Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. 

Claims 22-29 are rejected under 35 U.S.C. 112(b), as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, regards as the invention.
Recitation of “the validating act” on line 1 of claim 22, “the act of validating the prescription data” on line 2 of each of claims 23-25, “the act” on line 2 of claim 26, “the act of validating the received files” on line 1 of claim 27, “the act of creating an update request files” on line 1 of claim 28 and “the act of communicating the updated request files to the remote server” on line 1 of claim 29 lacks a positive antecedent basis.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 18, 22, 26-36, 38, 42 and 45-53 are rejected under 35 U.S.C. 102(a)(1)/102(a)(2) as being anticipated by US 2013/0104120 A1 (Arrizza et al.).

Regarding claim 18, Arrizza et al. teach a method for protecting a medical device having a processor from malicious software (see paragraph [0068]: The encryption mechanism will also insure that if an update filter is intercepted, it cannot be modified and then replayed to the medical device as a valid update.  If attempted, the device will reject the update as an invalid file”), the method comprising:
providing at least one control software module that controls the operation of the medical device and is executable on the processor (see paragraph [0035]: FIG. 1…an application subsystem 18 controls the operation of the medical device 10”), a data management module that manages data flow between the at least one control software module from and exterior sources (see paragraph [0035]: FIG. 1… A communication subsystem 16 facilitates communications between the medical device 10 and the server 12”), and an agent module having access to only predetermined memory locations in the medical device (see FIG. 1: Communication subsystem 16 can only write to storage 20);
enabling a communications link from the medical device to a remote server; activating the agent module to transmit a request to the remote server via the enabled communications link (see paragraph [0089]: FIG. 14… software user activates a drug delivery for one or more infusion pumps.  In response, the server 112 generates and sends an update message for the medical device), receive files from the remote server, and store the received files from the remote server in the predetermined memory locations accessible by the agent module (see paragraph [0013]: FIG. 7 is a timing diagram showing a process where two new updates are downloaded prior to installation”  Only storage 20 is accessible);
validating the received files, with the data management module, prior to transferring the received files stored within the predetermining predetermined memory locations into an internal memory location accessible by the at least one control software module (see paragraph [0045]:…will calculate a checksum over the first chunk 30, which will be used later by the respective device 12 to verify that the translator of the chunk 30 was completed without corruption);
reading the received files into the data management module if the received files are validated by the data management module for storage within the internal memory location (see paragraph [0063]: FIG. 8 is a diagram and flow chart illustrating the state of a medical device before and after an update);
deleting all received files in the predetermined memory locations if any part of validation fails (see paragraph [0039]: …if the downloaded update files cannot be verified, the process proceeds back to steps 2-16, where the updates are downloaded again.”.  It is implicit, that a second download overwrites a failed download, thereby deleting the files); and 
disabling the communications link before when a therapy using the medical device is started, and enabling the communications link after the therapy has ended (“claim 9….update files are downloaded while the medication administering device is being used to administer medication.  Arrizza et al. describe the possibility to have both at the same time as something new and inventive.  Therefore, the method of Arrizza et al. cannot do both simultaneously.  Only therapy or update is possible, one after the other).
Regarding claim 22, see the validating act comprises comparing a plurality of directory names corresponding to a directory structure of the received files against a list of acceptable directory names (see paragraph [0105]: The update message contains a manifest or list of the files and their locations on the server).																					Regarding claim 26, see the received files contain prescription data and the method further comprises the act by a user of confirming and accepting a prescription as indicated by the prescription data.  Arrizza et al. is all is all about prescription data, see " paragraph [0002]: Intravenous infusion therapy is prescribed where it is desirable to administer medications and other fluids directly into the circulatory system of a patient. "  See also paragraph [0040]: After the updates files are downloaded, verified, and stored... the process determines whether the user accepts the update or rejects the update."
Regarding claim 27, see comprising the act of validating the received files by the data management module before reading the received files for storage within the internal memory location (see paragraph [0040]: After the updates files are downloaded, verified, and stored", it is clear that the storage comes after the validation).
Regarding claim 28, see comprising the act of creating an update request file at a specified memory location accessible by the agent module (see FIG.6: GET UPDATE BASED ON MANIFEST by Communication subsystem 16 that writes only to storage 20 in FIG. 1).
Regarding claim 29, see Fig. 6 “UPDATE MESSAGE” and “STATUS MESSAGE” to the remote server.
Regarding claims 30-33, see the communication link is a wireless link, a wired link, an Ethernet connection and/or a WiFi connection (see FIG. 3-5).
Regarding claim 34, see paragraph [0086]: During the shutdown of the infuser, the MCU will ask the user whether the updates should be installed. If the user accepts, the MCU reboots into a software update image. The MCU then reboots into a clinical image in a biomed mode. Next, after a request, the drug library is transferred from the communication subsystem to the MCU and installed."  Furthermore, a firewall should always be activated on boot up. If it is activated later, it is not a proper firewall.
Regarding claim 35, Arrizza et al. disclose that "claim 9....update files are downloaded while the medication administering device is being used to administer medication." Arrizza et al. describe the possibility to have both at the same time as something new and inventive.  Therefore, the state of the art for Arrizza et al. cannot do both simultaneously. Only therapy or update is possible, one after the other.
Regarding claim 36, Arrizza et al. disclose in paragraph 0038] ...allowing the update file transfer to resume from a point when the network connection is lost to when it is reestablished."
