DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 08 August 2022 has been entered.

Status of Claims

In the amendment filed on 08 August 2022, the following changes have been made: amendment to claim 1. Claims 21-25 have been added.
Claims 1-7, 9-14, and 16-25 are currently pending and have been examined.

Information Disclosure Statement
The information disclosure statements (IDS) were submitted on 03/17/2022 and 06/16/2022. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement has been considered by the examiner.

Notice to Applicant
In light of the specification [0076], report is interpreted to also mean message or notification.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-7, 9-14, and 16-25 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.  
The claim(s) recite(s) subject matter within a statutory category as a process (claims 1-7 and 9-10), machine (claims 11-14 and 16-17), article of manufacture (claims 18-20), and process (claims 21-25) which recite steps of monitoring, using an artificial intelligence learning module stored in memory and executed by a processor, a plurality of access events to a health information of a user by one or more devices at a health information exchange server implemented over a blockchain network; identifying one or more criteria associated with a typical access pattern to the health information exchange server based on the plurality of access events; comparing a new access request from a device to the health information exchange server with the one or more criteria of access behavior associated with the typical access pattern to determine unusual access behavior corresponding to malicious attempts to breach the health information; and transmitting an encrypted report to the user in response to the unusual access behavior, wherein the encrypted report includes information derived from the new access request. Additionally, the limitation of claim 21 which recites and the one or more criteria related to insecure blockchain access behavior.

Step 2A Prong 1
These steps of enhancing security of data in a health care network, as drafted, under the broadest reasonable interpretation, includes methods of organizing human activity but for recitation of generic computer components. That is, other than reciting steps as performed by the generic computer components, nothing in the claim element precludes the italicized portions from performing commercial or legal interactions through the performance of a legal obligation of securing healthcare data.  For example, but for the language describing steps as performed by using a processor and a memory, everything else in the context of this claim human activity.  If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitations as organizing human activity but for the recitation of generic computer components, then it falls within the “Methods of Organizing Human Activity” grouping of abstract ideas. Accordingly, the claim recites an abstract idea.
Dependent claims recite additional subject matter which further narrows or defines the abstract idea embodied in the claims (such as claims 2-7, 9-10, 12-14, 16-17, 19-20, and 22-25, reciting particular aspects enhancing security of data in a health care network such as user’s health information comprising blood pressure, heart rate, and the number of steps moved per day, monitoring the plurality of access events by parsing a data request, comparing the access event with a datum stored in an insecure behavior database, providing a datum in the access request to a securer module when the datum has no match in an insecure behavior database, requesting an additional encrypted key when the access request is not a typical access pattern, storing the access request in an insecure behavior database for comparing with a another access request, stripping a user information from the access request and sending an alert with a new encryption to the user based on the user information, updating an insecure behavior database to include an access event of the plurality of access events when the access event does not fit a typical access pattern, updating an existing correlation with the access request when the access request is identified as an insecure behavior, identifying one or more particular criteria related to insecure blockchain access behavior, generating a new encryption key, sending a security alert and granting the access request when the data matches to one or more criteria are methods for organizing human activity but for recitation of generic computer components).  

Step 2A Prong 2
This judicial exception is not integrated into a practical application. In particular, the additional elements do not integrate the abstract idea into a practical application, other than the abstract idea per se, because the additional elements amount to no more than limitations which:
amount to mere instructions to apply an exception (such as recitation of monitoring, using an artificial intelligence learning module stored in memory and executed by a processor amounts to invoking computers as a tool to perform the abstract idea, see applicant’s specification [0027] to [0080], see MPEP 2106.05(f))
add insignificant extra-solution activity to the abstract idea (such as transmitting an encrypted report to the user in response to the unusual access behavior amounts to mere data gathering, see MPEP 2106.05(g))
generally link the abstract idea to a particular technological environment or field of use (such as a plurality of access events to health information of a user by one or more devices at a health information exchange server implemented over a blockchain network, see MPEP 2106.05(h))

Dependent claims 2-7, 9-10, 12-14, 16-17, 19-20, and 22-25 recite additional subject matter which amount to limitations consistent with the additional elements in the independent claims (such as claims 3-5, 7, 10, 12, 14, 16-17, and 19-20 additional limitations which amount to invoking computers as a tool to perform the abstract idea, claims 2 and 22 additional limitations which add insignificant extra-solution activity to the abstract idea which amounts to mere data gathering and claims 6, 13, and 23-25 additional limitations which generally link the abstract idea to a particular technological environment or field of use). Looking at the limitations as an ordered combination adds nothing that is not already present when looking at the elements taken individually. There is no indication that the combination of elements improves the functioning of a computer or improves any other technology.  Their collective functions merely provide conventional computer implementation and do not impose a meaningful limit to integrate the abstract idea into a practical application.

