Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114 (“RCE”), including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on March 3, 2022, has been entered.
 
Status of Claims
Claims 24 and 26-38 were previously pending and subject to a Final Office Action having a notification date of September 3, 2021 (“Final Office Action”).  Following the Final Office Action, Applicant filed the RCE and an amendment on March 3, 2022 (the “Amendment”), amending claims 24, 34, and 36-38; canceling claim 33; and adding new claims 39-45.  The present non-final Office Action addresses pending claims 24, 26-32, and 34-45 in the Amendment.
		
Response to Arguments
Applicant’s arguments with respect to the claim rejections under 35 USC 112(b) set forth in the non-final Office Action have been fully considered and are persuasive. These rejections 
Applicant’s arguments regarding the claim rejections under 35 USC 103 are moot in view of the new grounds of rejection set forth herein.

Claim Objections
Claim 45 is objected to because of the following informalities:  The quote should be removed from the end of line 2.  Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claim 41 is rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  
The original disclosure does not support asymmetrically encrypting the user health data item with an owner’s private key and then decrypting the user health item with the owner’s public key as recited in new claim 41.  For instance, [0138] and [0142] of the present application (cited by Applicant in alleged support of claim 41) disclose that user health data can be asymmetrically encrypted but do not disclose doing so with an owner’s private key as recited in claim 41.  Additionally, [0156]-[0157] of the present application (also cited by Applicant in alleged support of claim 41) disclose that a message can be encrypted with a public key of the receiver but not that user health data can be encrypted with an owner’s private key.  Finally, [0159] of the present application (also cited by Applicant in alleged support of claim 41) disclose discusses signing a message including the data item with a sender’s private key but not encrypting the data item with the private key.  The Examiner cannot identify any portions of the original disclosure that supports the limitations of claim 41.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective 

Claims 24, 26-29, 31, 32, 36, 38, 42, 43, and 45 are rejected under 35 U.S.C. 103 as being unpatentable over NPL “Wireless Body Area Sensor Network Authentication using HMAC function” to Kumbhare et al. (“Kumbhare”) in view of U.S. Patent App. Pub. No. 2005/0257057 to Ivanov et al. (“Ivanov”), U.S. Patent App. Pub. 2017/0300898 to Campero et al. (“Campero”), and U.S. Patent App. Pub. No. 2019/0081936 to Sayers et al. (“Sayers”):
Regarding claim 24, Kumbhare discloses a device (personal server/PDA/computer discussed at middle of left column on page 24 under “2. System Architecture” and illustrated as “receiving device” in Figure 2) comprising:
at least one processor; and at least one memory including computer program code; the at least one memory and the computer program code configured to, with the at least one processor (a personal server/PDA/computer necessarily includes a processor and memory with computer program code), cause the device to: 
receive via a message a user health data item from a user wearable device (middle of left column on page 24 under “2. System Architecture” and Figure 2 discuss/illustrate how wearable sensor nodes collect vital sign data (which would be via some “message” or transfer of information) and transfer the same to the personal server)...; 
hash the ... user health data item using a cryptographic hashing function, to create a cryptographic hash block (middle of left column on page 24 under “2. System Architecture” discusses how the personal server transfers the health information to a medical server while the bottom of page 26 under “3. Proposed Plan” discusses how the sender of a message in the proposed system runs the message (which would include the health information to be transferred to the medical server) through an HMAC (hash-based message authentication code) algorithm ...; 
...; and 
transmit the ... user health data item to a receiving device for verification (the bottom of page 26 under “3. Proposed Plan” discusses how the message (the health information) is sent to a receiver (the medical server/health care hub of Figure 2) which then confirms (verifies) that the message was not altered/tampered with)...
	However, Kumbhare appears to be silent regarding wherein the user health data item has been asymmetrically encrypted and the message has been signed with a digital signature created by hashing the message to produce a digest and by encrypting the digest to product the digital signature of the message; and
verify the digital signature of the message by computing a hash of the message to create a computed digest, decrypting the digital signature with a signer’s public key to create a decrypted digest, and comparing the computed digest with the decrypted digest.
Nevertheless, Ivanov teaches ([0012]) that it was known in the data security art to encrypt message content to be sent with a public key (i.e., to asymmetrically encrypt the content) and to sign a message including the content with a digital signature via encrypting a message digest hash with a private key of the sender.  Ivanov also teaches ([0012]) how the recipient can use the recipient’s private key to decrypt the message, recompute the message digest hash from the decrypted message (to thus create a computed digest), use the public key of the sender to decrypt the original message digest hash (the digital signature), and compare the two hashes/digests to verify the signature of the message.  This arrangement increases the security of the sent data and 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the user health data item to have been asymmetrically encrypted and the message to have been signed with a digital signature created by hashing the message to produce a digest and by encrypting the digest to product the digital signature of the message, and then verify the digital signature of the message by computing a hash of the message to create a computed digest, decrypting the digital signature with a signer’s public key to create a decrypted digest, and comparing the computed digest with the decrypted digest in the system of Kumbhare as taught by Ivanov to advantageously increase the security of the sent data and allow the recipient to verify that the message was created by the sender and was not tampered with or altered.  As Kumbhare already discloses hash the ... user health data item using a cryptographic hashing function, to create a cryptographic hash block and transmit the ... user health data item to a receiving device for verification as set forth above, then modifying Kumbhare in view of Ivanov to encrypt the user health data would result in the Kumbhare/Ivanov combination thus disclosing hash the encrypted user health data item using a cryptographic hashing function, to create a cryptographic hash block, and transmit the encrypted user health data item to a receiving device for verification.
Furthermore, the Kumbhare/Ivanov combination appears to be silent regarding the program code being configured to record the cryptographic hash block associated with the digital signature of the wearable device to a block of a digital block-chain, whereby the encrypted user health data is transmitted to the receiving device for verification with the digital block chain.

