DETAILED ACTION
Acknowledgements
This Office Action is in response to Applicant’s response filed on 4/24/19.
The Examiner notes that citations to United States Patent Application Publication paragraphs are formatted as [####], #### representing the paragraph number.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Status of Claims
Claims 1-18 are currently pending.
Claims 1-18 are rejected as set forth below.

Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 



Claim Rejections - 35 USC § 112, Second Paragraph
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-18 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
As per claim 1, the limitation “wherein the synchronization as a service module synchronizes ePHI continuously provided by the at least one platformed network in real-time with registration information provided by the user at login with the cloud-based vetting system” renders the scope of the claim indefinite because the antecedent basis of the term “the user” is unclear. It is unclear because there are two previous instances of a user: the user of the user equipment and the user of the token generated by the authorization application. Furthermore, the Specification uses the term ‘user’ interchangeably between a patient and a medical provider. 
By virtue of their dependence, the dependent claims are similarly rejected.
As per claim 8, the limitation “wherein the token authorizes the user to access the at least one platformed network, and wherein the synchronization application updates the user's authorizations in real- time with respect to the token for each login session” renders the scope of the claim indefinite because the antecedent basis of the term “the user” is unclear. It is unclear because there are two previous instances of a user: the user of the user equipment and the user of the token generated by the authorization application. Furthermore, the Specification uses the term ‘user’ interchangeably between a patient and a medical provider.
By virtue of their dependence, the dependent claims are similarly rejected.
As per claim 3, the claim recites the limitation "wherein the header". There is insufficient antecedent basis for this limitation in the claim.
As per claim 4, the claim recites the limitation "wherein the cloud-based vetting system identification code". There is insufficient antecedent basis for this limitation in the claim.

As per claim 5, the claim recites the limitation "wherein the role key". There is insufficient antecedent basis for this limitation in the claim.
As per claim 6, the claim recites the limitation "wherein the role key". There is insufficient antecedent basis for this limitation in the claim.
As per claim 10, the limitation “wherein the token blinds the ePHI personal identifying information from access by the user” renders the scope of the claim indefinite because the antecedent basis of the term “the user” is unclear. It is unclear because there are two previous instances of a user: the user of the user equipment and the user of the token generated by the authorization application. Furthermore, the Specification uses the term ‘user’ interchangeably between a patient and a medical provider.
Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claims 1-10, 16-18 are rejected under 35 U.S.C. 103(a) as being unpatentable over United States Patent Application Publication No. 20060173985 to Moore in view of United States Patent Application Publication No. 20100088507 to Cho.
As per claims 1, 8, Moore teaches:
An ePHI-complainant gatekeeper system for governing user access comprising: user equipment; (Fig. 10, [0220])
a cloud-based vetting system communicatively connected to the user equipment, the cloud-based vetting system includes a subscriber application, an authorization application, a synchronization as a service module, and a registry archive; the subscriber application communicatively connected to the user equipment; the subscriber application includes an authentication application, the authentication application communicatively connected to at least one platformed network and the registry archive; the synchronization as a service module communicatively connected to the at least one platformed network, the subscriber application, the authorization application, and the registry archive;  (Fig. 11-12, [0221] – [0223], “FIG. 11 shows a number of logical servers 1100 that may be used in a secure RSS system. This may include, for example, an aggregation server 1102 that provides aggregation services including filtering of data streams, a recommendation server 1104 that may recommend new streams based on any suitable algorithms and available data, a search server 1106 that may provide search functions for RSS source data or indexed source data in a database, a presentation server 1107 that may manage connections to RSS clients, a web server 1108 that may manage traffic using any web-based protocols such as HTTP and/or HTML, a security server 1110 that provides security services such as those described below, and a logging server 1112 to log activities and users.”)
