DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Objections
Claims 23-26 are objected to because of the following informalities:  
Claims 23-26 are apparatus claims that depend on method claim 21. Change claims 23-26 dependency to apparatus claim 22.  For examination purposes, the examiner has treated claims 23-26 as if they were dependent on claim 22. Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 6-7, 22, and 26 are rejected under 35 U.S.C. 103 as being unpatentable over Higgs WO 2016007932 (hereinafter Higgs) in view of Carlisle et al EP 0640945 (hereinafter Carlisle).

As to claim 1, Higgs teaches a secure medical system for transmitting personal health information (Figure 1) , comprising: a smart card (Figure 1, reference number 21 “smart card”) ; a smart card reader (page 15, lines 14-15, “the user/patient first inserts 100 the smart card into a user computer’s 20 card reader”); and a microprocessor (Figure 1, reference number 21b “microprocessor”); wherein the smart card  (Figure 1, reference number 21 “smart card”)  has a secure computer readable memory (Figure 1, reference number 21a “memory”) having memory  (page 9, lines 1-5) allocated to store a first password verifiable by the smart card reader (page 15, lines 14-21, “the user/patient first inserts 100 the smart card into a user computer’s 20 card reader” ;“ the user is required to log into the system 130 with its unique username and password. The first application 19 authenticates 135 the user’s login information against the patient data contained on the smartcard 21”- this implies that the smart card has memory to store a password, which is the user name and password, which is verifiable by the smart card reader); and a file directory containing personal health information (page 16, lines 2-7, “the medical data includes both structured and unstructured data files. These unstructured data files include any medical imaging, scanned documents, …Once the user/patient has successfully loaded the most recent copy of medical records data to the smart card 21, they remove the smart card from the card reader” ), the microprocessor providing access to the file directory containing data  (page 15, lines 19+).
Higgs fail to teach wherein a second password  generated by the smart card reader; and a file directory  containing a unique ID; wherein the smart card reader uses an algorithm based at least partly on the unique ID to generate the second password; and the microprocessor comprising instructions for verifying a stored second password against a received second password sent by the smart card reader; the microprocessor providing access to the file directory containing data  , if the stored second password matches the received second password .
Carlisle teaches a first password (Figure 4, reference number 125 “TEMPORARY PASSWORD”) and a second password (Figure 2, reference number 16; Figure 4, reference number 138 “NEW PASSWORD SERVICE FILES” or reference number 135, “K2(RND2)” )  generated by the smart card reader (Figure 2, reference number 15, presents a tree structure of a smart card operating system  where reference number 15 is the smart card holder/reader and reference number  16 is the password generated by the smartcard holder/reader, see also column 8, line 15-21 and 27-31 which recites “Figure 2 includes directory file 15, named ‘htb’(the smart card’s holder[reader]),…each one of the directories includes a ‘passwd’ file”); and a file directory  (Figure 2, reference numbers 13 ,14, 18, and 17, column 8, lines 20-21) containing a unique ID (reference number 18 “ID”); wherein the smart card reader uses an algorithm (Figure 4, random number string generator “RND1”, “k2(RND1)”, “RND2”, “K2(RND2)”, column 12, lines 40-45 recites “within the smart card the PIN resides in a root(primary source)-owned file that is open for the holder[reader] to modify....”column 12, lines 47-50 recites “by providing [smart card reader] its ID number and a password challenge in the form of a random string RND1, O [smart card reader) encrypts RND1 with O’s password to form string K1(RND1) and returns it to S[smart card])  based at least partly on the unique ID  (Figure 4, reference number 133, “ID”) to generate the second password (Figure 4, reference number 138 “NEW PASSWORD SERVICE FILES); and the microprocessor comprising instructions for verifying a stored second password against a received second password sent by the smart card reader (column 6, lines 52+-column 7, lines 1-6 recites “the programme encrypts the password string and compares it to the encrypted password that is found in the ‘/etc/passwd’ file for the identified user. When the match is positive it is determined that the user is bona fide (verified)”); the microprocessor providing access to the file directory containing data, if the stored second password matches the received second password (column 6, lines 52+-column 7, lines 1-6 recites “When the match is positive it is determined that the user is bona fide (verified), and control passes to a file owned by ‘root’ (primary source)”).
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Higgs’ medical system with the teaching of Carlisle to prevent users of the smart card from accessing any files that are owned by other users and to impart confidence in remote communications which permits remote provisioning and effective maintenance of (column 5, lines 14-18 and 26-30 of Carlisle).
	As to claim 6, the combination of Higgs in view of Carlisle teach wherein the unique ID is any one of a serial number (Carlisle: column 12, line 48 recite the unique ID number) a globally unique identifier, or a hashed number.