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have recorded the cryptographic hash block associated with a digital signature in the system of the Kumbhare/Ivanov combination to a block of a digital block-chain such that the receiving device can verify the health/medical information with the blockchain as taught by Campero to advantageously allow for the dissemination of confidential information between two or more electronic devices in a secure and confidential manner and allows the verification of confidential data without the actual disclosure of the confidential data.  Also, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the digital signature to be of the wearable device as taught by Sayers to increase the immutability and security of received and transmitted health 

Regarding claim 26, the Kumbhare/Ivanov/Campero/Sayers combination discloses the device of claim 24, further including wherein the user health data item comprises information of at least one of the following: blood pressure information; heart rate information; blood sugar level information; lactate level information; and or oxygen saturation information (the bottom of left column on page 24 under “2. System Architecture” in Kumbhare discusses heart rate while the bottom half of the right column on page 22 under “1. Introduction” discusses a pulse oximeter (oxygen saturation)).

Regarding claim 27, the Kumbhare/Ivanov/Campero/Sayers combination discloses the device of claim 24, further including wherein the device and the user wearable device are connected via a local short-range communication interface (middle of left column on page 24 under “2. System Architecture” of Kumbhare discusses Bluetooth which would necessarily include a local short-range communication interface), and the device and the receiving device are connected via a wide area communication interface (the above portion of Kumbhare also notes how the personal server (the “device”) communicates with the medical server via the Internet which would necessarily include a wide area communication interface).

Regarding claim 28, the Kumbhare/Ivanov/Campero/Sayers combination discloses the device of claim 27, further including wherein the local short-range communication interface comprises a wired or wireless interface (the above Bluetooth communication of Kumbhare necessarily includes a wireless interface).

Regarding claim 29, the Kumbhare/Ivanov/Campero/Sayers combination discloses the device of claim 27, further including wherein the wide area communication interface comprises a public network (the Internet as discussed above in Kumbhare is a public network).

