Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 4/21/2021 was considered by the examiner.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 3 and 6-10 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 3 recites “the registration request.” There is insufficient antecedent basis for this limitation in the claim. Claim 3 is dependent on claim 1, which does not recite a registration request and is not dependent on claim 2, which does recite a registration request. Applicant’s spec does not provide information to remedy this problem. For the purpose of examination, Examiner interprets the limitation to read as “a registration request.”
Claim 6 recites “a read request.” It is unclear to the Examiner whether this is the same read request recited in parent claim 1 or a second read request. Applicant’s spec does not provide information to remedy this problem. For the purpose of examination, Examiner interprets this limitation to read as “a second read request.” 
Claim 7 recites “the read request.” It is unclear to the Examiner whether this is the same read request recited in parent claim 1 or the same read request recited in claim 6. Applicant’s spec does not provide information to remedy this problem. For the purpose of examination, Examiner interprets this limitation to read as “the second read request.”
Claims 8-10 are also rejected under 35 U.S.C. 112(b) because they incorporate the deficiencies of parent claim 6 without solving the problem addressed above.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-16 are rejected under 35 U.S.C. § 101 because the claimed invention is directed to a judicial exception (i.e., an abstract idea) without significantly more.  
Independent claims 1, 15, and 16 describe the abstract idea of storing information, obtaining data, communicating and receiving requests, verifying tokens, and writing information. Specifically, claims 1, 15, and 16 recite:
“storing patient information in a secured form 
obtaining, a first token and a first signature generated using a first secret key inside a first identification medium, wherein the first secret key is configured to be associated with a first healthcare person; 
communicating, a write request that includes at least the first signature and the first token; 
receiving, the write request from the user terminal when the user terminal is within a proximal communication range of the external device; 
verifying, at least the first token received in the write request; and 
writing, a first information to the external device, based on verification of at least the first token.”
The steps of storing, obtaining, communication, receiving, verifying, and writing describe actions and concepts that can be, under broadest reasonable interpretation, managing personal behavior or relationships or interactions between people (including social activities, teaching and following rules or instructions). Although the claims contain additional elements outside the scope of the abstract idea, the claims amount to a person or persons following a set of instructions or rules to store information, obtain data, communicate and receive requests, verify tokens, and write information. Therefore, the recited limitations cover a process that, under its broadest reasonable interpretation, fall within the “Certain Methods of Organizing Human Activity” grouping of abstract ideas.	
This judicial exception is not integrated into a practical application. In particular, claim 1 recites:
“in an external device that is configured to be carried by a patient; 
by a user terminal… from a server system
by the user terminal to the external device,
by the external device,
by the external device,
by the user terminal,”
Claim 15 recites:
“an external device configured to store patient information in a secured form, wherein the external device is carried by a patient; 
a user terminal that is configured to:
from a server system
to the external device
wherein the external device is configured to:
the user terminal is further configured to”
Claim 16 recites:
“A computer program product comprising a non-transitory computer- readable storage medium having computer-readable instructions stored thereon, the computer- readable instructions being executable by a computerized device comprising processing hardware to execute a method as claimed in claim 1.”
The recited device, terminal, server, storage medium, and hardware are recited at a high level of generality (i.e., as a generic computer elements performing a generic computer functions of collecting, analyzing, and transmitting data) [Spec P 26-28, 30-31] such that they amount to no more than mere instructions to apply the exception using generic computer components. Accordingly, these additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claims are therefore directed to an abstract idea.
               The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to the lack of integration into a practical application, the device, terminal, server, storage medium, and hardware are recited at a high level of generality. Generic computer components recited as performing generic computer functions that are well-understood, routine, and conventional activities amount to no more than implementing the abstract idea with a computerized system. See Parker v Flook, 437 U.S. at 594; Bancorp Services v Sun Life, 687 F.3d at 1278; Alice Corp, 134 S. Ct. at 2359-2360; Benson, 409 U.S. at 65-67; Ultramercial, 772 F.3d at 716-717. Implementation of well-understood, routine, and conventional functions with a computerized system does not amount to an inventive concept.    
Dependent claims 2-14 do not add “significantly more” to the eligibility their respective parent claims and simply recite a more complex abstraction executed on a generic computer.  Even when considered as an ordered combination, these dependent claims do not add significantly more than when considered individually, and therefore, the analysis above applies for claims 2-14 as well.  	