	As to claim 7, the combination of Higgs in view of Carlisle teach wherein the personal health information comprises any one or more of a name, age, gender, height, weight, patient ID, prescription data, treatment data, and device configuration (Higgs: page 8, lines 10-12 recite “patients medical records including longitudinal history and imaging (hereinafter medical data) throughout the healthcare system environment “; page 11,lines 12-14; it is known the medical record, longitudinal history include data such as BMI, lab values, and medication history).

	 As to claim 22, Higgs teaches a smart card for use in a medical system (Figure 1, page 9, lines 1-3), comprising: a secure computer readable memory (Figure 1, reference number 21a) having a secure computer readable memory having memory allocated to store a first password verifiable by a smart card reader(page 15, lines 14-21, “the user/patient first inserts 100 the smart card into a user computer’s 20 card reader” ;“ the user is required to log into the system 130 with its unique username and password. The first application 19 authenticates 135 the user’s login information against the patient data contained on the smartcard 21”- this implies that the smart card has memory to store a password, which is the user name and password, which is verifiable by the smart card reader); a file directory containing personal health information (page 16, lines 2-7, “the medical data includes both structured and unstructured data files. These unstructured data files include any medical imaging, scanned documents, …Once the user/patient has successfully loaded the most recent copy of medical records data to the smart card 21, they remove the smart card from the card reader” ); and a microprocessor(Figure 1, reference number 21b) ;the microprocessor providing access to the file directory containing data(page 15, lines 19+).
	Higgs does not teach a second password generated by the smart card reader; a file directory containing a unique ID, wherein the smart card reader uses an algorithm based at least partly on the unique ID to generate the second password; and a microprocessor comprising instructions for verifying a stored second password against a received second password sent by the smart card reader, providing access to the file directory containing data, if the stored second password matches the received second password.
	Carlisle teaches a second password (Figure 2, reference number 16; Figure 4, reference number 138 “NEW PASSWORD SERVICE FILES” or reference number 135, “K2(RND2)” )generated by the smart card reader(Figure 2, reference number 15, presents a tree structure of a smart card operating system  where reference number 15 is the smart card holder/reader and reference number  16 is the password generated by the smartcard holder/reader, see also column 8, line 15-21 and 27-31 which recites “Figure 2 includes directory file 15, named ‘htb’(the smart card’s holder[reader]),…each one of the directories includes a ‘passwd’ file”); a file directory (Figure 2, reference numbers 13 ,14, 18, and 17, column 8, lines 20-21) containing a unique ID(reference number 18), wherein the smart card reader uses an algorithm Figure 4, random number string generator “RND1”, “k2(RND1)”, “RND2”, “K2(RND2)”, column 12, lines 40-45 recites “within the smart card the PIN resides in a root(primary source)-owned file that is open for the holder[reader] to modify....”column 12, lines 47-50 recites “by providing [smart card reader] its ID number and a password challenge in the form of a random string RND1, O [smart card reader) encrypts RND1 with O’s password to form string K1(RND1) and returns it to S[smart card]) based at least partly on the unique ID(Figure 4, reference number 133, “ID”)  to generate the second password(Figure 4, reference number 138 “NEW PASSWORD SERVICE FILES); and (column 6, lines 52+-column 7, lines 1-6 recites “the programme encrypts the password string and compares it to the encrypted password that is found in the ‘/etc/passwd’ file for the identified user. When the match is positive it is determined that the user is bona fide (verified)”), providing access to the file directory containing data, if the stored second password matches the received second password (column 6, lines 52+-column 7, lines 1-6 recites “When the match is positive it is determined that the user is bona fide (verified), and control passes to a file owned by ‘root’(primary source)”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Higgs’ medical system with the teaching of Carlisle to prevent users of the smart card from accessing any files that are owned by other users and to impart confidence in remote communications which permits remote provisioning and effective maintenance of a database that keeps track of all services contained in each smart card (column 5, lines 14-18 and 26-30 of Carlisle).