Regarding claim 31, the Kumbhare/Ivanov/Campero/Sayers combination discloses the device of claim 24, further including wherein the encrypted user health data item is transmitted to the receiving device for verification without user interaction based on settings (the left column on page 24 under “2. System Architecture” of Kumbhare discusses how the personal server sets up the WBAN and transfers health information to the medical server/receiving device (which confirms (verifies) that the message was not altered/tampered with per the bottom of page 26 under “3. Proposed Plan”) which accepts the monitoring session uploads and analyzes the data to detect anomalies and contact healthcare providers; also, the bottom of page 22 through the top of page 23 under “1. Introduction” of Kumbhare discusses how the medical information can be continuously collected by sensors and can be instantly sent to medical centers (servers) for processing; accordingly, once the personal server “sets up” the WBAN (based on settings), the health information is continuously collected and instantly sent to the receiving device for processing without user interaction whereupon the verification is performed as discussed previously).

wherein the settings comprising comprise at least one of the following information: frequency of transmissions; continuous/timed transmission; authorized receiving devices for receiving transmissions; and or types of user health data allowable for transmissions (as the health data can be continuously sent to the receiving device as noted above, then there is necessarily a setting for a continuous transmission of the health data; furthermore, the bottom of the left column of page 25 under “2.1 Requirements for Wireless Medical Sensors” of Kumbhare discusses how only events regarding health data can be sent in some arrangements which would necessarily involve a setting for frequency of transmissions or types of user health data allowable for transmissions).

Claims 36 and 38 are rejected in view of the Kumbhare/Ivanov/Campero/Sayers combination as discussed above in relation to claim 24.

Regarding claim 42, the Kumbhare/Ivanov/Campero/Sayers combination discloses the device of claim 24, further including wherein the receiving, verifying, hashing, and recording are performed under control of a client application in the device (the personal server/PDA/computer (the “device”) discussed at middle of left column on page 24 under “2. System Architecture” and illustrated as “receiving device” in Figure 2 of Kumbhare would have some “client application” including routines/instructions that control and perform the receiving, verifying, hashing, and recording steps of the Kumbhare/Ivanov/Campero/Sayers combination), and the client application communicates with a server application running on a server to which the cryptographic hash block is recorded (the bottom of page 26 under “3. Proposed 

Regarding claim 43, the Kumbhare/Ivanov/Campero/Sayers combination discloses the device of claim 24, further including wherein the transmitting the user health data item to a receiving device for verification with the digital block-chain is performed in response to a trigger comprising biometric information (the left column on page 25 under section 2.1 of Kumbhare discusses how only information about an event can be transferred from the ECG sensor (which would include biometric information); accordingly, the user health data item would be transmitted from the sensor to the personal server/PDA/computer and then to the server/healthcare hub for verification in response to the event/trigger).  
	
Regarding claim 45, the Kumbhare/Ivanov/Campero/Sayers combination discloses the device of claim 24, further including where the cryptographic hash block comprises the digital signature of the wearable device (as discussed in relation to claim 24, the cryptographic .

Claims 30, 39, and 40 are rejected under 35 U.S.C. 103 as being unpatentable over NPL “Wireless Body Area Sensor Network Authentication using HMAC function” to Kumbhare et al. (“Kumbhare”) in view of U.S. Patent App. Pub. No. 2005/0257057 to Ivanov et al. (“Ivanov”), U.S. Patent App. Pub. 2017/0300898 to Campero et al. (“Campero”), and U.S. Patent App. Pub. No. 2019/0081936 to Sayers et al. (“Sayers”) as applied to claim 24 above, and further in view of U.S. Patent App. Pub. No. 2015/0332283 to Witchey (“Witchey”):
Regarding claim 30, the Kumbhare/Ivanov/Campero/Sayers combination discloses the device of claim 24 but appears to be silent regarding specifically wherein the digital block-chain is configured to be protected by a proof algorithm comprising at least one of a proof-of-work, proof-of-stake and or majority-voting algorithm.
Nevertheless, Witchey teaches (Abstract) that it was known in the data security art to utilize a proof-of-work system to validate healthcare transactions in a blockchain which would advantageously reduce the likelihood of improper tampering with the blockchain.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have protected the blockchain of the Kumbhare/Ivanov/Campero/Sayers combination by a proof of work algorithm as taught by Witchey to advantageously reduce the likelihood of improper tampering with the blockchain.