Step 2B
The claim(s) do not include additional elements that are sufficient to amount to significantly more than the judicial exception.  As discussed above with respect to discussion of integration of the abstract idea into a practical application, the additional elements amount to no more than mere instructions to apply an exception and add insignificant extra-solution activity to the abstract idea.  Additionally, the additional limitations, other than the abstract idea per se, amount to no more than limitations which:
amount to elements that have been recognized as well-understood, routine, and conventional activity in particular fields such as transmitting an encrypted report to the user in response to the unusual access behavior, e.g., receiving or transmitting data over a network, Symantec, MPEP 2106.05(d)(II)(i).
Dependent claims recite additional subject matter which, as discussed above with respect to integration of the abstract idea into a practical application, amount to invoking computers as a tool to perform the abstract idea.  Dependent claims recite additional subject matter which amount to limitations consistent with the additional elements in the independent claims. Looking at the limitations as an ordered combination adds nothing that is not already present when looking at the elements taken individually. There is no indication that the combination of elements improves the functioning of a computer or improves any other technology. Their collective functions merely provide conventional computer implementation.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1, 3-4, 7, 9, 11, 14, 16, and 18-19 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Aunger et al. (US20180211058A1).
Regarding claim 1, Aunger discloses monitoring, using an artificial intelligence learning module stored in memory and executed by a processor, a plurality of access events to a health information of a user by one or more devices at a health information exchange server implemented over a blockchain network ([0035] “For example, the system can monitor indications of trust across many patients, and can determine, for example, that a podiatrist requests access to specific additional portions of a health record at a rate greater than a particular threshold rate.” [0045] “Applications may further be automated, for example machine learning based applications may be utilized to request medical information and then analyze the medical information.” [0225] “Such software code may be stored, partially or fully, on a memory device of the executing computing device.” [0155] “Optionally, the system can maintain the information as a blockchain.”)
identifying one or more criteria associated with a typical access pattern to the health information exchange server based on the plurality of access events ([0053] “For example, certain conditions or constraints must be recognized for access.”)
comparing a new access request from a device to the health information exchange server with the one or more criteria of access behavior associated with the typical access pattern to determine unusual access behavior corresponding to malicious attempts to breach the health information ([0192] “Based on monitoring the record information, the system may determine that the medical professional has not undergone certification within the periodic amount of time. The system can therefore block access to medical information of patients that have undergone the particular procedure.”)
and transmitting an encrypted report to the user in response to the unusual access behavior ([0030] “For example, the requested information may be encrypted and the system may route the encrypted information to intended recipients according to information included in packets being provided.”) 
wherein the encrypted report includes information derived from the new access request ([0156] “The system provides information describing access (block 1006).”)
Regarding claim 3, Aunger discloses wherein monitoring the plurality of access events to the health information of the user includes parsing a data request to determine a relevant data based on a predefined criterion ([0069] “The application may provide requests to the medical trust system 100 indicating particular features or search queries…... The medical trust system 100 may parse the requests and analyze features of patients. The medical trust system 100 can then provide responses associated with the application, for example anonymized information.”)
and sending the relevant data to a historical activity database ([0124] “The system can then update one or more databases or one or more storage subsystems.”)
Regarding claim 4, Aunger discloses comparing the access request with a datum stored in an insecure behavior database ([0121] “The system obtains the responses to the requests, and compares the responses to information associated with health records.”)
and storing the access request in the insecure behavior database when the access request at least partially matches the datum ([0139] “The doctor 726 can scan the QR code, and indicate trust is to be provided to the patient. The medical trust system 100 may then store information associated with the trust….”)
Regarding claim 7, Aunger discloses storing the access request in an insecure behavior database for comparing with another access request ([0049] “Upon receipt of the request 152, the medical trust system 100 can determine whether the medical professional 154 has been trusted to access medical information indicated in the request 152….. The medical trust system 100 can store information describing trust…”)