As to claim 26, the combination of Higgs in view of Carlisle teach wherein the personal health information comprises any one or more of a name, age, gender, height, weight, patient ID, prescription data, treatment data, and device configuration (Higgs: page 8, lines 10-12 recite “patients medical records including longitudinal history and imaging (hereinafter medical data) throughout the healthcare system environment “; page 11,lines 12-14; it is known the medical record, longitudinal history include data such as BMI, lab values, and medication history).

Claims 2-3 and 23 are rejected under 35 U.S.C. 103 as being unpatentable over Higgs WO 2016007932 (hereinafter Higgs) in view of Carlisle et al EP 0640945 (hereinafter Carlisle) in further view of Ostertun et al EP 3226141 (hereinafter Ostertun).
 As to claim 2, the combination of Higgs in view of Carlisle teach the smart card further comprising a non-volatile memory (Higgs: Figure 1, reference number 21a, page 9, lines 1-2).
The combination of Higgs and Carlisle fail to teach the smart card further comprising an antenna, a capacitor.
Ostertun teaches the smart card further comprising an antenna (column 4, line 45, “an RF antenna 130; Figure 1, reference number 130), a capacitor (column 4, liens 46-47, a clock input filter 126, Figure 1, reference number 126).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Higgs’ medical system in view of the teachings of Carlisle with the teachings of Ostertun’s smart card to allow for advanced functionality of data storage, communication, and authentication (column 1, lines 10-11 of Ostertun).

As to claim 3, the combination of Higgs in view of Carlisle and Ostertun teaches wherein the antenna communicates with the smart card reader by transmitting and/or receiving radio frequency or wireless signals based on instructions from the microprocessor(Ostertun: column 1, lines 15-21  recite “smart card can communicate with a smart card reader either when inserted into the smart card reader or by using RF induction or near field communication to communication with the smart card reader without contact; column 4, lines 43-45).

As to claim 23, the combination of Higgs in view of Carlisle teach the smart card further comprising a non-volatile memory unit (Figure 1, reference number 21a, page 9, lines 1-2).
The combination of Higgs in view of Carlisle fail to teach the smart card further comprising an antenna, a capacitor.
Ostertun teaches the smart card further comprising an antenna (column 4, line 45, “an RF antenna 130; Figure 1, reference number 130), a capacitor (column 4, liens 46-47, a clock input filter 126, Figure 1, reference number 126).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Higgs’ medical system in view of the teachings of Carlisle with the teachings of Ostertun’s smart card to allow for advanced functionality of data storage, communication, and authentication (column 1, lines 10-11 of Ostertun).

Claims 4 and 24 are rejected under 35 U.S.C. 103 as being unpatentable over Higgs WO 2016007932 (hereinafter Higgs) in view of Carlisle et al EP 0640945 (hereinafter Carlisle) in further view of Ostertun et al EP 3226141 (hereinafter Ostertun) in further view of Chen US 20120001725(hereinafter Chen).

As to claim 4, the combination of Higgs in view of Carlisle fail to teach the smart card further comprising a subscriber identification module chip, wherein the subscriber identification module chip makes direct electrical contact with the smart card reader to transmit data.
Ostertun teaches wherein the [smart card] makes direct electrical contact with the smart card reader to transmit data (column 1, lines 15-16 recites the smart card device communication with the smart card reader using direct contact communication).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Higgs’ medical system in view of the teachings of Carlisle with the teachings of Ostertun’s smart card to allow for advanced functionality of data storage, communication, and authentication (column 1, lines 10-11 of Ostertun).
The combination of Higgs in view of Carlisle and Ostertun fail to teach the smart card further comprising a subscriber identification module chip,
Chen teaches the smart card further comprising a subscriber identification module chip (paragraph 25 teaches the Subscriber Identification Module SIM is a smart card).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Higgs’ medical system in view of the teachings of Carlisle and Ostertun’s smart card with the teaching of Chen’s smart card to prevent others to perform unauthorize identification procedure of file access (paragraph 12 of Chen).

