DETAILED ACTION
This Office Action is in response to the communication filed on 04/28/2022.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
As per instant Amendment, submitted on 04/28/2022, claim 21 has been amended, and claim 22 has been newly added.
Claims 2, 4-7, 9, 11-14, and 16-22 have been examined and are pending; claims 16-18 are independent claims.  
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant’s submission filed on 04/28/2022 has been entered.
Examiner Initiated Interview Attempt
In attempt to accelerate the prosecution process, the Examiner has contacted the Applicant’s representative Mr. Cushing, David (Reg. No. 28,703), on 06/09/2022. However, in absences of Mr. Cushing, the Examiner left a voice mail describing the Examiner Amendment and requesting an Examiner initiated interview.  However, no reply was received as of 06/14/2022, and the Examiner proceeded with this office action.
Response to Arguments
Applicants’ arguments in the instant Amendment, filed on 02/22/2021, with respect to the prior-art rejections to claims 2, 4-7, 9, 11-14, and 16-21 are rejected under 35 U.S.C. 103, and limitations listed below, have been fully considered but they are not persuasive.
As to the rejections of independent claims, more specifically, to the claim16, Applicant submits that the applied prior does not tecah the claim limitations. Providing eveidences, the Applicnat submits that the deficiencies in the teaching of Apfel are described in detail in the Appeal Brief filed Octobier 12, 2021, with which the examiner is already thoroughly familiar, having issued an Examiner’s Answer on February 28, 2022. Applicant again submits that all of those described distinctions are clear and significant, but rather than repeat all arguments herein applicant choses to simply focus on one point. The independent claims of the present application recite that the hearing aid has a signal processing unit for performing certain functions and, in addition, a signal processor for performing other functions. The claims require that the signal processor be configured to (1) set up a secure session with a remote server through a personal communication device acting as a gateway, and (2) permit the remote server during that secure session to edit the settings in the first memory segment by exchange of data encrypted by means of an encryption key stored in a second memory segment of the hearing aid.
deficiencies in the teaching of Apfel are described in detail in the Appeal Brief filed Octobier 12, 2021, with which the examiner is already thoroughly familiar, having issued an Examiner’s Answer on February 28, 2022. Applicant again submits that all of those described distinctions are clear and significant, but rather than repeat all arguments herein applicant choses to simply focus on one point. The independent claims of the present application recite that the hearing aid has a signal processing unit for performing certain functions and, in addition, a signal processor for performing other functions. The claims require that the signal processor be configured to (1) set up a secure session with a remote server through a personal communication device acting as a gateway, and (2) permit the remote server during that secure session to edit the settings in the first memory segment by exchange of data encrypted by means of an encryption key stored in a second memory segment of the hearing aid (Applicant Arguments/Remarks, 04/28/2022, pages 8-9).
The Examiner disagrees with the Applicants. The Examiner respectfully submits that applied reference teaches the addressed limitations. Examiner, has provided detail explanation, in the Examiner Answer, mailed out on 02/28/2022, of how the applied prior art teaches the limitations. Apfel teach the limitation context of (1) set up a secure session with a remote server via a personal communication device acting as a gateway. As applied in the rejection, Apfel teach the limitation a processor (Apfel: pars 0017-0018; Fig 1, the hearing aid includes processor and memory to execute the function instructions. Apfel: pars 0015-0017; Fig 1, the hearing aid in communication with the computing device [i.e. personal communication device / gateway device] and the customer service data system [i.e. server] establishing a secure connection [i.e. secure session] for providing the testing, tuning, and adjustments).
In regards to the limitation context of (2) the editing of settings stored in said first memory segment comprises exchanging of data encrypted by means of a key included in said at least one security element during the secure session, the rejections did not rely upon Apfeal, but Roberts. Examiner had used Roberts reference to show encryption of data using a key in secure communication. Therefore, the rejections are proper.
