for each of the client devices using a cryptographic function on a private key of the device registration server and a respective public key of each of the client devices.
US PGPUB NO. (2018/0007025) to Oberheide discloses, A method for key rotation includes initiating key rotation for a user account of a multi-factor 

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD S SHAMS whose telephone number is (571)272-3406.  The examiner can normally be reached on Monday-Friday 8:00 AM-5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MOHAMMAD S SHAMS/Examiner, Art Unit 2434      


/SAMSON B LEMMA/Primary Examiner, Art Unit 2498