Claims 39 and 40 are rejected in view of the Kumbhare/Ivanov/Campero/Sayers/Witchey combination as discussed above in relation to claim 30.

Claims 34, 35, and 37 are rejected under 35 U.S.C. 103 as being unpatentable over NPL “Wireless Body Area Sensor Network Authentication using HMAC function” to Kumbhare et al. (“Kumbhare”) in view U.S. Patent App. Pub. No. 2005/0257057 to Ivanov et al. (“Ivanov”) and U.S. Patent App. Pub. 2017/0300898 to Campero et al. (“Campero”):
Regarding claim 34, Kumbhare discloses a device (middle of left column on page 24 under “2. System Architecture” discuss a medical sever (“device”) which is also illustrated as healthcare hub in Figure 2) comprising: 
at least one processor; and at least one memory including computer program code; the at least one memory, the communication interface and the computer program code configured to, with the at least one processor (the medical server/hub necessarily includes a processor with memory having computer program code), cause the device to: 
receive via a message a user health data item originating from a user wearable device (middle of left column on page 24 under “2. System Architecture” notes how personal health data from sensor node on user’s body is sent to the medical server (which would be via some “message” or transfer of information))...; 
hash the ... user health data item using a cryptographic hashing function, to create a cryptographic hash block (the bottom of the left column on page 26 under “3. Proposed Plan” discusses how the receiver of a message (the medical server receiving the health data originating from the sensors) runs the message (health data) through the HMAC algorithm (hash-based algorithm) which uses a cryptographic hashing function per middle of right column on page 25 under “3. Proposed Plan” to create a second HMAC data tag (cryptographic hash block); 
compare the cryptographic hash block to... (the bottom of the left column on page 26 under “3. Proposed Plan” discusses how the second HMAC data tag (the cryptographic hash block) is compared to a first HMAC data tag); and 
verify the ... user health data item in response to finding a matching cryptographic hash block.... (the bottom of the left column on page 26 under “3. Proposed Plan” discusses how the receiver (medical server) determines the integrity of the message was not compromised/altered (verifies the message/health data) when the two tags/hash blocks are identical/match).
	However, Kumbhare appears to be silent regarding wherein the user health data item has been asymmetrically encrypted, and wherein the message has been signed with a digital signature created by hashing the message to produce a digest and by encrypting the digest to product the digital signature of the message; and
verify the digital signature of the message by computing a hash of the message to create a computed digest, decrypting the digital signature with a signer’s public key to create a decrypted digest, and comparing the computed digest with the decrypted digest.
Nevertheless, Ivanov teaches ([0012]) that it was known in the data security art to encrypt message content to be sent with a public key (i.e., to asymmetrically encrypt the content) and to sign a message including the content with a digital signature via encrypting a message digest hash with a private key of the sender.  Ivanov also teaches ([0012]) how the recipient can use the recipient’s private key to decrypt the message, recompute the message digest hash from the decrypted message (to thus create a computed digest), use the public key of the sender to decrypt the original message digest hash (the digital signature), and compare the two hashes/digests to verify the signature of the message.  This arrangement increases the security of the sent data and allows the recipient to verify that the message was created by the sender and was not tampered with or altered.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the user health data item to have been asymmetrically encrypted and the message to have been signed with a digital signature created by hashing the message to produce a digest and by encrypting the digest to product the digital signature of the message, and then verify the digital signature of the message by computing a hash of the message to create a computed digest, decrypting the digital signature with a signer’s public key to create a decrypted digest, and comparing the computed digest with the decrypted digest in the system of Kumbhare as taught by Ivanov to advantageously increase the security of hash the ... user health data item using a cryptographic hashing function, to create a cryptographic hash block and transmit the ... user health data item to a receiving device for verification as set forth above, then modifying Kumbhare in view of Ivanov to encrypt the user health data would result in the Kumbhare/Ivanov combination thus disclosing hash the encrypted user health data item using a cryptographic hashing function, to create a cryptographic hash block, and transmit the encrypted user health data item to a receiving device for verification.
Furthermore, the Kumbhare/Ivanov combination appears to be silent regarding the comparison of the hash block being to records in a digital block-chain such that the verification occurs in response to finding a matching hash block in the records of the digital block-chain.
Nevertheless, Campero teaches ([0035]) that it was known in the data security art to include in a record (block) of a distributed ledger (blockchain) a hashed/encrypted value (cryptographic hash block) of an attribute (which can be health/medical information per [0002] and [0036] (e.g., see “height”)) with a digital signature, whereby a receiving party can validate that a hash of the data exists in the distributed ledger/blockchain, which would occur via some comparison of the hash of the data with records in the ledger/blockchain to find a matching hash in the records of the ledger/blockchain, and which would “verify” the health/medical information with the distributed ledger/blockchain)([0038]); this arrangement advantageously allows for the dissemination of confidential information between two or more electronic devices in a secure and confidential manner and allows the verification of confidential data without the actual disclosure of the confidential data ([0005]).  


