DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
This action is in response to the communications and remarks filed on 12/23/2021. Claims 1-20 are presently pending for examination.

Response to Arguments
Applicant's arguments, see pages 10-13, filed 9/14/2021, regarding the 103 rejections of Claims 1, 8, and 15, have been fully considered and are not persuasive. Applicant argues that "Moreover, while Johnson may indeed disclose storing communication links at various geographic locations using profiles (Johnson, Abstract), Applicants respectfully submit that Johnson fails to disclose an exchange configuration that includes data exchange regulations associated with a geographic area in which the data may be exchanged. Rather, Johnson merely stores network profiles."
Applicant' s interpretation of the reference has been noted; however, examiner respectfully disagrees.  While the examiner agrees that Johnson teaches profiles, these profiles are the determining factors or regulations, that determine if a connection is allowed and whether data can be exchanged.  The limitations in the claims do not 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1, 5-6, 8, 12-13, 15, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over O’Brien et al., (US 20080235511 A1) hereinafter referred to as O’Brien in view of Johnson et al., (US 20090063187 A1) hereinafter referred to as Johnson.
Regarding Claims 1, 8, and 15, O’Brien discloses A computer-implemented method for providing a secure device relay between a data collection device and a server using a smart device, the method comprising: transmitting to a server a unique identifier corresponding to a data collection device [paragraph 0027, In a device registration phase, the device contacts a secure access server (SAS), via a  
and a digital signature corresponding to a smart device; [paragraph 0027, When a user, or client, wishes to contact the device, the client initiates a further communication session and is authenticated by the SAS] [paragraph 0042, The client agent 14 then generates asymmetric public and private keys: USERpub and USERprv (312), which can be, for example, 1024-bit public keys. The client agent 14, which has access to the SAS's public key SASpub, encrypts a message Msg4, containing its user ID, USERpin, public key USERpub, and the device ID of the device it with which it wishes to communicate (314)] 
receiving from the server a key pair and an exchange configuration defining access control to data stored on the data collection device, [paragraph 0043, If the information provided by the client agent 14 is valid, the SAS 24 retrieves the requested device's SIP address and public key DEVICEpub from an associated database (326). The SAS 24 then encrypts a message Msg5, containing the requested device ID, the device's SIP Address and the device's public key DEVICEpub, using the client's public key USERpub (328). Msg5 is then sent to the client agent (330)] [paragraph 0027, The device's private key can be set to expire after one or more uses, at which time the device can request, or be provided with, a new private key – this is an “exchange configuration”] 
and transmitting to the data collection device a public key of the received key pair and the exchange configuration. [paragraph 0027, The client and device can then perform a symmetrical key exchange for their current communication session, and can communicate with appropriate encryption. The device's private key can be set to expire after one or more uses, at which time the device can request, or be provided with, a new private key]
O’Brien does not explicitly teach wherein the exchange configuration includes data exchange regulations associated with a geographic area in which the data may be exchanged.
Johnson teaches wherein the exchange configuration includes data exchange regulations associated with a geographic area in which the data may be exchanged; [Abstract, When the source medical device is at a particular geographical location, a profile associated with the particular geographical location is accessed and a network connection is established between the source medical device and the target component using a communication link associated with the particular profile. Medical information is transferred between the source medical device and the target component via the communication link associated with the particular profile]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Johnson with the disclosure of O’Brien. The motivation or suggestion would have been to facilitate communication of data at specific configured locations. (Abstract and throughout)
Regarding Claims 5, 12, and 19, O’Brien discloses wherein the exchange configuration further defines access control with respect to a type of the data, an amount of the data, and a frequency at which the data is exchanged between the server and the data collection device. [paragraph 0027, The device's private key can be set to expire after one or more uses, at which time the device can request, or be provided with, a new private key – this is and “exchange configuration” corresponding to “an amount of the data”]
Regarding Claims 6, 13, and 20, O’Brien discloses wherein the exchange configuration further defines access control with respect to conditions and triggers at which the data is exchanged between the server and the data collection device. [paragraph 0027, The device's private key can be set to expire after one or more uses, at which time the device can request, or be provided with, a new private key – this is and “exchange configuration” corresponding to “conditions at which the data is exchanged”]