As to claim 24, the combination of Higgs in view of Carlisle fail to teach the smart card further comprising a subscriber identification module chip, wherein the subscriber identification module chip makes direct electrical contact with the smart card reader to transmit data.
Ostertun teaches wherein the [smart card] makes direct electrical contact with the smart card reader to transmit data (column 1, lines 15-16 recites the smart card device communication with the smart card reader using direct contact communication).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Higgs’ medical system in view of the teachings of Carlisle with the teachings of Ostertun’s smart card to allow for advanced functionality of data storage, communication, and authentication (column 1, lines 10-11 of Ostertun).
The combination of Higgs in view of Carlisle and Ostertun fail to teach the smart card further comprising a subscriber identification module chip,
Chen teaches the smart card further comprising a subscriber identification module chip (paragraph 25 teaches the Subscriber Identification Module SIM is a smart card).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Higgs’ medical system in view of the teachings of Carlisle and Ostertun’s smart card with the teaching of Chen’s smart card to prevent others to perform unauthorize identification procedure of file access (paragraph 12 of Chen).

Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Higgs WO 2016007932 (hereinafter Higgs) in view of Carlisle et al EP 0640945 (hereinafter Carlisle) in further view of Yang US 20120284534 (hereinafter Yang).

As to claim 5, the combination of Higgs in view of Carlisle fail to teach wherein the first password is a factory-preset password.
Yang teaches wherein the first password is a factory-preset password (paragraph 6 recites the IC chip determines that a user input password conforms with a preset password).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Higgs’ medical system in view of the teaching of Carlisle with Yang’s teaching to provide protection for the data stored on the smart card from unauthorized access (paragraph 5 of Yang).

Claims 8 and 25 are rejected under 35 U.S.C. 103 as being unpatentable over Higgs WO 2016007932 (hereinafter Higgs) in further view of Carlisle et al EP 0640945 (hereinafter Carlisle) in further view of X. Li, J. Niu, S. Kumari, J. Liao, and W. Liang, “An enhancement of a smart card authentication scheme for multi-server architecture,” Wireless Personal Communications, vol. 80, no. 1, pp. 175–192, 2015 (hereinafter Li).

As to claim 8, the combination of Higgs in view of Carlisle fail to teach wherein the first password is overwritten by the second password.
Li teaches wherein the first password is overwritten by the second password (page 179, 2.4 Password Change Phase paragraph recite “the card reader computer Pnew and stores Pnew instead of P in the smart card memory”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claim invention to the teaching of Higgs’ medical system in view of the teaching of Carlisle with the teaching of Li’s passwords to provide an improved smart card authentication scheme that corrects authentication and resist impersonation attack and stolen smart card attack (abstract of Li). 

As to claim 25, the combination of Higgs in view of Carlisle fail to teach wherein the first password is overwritten by the second password.
Li teaches wherein the first password is overwritten by the second password (page 179, 2.4 Password Change Phase paragraph recite “the card reader computer Pnew and stores Pnew instead of P in the smart card memory”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claim invention to the teaching of Higgs’ medical system in view of the teaching of Carlisle with the teaching of Li’s passwords to provide an improved smart card authentication scheme that corrects authentication and resist impersonation attack and stolen smart card attack (abstract of Li). 
 

Claims 9-12 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Balasubramanian US 20090078763 (hereinafter Balasubramanian) in view of Carlisle et al EP 0640945 (hereinafter Carlisle) in further view of Fu et al US9722994 (hereinafter Fu).

