DETAILED ACTION
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This Office Action is in response to the communication filed on 1/22/2019.
Claims 1-18 are pending for consideration.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 1/22/2019 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Specification
The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant’s cooperation is requested in correcting any errors of which applicant may become aware in the specification.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 

Claims 1-18 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-18 of U.S. Patent No. 10,212,165.  Although the claims at issue are not identical, they are not patentably distinct from each other because both invention are directed to a substantially similar technique of securely transmitting a plurality of data streams between a client device and a server that are in communication via standard Internet protocols.
Furthermore, Examiner notes that each and every limitation of the instant claims appear to be substantially anticipated by the corresponding claims of the patent application.
Therefore, Examiner respectfully submits that the instant claims and the claims of the patent application are not directed to patentably distinct inventions; thus, properly rejected on the grounds of nonstatutory double patenting, as further outlined only independent claims below.

Instant Application 16/253,473
Patent Application 10,212,165

A method for securely transmitting a plurality of data streams between a client device and a server that are in communication via standard Internet protocols, the method comprising: detecting the plurality of data streams using a wearable device; 








transmitting, by the wearable device, the plurality of data streams to the server for storage; authenticating, by the server, the client device to create a session; authorizing, by the server, the client device to access the plurality of data streams using at least one Access Control List (ACL) Group, wherein the ACL group comprises ACL value supporting multiple enabled bits per group, wherein a WebSocket connection is created by the server once the client device is both authenticated and authorized; and transmitting, by the server the plurality of data streams to the client device via the WebSocket connection.

A method for securely transmitting a plurality of data streams between a client device and a server that are in communication via standard Internet protocols, the method comprising: detecting the plurality of data streams using a wearable device, wherein the wearable device, attached to a user, retrieves a plurality of physiological signals via one or more sensors embedded in the wearable device, and wherein the wearable device utilizes a plurality of algorithms to process raw waveforms of the plurality of physiological signals to form the plurality of data streams; transmitting, by the wearable device, the plurality of data streams to the server for storage; authenticating, by the server, the client device to create a session; authorizing, by the server, the client device to access the plurality of data streams using at least one Access Control List (ACL) Group, wherein the ACL group comprises ACL value supporting multiple enabled bits per group, wherein a WebSocket connection is created by the server once the client device is both authenticated and authorized; and transmitting, by the server the plurality of data streams to the client device via the WebSocket connection.

A system for securely transmitting a plurality of data streams, the system comprising: a client device; and a server; wherein the server is configured to: communicate with the client device via standard Internet protocols, 












authenticate the client device to create a session, authorize the client device to access the plurality of data streams using at least one Access Control List (ACL) Group, wherein the ACL group comprises ACL value supporting multiple enabled bits per group, create a WebSocket connection once the client device is both authenticated and authorized, and transmit the plurality of data streams to the client device via the WebSocket connection.

A system for securely transmitting a plurality of data streams, the system comprising: a client device; a server; and a wearable device attached to a user to detect a plurality of data streams, wherein the wearable device is configured to: communicate with the server via standard Internet protocols, retrieve a plurality of physiological signals via one or more sensors embedded in the wearable device, utilize a plurality of algorithms to process raw waveforms of authenticate the client device to create a session, authorize the client device to access the plurality of data streams using at least one Access Control List (ACL) Group, wherein the ACL group comprises ACL value supporting multiple enabled bits per group, create a WebSocket connection once the client device is both authenticated and authorized, and transmit the plurality of data streams to the client device via the WebSocket connection.