Regarding claim 9, Aunger discloses updating an insecure behavior database to include an access event of the plurality of access events when the access event does not fit a typical access pattern ([0074] “For updated, or additional, information received by the medical trust system 100, the medical trust system 100 can indicate that the information is to be trusted for future access by the medical professional 154. For example, the medical trust system 100 can cause updated, or additionally included, information to be automatically associated with the medical professional 154, such that no further trust action is required by the patient.”)
Regarding claim 11, Aunger discloses one or more processors ([0125] “For convenience, the process 700 will be described as being performed by a user device of one or more processors.”)
a memory communicatively coupled to the one or more processors and storing instructions which, when executed by the one or more processors ([0225] “Such software code may be stored, partially or fully, on a memory device of the executing computing device. Software instructions may be embedded in firmware, such as an EPROM. It will be further appreciated that hardware modules may be comprised of connected logic units, such as gates and flip-flops, and/or may be comprised of programmable units, such as programmable gate arrays or processors.”)
monitor a plurality of access events to a health information of a user by one or more devices at a health information exchange server implemented over a blockchain network ([0035] “For example, the system can monitor indications of trust across many patients, and can determine, for example, that a podiatrist requests access to specific additional portions of a health record at a rate greater than a particular threshold rate.” [0155] “Optionally, the system can maintain the information as a blockchain.”)
identify one or more criteria associated with a typical access pattern to the health information exchange server based on the plurality of access events ([0053] “For example, certain conditions or constraints must be recognized for access.”)
compare a new access request from a device to the health information exchange server with the one or more criteria of access behavior associated with the typical access pattern to determine unusual access behavior corresponding to malicious attempts to breach the health information ([0192] “Based on monitoring the record information, the system may determine that the medical professional has not undergone certification within the periodic amount of time. The system can therefore block access to medical information of patients that have undergone the particular procedure.”)
and transmit an encrypted report to the user in response to the unusual access behavior ([0030] “For example, the requested information may be encrypted and the system may route the encrypted information to intended recipients according to information included in packets being provided.”) 
wherein the encrypted report includes information derived from the new access request ([0156] “The system provides information describing access (block 1006).”)
Regarding claim 14, the limitations are rejected for the same reasons as stated above for claim 7.
Regarding claim 16, the limitations are rejected for the same reasons as stated above for claim 9.
Regarding claim 18, Aunger discloses a non-transitory, computer readable medium storing instructions which, when executed by a processor ([0224] “Each of the processes, methods, and algorithms described in the preceding sections may be embodied in, and fully or partially automated by, code modules executed by one or more computer systems or computer processors comprising computer hardware. The code modules (or “engines”) may be stored on any type of, one or more, non-transitory computer-readable media (e.g., a computer storage product) or computer storage devices, such as hard drives, solid state memory, optical disc, and/or the like.”)
monitoring a plurality of access events to a health information of a user by one or more devices at a health information exchange server implemented over a blockchain network ([0035] “For example, the system can monitor indications of trust across many patients, and can determine, for example, that a podiatrist requests access to specific additional portions of a health record at a rate greater than a particular threshold rate.” [0155] “Optionally, the system can maintain the information as a blockchain.”)
identifying one or more criteria associated with a typical access pattern to the health information exchange server based on the plurality of access events ([0053] “For example, certain conditions or constraints must be recognized for access.”)
comparing a new access request from a device to the health information exchange server with the one or more criteria of access behavior associated with the typical access pattern to determine unusual access behavior corresponding to malicious attempts to breach the health information ([0192] “Based on monitoring the record information, the system may determine that the medical professional has not undergone certification within the periodic amount of time. The system can therefore block access to medical information of patients that have undergone the particular procedure.”)
and transmitting an encrypted report to the user in response to the unusual access behavior ([0030] “For example, the requested information may be encrypted and the system may route the encrypted information to intended recipients according to information included in packets being provided.”) 
wherein the encrypted report includes information derived from the new access request ([0156] “The system provides information describing access (block 1006).”)
Regarding claim 19, the limitations are rejected for the same reasons as stated above for claim 3.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Aunger et al. (US20180211058A1) in view of Ogawa et al. (US20010031031A1). 
Regarding claim 2, Aunger discloses wherein the health information of the user includes blood pressure, heart rate… ([0029] “The example information may include location data, heart rate data…. blood pressure….”)