As to the rejections of dependent claims, 4, 11, and 21, the Applicant submits that there must be two different security elements stored in the hearing aid, and two different secure sessions. In the examiner’s reading of the claim language on Apfel, the only secure session between the hearing aid and server in which the hearing aid settings are edited by exchange of encrypted data is the secure session with the hearing health professional. There is no suggestion in Apfel of setting up a different secure session, using a different security element, with a fitting equipment computer. The Advisory Action provides no response to the fatal flaw of the prior art failing to teach the claim requirement of a second processor to set up the secure session between the hearing aid and remote server and to enable editing of hearing aid settings by the exchange of data encrypted with the security key stored at the hearing aid, nor does it provide any meaningful response to the problem with respect to claims 4, 11 and 21, wherein the prior art fails to teach two security elements.  The examiner points to Roberts as teaching a security element, and applicant does not contest the prior art was aware of security elements, but the claims require two different security elements, one for a secure session with a remote server and another for a remote session with a hearing health professional. In Apfel, the only secure connection between the hearing professional and hearing aid would be through the customer service system 162, so there is no apparent need for a separate security element for each of the service system 162 and the hearing professional. Further, the security element relied on by the examiner as the first claimed security element is something the examiner alleges would have been obvious to use in the Apfel session between the hearing health professional and the hearing aid, and the examiner then later relies on Roberts to teach the same thing.  (Applicant Arguments/Remarks, 04/28/2022, pages 10-11).
The Examiner disagrees with the Applicants. The Examiner respectfully submits that applied reference teaches the addressed limitations. Examiner, respectfully, submits that Roberts is combinable with the method/system of Apfel and Gupta teaches the limitations. According to Applicant’s argument since primary art Apfel does not have second memory with a second security element, no memory cannot be combined with Apfel’s system to perform function associated with a second security element, as addressed above for independent claim Gupta teaches of memory storing security information/elements, and performing specific secure session using stored security elements (Gupta: pars 0018, 0024, 0035, 0045, 0063, a mobile device, such as a medical or health device that may receive and/or transmit information wirelessly, stores tree and root trust certificate verification information, configured with registrar information. The medical or health device cryptographic binding and root trust certificate verification information to establish a trust relationship between the device and an online sign-up server). Therefore, it would have been obvious to one of ordinary skill in the art to combine the teachings of Gupta with the method/system of Apfel for the benefit of providing a user with a means for, as a second memory, using a certificate and root tree structure for establishing a cryptographic binding between the service-provider and a mobile device, such as a medical device, and verifying the root certificate information for authentication in creating a secured authorized session between the device and the service-provider’s system device (Gupta: pars 0018, 0024, 0035). Gupta reference specifically address storing and using root certificate (Gupta pars 0018, 0024, 0035, 0045, 0063, stores tree and root trust certificate verification information, health device cryptographic binding and root trust certificate verification information to establish a trust relationship between the device and an online sign-up server).  Additionally, Apfel teaches of processing and outputting the shape or/adjusted audio signal for the user’s hearing based on the hearing aid profile information. 
In response to the Applicant’s argument of “the fetal flaw,” what the Applicant is suggesting that, since primary art Apfel or any other reference not having second memory with a second security element, no memory or security element cannot be seen as combination, and the Examiners submits that that is not correct. If two or more PriorArt teaching can be combined for performing the operations of claimed features, in one sense, it is irrelevant whether a single memory segment and single security element performs the functions for providing the solution, or the system needs to be modified, for a successful or efficient implementation purpose, two or more memory segments and two or more security elements performs the functions.
Also, one of ordinary skill in the art would understand that the memory can be as many segments as needed and segmented, still can be called as memory as single entity, and so does the modules of security elements. Therefore, unless the claims explicitly recite characteristics of different memory segments and different security elements, and the security restrictions/configuration of the access and use of them, which would provide an advantage in performing the claimed function, the applied PriorArt teaches the limitations.
Therefore, the rejections of claims 4, 11 and 21 are proper.
Claim Rejections - 35 USC § 103
 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 2, 4-7, 9, 11-14, and 16-21 are rejected under 35 U.S.C. 103 as being unpatentable over Apfel et al (“Apfel,” US 2013/0177188, published on 07/11/2013), in view of Gupta et al (“Gupta,” US 2013/0024921, published on 01/24/2013), and further in view of Roberts et al, (“Roberts” US 2012/0271380, published on 10/25/2012).