Regarding claim 38, Arrizza et al. disclose a system for protecting a medical device having a processor from malicious software (see paragraph [0068]: The encryption mechanism will also insure that if an update filter is intercepted, it cannot be modified and then replayed to the medical device as a valid update.  If attempted, the device will reject the update as an invalid file”) comprising:
a control software module executable on the processor and configured to control operation of the medical device (see paragraph [0035]: FIG. 1…an application subsystem 18 controls the operation of the medical device 10”);
a data management module configured to manage data flow between an exterior source and the control software module (see paragraph [0035]: FIG. 1… A communication subsystem 16 facilitates communications between the medical device 10 and the server 12”); and
an agent module having access only to predetermined memory locations in the medical device (see FIG. 1: Communication subsystem 16 can only write to storage 20);
the control software module configured to enable a communications link from the medical device to a remote server, to activate the agent module to transmit a request to the remote server via the enabled communications link (see paragraph [0089]: FIG. 14… software user activates a drug delivery for one or more infusion pumps.  In response, the server 112 generates and sends an update message for the medical device), to receive files from the remote server, and to store the received files from the remote server in the predetermined memory locations accessible by the agent module (see paragraph [0013]: FIG. 7 is a timing diagram showing a process where two new updates are downloaded prior to installation”  Only storage 20 is accessible);
the data management module configured to perform a validation of the received files stored within the predetermined memory locations (see paragraph [0045]:…will calculate a checksum over the first chunk 30, which will be used later by the respective device 12 to verify that the translator of the chunk 30 was completed without corruption), and to transfer the received files into an internal memory location accessible by the control software module if the validation succeeds (see paragraph [0063]: FIG. 8 is a diagram and flow chart illustrating the state of a medical device before and after an update), or to delete all received files in the predetermined memory locations if the validation fails (see paragraph [0039]: …if the downloaded update files cannot be verified, the process proceeds back to steps 2-16, where the updates are downloaded again.”.  It is implicit, that a second download overwrites a failed download, thereby deleting the files);
wherein the control software module is configured to disable the communications link when a therapy using the medical device is started, and to enable the communications link after the therapy has ended (“claim 9….update files are downloaded while the medication administering device is being used to administer medication.  Arrizza et al. describe the possibility to have both at the same time as something new and inventive.  Therefore, the method of Arrizza et al. cannot do both simultaneously.  Only therapy or update is possible, one after the other).
Regarding claim 42, see the validating act comprises comparing a plurality of directory names corresponding to a directory structure of the received files against a list of acceptable directory names (see paragraph [0105]: The update message contains a manifest or list of the files and their locations on the server).																					Regarding claim 45, see the received files contain prescription data and the method further comprises the act by a user of confirming and accepting a prescription as indicated by the prescription data.  Arrizza et al. is all is all about prescription data, see " paragraph [0002]: Intravenous infusion therapy is prescribed where it is desirable to administer medications and other fluids directly into the circulatory system of a patient. "  See also paragraph [0040]: After the updates files are downloaded, verified, and stored... the process determines whether the user accepts the update or rejects the update."
Regarding claim 46, see comprising the act of validating the received files by the data management module before reading the received files for storage within the internal memory location (see paragraph [0040]: After the updates files are downloaded, verified, and stored", it is clear that the storage comes after the validation).
Regarding claim 47, see comprising the act of creating an update request file at a specified memory location accessible by the agent module (see FIG.6: GET UPDATE BASED ON MANIFEST by Communication subsystem 16 that writes only to storage 20 in FIG. 1).
Regarding claim 48, see Fig. 6 “UPDATE MESSAGE” and “STATUS MESSAGE” to the remote server.
Regarding claims 49-52, see the communication link is a wireless link, a wired link, an Ethernet connection and/or a WiFi connection (see FIG. 3-5).
Regarding claim 53, see paragraph [0086]: During the shutdown of the infuser, the MCU will ask the user whether the updates should be installed. If the user accepts, the MCU reboots into a software update image. The MCU then reboots into a clinical image in a biomed mode. Next, after a request, the drug library is transferred from the communication subsystem to the MCU and installed."  Furthermore, a firewall should always be activated on boot up. If it is activated later, it is not a proper firewall.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 19-21, 37 and 39-41 are rejected under 35 U.S.C. 103 as being unpatentable over US 2013/0104120 A1 (Arrizza et al.).
Arrizza et al. disclose the method and the system for protecting a medical device having a processor from malicious software as disclosed above.
Claims 19-21 and 39-41 differ from the method and the system of Arrizza et al. in reciting that the agent module or the processor is assigned a predetermined usage limit of the processor, a predetermined amount of storage space or a predetermined amount of memory usage.
It is well-known in the art that general predetermined usage limits, a predetermined amount of storage space or a predetermined amount of memory usage in computers are always present by the hardware available and would have been obvious to a person of ordinary skill in the art.
Claim 37 differs from the method of Arrizza et al. in reciting that the agent module is programmed to request a file transfer from the remote server at a rate no greater than once per hour.  
Choosing once per hour is just one possibility a person skilled in the art would choose in view of the circumstances. Sometimes one per day is chosen, sometimes more or less often, no special inventive step is necessary to select once per hour and would have been obvious to a person of ordinary skill in the art.
Allowable Subject Matter
Claims 23-25 would be allowable if rewritten to overcome the rejection(s) under 35 U.S.C. 112(b), set forth in this Office action and to include all of the limitations of the base claim and any intervening claims.
Claims 43-44 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOHN KIM whose telephone number is (571)272-1142. The examiner can normally be reached Maxi Flex.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, VICKIE KIM can be reached on 571-272-0579. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/John Kim/Primary Examiner, Art Unit 1777