Claim Rejections - 35 USC § 103

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 5-12 and 15-18 are rejected under 35 U.S.C. 103 as being unpatentable over Powell et al. (US 20110246235) (hereinafter Powell) in view of TRAN (US 20130231574) (hereinafter Tran).
Regarding claim 1, Powell teaches a method for securely transmitting a plurality of data streams between a client device and a server that are in communication via standard Internet protocols (Powell: see abstract, “authenticating a mobile device and a user of the mobile device to receive patient data from a clinical information system of a medical facility”), the method comprising: detecting the plurality of data streams using a (Powell: paragraph 0039, “Each patient monitoring device 46 monitors physiological characteristics of a particular patient 50, and generates data signals based thereon. Exemplar patient monitoring devices include, but are not limited to, maternal/fetal heart rate monitors, blood pressure monitors, respiratory monitors, vital signs monitors, electrocardiogram monitors, oximetry and/or anesthesia monitors. Exemplar patient monitoring devices can include, but are not limited to the Corometric Series Monitors, DINAMAP Series Monitors, DASH Series Monitors, and/or Solar Series monitors provided by GE Healthcare, IntelliVue and/or SureSigns Series patient monitors, and/or Avalon Series Fetal Monitors provided by Royal Philips Electronics, and/or Infinity Series patient The data signals are communicated to the information system 42, which collects patient data based thereon, and stores the data to a patient profile that is associated with the particular patient”); transmitting, by the wearable device, the plurality of data streams to the server for storage (Powell: see figure 1; and paragraphs 0039 and 0041-0042, “The data signals are communicated to the information system 42, which collects patient data based thereon, and stores the data to a patient profile that is associated with the particular patient”… “each information system 42 stores patient data that can be collected from the patient monitoring devices 46, as well as additional patient information, that can include information that is input by a healthcare provider. The information system 46 communicates the patient data and/or the additional patient data to a data management 
    PNG
    media_image1.png
    956
    1396
    media_image1.png
    Greyscale