As to claim 16, Apfel teaches a hearing aid (Apfel: pars 0017-0018; Fig 1, a hearing aid in communication with a computing device and a customer service data system for providing testing, tuning, and adjustments of the hearing aid’s function for the user, where the hearing aid includes processor and memory to execute the function instructions) comprising:
a first memory segment for storing settings for configuring the hearing aid (Apfel: pars 0017-0019; Fig 1, the hearing aid includes a processor and a memory components to execute the function instructions for testing, tuning, and adjustments [i.e. configuring the hearing aid]. The memory stores hearing aid profiles, sound shaping, and tone generating instructions);
a signal processing unit for processing a digital signal before it is presented to the hearing aid user through an output transducer, wherein the signal processing is controlled by the settings stored in the first memory segment (Apfel: pars0016, 0019, 0027; Fig 1, the hearing aid includes a transceiver, microphone speaker. For process and output the shape or/adjusted audio signal for the user’s hearing based on the hearing aid profile information);
a processor (Apfel: pars 0017-0018; Fig 1, the hearing aid includes processor and memory to execute the function instructions): configured to: 
set up a secure session with a remote server via a personal communication device acting as a gateway (Apfel: pars 0015-0017; Fig 1, the hearing aid in communication with the computing device [i.e. personal communication device / gateway device] and the customer service data system [i.e. server] establishing a secure connection [i.e. secure session] for providing the testing, tuning, and adjustments); and
allow said remote server to edit said settings stored in said first memory segment [ ] during the secure session (Apfel: pars 0015-0017, 0019, the hearing aid is configured or the configuration is edited/programed/tuned over the established secure communication/connection link to the customer service data system, and with use of hearing aid profiles, sound shaping, and tone generating instructions, stored in the hearing aid memory).
Apfel does not explicitly teach a second memory segment for storing at least one security element; [allow] under control of said at least one security element.
However, Gupta, in an analogous art, teaches a second memory segment for storing at least one security element (Gupta: pars 0018, 0024, 0035, 0045, 0063, a mobile device, such as a medical or health device that may receive and/or transmit information wirelessly, stores tree and root trust certificate verification information, configured with registrar information); 
[allow] under control of said at least one security element (Gupta: pars 0018, 0024, 0035, the medical or health device cryptographic binding and root trust certificate verification information to establish a trust relationship between the device and an online sign-up server).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Gupta with the method/system of Apfel for the benefit of providing a user with a means for using a certificate and root tree structure for establishing a cryptographic binding between the service-provider and a mobile device, such as a medical device, and verifying the root certificate information for authentication in creating a secured authorized session between the device and the service-provider’s system device (Gupta: pars 0018, 0024, 0035). 
Apfel or Gupta does not explicitly teach wherein the editing of settings stored in said first memory segment comprises exchanging of data encrypted by means of a key included in said at least one security element during the secure session.
However, Roberts, in an analogous art, teaches wherein the editing of settings stored in said first memory segment comprises exchanging of data encrypted by means of a key included in said at least one security element during the secure session (Roberts: pars 0010-0013, 0051, 0055, teaches of a secure communication between implanted medical device and at least one another device or an external medical device, allowing one or both of programming of the implanted medical device by the at least one other device and decryption of information transmitted between the implanted medical device (IMD) and the at least one other device or external medical device, during the communication session. Where the session key used in decryption is shared between devices and stored in the implanted medical device).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Roberts with the method/system of Apfel and Gupta for the benefit of providing a user with a means for using an encrypted secure communication between a server/controlling device and implanted medical device (IMD) so that programming/configuring command to the implanted medical device (IMD) can be transmitted from the server/controlling device over a secure session  so that IMD can overcome vulnerabilities to unauthorized communications (e.g., an inadvertent or malicious programming command) (Roberts: pars 0010-0013, 0034). 
As to claim 2, the combination of Apfel, Gupta, and Roberts teaches the hearing aid according to claim 16, 
Gupta further teaches wherein said at least one security element includes a first root certificate (Gupta: pars 0024, 0031-0032, 0035, uses public key base root certificate).
As to claim 4, the combination of Apfel, Gupta, and Roberts teaches the hearing aid according to claim 16, 
Apfel further teaches wherein said second memory segment comprises at least one further security element for setting up a further secure session with a computer with fitting equipment for loading settings for alleviating a hearing loss into a third memory segment of the hearing aid (Apfel: pars0016, 0019, 0027, process and output the shape or/adjusted audio signal for the user’s hearing based on the hearing aid profile information).
As to claim 6, the combination of Apfel, Gupta, and Roberts teaches the hearing aid according to claim 5, 
Gupta further teaches wherein said remote server has issued the first root certificate as well as the second root certificate (Gupta: pars 0028, 0031-0032, 0035, 0052, uses key or public key base root certificate issued by server for provisioning service under certificate’s conditions [i.e. including certificate time validity]).