Regarding claim 35, the Kumbhare/Ivanov/Campero combination discloses the device of claim 34, further including wherein the device is configured to be operated by at least one of the following: a doctor, an insurance company, a hospital, a nurse, a technician, a care provider, a guardian, a parent, and or a broker (the medical server of Kumbhare could be operated by (“is configured to be operated by”) a technician, hospital, etc.).

Claim 37 is rejected in view of the Kumbhare/Ivanov/Campero combination as discussed above in relation to claim 34.

Claim 44 is rejected under 35 U.S.C. 103 as being unpatentable over NPL “Wireless Body Area Sensor Network Authentication using HMAC function” to Kumbhare et al. (“Kumbhare”) in view of U.S. Patent App. Pub. No. 2005/0257057 to Ivanov et al. (“Ivanov”), U.S. Patent App. Pub. 2017/0300898 to Campero et al. (“Campero”), and U.S. Patent App. Pub. No. 2019/0081936 to Sayers et al. (“Sayers”) as applied to claim 43 above, and further in view of U.S. Patent App. Pub. No. 2009/0043180 to Tschautscher et al. (“Tschautscher”):
Regarding claim 44, the Kumbhare/Ivanov/Campero/Sayers combination discloses the device of claim 43, but appears to be silent regarding wherein the biometric information comprises fingerprint information or retina scan information.
Nevertheless, Tschautscher teaches ([0014], [0032], [0035], and [0038]) that it was known in the healthcare informatics art to transmit user health data (e.g., pulse oximetry data, etc.) to a receiving device in response to receiving fingerprint information to advantageously verify that an authorized person has approved transfer of the health information thereby enhancing patient privacy.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the health data item of the  Kumbhare/Ivanov/Campero/Sayers combination to have been transmitted to the receiving device in response to a trigger including biometric information in the form of fingerprint information to advantageously verify that an authorized person has approved transfer of the health information thereby enhancing patient privacy.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JONATHON A. SZUMNY whose telephone number is (303) 297-4376.  The examiner can normally be reached on Monday-Friday 8-5.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jason Dunham can be reached on 571-272-8109.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair.  Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/JONATHON A. SZUMNY/Patent Examiner
Art Unit 3686