Looking at the limitations as an ordered combination adds nothing that is not already present when looking at the elements taken individually.  There is no indication that the combination of elements improves the functioning of a computer or improves any other technology, and thus, no indication that the claims include inventive concepts. 
	Accordingly, claims 1-16 are directed to an abstract idea without significantly more. Therefore claims 1-16 are rejected under 35 U.S.C. § 101.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 6-8, and 10-16 are rejected under 35 U.S.C. 103 as being unpatentable over Wasily (U.S. Patent Application Publication No. 20190036688) and Knas (U.S. Patent No. 10943680).
Regarding claim 1, Wasily teaches a method for securing sensitive information, the method comprising: 
obtaining, by a user terminal, a first token from a server system and a first signature generated using a first secret key inside a first identification medium [P 60, 65, 116-119, 121] (Wasily teaches that a server 110 may provide a signature and token to personal device 102, which is interpreted as a user terminal; Wasily also teaches in P 121 that the signature or certificate is generated using a secure key and one or more device identifiers), 
communicating, by the user terminal to the external device, a write request that includes at least the first signature and the first token [P 56-60] (Wasily teaches that the personal device, which is interpreted as the user terminal, may send an access request, which is interpreted as a write request, to the medical device, which is interpreted as the external device, and that the request may include one or more authentication factors including a certificate, which is interpreted as a signature, as well as a token); 
receiving, by the external device, the write request from the user terminal when the user terminal is within a proximal communication range of the external device [P 55-56] (Wasily teaches that the personal device may send the access request with it is within a threshold distance of the medical device); 
verifying, by the external device, at least the first token received in the write request [P 59, 63-65] (Wasily teaches that the medical device may verify the personal device authentication token); and
Wasily may not explicitly teach:
storing patient information in a secured form in an external device that is configured to be carried by a patient; 
wherein the first secret key is configured to be associated with a first healthcare person;  
writing, by the user terminal, a first information to the external device, based on verification of at least the first token.
However, Knas teaches:
storing patient information in a secured form in an external device that is configured to be carried by a patient [Col 23 L 56- Col 24 L 8] (Knas teaches a wearable device, which is interpreted as an external device configured to be carried by a patient, that stores health information); 
wherein the first secret key is configured to be associated with a first healthcare person [Col 15 L 47-50] (Knas teaches that keys are associated with users that wish to share health-related data);  
writing, by the user terminal, a first information to the external device, based on verification of at least the first token [Col 11 L 1-17] (Knas teaches providing access to the medical device data upon authentication of the token).
One of ordinary skill in the art at the time the invention was made would have found it obvious to include the Intelligent health-based blockchain as taught by Knas with the Secure communication for medical devices taught by Wasily with the motivation of improving safety and efficiency of health data retrieval [Knas, abstract].
Regarding claim 6, Wasily and Knas teach the method according to claim 1, further comprising: 
obtaining, by the user terminal, a second token from the server system and a second signature generated using a second secret key that is in a second identification medium, wherein the second secret key is configured to be associated with a second healthcare person; and communicating, by the user terminal, a read request to the external device, wherein the read request includes at least the second token [P 23] (Wasily teaches that the method and system described above can incorporate multiple devices, and thus teaches obtaining second tokens and second signatures).
Regarding claim 7, Wasily and Knas teach the method according to claim 6, further comprising including the second signature with the read request [P 23, 56-60] (Wasily teaches that the requests may include one or more authentication factors including a certificate, which is interpreted as a signature, and that the method above can include multiple devices and thus that the second signature is included in the read request).
Regarding claim 8, Wasily and Knas teach the method according to claim 6, further comprising: 
verifying, by the external device, at least the second token communicated by the user terminal [P 23, 59, 63-65] (Wasily teaches that the medical device may verify the personal device authentication token; Wasily also teaches in P 23 that the method disclosed may be performed with multiple devices and thus teaches verifying a second token); and 
communicating, by the external device, updated patient information that includes the stored patient information and the first information together with the first and second signatures to the user terminal for further processing based on a successful verification of at least the second token [Col 11 L 1-17, Col 2 L 9-30] (Knas teaches providing access to the medical device data upon authentication of the token; Knas also teaches that the disclosed method can be used to update patient records).
Obviousness for combining the teachings of Wasily and Knas is discussed above for claim 1 and is incorporated herein.