As to claim 7, the combination of Apfel, Gupta, and Roberts teaches the hearing aid according to claim 6, 
Gupta further teaches wherein the second root certificate has been received via the secure session from said remote server (Gupta: pars 0028, 0031-0032, 0035, 0052, uses key or public key base root certificate issued by server that is located remote).
As to claim 9, the combination of Apfel, Gupta, and Roberts teaches the method according to claim 17, 
Gupta further teaches wherein said at least one security element includes a first root certificate (Gupta: pars 0028, 0031-0032, 0035, 0052, uses key or public key base root certificate).
As to claim 11, the combination of Apfel, Gupta, and Roberts teaches the method according to claim 17, 
Apfel further teaches comprising storing at least one further security element in said second memory segment, and setting up a further secure session with a computer with fitting equipment for loading settings for alleviating a hearing loss into a third memory segment of the hearing aid (Apfel: pars0016, 0019, 0027, process and output the shape or/adjusted audio signal for the user’s hearing based on the hearing aid profile information).
As to claim 12, the combination of Apfel, Gupta, and Roberts teaches the method according to claim 11, 
Gupta further teaches wherein said at least one security element includes a first root certificate, and said at least one further security element is a second root certificate having a validity period being substantially shorter than the validity period of the first root certificate (Gupta: pars 0028, 0031-0032, 0035, 0052, uses key or public key base root certificate issued by server for provisioning service under certificate’s conditions [i.e. including certificate time validity]).
As to claim 13, the combination of Apfel, Gupta, and Roberts teaches the method according to claim 12, 
Gupta further teaches wherein said remote server has issued the first root certificate as well as the second root certificate (Gupta: pars 0028, 0031-0032, 0035, 0052, uses key or public key base root certificate issued by server for provisioning service under certificate’s conditions).
As to claim 14, the combination of Apfel, Gupta, and Roberts teaches the method according to claim 13, 
Gupta further teaches comprising receiving said second root certificate via the secure session from said remote server (Gupta: pars 0028, 0031-0032, 0035, 0052, uses key or public key base root certificate issued by server that is located remote).
As to claim 17, Apfel teaches a method of managing the settings for configuring a hearing aid (Apfel: pars 0017-0018; Fig 1, a hearing aid in communication with a computing device and a customer service data system for providing testing, tuning, and adjustments of the hearing aid’s function for the user, where the hearing aid includes processor and memory to execute the function instructions), the method comprising:
storing settings for configuring the hearing aid in a first memory segment (Apfel: pars 0017-0019; Fig 1, the hearing aid includes a processor and a memory components to execute the function instructions for testing, tuning, and adjustments [i.e. configuring the hearing aid]. The memory stores hearing aid profiles, sound shaping, and tone generating instructions);
processing a digital signal in a signal processing unit of the hearing aid before it is presented to the hearing aid user through an output transducer, wherein the processing is controlled by the settings stored in the first memory segment (Apfel: pars0016, 0019, 0027; Fig 1, the hearing aid includes a transceiver, microphone speaker. For process and output the shape or/adjusted audio signal for the user’s hearing based on the hearing aid profile information);
setting up a secure session with a remote server using a processor of the hearing aid via a personal communication device acting as a gateway (Apfel: pars 0015-0017; Fig 1, the hearing aid in communication with the computing device [i.e. personal communication device gateway device] and the customer service data system [i.e. server] establishing a secure connection [i.e. secure session] for providing the testing, tuning, and adjustments); and
editing from the remote server said settings for the hearing aid stored said first memory segment [ ] during the secure session set up (Apfel: pars 0015-0017, 0019, the hearing aid is configured or the configuration is edited/programed/tuned over the established secure communication/connection link to the customer service data system, and with use of hearing aid profiles, sound shaping, and tone generating instructions, stored in the hearing aid memory).
Apfel does not explicitly teach storing at least one security element in a second memory segment; [editing] under control of said at least one security element.