As to claim 9, Balasubramanian teaches a smart card reader (Figure 2) for use in a medical system, comprising: a microprocessor(Figure 2, reference number 6, 8 and 9) having instructions for transmitting and receiving radio frequency or wireless signals (paragraphs 14 recites “The matching circuit can be a passive circuit and the transmit antenna can be adapted to transmit power by means of alternating magnetic field carrier wave and to transmit the data to the card by means of modulation on the carrier wave. The receive antenna can be adapted to receive the signal from the card and to give it to the reader IC through the matching filter circuit” and paragraph  21); an antenna (Figure 2, reference numbers 4 and 5) for communicating with a smart card (Figure 2, reference number 10) wherein the antenna transmits and/or receives radio frequency or wireless signals based on instructions from the microprocessor (paragraph 11 recites “the reader can comprise a plurality of separate transmit antenna and receive antenna for the purpose of transmitting and receiving”, see also paragraphs 13-14 and 21) ; a secure computer readable memory (Figure 2, reference number 7 and paragraph 33) and a memory (Figure 2, reference number 7).
Balasubramanian fail to teach receiving an algorithm for generating a second password; storing a first password verifiable by the smart card; and memory allocated for a unique ID received from the smart card; wherein the microprocessor further comprises instructions for generating the second password based at least partly on the unique ID received from the smart card, instructions for either transmitting and storing the second password on the smart card for initial preparation of the smart card, instructions for transmitting the second password to access a secured file directory containing data on the smart card, and instructions for discarding the second password.
Carlisle teaches receiving an algorithm (column 12, lines 47-50 recites “by providing [smart card reader] its ID number and a password challenge in the form of a random string RND1, O [smart card reader) encrypts RND1 with O’s password to form string K1(RND1) and returns it to S[smart card]) for generating a second password(Figure 4, reference number 138 “NEW PASSWORD SERVICE FILES); storing a first password verifiable by the smart card (Figure 4, reference number 125 “TEMPORARY PASSWORD”); and memory allocated for a unique ID received from the smart card (Figure 4, reference number 133, “ID”); wherein the microprocessor further comprises instructions for generating the second password based at least partly on the unique ID received from the smart card(column 12, lines 47-50 recites “by providing [smart card reader] its ID number and a password challenge in the form of a random string RND1, O [smart card reader) encrypts RND1 with O’s password to form string K1(RND1) and returns it to S[smart card]), instructions for either transmitting and storing the second password on the smart card for initial preparation of the smart card(column 12, lines 47-50 recites O [smart card reader) encrypts RND1 with O’s password to form string K1(RND1) and returns it[password] to S[smart card]), instructions for transmitting the second password to access a secured file directory containing data on the smart card(column 6, lines 52+-column 7, lines 1-6 recites “When the match is positive it is determined that the user is bona fide (verified), and control passes to a file owned by ‘root’(primary source)”).
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Balasubramanian with the teaching of Carlisle to prevent users of the smart card from accessing any files that are owned by other users and to impart confidence in remote communications which permits remote provisioning and effective maintenance of a database that keeps track of all services contained in each smart card (column 5, lines 14-18 and 26-30 of Carlisle).
The combination of Balasubramanian and Carlisle fail to teach instructions for discarding the second password.
Fu teaches instructions for discarding the second password (claim 1, recites “the second hardware processor further performs the following steps using the instructions: after knowing that the password authorization module finishes verification, deleting, by the second password management module, the verified password stored in the password authorization module).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Balasubramanian in view of the teaching of Carlisle with the teaching of Fu to lower the risk that the smart card reader is breached and the password is stolen/leaked (column 3, lines 43-47 of Fu).

As to claim 10, the combination of Balasubramanian in view of Carlisle and Fu teach wherein the algorithm is at least partly based on a partial secret (Carlisle: column 9, lines 34-38 recite “an encryption key pair that is installed in a filed …key pair is unique to each smart card…. The pair includes a private key that is kept secret…”; column 10, lines 42-52) and number of iterations of a pseudo-random function (Carlisle: Figure 4, shows two iterations 133, 134, 135 of the random string RND1-RND 2).

As to claim 11, the combination of Balasubramanian in view of Carlisle and Fu teach wherein a number of iterations of pseudo- random function is greater than 1 (Carlisle: Figure 4, shows two iterations 133, 134, 135 of the random string RND1-RND 2).


As to claim 12, the combination of Balasubramanian in view of Carlisle and Fu teach wherein the partial secret is identical across medical devices (Carlisle: column 14, lines 10-20 recites “the communication can be encrypted with a shared secret of the smart card. The ‘root’(primary source) password may be selected for the latter or a temporary ‘shared secret’ can be offered by O[reader] to S[smart card]”: this tells us the shared secret is the identical on the smart card holder device and the smart card).