authenticating, by the server, the client device to create a session (Powell: paragraphs 0052, 0054 and 0058, “prior to a user logging on to the DMS 60, 60' via the mobile device 12, no specific patient data and/or information is synchronized. …. Once the user logs on, and selects a particular patient 50 to review, the synchronization services begin synching all of the available patient data and/or information for that particular patient”); authorizing, by the server, the client device to access the plurality of data streams using at least one Access Control List (ACL) Group (Powell: paragraphs 0052, 0054, 0058, 0063 and 0067, “ The patient data and/or patient information is communicated between the mobile device 12 and the DMS 60, 60' using a secure connection that is established over the network 16. A secure log-in, or sign-on Both the user ID and the password must be correct in order to establish the secure communication between the mobile device 12 and the DMS 60, 60'”… “As a result of the registration, the user is registered and one or more technical factors associated with the mobile device are stored to a validation database. The one or more technical factors include a unique device identification (ID) associated with a particular device, and a telephone number registered to the user and the mobile device, in the case where the mobile device includes a mobile telephone and/or smartphone”), wherein a WebSocket connection is created by the server once the client device is both authenticated and authorized (Powell: paragraphs 0063 and 0069, “the authentication process authenticates the user and the mobile device before establishing a session between the mobile device and a CIS and enabling user access to information and data provided”… “If the credentials are valid, the logon request is accepted, and a session is established between the mobile device and the DMS 60, 60'. Specifically, during the session, the mobile device 12 can retrieve patient information and data from the DMS 60, 60', the patient information and data being provided to the DMS 60, 60' by the information system 42. The mobile device 12 can provide information and data to the DMS 60, 60', which information can be forwarded to and stored on the information system”); and transmitting, by the server the plurality of data streams to the client device via the WebSocket connection (Powell: paragraphs 0063, 0069 and 0073, “If the credentials are deemed valid, a session is 
Powell teach a monitoring device which produces physiological characteristics of a particular patient, Powell does not explicitly teach the monitoring device is a wearable device and wherein the ACL group comprises ACL value supporting multiple enabled bits per group.  However, Tran from the analogous technical field teaches a wearable device that comprises sensors for monitoring vital signs are enclosed in a wrist-watch sized case supported on a wrist band (Tran: paragraphs 0056 and 0061, “The server 20 also executes one or more software modules to analyze data from the patient or wearer. A module 50 monitors the patient or wearer's vital signs such as ECG/EKG and generates warnings should problems occur. In this module, vital signs can be collected and communicated to the server 20 using wired or wireless transmitters”) and wherein the ACL group comprises ACL value supporting multiple enabled bits per group (Tran: paragraphs 0143, 0165, 0167, 0174, 0294 and 0315-0316, “software for the professional monitoring system provides a login screen to enter user name and password, together with database credentials. In Select Record function, the user can select a person, based on either entered or pre-selected criteria. From here navigate to their demographics, medical record, etc.”… “The web software interface may also include security measures such as authentication, authorization, encryption, credential presentation, and digital signature resolution.”).  Powell and Tran are analogous art because they are from the same field of endeavor, monitoring system.  Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Powell and Tran 
Regarding claim 12, claim 12 discloses a system claim that is substantially equivalent to the method of claim 1. Ther
efore, the arguments set forth above with respect to claim 1 are equally applicable to claim 12 and rejected for the same reasons.
Regarding claim 5, Powell as modified teaches wherein the client device is any of a web services client server and a web services client browser (Powell: paragraphs 0065 and 0066-0067, “The server 506 handles communication between external networks and the DMS 60, 60'. For example, the server 506 can execute the client services 80 discussed above with reference to FIGS. 3 and 4. The server 508 handles communication between the DMS 60, 60' and one or more information systems 42 associated with one or more facilities 40. For example, the application server 508 can execute the integration services 82, the adapter services 84, and/or the connectivity mechanism 76 discussed above with respect to FIGS. 3 and 4”).
Regarding claims 6 and 15, Powell as modified teaches wherein the plurality of data streams comprises a group stream that includes a plurality of individual vital sign data streams (Powell: paragraph 0039, “Each patient monitoring device 46 monitors physiological characteristics of a particular patient 50, and generates data signals based thereon.  Each patient monitoring device 46 monitors physiological characteristics of a particular patient 50, and generates data signals based thereon. Exemplar patient monitoring devices include, but are not limited to, maternal/fetal heart 
Regarding claims 7 and 16, Powell as modified teaches wherein the session includes a Session ID and identity information that is used on subsequent authentication requests by the client device (Powell: paragraphs 0052, 0058, 0063 and 0073, “The secure sign-on authenticates the identity of the user of the mobile device 12 based on a unique user ID and password combination. Both the user ID and the password must be correct in order to establish the secure communication between the mobile device 12 and the DMS 60, 60'. Implementations of sign-on and authentication processes are described in further detail below”… “Once the user logs on, and selects a particular patient 50 to review, the synchronization services begin synching all of the available patient data and/or information for that particular patient 50. Consequently, subsequent reviews of the particular patient 50 are much faster, because the patient data and/or information has been synchronized”).
Regarding claim 8, Powell as modified teaches wherein the authenticating utilizes any of HTTP basic authentication, HTTP digest authentication, OpenID authentication, and OAuth authentication (Powell: paragraph 0066, “the logon request can be transmitted using hypertext transfer protocol secure (HTTPS), which includes the hypertext transfer protocol (HTTP) with the secure sockets layer (SSL) or the transport layer security (TLS) protocol to provide encryption and secure identification of the server 506. The server 506 checks the technical factor of the device against data provided in the validation server 504. Specifically, the validation database 
Regarding claim 9, Powell as modified teaches wherein the authenticating further comprises: receiving, by the server, an authentication request from the client device, wherein the authentication request includes a username and password (Powell: paragraph 0058, “The secure sign-on authenticates the identity of the user of the mobile device 12 based on a unique user ID and password combination. Both the user ID and the password must be correct in order to establish the secure communication between the mobile device 12 and the DMS 60, 60'. Implementations of sign-on and authentication processes are described in further detail below”); authenticating, by the server, the username and password (Powell: paragraphs 0064 and 0073, “it is determined whether the credentials are valid. The credentials include the username and password provided in the logon request. In some implementations, the DMS (e.g., the application server of the DMS) can retrieve authentication information from the information system, and can determine whether the credentials are valid.”); creating and storing, by the server, a Session ID associated with the session (Powell: paragraph 0073, “If the credentials are deemed valid, a session is established to provide patient information and data from the information system to the mobile device in step 614, and the steps end.”); and transmitting, by the server, the Session ID to the client device 
Regarding claims 10 and 17, Powell as modified teaches further comprising: creating, by the client device, the at least one ACL Group, wherein the at least one ACL Group includes a member list with a client ID of the client device, a permission description, and a resource name associated with the permission description (Tran: paragraphs 0165, 0174 and 0315-0316, “software for the professional monitoring system provides a login screen to enter user name and password, together with database credentials. In Select Record function, the user can select a person, based on either entered or pre-selected criteria. From here navigate to their demographics, medical record, etc. The system can show a persons demographics, includes aliases, people involved in their care, friends and family, previous addresses, home and work locations, alternative numbers and custom fields. The system can show all data elements of a person's medical record”).
Regarding claims 11 and 18, Powell as modified teaches wherein the authorizing further comprises: receiving, by the server, a WebSocket request from the client device (Tran: paragraphs 0165, 0174 and 0315-0316, “software for the professional monitoring system provides a login screen to enter user name and password, together with database credentials.”); and checking, by the server, whether each of the plurality of data streams associated with the WebSocket request is authorized by the at least one ACL Group (Tran: paragraphs 0143, 0165, 0167, 0174, 0294 and 0315-0316, “software for the professional monitoring system provides a login screen to enter user name and password, together with database credentials. In Select Record function, the user can select a person, based on either entered or pre-selected criteria. From here navigate to their demographics, medical .