However, Gupta, in an analogous art, teaches storing at least one security element in a second memory segment (Gupta: pars 0018, 0024, 0035, 0045, 0063, a mobile device, such as a medical or health device that may receive and/or transmit information wirelessly, stores tree and root trust certificate verification information, configured with registrar information); 
[editing] under control of said at least one security element (Gupta: pars 0018, 0024, 0035, the medical or health device cryptographic binding and root trust certificate verification information to establish a trust relationship between the device and an online sign-up server).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Gupta with the method/system of Apfel for the benefit of providing a user with a means for using a certificate and root tree structure for establishing a cryptographic binding between the service-provider and a mobile device, such as a medical device, and verifying the root certificate information for authentication in creating a secured authorized session between the device and the service-provider’s system device (Gupta: pars 0018, 0024, 0035). 
Apfel or Gupta does not explicitly teach wherein the editing of settings stored in said first memory segment comprises exchanging of data encrypted by means of a key included in said at least one security element during the secure session.
However, Roberts, in an analogous art, teaches wherein the editing of settings stored in said first memory segment comprises exchanging of data encrypted by means of a key included in said at least one security element during the secure session (Roberts: pars 0010-0013, 0051, 0055, teaches of a secure communication between implanted medical device and at least one another device or an external medical device, allowing one or both of programming of the implanted medical device by the at least one other device and decryption of information transmitted between the implanted medical device (IMD) and the at least one other device or external medical device, during the communication session. Where the session key used in decryption is shared between devices and stored in the implanted medical device).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Roberts with the method/system of Apfel and Gupta for the benefit of providing a user with a means for using an encrypted secure communication between a server/controlling device and implanted medical device (IMD) so that programming/configuring command to the implanted medical device (IMD) can be transmitted from the server/controlling device over a secure session  so that IMD can overcome vulnerabilities to unauthorized communications (e.g., an inadvertent or malicious programming command) (Roberts: pars 0010-0013, 0034). 
As to claim 18, Apfel teaches a data system for managing the settings for configuring a hearing aid (Apfel: pars 0017-0018; Fig 1, a hearing aid in communication with a computing device and a customer service data system for providing testing, tuning, and adjustments of the hearing aid’s function for the user, where the hearing aid includes processor and memory to execute the function instructions), wherein said hearing aid includes:
a processor (Apfel: pars 0017-0018; Fig 1, the hearing aid includes processor and memory to execute the function instructions); a first memory segment for storing said configuration settings (Apfel: pars 0017-0019; Fig 1, the hearing aid includes a processor and a memory components to execute the function instructions for testing, tuning, and adjustments [i.e. configuring the hearing aid]. The memory stores hearing aid profiles, sound shaping, and tone generating instructions);
a transceiver adapted for establishing a wireless connection to an Internet enabled personal communication device (Apfel: pars 0012, 0019, 0023; Fig 1, the hearing aid includes a transceiver to wirelessly communicate with the computing device [i.e. personal communication device /gateway device);
a signal processing unit for processing a digital signal before it is presented to the hearing aid user through an output transducer, wherein the signal processing is controlled by the settings stored in the first memory segment (Apfel: pars 0016, 0019, 0027; Fig 1, the hearing aid includes a transceiver, microphone speaker. For process and output the shape or/adjusted audio signal for the user’s hearing based on the hearing aid profile information); and
wherein the processor is configured to set up a secure session between said hearing aid via said personal communication device acting as a gateway and a remote server (Apfel: pars 0015-0017; Fig 1, the hearing aid in communication with the computing device [i.e. gateway device] and the customer service data system [i.e. server] establishing a secure connection [i.e. secure session] for providing the testing, tuning, and adjustments); and
wherein said processor is configured to permit said remote server to edit said settings for configuring the hearing aid stored in said first memory segment under control of said at least one security element  [ ] during a secure session set up (Apfel: pars 0015-0017, 0019, the hearing aid is configured or the configuration is edited/programed/tuned over the established secure communication/connection link to the customer service data system, and with use of hearing aid profiles, sound shaping, and tone generating instructions, stored in the hearing aid memory).
Apfel does not explicitly teach a second memory segment for storing at least one security element; [permit] under control of said at least one security element.
However, Gupta, in an analogous art, teaches a second memory segment for storing at least one security element (Gupta: pars 0018, 0024, 0035, 0045, 0063, a mobile device, such as a medical or health device that may receive and/or transmit information wirelessly, stores tree and root trust certificate verification information, configured with registrar information); 
[permit] under control of said at least one security element (Gupta: pars 0018, 0024, 0035, the medical or health device cryptographic binding and root trust certificate verification information to establish a trust relationship between the device and an online sign-up server).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Gupta with the method/system of Apfel for the benefit of providing a user with a means for using a certificate and root tree structure for establishing a cryptographic binding between the service-provider and a mobile device, such as a medical device, and verifying the root certificate information for authentication in creating a secured authorized session between the device and the service-provider’s system device (Gupta: pars 0018, 0024, 0035).