a token corresponding to a user generated by the authorization application, the token generated based on information that includes ePHI; wherein the synchronization as a service module synchronizes ePHI continuously provided by the at least one platformed network in real-time with information provided by the user at login with the cloud-based vetting system. ([0223], “The security server 1110 may also, or instead, communicate with various other components of the syndication system to provide secure end-to-end communications. A security server 1110 may employ a number of different techniques for secure communications. In one aspect, the security system may be certificate based, with each user and component that participates in the secure RSS system having its own certificate issued from or signed by a certificate authority (which may again be a trusted third party).”; [0294] – [0295], “In another application of secure RSS data, access may be role based. Thus, access may be granted, for example, to registered physicians. If a physician's license is revoked, the physician's certificate or identity may be updated immediately. As a consequence, the physician may be denied access to a patient's records even if the patient is not yet aware that the physician's license to practice medicine has been suspended or revoked. Roles or identities may be used in other ways. For example, feed selection may be governed in part by feed source. Thus, a user may only want to review feeds from, for example, registered doctors or certified financial planners. The status of these and other professionals may be associated with respective certificates, so that status, certification, or any other criteria may be determined along with identity when reviewing sources of feeds and/or aggregated feeds.”)
Moore does not explicitly teach, but Cho teaches:
the subscriber application receiving registration information that includes ePHI from the user via the user equipment; ([0119], “First, a user who desires issuance of a digital certificate applies for registration by submitting an issuance application form filled with personal information (info_personal) to a certificate agency (a financial institution, government office or the like) together with documents for proving identity of the user such as an identification card or the like (S401). In response, the certificate agency confirms identity of the user based on the documents for confirming identity of the applicant (S402).”)
One of ordinary skill in the art would have recognized that applying the known technique of Cho to the known invention of Moore would have yielded predictable results and resulted in an improved invention. It would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such certificate registration features into a similar invention. Further, it would have been recognized by those of ordinary skill in the art that modifying the invention to receive registration information that includes ePHI from the user via the user equipment results in an improved invention because applying said technique ensures that the source of the registration information that includes ePHI is the user themselves versus a source with inaccurate or outdated information, thus ensuring that the ePHI information is accurate and up-to-date.
Regarding claim 8, Moore teaches:
the token including information to grant the user to access the at least one platformed network, wherein the token authorizes the user to access the at least one platformed network; and wherein the synchronization application updates the user's authorizations in real-time with respect to the token for each login session; ([0294] – [0295])
As per claim 2, Moore teaches:
wherein the token includes an identifier header; ([0291], “A certificate is effectively a unique identifier of identity that can be verified through a trusted third party.”)
As per claim 3, Moore teaches:
wherein the header includes a cloud-based vetting system identification code; ([0291])
As per claim 4, Moore teaches:
wherein the cloud-based vetting system identification code includes a role key; ([0294] – [0295])
As per claim 5, Moore teaches:
wherein the role key indicates whether the user of the assigned token is a medical patient user; ([0294] – [0295])
As per claim 6, Moore teaches:
wherein the role key indicates whether the user of the assigned token is a non-medical patient use; ([0294] – [0295])
Regarding claims 2-6, Applicant attempts to further limit the method by describing characteristics of the token/header/cloud-based vetting system identification code. However, this is representative of non-functional descriptive material as characteristics of the token/header/cloud-based vetting system identification code does not result in a functional relationship with the method and therefore cannot be used to differentiate Applicant's invention from the prior art invention. See MPEP 2111.05; In re Gulack, 217 USPQ 401 (Fed. Cir. 1983) (“When descriptive material is not functionally related to the substrate, the descriptive material will not distinguish the invention from the prior art in terms of patentability.”). Specifically, the steps of generating the token and authorizing the user to access the platformed network is carried out the same way regardless of the type of the token/header/cloud-based vetting system identification code: there is no evidence the characteristics of the token/header/cloud-based vetting system identification code changes the efficiency or the accuracy or any other characteristic of the steps. See Ex Parte Nehls, 88 USPQ2d 1883 (BPAI 2008) (“Here, the descriptive material (SEQ ID NOs) recited in the claims is not functional material like the data structures in Lowry. There is no evidence that SEQ ID NOs 9-1008 functionally affect the process of comparing a target sequence to a database by changing the efficiency or accuracy or any other characteristic of the comparison. Rather, the SEQ ID NOs are merely information being manipulated by a computer; the SEQ ID NOs are inputs used by a computer program that calculates the degree of similarity between a target sequence and each of the sequences in a database. The specific SEQ ID NOs recited in the claims do not affect how the method of the prior art is performed – the method is carried out the same way regardless of which specific sequences are included in the database (emphasis added).”)