Claims 2-4 and 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over Powell in view of TRAN, and further in view of Hensley et al, (US 9473506) (hereinafter Hensley).
Regarding claim 2, Powell in view of Tran does not explicitly teach the following limitation which is disclosed by Hensley, wherein the WebSocket connection includes a unique URL that is based on the plurality of data streams
Regarding claim 3, Powell as modified teaches wherein a path component of the unique URL comprises a Type4 Globally Unique Identifier (GUID) (Hensley: column 10 lines 57-67; and column 11 lines 45-61, “a message that requests that each group member receive a notification to establish a secure connection with the server 122 to receive a packet created by the packet creation module 332 discussed below. In one embodiment, the notification request identifies the group members. For example, in one embodiment, the group management module 328 sends a notification request including the GUIDs associated with the members to be notified”).
Regarding claims 4 and 14, Powell as modified teaches maintaining, by the server, a look-up table of a plurality of GUIDs that are each associated with a specific data stream request by each client device (Hensley: column 11 lines 45-61, “the notification module 330 receives GUIDs of group members and sends a notification to the client device 106 associated with that GUID. In one embodiment, the notification module 330 sends the same notification regardless of what group a member belongs to. Such an embodiment may be advantageous in the context of a notification server 142 discussed below with reference to FIGS. 5-7, because the notification module 330 need not use resources tracking what GUIDs belong to what group and receive what message”).
Regarding claim 13, this claims recite the steps as recited by the method of claims 2 and 3, and has limitations that are similar to those of claims 2 and 3, thus is rejected with the same rationale applied against claims 2 and 3.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.	
Poltorak (US 9215075): provides systems and methods for supporting encrypted communications with a medical device, such as an implantable device, through a relay device to a remote server, and may employ cloud computing technologies.
Fallows et al. (US 9154485): A WebSocket connection is established. The WebSocket connection was established with a requester of the connection. The authentication of the requester is configured to expire. A request to revalidate the authentication is provided. An update of the authentication is received. The update of the authentication is received without disconnecting the WebSocket connection.
Muhsin et al. (US 20130162433):  A method of storing streaming physiological information obtained from a medical patient in a multi-patient monitoring environment includes receiving identification information, retrieving parameter descriptors, creating a round-robin database file, receiving a data stream, and using a predetermined data rate to map the data stream to locations in the round-robin database file
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRANG T DOAN whose telephone number is (571)272-0740.  The examiner can normally be reached on Monday-Friday 7-4 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D Feild can be reached on (571)272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/TRANG T DOAN/Primary Examiner, Art Unit 2431