Apfel or Gupta does not explicitly teach wherein the editing of settings stored in said first memory segment comprises exchanging of data encrypted by means of a key included in said at least one security element during the secure session.
However, Roberts, in an analogous art, teaches wherein the editing of settings stored in said first memory segment comprises exchanging of data encrypted by means of a key included in said at least one security element during the secure session (Roberts: pars 0010-0013, 0051, 0055, teaches of a secure communication between implanted medical device and at least one another device or an external medical device, allowing one or both of programming of the implanted medical device by the at least one other device and decryption of information transmitted between the implanted medical device (IMD) and the at least one other device or external medical device, during the communication session. Where the session key used in decryption is shared between devices and stored in the implanted medical device).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Roberts with the method/system of Apfel and Gupta for the benefit of providing a user with a means for using an encrypted secure communication between a server/controlling device and implanted medical device (IMD) so that programming/configuring command to the implanted medical device (IMD) can be transmitted from the server/controlling device over a secure session  so that IMD can overcome vulnerabilities to unauthorized communications (e.g., an inadvertent or malicious programming command) (Roberts: pars 0010-0013, 0034). 
As to claim 19, the combination of Apfel, Gupta, and Roberts teaches the hearing aid according to claim 16, 
Apfel further teaches wherein the signal processing unit is adapted for alleviating a hearing loss by amplifying sound at frequencies in those parts of the audible frequency range where the user suffers a hearing deficit (Apfel: pars0016, 0019, 0027, process and output the shape or/adjusted audio signal for the user’s hearing based on the hearing aid profile information).
As to claim 20, the combination of Apfel, Gupta, and Roberts teaches the hearing aid according to claim 2, 
Gupta further teaches wherein the first root certificate grants the remote server rights to write to the first memory (Gupta: pars 0028, 0031-0032, 0035, 0052, uses key or public key base root certificate issued by server for provisioning service under certificate’s conditions).
As to claim 21, the combination of Apfel, Gupta, and Roberts teaches the hearing aid according to claim 4, 
Apfel further teaches wherein said at least one security element includes a first root certificate, and wherein the first root certificate grants the computer with fitting equipment rights to write settings for alleviating a hearing loss into a third memory segment of the hearing aid (Apfel: pars0016, 0019, 0027, process and output the shape or/adjusted audio signal for the user’s hearing based on the hearing aid profile information. Gupta: pars 0018, 0024, 0035, the medical or health device cryptographic binding and root trust certificate verification information to establish a trust relationship between the device and an online sign-up server).
Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Apfel et al (“Apfel,” US 2013/0177188, published on 07/11/2013), in view of Gupta et al (“Gupta,” US 2013/0024921, published on 01/24/2013), and further in view of Roberts et al, (“Roberts” US 2012/0271380, published on 10/25/2012), and LaLonde, III, et al, (“LaLonde” US 2009/0058635, published on 03/05/2009).
As to claim 5, the combination of Apfel, Gupta, and Roberts teaches the hearing aid according to claim 4, 
Apfel or Gupta does not explicitly teach further teaches wherein said at least one security element includes a first root certificate, and said at least one further security element is a second root certificate having a validity period being substantially shorter than the validity period of the first root certificate.
However, LaLonde, an analogous art, teaches wherein said at least one security element includes a first root certificate, and said at least one further security element is a second root certificate having a validity period being substantially shorter than the validity period of the first root certificate (LaLonde: pars 0225, 0226, 0244, 0251, scenario involved in a clinic/physician or the like using/provisioning for an ephemeral/short-duration type session scenario as particularly involving the cryptographic securing of communications via a chain of trust using associated digital certificates – i.e., an ephemeral/short-duration type session scenario with associated certificate will have expiration criteria of shorter duration then an initially installed in the associated PIMD/PPC/server processing elements, – see also 0228, 0245, 0246).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of LaLonde with the method/system of Apfel and Gupta for the benefit of providing a user with a means for using a certificate and root tree structure for establishing a cryptographic binding between the service-provider and a mobile device applying ephemeral/short-duration type session scenario with associated certificate will have expiration criteria of shorter duration then an initially installed in the associated for maintaining security of root certification system (LaLonde: pars 0225, 0226, 0244, 0251). 