As per claims 7, 18, Moore teaches:
wherein the authorization application, based on a quarantine trigger, restricts authorization of users associated with a quarantined token of the comprised user; ([0294] – [0295], “If a physician's license is revoked, the physician's certificate or identity may be updated immediately. As a consequence, the physician may be denied access to a patient's records even if the patient is not yet aware that the physician's license to practice medicine has been suspended or revoked.”)
As per claim 9, Moore teaches:
wherein the token determines the specific user equipment the user can access ePHI the at least one platformed network with the cloud-based vetting system; ([0294] – [0295])
As per claim 10, Moore teaches:
wherein the token blinds the ePHI personal identifying information from access by the user; ([0294] – [0295], “In another aspect of role-based data feed systems, a particular data feed may be filtered, or display thereof varied, according to the recipient of the data. Thus a radiologist may receive a different view of medical data than an internist, a surgeon, or a nurse.")
As per claim 16, Moore teaches:
wherein the authorization application further includes a token augmentor, and wherein the token augmentor, initiated by a trigger, modifies the token; ([0294] – [0295])
As per claim 17, Moore teaches:
an updater, the updater is communicatively connected to the token augmentor, the registry archives, and the web backend module, and wherein the updater provides to the registry archives in real-time the modifications made to the authentications and the authorizations of each token; ([0294] – [0295])


Claims 11-15 are rejected under 35 U.S.C. 103(a) as being unpatentable over United States Patent Application Publication No. 20060173985 to Moore in view of United States Patent Application Publication No. 20100088507 to Cho, and further in view of United States Patent Application Publication No. 20110265159 to Ronda.
As per claim 11, Moore as modified does not explicitly teach, but Ronda teaches:
wherein the token includes a master token; ([0074] - [0075], “The parent digital certificate may be uniquely associated with the Token Manager 100 and the computer server. Preferably, the parent digital certificate comprises a public encryption key, and the credential is generated by the Token Manager 100 generating a pseudo-random code that is verifiable by the computer server, and the Token Manager 100 (or network client) signing the pseudo-random code with a private key that is uniquely associated with the public encryption key.”)
One of ordinary skill in the art would have recognized that applying the known technique of Ronda to the known invention of Moore as modified would have yielded predictable results and resulted in an improved invention. It would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such digital certificate features into a similar invention. Further, it would have been recognized by those of ordinary skill in the art that modifying the certificate to include a master token results in an improved invention because applying said technique allows a subtoken to be generated from the master token, thus enabling the creation of subtokens that inherit certain properties of the master token in an easy and efficient manner.
As per claim 12, Moore as modified does not explicitly teach, but Ronda teaches:
wherein the token includes a subtoken; ([0074] - [0075], “The parent digital certificate may be uniquely associated with the Token Manager 100 and the computer server. Preferably, the parent digital certificate comprises a public encryption key, and the credential is generated by the Token Manager 100 generating a pseudo-random code that is verifiable by the computer server, and the Token Manager 100 (or network client) signing the pseudo-random code with a private key that is uniquely associated with the public encryption key.”)
One of ordinary skill in the art would have recognized that applying the known technique of Ronda to the known invention of Moore as modified would have yielded predictable results and resulted in an improved invention. It would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such digital certificate features into a similar invention. Further, it would have been recognized by those of ordinary skill in the art that modifying the certificate to include a subtoken results in an improved invention because applying said technique allows a subtoken to be generated from the master token, thus enabling the creation of subtokens that inherit certain properties of the master token in an easy and efficient manner.