Regarding claim 10, Wasily and Knas teach the method according to claim 8, further comprising communicating, by the user terminal, the updated patient information along with the first and second signatures to the server system for verification when a network connectivity with the server system is established [Col 2 L 9-30, Col 9 L 50-65] (Knas teaches allowing communication between devices when network connectivity is established and that the communication may be used to update patient records).
Obviousness for combining the teachings of Wasily and Knas is discussed above for claim 1 and is incorporated herein.
Regarding claim 11, Wasily and Knas teach the method according to claim 1, wherein obtaining the first token comprises: 
executing, by the user terminal, login to the server system using login credentials [P 60] (Wasily teaches receiving device credentials and performing authentication, which is interpreted as executing login using login credentials); 
receiving, by the user terminal, the first token from the server system in response to a successful verification of the login credentials by the server system, wherein the first token includes at least an expiration time, a unique identity of the first healthcare person, and a signature created using a secret key of the server system [P 66-67] (Wasily teaches in P 66-67 analyzing certificates or tokens for expiration, and thus teaches that they include expiration times; Wasily also teaches in P 85 that token include personal identification numbers and a certificate/signature, and in P 121 that the signature or certificate is generated using a secure key).
Regarding claim 12, Wasily and Knas teach the method according to claim 11, further comprising: 
receiving, by the user terminal, a user input of new information related to the patient via an application in the user terminal [P 36] (Wasily teaches receiving user input at a user interface regarding treatment or medication which is interpreted as information related to the patient); 
communicating, by the user terminal, the first token received from the server system to the external device for verification [P 56-60] (Wasily teaches that the personal device, which is interpreted as the user terminal, may send an access request, to the medical device, which is interpreted as the external device, and that the request may include one or more authentication factors including a token); and 
verifying, by the external device, the first token communicated by the user terminal based on at least a public key of the server system, wherein the public key is stored in the external device [P 32, 101] (Wasily teaches establishing a connection between the personal device and the medical device by authenticating a token based on a public key; Wasily also teaches that the public key is generated by the medical device, which is interpreted as the external device).
Regarding claim 13, Wasily and Knas teach the method according to claim 12, further comprising setting, by the external device, a current state of a secured area in the external device to a data write accept state based on a successful verification of the first token [Col 11 L 1-17] (Knas teaches providing access to the medical device data upon authentication of the token, which is interpreted as being in an accept state).
Obviousness for combining the teachings of Wasily and Knas is discussed above for claim 1 and is incorporated herein.
Regarding claim 14, Wasily and Knas teach the method according to claim 13, further comprising communicating, by the user terminal, the new information that is signed using the first secret key to the external device based the set data write accept state [P 25, 45, 62] (Wasily teaches sharing information by using the key to sign messages and commands).
Regarding claim 15, the claim is analogous to claim 1, and thus it is similarly analyzed and rejected in a manner consistent with the rejection of claim 1. 
Regarding claim 16, the claim is analogous to claim 1, and thus it is similarly analyzed and rejected in a manner consistent with the rejection of claim 1. See Knas P 33 and 40 which teaches a non-transitory computer- readable storage medium having computer-readable instructions stored thereon, the computer- readable instructions being executable by a computerized device comprising processing hardware to execute the disclosed methods.

Claims 2-4 are rejected under 35 U.S.C. 103 as being unpatentable over Wasily (U.S. Patent Application Publication No. 20190036688) and Knas (U.S. Patent No. 10943680) as applied to claim 1 above, and further in view of Yau (U.S. Patent Application Publication No. 20160005032).
Regarding claim 2, Wasily and Knas may not explicitly teach the method according to claim 1, further comprising: 
generating, by the user terminal, an asymmetric key pair in a registration phase of the user terminal to the server system; and 
communicating, by the user terminal, a registration request that includes at least one of: a unique device identifier of the user terminal, or an application ID created by an application pre-installed in the user terminal, along with a device public key of the generated asymmetric key pair to the server system over a secured communication channel for registration of the user terminal at the server system.
However, Yau teaches the method according to claim 1, further comprising: 
generating, by the user terminal, an asymmetric key pair in a registration phase of the user terminal to the server system [P 11, 253-257] (Yau teaches app registration via generating of an asymmetric key); and 
communicating, by the user terminal, a registration request that includes at least one of: a unique device identifier of the user terminal, or an application ID created by an application pre-installed in the user terminal, along with a device public key of the generated asymmetric key pair to the server system over a secured communication channel for registration of the user terminal at the server system [P 266-275] (Yau teaches that registration includes providing ID’s as well as the generated public key).