Claims 2, 4, 7, 9, 11, 14, 16, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over O’Brien in view of Johnson, as applied to Claims 1, 8, and 15, respectively, above, and further in view of Poltorak (US 9215075 B1) hereinafter referred to as Poltorak.
Regarding Claims 2, 9, and 16, the combination of O’Brien and Johnson does not explicitly teach further comprising: detecting an exchange request to exchange the data between the server and the data collection device; determining whether the exchange request is permitted based on the exchange configuration; and based on determining that the exchange request is permitted by the exchange configuration, processing the request.
Poltorak teaches further comprising: detecting an exchange request to exchange the data between the server and the data collection device; determining whether the exchange request is permitted based on the exchange configuration; and based on determining that the exchange request is permitted by the exchange configuration, processing the request. [Column 15, lines 36-38, a service provider may have a pending request to download a data file from the device] [Column 15, lines 47-57, The device seeks to authenticate the service provider to ensure privacy of the communication, etc. The service provider, however, seeks to authenticate the device in order to avoid uploading malicious data that may incur costs and/or lead to changes in functioning of the device that is party to the communication, or another device that is being spoofed. Once the device and service provider establish a communication link, which will generally be encrypted and secure, e.g., a VPN, communications, up to and including a full exchange of information, may be conducted, depending on various security rules and administrative limits – a determination is made regarding whether a device and the service provider are allowed to establish a secured connection and transfer data based on “various security rules and administrative limits” which are the “exchange configurations”] 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Poltorak with the disclosures of O’Brien and Johnson. The motivation or suggestion would have been “for supporting encrypted communications with a medical device.” (Abstract)
Regarding Claims 4, 11, and 18, the combination of O’Brien and Johnson does not explicitly teach further comprising: receiving a request to modify access controls defined by the exchange configuration; obtaining consent to the requested modification from a user of the data collection device; and modifying the exchange configuration.
Poltorak teaches further comprising: receiving a request to modify access controls defined by the exchange configuration; obtaining consent to the requested modification from a user of the data collection device; and modifying the exchange configuration. [Column 16, lines 33-47, In some cases, after an analysis of the data, a medical professional or automated device may determine that the parameters of operation of the device require updating. In that case, both the treating physician/cardiologist and manufacture (or authorized service provider) may be required to concur on the proposed changes. Typically, the dual authorization is ensured by the device, and the authorization does not rely on one party to offer proof of authorization by the other. Therefore, the device uploads the proposed changes to the parameters, and then communicates with the other authorizing party the proposed changes. This dual communication paradigm may incur higher energy consumption or inconvenience, but limits the risk of collusion or breach of security. Once the parameters are updated and dual-authorized, the device may then adopt and use the new parameters] 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Poltorak with the disclosures of O’Brien and Johnson. The motivation or suggestion would have been “for supporting encrypted communications with a medical device.” (Abstract)
Regarding Claims 7 and 14, O’Brien discloses while the key pairs and the exchange configuration [paragraph 0043, If the information provided by the client agent 14 is valid, the SAS 24 retrieves the requested device's SIP address and public key DEVICEpub from an associated database (326). The SAS 24 then encrypts a message Msg5, containing the requested device ID, the device's SIP Address and the device's public key DEVICEpub, using the client's public key USERpub (328). Msg5 is then sent to the client agent (330)] [paragraph 0027, The device's private key can be set to expire after one or more uses, at which time the device can request, or be provided with, a new private key – this is and “exchange configuration”]
The combination of O’Brien and Johnson does not explicitly teach wherein the exchange request is transmitted from the smart device to the data collection device via short range communication are transmitted from the server to the smart device via internet.
Poltorak teaches wherein the exchange request is transmitted from the smart device to the data collection device via short range communication [Column 15, lines 36-38, a service provider may have a pending request to download a data file from the device] [Column 14, lines 21-22, a Bluetooth protocol, IEEE 802.15.1 is employed] 
are transmitted from the server to the smart device via internet. [Column 14, lines 17-19, However, in certain circumstances, an 802.11b or 802.11g communications might be appropriate] Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Poltorak with the disclosures of O’Brien and Johnson. The motivation or suggestion would have been “for supporting encrypted communications with a medical device.” (Abstract)

Claims 3, 10, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over O’Brien in view of Johnson, as applied to Claims 1, 8, and 15, respectively, above, and further in view of Dicks et al., (US 20080224852 A1) hereinafter referred to as Dicks.
Regarding Claims 3, 10, and 17, O’Brien discloses further comprising: based on determining that the exchange request is not permitted by the exchange configuration, denying the exchange request [paragraph 0040, If the device ID is incorrect (260), the device agent 16 ends the connection to the SAS server 24 (262)]
The combination of O’Brien and Johnson does not explicitly teach and performing an action selected from a group comprising: notifying a user of the data collection device, notifying a physician of the user, and requesting consent to process the exchange from the user.
Dicks teaches and performing an action selected from a group comprising: notifying a user of the data collection device, notifying a physician of the user, and requesting consent to process the exchange from the user. [paragraph 0069, After analyzing the authentication token or a message containing or associated with the token, the medical data system may determine that access is either permitted or denied, and may communicate 1080 this status to the originator 702 of the authentication token 702 who then receives notice of the failure 790] 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Dicks with the disclosures of O’Brien and Johnson. The motivation or suggestion would have been to analyze and determine the validity of the authentication. (paragraph 0069)
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANDREW J STEINLE whose telephone number is (571)272-9923. The examiner can normally be reached M-F 10am-6pm CT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/ANDREW J STEINLE/Primary Examiner, Art Unit 2497