Allowable Subject Matter
Claim 22 is considered allowable over prior art, but are objected because of the claim objection.
The following is an examiner’s statement of reasons for allowable subject matter: 
The present invention is directed to a method and system for for managing the settings for configuring a hearing aid includes a hearing aid and a remote server. The hearing aid has a processor. a first memory segment for storing said configuration settings, a transceiver adapted for establishing a wireless connection to an Internet enabled personal communication device, and a second memory segment for storing at least one security element. The remote server is adapted to set up a secure session with said hearing aid via said personal communication device acting as a gateway. The processor allows said remote server to edit said settings for configuring the hearing aid stored said first memory segment during a secure session set up under control of said at least one security element stored in the second. memory segment. Apfel (2013/0177188), Gupta (US 2013/0024921), Roberts (US 2012/0271380). LaLonde (US 2009/0058635)
The closest prior art, as previously recited, Apfel (2013/0177188) is generally directed system and method for establishing a communications to communicate with a hearing health professional, providing data related to hearing aid settings to the hearing health professional, receiving a hearing aid profile in response to providing the data, and providing the hearing aid profile to a hearing aid through a second communication link, Gupta (US 2013/0024921) is generally directed to method and apparatus for secure on-line sign-up and provisioning of credentials for Wi-Fi hotspots are generally described herein. In some embodiments, the mobile device may be configured to establish a transport-layer security (TLS) session with a sign-up server through a Wi-Fi Hotspot to receive a certificate of the sign-up server. When the certificate is validated, the mobile device may be configured to exchange device management messages with the sign-up server to sign-up for a Wi-Fi subscription and provisioning of credentials, and retrieve a subscription management object (MO) that includes a reference to the provisioned credentials for storage in a device management tree. The credentials are transferred/provisioned securely to the mobile device. In some embodiments, an OMA-DM protocol may be used. The provisioned credentials may include certificates in the case of certificate-based credentials, machine-generated credentials such as username/password credentials, or SIM-type credentials, Roberts (US 2012/0271380) is generally directed to Techniques for dynamically adjusting the valid lifespan of a session key for wireless communication sessions established between at least two medical devices. Adjusting the session key lifetime balances protecting the communications link so that it is not unnecessarily susceptible to eavesdropping by third parties or other interference while obviating the need for a user to repeatedly perform access control steps, and LaLonde (US 2009/0058635) is generally directed to a method and system where a portable patient communicator (PPC) includes a portable housing that supports a processor coupled to memory for storing medical firmware and wireless radio firmware, first and second radios, a processor, and a power source. Communications between a patient implantable medical device (PIMD) and the first radio of the PPC are effected in accordance with program instructions of the medical firmware, and communications between the second radio of the PPC and the wireless network are effected in accordance with program instructions of the wireless radio firmware. Data from the PIMD is received via the first radio to which a priority level is assigned, such as in a tiered manner. A data transport mechanism is selected among disparate data transport mechanisms based at least in part on the priority level. PIMD data is transmitted to the wireless network using the selected transport mechanism via the second radio.
The Examiner concludes that besides the amendment presented by the Applicant, filed on 04/28/2022, for consideration of an allowance, none of Apfel, Gupta, Roberts, and LaLonde, nor any other art teaches or suggests, alone or in combination, the particular combination of steps or elements as recited in the dependent claim 22. For example, none of the cited prior art teaches or suggest the steps of wherein said hearing aid uses said at least one security element in said secure session with said remote server to permit said remote server to edit said settings without assistance of said hearing aid professional, and uses said further security element in said further secure session with said computer during which further secure session said settings can be loaded into said third memory segment [of the hearing aid] without assistance from said remote server, as a whole with the remaining limitations.
Therefore, the claim 22 is considered allowable subject matter over the cited prior art, however is objected however, is objected as it depends on claims that remain rejected over prior art above.
Claim 22 would be considered to be allowable if rewritten in independent form including all of the limitations of the claim(s) that the claim in dependent from.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jahangir Kabir whose telephone number is (571) 270-3355.  The examiner can normally be reached on 9:00- 5:00 Mon-Thu.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002.  The fax number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/JAHANGIR KABIR/             Primary Examiner, Art Unit 2439