As to claim 16, the combination of Balasubramanian in view of Carlisle and Fu teach wherein the smart card reader is in electrical communication with a desktop computer, a laptop computer, or any other medical system (Carlisle: column 2, lines 29-31 recites “smart card reader [is] coupled to the terminal processor.”; column 2, lines 45-47 recites “the terminal processor activates the smart card reader to upload data files from the smart card memory to the terminal processor”).

Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Balasubramanian US 20090078763 (hereinafter Balasubramanian) in view of Carlisle et al EP 0640945 (hereinafter Carlisle) in further view of Fu et al US9722994 (hereinafter Fu) in further view of Baldischweiler EP 2348453 (hereinafter Baldischweiler). 

As to claim 13, the combination of Balasubramanian in view of Carlisle and Fu fail to teach wherein the pseudo-random function is HMAC-SHA1, HMAC-SHA2, HMAC-SHA3, or PBKDF2.
Baldischweiler teaches wherein the pseudo-random function is HMAC-SHA1, HMAC-SHA2, HMAC-SHA3, or PBKDF2 (page 9, lines 9-12 recites “a hash value H1 (eg HMAC SHA1) formed with a hash function is also transmitted” : the hash function is the pseudo-random function using the hash value HMAC SHA1).
the teaching of Balasubramanian in view of the teachings of Carlisle and Fu with the teaching of Baldischweiler to prevent manipulated firmware to be used on the terminal of the smart card reader (page 9, lines 22-24 of Baldischweiler).

Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Balasubramanian US 20090078763 (hereinafter Balasubramanian) in view of Carlisle et al EP 0640945 (hereinafter Carlisle) in further view of Fu et al US9722994 (hereinafter Fu) in further view of Chang et al US 20100241865(hereinafter Chang).

As to claim 14, the combination of Balasubramanian in view of Carlisle and Fu fail to teach wherein a length of the second password is at least 4 bytes.
Chang teaches wherein a length of the second password is at least 4 bytes (paragraph 34 recites “the numerical transformation function Hash2Number extracts the preceding four bytes from the sixteen bytes hash data OTPn and then transforms the four bytes into a positive integer. Then, the positive integer is subject to the operation mod(10 Digit) to obtain a set of digits as a current dynamic password…”; paragraph 52 also recites the invention of Chang “provides flexibility of selecting the length of the password ranging from 1 to 10 digits).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Balasubramanian in view of the teachings of Carlisle and Fu with the teaching of Chang to establish a secure communication link and prevent phishing attacks by hackers for stealing passwords (paragraphs 29 and 51 of Chang).

Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Balasubramanian US 20090078763 (hereinafter Balasubramanian) in view of Carlisle et al EP 0640945 (hereinafter Carlisle) in further view of Fu et al US9722994 (hereinafter Fu) in further view of Paulsen US 20140191031 (hereinafter Paulsen).

As to claim 15, Balasubramanian, Carlisle, and Fu fail to teach the smart card reader further comprising a slot for receiving the smart card, wherein the smart card reader transmit data to and /or from the smart card by direct electrical contact.
Paulsen teaches the smart card reader further comprising a slot for receiving the smart card, wherein the smart card reader transmit data to and /or from the smart card by direct electrical contact (paragraph 40 recites “a vertical or horizontal slot 44 may be included in the smart card reader 40…the smart card 30 may be inserted into the slot 44 until electrical contacts within the slot make contact with electrical contacts on the smart card. Data is then read from the integrated circuit memory”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Balasubramanian in view of the teachings of Carlisle and Fu with the teaching of Paulsen to manage reading of data that is stored in memory and which can be read through direct contact (paragraph 2 of Paulsen).

Claims 17-21 are rejected under 35 U.S.C. 103 as being unpatentable over Higgs WO 2016007932 (hereinafter Higgs) in view of Carlisle et al EP 0640945 (hereinafter Carlisle) in further view of Fu et al US9722994 (hereinafter Fu).

