DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
	The 8/12/2020 and 9/30/2020 IDS documents have been considered by the examiner.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 5, 9-10, 16, and 20-21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Finger (US 2020/0220865 A1) in view of Wallrabenstein (US 2017/0063559 A1) in view of Batch (US 20060247606 A1).

Regarding claim 1, Finger discloses: A [medical device] (e.g., [0014] of Finger concerning a medical device) comprising: 
a [controller], wherein the [controller] is associated with a first component identifier; 
a battery configured to power the [medical device], wherein the battery is associated with a second component identifier; 
a computer processor programmed with executable instructions, wherein the computer processor is associated with a third component identifier; and 
Refer to at least 112A-112C in FIG. 2, [0019]-[0020], and [0031]-[0032] of Finger with respect to components such as processors (i.e., processors and controllers) and batteries, as well as operating system components. Said components are associated with a component identifier. 
a data store storing: verification key data representing a verification key; and 
Refer to at least 104 in FIG. 1 or 208 in FIG. 2 of Finger with respect to exemplary data stores. 
Refer to at least [0017] and [0019] of Finger with respect to storing component identifiers. Further see at least [0025]-[0026] and [0037] of Finger with respect to the component identifiers being encrypted / hashed and storing the result.
wherein the computer processor is programmed by the executable instructions to at least: determine that a command has been issued for execution of software that controls a function of the [medical device]; 
Refer to at least [0021] and [0040] of Finger with respect to a boot sequence or setup triggering component verification. The operating system is considered to be a form of claimed software; starting the boot process is interpreted as the command.
determine a plurality of component identifiers, wherein individual component identifiers of the plurality of component identifiers correspond to individual components of the [medical device] present at a time the command is issued; 
Refer to at least [0010] and [0042] of Finger with respect to a plurality of components being received for concurrent authentication.
generate a [group component identifier], wherein a threshold number of [component identifiers] is required; 
generate [a] digital signature using [the group component identifier]; 
verify the digital signature using the verification key; and 
authorize execution of the software.
Refer to at least [0010], [0021], and [0042]-[0043] of Finger with respect to obtaining a plurality of component identifiers and generating a group component identifier for comparison to a stored group component identifier. The device is authorized to boot with full functionality when the components are authenticated. 
Refer to at least [0025]-[0026], [0037], and [0043] of Finger with respect to encrypting the group component identifier for comparison with an encrypted group component identifier (e.g., the hash digest of the group component identifier).
The teachings of Finger concern a generic medical device and do not specify: the medical device further being an infusion pump; the controller further being a motor control unit configured to control infusion of medication. Further, while Finger discloses encryption for component identifiers and the group component identifier, it does not specify the encryption algorithm being a threshold scheme. As such, Finger does not fully disclose: share data representing a plurality of secret shares for generating a digital signature, wherein a first secret share of the plurality of secret shares is associated with the first component identifier, wherein a second secret share of the plurality of secret shares is associated with the second component identifier, and wherein a third secret share of the plurality of secret shares is associated with the third component identifier; load at least a subset of the plurality of secret shares based at least partly on the plurality of component identifiers; generate a plurality of signature shares using the subset of the plurality of secret shares, wherein a threshold number of secret shares is required in order to generate a threshold number of signature shares; generate the digital signature using the plurality of signature shares. However, Finger in view of Wallrabenstein discloses: share data representing a plurality of secret shares for generating a digital signature, wherein a first secret share of the plurality of secret shares is associated with the first component identifier, wherein a second secret share of the plurality of secret shares is associated with the second component identifier, and wherein a third secret share of the plurality of secret shares is associated with the third component identifier; 
Refer to at least FIG. 2, [0061]-[0063], [0114]-[0115], and [0118]-[0120] of Wallrabenstein with respect to threshold cryptography and a system’s components (e.g., FIG. 14 and [0154] of Wallrabenstein) each being associated with a respective secret share derived from their unique identity.
load at least a subset of the plurality of secret shares based at least partly on the plurality of component identifiers; generate a plurality of signature shares using the subset of the plurality of secret shares, wherein a threshold number of secret shares is required in order to generate a threshold number of signature shares; generate the digital signature using the plurality of signature shares;
Refer to at least [0072]-[0098] of Wallrabenstein with respect to threshold cryptography for calculating a signature using secret shares. 
Refer to at least [0115]-[0116], [0118]-[0120], and [0130]-[0133] of Wallrabenstein with respect to obtaining the secret shares for performing a signature and verification.
The teachings of Finger concern encrypting identifying information of device components for verification, while the teachings of Wallrabenstein likewise concern encrypting identifying information of device components for verification. As such, the teachings of Wallrabenstein are considered to be drawn to an alternative encryption algorithm usable by the teachings of Finger. 
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Finger to implement a threshold scheme for its encryption function for at least the purpose of improving privacy of stored information (e.g., component identifiers) such that having less than a threshold number of shares provides scarce information to an adversary. 
Further, Finger-Wallrabenstein in view of Batch discloses: the medical device further being an infusion pump; the controller further being a motor control unit configured to control infusion of medication.
Refer to at least [0009] and [0037] of Batch with respect to an infusion pump as a medical device having typical components such as a motor controller. 
The teachings of Finger-Wallrabenstein comprise medical devices, and the teachings of Batch further specify medical devices such as infusion pumps. As such, they are considered to be combinable.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Finger-Wallrabenstein to also apply to an infusion pump because the substitution of one known element (i.e., a generic medical device for the specific example of an infusion pump) for another would have yielded predictable results to one of ordinary skill in the art at the time (i.e., the infusion pump has components which may be verified during, e.g., booting or execution).