As per claim 13, Moore as modified does not explicitly teach, but Ronda teaches:
wherein the token includes a template; ([0074] - [0075], “The parent digital certificate may be uniquely associated with the Token Manager 100 and the computer server. Preferably, the parent digital certificate comprises a public encryption key, and the credential is generated by the Token Manager 100 generating a pseudo-random code that is verifiable by the computer server, and the Token Manager 100 (or network client) signing the pseudo-random code with a private key that is uniquely associated with the public encryption key.”)
One of ordinary skill in the art would have recognized that applying the known technique of Ronda to the known invention of Moore as modified would have yielded predictable results and resulted in an improved invention. It would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such digital certificate features into a similar invention. Further, it would have been recognized by those of ordinary skill in the art that modifying the certificate to include a template results in an improved invention because applying said technique allows a subtoken to be generated from the master token, thus enabling the creation of subtokens that inherit certain properties of the master token in an easy and efficient manner.
As per claim 14, Moore teaches:
wherein the master token includes a registrant authorization template, the registrant authorization template includes a token template index; ([0074] – [0075])
As per claim 15, Moore teaches:
wherein the subtoken is selected from the group consisting of: a security subtoken, a credentialing subtoken, a patient access subtoken, a peer review subtoken, a legal access subtoken, a VIP access subtoken, a user tracking subtoken, and a research patient subtoken; ([0074] – [0075])
Regarding claims 11-15, Applicant attempts to further limit the method by describing characteristics of the token. However, this is representative of non-functional descriptive material as characteristics of the token does not result in a functional relationship with the method and therefore cannot be used to differentiate Applicant's invention from the prior art invention. See MPEP 2111.05; In re Gulack, 217 USPQ 401 (Fed. Cir. 1983) (“When descriptive material is not functionally related to the substrate, the descriptive material will not distinguish the invention from the prior art in terms of patentability.”). Specifically, the steps of generating the token and authorizing the user to access the platformed network is carried out the same way regardless of the type of token: there is no evidence the characteristics of the token changes the efficiency or the accuracy or any other characteristic of the steps. See Ex Parte Nehls, 88 USPQ2d 1883 (BPAI 2008) (“Here, the descriptive material (SEQ ID NOs) recited in the claims is not functional material like the data structures in Lowry. There is no evidence that SEQ ID NOs 9-1008 functionally affect the process of comparing a target sequence to a database by changing the efficiency or accuracy or any other characteristic of the comparison. Rather, the SEQ ID NOs are merely information being manipulated by a computer; the SEQ ID NOs are inputs used by a computer program that calculates the degree of similarity between a target sequence and each of the sequences in a database. The specific SEQ ID NOs recited in the claims do not affect how the method of the prior art is performed – the method is carried out the same way regardless of which specific sequences are included in the database (emphasis added).”)



Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
United States Patent Application Publication No. 20110112868 to Menschik discloses a network for mediating the peer-to-peer transfer of digital patient medical data includes a plurality of distributed agents each associated with a health care provider and connected to a central system. Periodically the agents collect local information relating to patient medical files and/or data streams, for example diagnostic images and associated reports, and process that information into metadata files acting as pointers to the original files. The metadata files are transmitted to the central system where they are parsed and the attributes are stored on the central system in patient records with records from the same patient grouped together whenever possible. Registered users can search the central system, even in the absence of a unique identifier, to identify patient records pointing to the remote patient medical files. Upon finding a patient medical file, the invention provides a streamlined process for communicating access authorization from the patient to the hospital or facility storing the medical files. Once patient authorization is received, secure processes are provided for transferring the data in its entirety to or for viewing by the user in a peer-to-peer fashion.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAY HUANG whose telephone number is (408)918-9799. The examiner can normally be reached 9:00a - 5:30p PST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Anita Coupe can be reached on (571) 270-3614. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/JAY HUANG/Primary Examiner, Art Unit 3619