As to claim 17, Higgs teaches an automated smart card authentication system for use in a medical system (Figure 1), comprising: a smart card (Figure 1, reference number 21) having memory  (Figure 1, reference number 21a) allocated for storing a first password (page 15, lines 14-21 recite “the user/patient first inserts 100 the smart card into a user computer’s 20 card reader” ;“ the user is required to log into the system 130 with its unique username and password. The first application 19 authenticates 135 the user’s login information against the patient data contained on the smartcard 21”- this implies that the smart card has memory to store a password, which is the user name and password, which is verifiable by the smart card reader), and personal health information (page 16, lines 2-7); a smart card reader (page 15, lines 14-15) programmed to receive the first password  stored in the smart card(page 15, lines 14-21).
Higgs does not teach a second password generated by an algorithm based on a unique ID, the unique ID, a smart card reader programmed to receive the unique ID; wherein the smart card reader generates a second password using the algorithm based at least partly on the unique ID of the smart card; the smart card reader storing the second password on the smart card , and discarding the second password from the smart card reader ; wherein the smart card reader is programmed to generate the second password on each read of the smart card using the algorithm ; wherein the smart card grants access to data if the second password generated by the smart card reader matches the second password stored in the smart card; and wherein the smart card reader discards the second password.
Carlisle teaches a second password  generated by an algorithm based on a unique ID, the unique ID (Figure 4, the new/second password in “K2(NEWPASSWORD SERVICE FILES)” was generated by ID and random string RND1 in “ID, RND1” reference number 133), a smart card reader programmed to receive the unique ID (column 12, lines 46-50); wherein the smart card reader generates a second password using the algorithm based at least partly on the unique ID of the smart card(Figure 4, the new/second password in “K2(NEWPASSWORD SERVICE FILES)” was generated by ID and random string RND1 in “ID, RND1” reference number 133); the smart card reader storing the second password on the smart card (column 14, lines 42-49); wherein the smart card reader is programmed to generate (Figure 4, reference number 138 “NEW PASSWORD SERVICE FILES” or reference number 135, “K2(RND2)” ;Figure 4, random number string generator “RND1”, “k2(RND1)”, “RND2”, “K2(RND2)”, column 12, lines 40-45 recites “within the smart card the PIN resides in a root(primary source)-owned file that is open for the holder[reader] to modify....”column 12, lines 47-50 recites “by providing [smart card reader] its ID number and a password challenge in the form of a random string RND1, O [smart card reader) encrypts RND1 with O’s password to form string K1(RND1) and returns it to S[smart card]) ;wherein the smart card grants access to data if the second password generated by the smart card reader matches the second password stored in the smart card(column 6, lines 52+-column 7, lines 1-6 recites “When the match is positive it is determined that the user is bona fide (verified), and control passes to a file owned by ‘root’(primary source)”); discarding the second password from the smart card reader (column 13, lines 1-3 recites no need for the reader to keep a database of passwords; all the reader needs is a single seed string which when combined with the smart card’s unique identification string…”); and wherein the smart card reader discards the second password(column 13, lines 1-3).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Higgs’ medical system with the teaching of Carlisle to prevent users of the smart card from accessing any files that are owned by other users and to impart confidence in remote communications which permits remote provisioning and effective maintenance of a database that keeps track of all services contained in each smart card (column 5, lines 14-18 and 26-30 of Carlisle).
Higgs and Carlisle fail to teach discarding the second password; and wherein discards the second password.
Fu teaches discarding the second password (claim 1, recites “the second hardware processor further performs the following steps using the instructions: after knowing that the password authorization module finishes verification, deleting, by the second password management module, the verified password stored in the password authorization module); and wherein discards the second password (claim 1).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Higgs with the teaching of Carlisle with the teaching of Fu to lower the risk that the smart card reader is breached and the password is stolen/leaked (column 3, lines 43-47 of Fu).

As to claim 18, the combination of Higgs in view of Carlisle and Fu teach wherein the smart card reader transmits the data from the smart card to other medical devices connected to the smart card reader (Higgs: page 11, lines 6-18 recites “the user computer 20 with the smart card reader technology provides web access to the cloud for connection and communication with the source patient personal health records module 50… The smart card 21 is used for both authentication and as a portable means of storage for medical data involving personal information including longitudinal medical history information…”).

As to claim 19, the combination of Higgs in view of Carlisle teach wherein the second password (Carlisle: Figure 2, reference number 16; Figure 4, reference number 138 “NEW PASSWORD SERVICE FILES” or reference number 135, “K2(RND2)” )   generated by the smart card reader (Carlisle: Figure 2, reference number 15, column 8, line 15-21 and 27-31 presents a tree structure of a smart card operating system  where reference number 15 is the smart card holder/reader )is stored on the smart card(Carlisle: column 14, lines 42-49 discloses a new password is installed in the smart card).
 