One of ordinary skill in the art at the time the invention was made would have found it obvious to include the Method and system of providing authentication of user access to a computer resource via a mobile device using multiple separate security factors as taught by Yau with the method taught by Wasily and Knas with the motivation of improving security [Yau P 23, 99-104].
Regarding claim 3, Wasily and Knas may not explicitly teach the method according to claim 1, further comprising receiving, by the user terminal, validation data required for authorization decisions from the server system in response to the registration request communicated by the user terminal.
However, Yau teaches the method according to claim 1, further comprising receiving, by the user terminal, validation data required for authorization decisions from the server system in response to the registration request communicated by the user terminal [Fig. 5a, P 266-275] (Yau teaches receiving validation during app registration).
One of ordinary skill in the art at the time the invention was made would have found it obvious to include the Method and system of providing authentication of user access to a computer resource via a mobile device using multiple separate security factors as taught by Yau with the method taught by Wasily and Knas with the motivation of improving security [Yau P 23, 99-104].
Regarding claim 4, Wasily, Knas, and Yau teach the method according to claim 2, further comprising executing login, by the user terminal, to the server system based on login credentials comprising at least one of: user credentials that includes at least the first signature associated with the first healthcare person, device credentials of the user terminal, or a combination of the user credentials and the device credentials [P 60] (Wasily teaches receiving device credentials).

Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Wasily (U.S. Patent Application Publication No. 20190036688), Knas (U.S. Patent No. 10943680), and Yau (U.S. Patent Application Publication No. 20160005032) as applied to claim 4 above, and further in view of Ryan (U.S. Patent Application Publication No. 20210366586).
Regarding claim 5, Wasily, Knas, and Yau may not explicitly teach the method according to claim 4, further comprising receiving, by the user terminal, up-to-date validation data from the server system based on a successful login of the user terminal to the server system, wherein the validation data comprises one or more of: a list of registered user identities, a list of roles of the registered user identities and authorization certificates.
However, Ryan teaches the method according to claim 4, further comprising receiving, by the user terminal, up-to-date validation data from the server system based on a successful login of the user terminal to the server system, wherein the validation data comprises one or more of: a list of registered user identities, a list of roles of the registered user identities and authorization certificates [P 525] (Ryan teaches that validation includes validation of user roles).
One of ordinary skill in the art at the time the invention was made would have found it obvious to include The enterprise consumer safety system as taught by Ryan with the method taught by Wasily, Knas, and Yau with the motivation of improving efficiency and performance [Ryan, P 542].

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Wasily (U.S. Patent Application Publication No. 20190036688) and Knas (U.S. Patent No. 10943680) and  as applied to claim 1 above, and further in view of Ryan (U.S. Patent Application Publication No. 20210366586).
Regarding claim 9, Wasily and Knas may not explicitly teach the method according to claim 6, further comprising: 
verifying, by the external device, a role along with the second token received from the user terminal, wherein the read request further includes the role with the second signature; and 
communicating, by the external device, at least a portion of the updated patient information that includes the stored patient information and the first information in accordance with the role, based on a successful verification of the role along with the second token.
However, Ryan teaches the method according to claim 6, further comprising: 
verifying, by the external device, a role along with the second token received from the user terminal, wherein the read request further includes the role with the second signature [P 525, 559] (Ryan teaches that validation/authentication includes validation of user roles and tokens); and 
communicating, by the external device, at least a portion of the updated patient information that includes the stored patient information and the first information in accordance with the role, based on a successful verification of the role along with the second token [P 525] (Ryan teaches providing access to a data source based on validation of user roles).
One of ordinary skill in the art at the time the invention was made would have found it obvious to include The enterprise consumer safety system as taught by Ryan with the method taught by Wasily and Knas with the motivation of improving efficiency and performance [Ryan, P 542].

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Kim (U.S. Patent Application Publication No. 20200329017) teaches systems and methods for sharing medical information using encryption.
Krueger (U.S. Patent Application Publication No. 20210375408) teaches systems and methods for distributing medical data records using block chain techniques.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Rachel F Durnin whose telephone number is (571)272-1244. The examiner can normally be reached Mon-Thurs 7-4, Fri 8-12 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Robert W Morgan can be reached on 571-272-6773. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/R.F.D./Examiner, Art Unit 3626            

/JASON S TIEDEMAN/Primary Examiner, Art Unit 3626