Regarding independent claim 5, it is substantially similar to elements of independent claim 1 above, and is therefore rejected for substantially the same reasons (i.e., the citations and obviousness rationale).

Regarding claim 9, Finger-Wallrabenstein-Batch discloses: The computer-implemented method of claim 5, further comprising executing the system command in response to authorizing execution of the system command, wherein executing the system command comprises one of: executing license software, dispensing medication, or communicating with a network server.
Refer to at least the abstract of Batch with respect to requiring an access key for operation of features of a medical instrument. 
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Finger-Wallrabenstein-Batch to further include authorization for operation of features of a medical instrument for at least the purpose of improving patient safety by prevention of being treated with a device having incorrect or missing components.

Regarding claim 10, it is rejected for substantially the same reasons as claim 5 above (i.e., the citations concerning storage).

Regarding independent claim 16, it is substantially similar to elements of independent claim 1 above, and is therefore rejected for substantially the same reasons (i.e., the citations and obviousness rationale).

Regarding claims 20-21, they are substantially similar to claims 9-10 above, and are therefore likewise rejected.

Claim(s) 2-4, 6-8, and 17-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Finger-Wallrabenstein-Batch as applied to claims 1, 5, 9-10, 16, and 20-21 above, and further in view of “Social Secret Sharing in Cloud Computing Using New Trust Function,” hereinafter “Nojoumian.”

Regarding claim 2, Finger-Wallrabenstein-Batch does not fully disclose: wherein the data store further stores a plurality of weights, wherein individual weights of the plurality of weights are associated with individual secret shares of the plurality of secret shares, and wherein the threshold number of secret shares comprises a threshold amount of weighted shares. However, Finger-Wallrabenstein-Batch in view of Nojoumian discloses: wherein the data store further stores a plurality of weights, wherein individual weights of the plurality of weights are associated with individual secret shares of the plurality of secret shares, and wherein the threshold number of secret shares comprises a threshold amount of weighted shares.
Refer to at least the abstract, ¶1 on page 162, and ¶1 in section II of Nojoumian with respect to weights associated with secret shares. 
Refer to at least section II.B, ¶1-2 on page 164, ¶4 on page 165, and section IV (2) of Nojoumian with respect to weighting based on trust associated with participants. Compromised actions by corrupt participants cause the trust to be lowered. 
The teachings of Nojoumian likewise concern secret sharing, and are considered to be within the combinable with those of Finger-Wallrabenstein-Batch implementing such. 
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Finger-Wallrabenstein-Batch to further include weighting secret shares according to component actions (i.e., good or malicious) for at least the purpose of increasing security and reducing harm from malicious and/or compromised components. 

Regarding claim 3, it is rejected for substantially the same reasons as claim 2 above (i.e., adjusting weights based on actions taken by participants).

Regarding claim 4, Finger-Wallrabenstein-Batch-Nojoumian discloses: The infusion pump of claim 3, wherein the security event comprises one of: a failed login attempt, a medication alert, a security override attempt, a repeated ping. network scanning activity, a denial of service event, or an error.
Refer to at least [0005], [0031], [0039], and [0047] of Batch with respect to errors.
Refer to at least [0036] of Batch with respect to medication alerts. 
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Finger-Wallrabenstein-Batch-Nojoumian to further include infusion pump actions as part of the weighted actions for at least the purpose of protecting an infusion pump from misbehaving.

Regarding claims 6-8, they are substantially similar to claims 2-4 above, and are therefore likewise rejected.

Regarding claims 17-19, they are substantially similar to claims 2-4 above, and are therefore likewise rejected.

Claim(s) 11 and 22 is/are rejected under 35 U.S.C. 103 as being unpatentable over Finger-Wallrabenstein-Batch as applied to claims 1, 5, 9-10, 16, and 20-21 above, and further in view of Stockton (US 9,430,655 B1).

Regarding claim 11, Finger-Wallrabenstein-Batch does not disclose: wherein storing a secret share comprises storing an obfuscated version of the secret share. However, Finger-Wallrabenstein-Batch in view of Stockton discloses: wherein storing a secret share comprises storing an obfuscated version of the secret share. 
Refer to at least Col. 1, Ll. 39-44 of Stockton with respect to tokenizing secret shares. 
The teachings of Stockton likewise concern secret sharing, and are considered to be within the combinable with those of Finger-Wallrabenstein-Batch implementing such. 
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Finger-Wallrabenstein-Batch to further include tokenizing stored secret share data for at least the purpose of further securing cryptographic information from potential adversaries. 

Regarding claim 22, it is substantially similar to claim 11 above, and is therefore likewise rejected. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VADIM SAVENKOV whose telephone number is (571)270-5751. The examiner can normally be reached 12PM-8PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432                                                                                                                                                                                                        




/V.S/Examiner, Art Unit 2432