As to claim 20, Higgs teaches a method for automated smart card authentication for use in a medical system (Figure 1) comprising step of: accessing a smart card using a first password (page 15, lines 14-21, “the user/patient first inserts 100 the smart card into a user computer’s 20 card reader”; “the user is required to log into the system 130 with its unique username and password. The first application 19 authenticates 135 the user’s login information against the patient data contained on the smartcard 21”- this implies that the smart card has memory to store a password, which is the user name and password, which is verifiable by the smart card reader).
Higgs does not teach accessing a smart card using a unique ID stored on the smart card, wherein the unique ID is used to generate a second password by a smart card reader, wherein the smart card reader uses an algorithm based at least partly on the unique ID to generate the second password wherein the second password is stored on the smart card and is discarded and not stored by the smart card reader.
Carlisle teaches accessing a smart card using a unique ID stored on the smart card (Figure 2, reference number 18 is the ID stored on the smart card operating system, column 3, lines 31-32), wherein the unique ID (Figure 4, reference number 133 that contains ID and RND1) is used to generate a second password (Figure 4, reference number 138 “NEW PASSWORD SERVICE FILES”) by a smart card reader(Figure 2, reference number 15, presents a tree structure of a smart card operating system  where reference number 15 is the smart card holder/reader, reference number 16 is the password that the reader generates, see also column 8, line 15-21 and 27-31  ), wherein the smart card reader uses an algorithm based at least partly on the unique ID to generate the second password (Figure 4, the new/second password in “K2(NEWPASSWORD SERVICE FILES)” was generated by ID and random string RND1 in “ID, RND1” reference number 133) wherein the second password is stored on the smart card (column 14, lines 42-49 discloses a new password is installed in the smart card); is discarded and not stored by the smart card reader (column 13, lines 1-3).
the teaching of Higgs’ medical system with the teaching of Carlisle to prevent users of the smart card from accessing any files that are owned by other users and to impart confidence in remote communications which permits remote provisioning and effective maintenance of a database that keeps track of all services contained in each smart card (column 5, lines 14-18 and 26-30 of Carlisle).
Higgs and Carlisle do not teach and is discarded and not stored by the smart card reader.
Fu teaches and is discarded and not stored by the smart card reader (claim 1).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Higgs with the teaching of Carlisle with the teaching of Fu to lower the risk that the smart card reader is breached and the password is stolen/leaked (column 3, lines 43-47 of Fu).

As to claim 21, the combination of Higgs in view of Carlisle and Fu teach gain access a file directory containing personal health information on the smart card (Higgs: page 11, lines 6-11); the step of: 28Attorney Docket No.: CO00018133US02(MED-29190/US) re-generating the same second password by the smart card reader using the unique ID of the smart card (Carlisle: Figure 4, reference number 138 “NEW PASSWORD SERVICE FILES” or reference number 135, “K2(RND2)” ;Figure 4, random number string generator “RND1”, “k2(RND1)”, “RND2”, “K2(RND2)”, column 12, lines 40-45 recites “within the smart card the PIN resides in a root(primary source)-owned file that is open for the holder[reader] to modify....”column 12, lines 47-50 recites “by providing [smart card reader] its ID number and a password challenge in the form of a random string RND1, O [smart card reader) encrypts RND1 with O’s password to form string K1(RND1) and returns it to S[smart card])and upon verification of the same second password on the smart card(Carlisle: column 6, lines 52+-column 7, lines 1-6 recites “the programme encrypts the password string and compares it to the encrypted password that is found in the ‘/etc/passwd’ file for the identified user. When the match is positive it is determined that the user is bona fide (verified)”).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Adams et al US 20080011851 teaches a smart card comprising an antenna, memory, and a processor (paragraph 35).

Any inquiry concerning this communication or earlier communications from the examiner should be directed to FELICIA FARROW whose telephone number is (571)272-1856. The examiner can normally be reached M - F 7:30--5:30pm (EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on (571)272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like 





/F.F/               Examiner, Art Unit 2437  

/KRISTINE L KINCAID/               Supervisory Patent Examiner, Art Unit 2437