Aunger does not explicitly disclose however Ogawa teaches and number of steps moved per day ([0046] “When the display part 10 displays totals through the display switching button 11, the display is switched to the total number of steps, the total number of days and the average number of steps per day every time the set/↑ button 13 is pressed, as shown in FIGS. 6A to 6C.”)

Therefore, it would have obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to expand Aunger’s techniques for trust based access to records with Ogawa’s techniques for a pedometer. The motivation for the combination of Aunger and Ogawa is to help create a health profile that can be used for validation during an access request (See Ogawa, Background).
Claims 5, 12, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Aunger et al. (US20180211058A1) in view of Raisch (US20120246483A1). 
Regarding claim 5, Aunger does not explicitly disclose however Raisch teaches wherein comparing the access request with a typical access pattern includes providing a datum in the access request to a securer module when the datum has no match in an insecure behavior database ([0035] “The timed authentication system 100 can include an authentication module 110.” [0062] “Similarly, if the determination made at decision block 468 is NO, processing continues to decision block 472. At decision block 472, a determination is made whether the received authentication datum matches a known authentic value of a corresponding authentication datum.”)

Therefore, it would have obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to expand Aunger’s techniques for trust based access to records with Raisch’s techniques for an authentication system. The motivation for the combination of Aunger and Raisch is to selectively provide access based on comparison of access request (See Raisch, Abstract).
Regarding claim 12, the limitations are rejected for the same reasons as stated above for claim 5.
Regarding claim 20, the limitations are rejected for the same reasons as stated above for claim 5.
Claims 6 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Aunger et al. (US20180211058A1) in view of Epstein et al. (US6694025B1). 
Regarding claim 6, Aunger does not explicitly disclose however Epstein teaches requesting an additional encrypted key when the access request is not a typical access pattern ([Col. 6] “As discussed above, and presented here for completeness, upon a request by the administrator, the next available public key 212 and encrypted private key 211 are communicated from the list 260 at the server processor 150.”)


Therefore, it would have obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to expand Aunger’s techniques for trust based access to records with Epstein’s techniques for distribution of public/private key pairs. The motivation for the combination of Aunger and Epstein is to securely distribute and ensure that the public/private key is used by the designated user (See Epstein, Abstract).
Regarding claim 13, the limitations are rejected for the same reasons as stated above for claim 6.
Claims 10, 17, 21-22, and 25 are rejected under 35 U.S.C. 103 as being unpatentable over Aunger et al. (US20180211058A1) in view of Seger II et al. (US20170228371A1). 
Regarding claim 10, Aunger does not explicitly disclose however Seger II teaches updating an existing correlation with the new access request when the new access request is identified as an insecure behavior ([0057] “The pre-submission of a message's hash before submission of the message may mean the hash may be codified into several different blockchains as it becomes simultaneously visible to both the adversary and the codification processes. Dynamically re-writing multiple blockchain simultaneously without being overwhelmed by one of the codifiers is the cost of altering that hash for an attacker.”)

Therefore, it would have obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to expand Aunger’s techniques for trust based access to records with Seger II’s techniques for a blockchain enhanced database. The motivation for the combination of Aunger and Seger II is to enhance the security of a blockchain while also solving data storage problems through coupling with a database (See Seger II, Abstract).
Regarding claim 17, the limitations are rejected for the same reasons as stated above for claim 10.
Regarding claim 21, Aunger discloses monitoring, using an artificial intelligence learning module stored in memory and executed by a processor, a plurality of access events to a health information of a user by one or more devices at a health information exchange server implemented over a blockchain network ([0035] “For example, the system can monitor indications of trust across many patients, and can determine, for example, that a podiatrist requests access to specific additional portions of a health record at a rate greater than a particular threshold rate.” [0045] “Applications may further be automated, for example machine learning based applications may be utilized to request medical information and then analyze the medical information.” [0225] “Such software code may be stored, partially or fully, on a memory device of the executing computing device.” [0155] “Optionally, the system can maintain the information as a blockchain.”)
identifying one or more criteria associated with a typical access pattern to the health information exchange server based on the plurality of access events…… ([0053] “For example, certain conditions or constraints must be recognized for access.”)
comparing a new access request from a device to the health information exchange server with the one or more criteria of access behavior associated with the typical access pattern……to determine unusual access behavior corresponding to malicious attempts to breach the health information ([0192] “Based on monitoring the record information, the system may determine that the medical professional has not undergone certification within the periodic amount of time. The system can therefore block access to medical information of patients that have undergone the particular procedure.”)
and transmitting an encrypted report to the user in response to the unusual access behavior ([0030] “For example, the requested information may be encrypted and the system may route the encrypted information to intended recipients according to information included in packets being provided.”) 
wherein the encrypted report includes information derived from the new access request ([0156] “The system provides information describing access (block 1006).”)


Aunger does not explicitly disclose however Seger II teaches….and the one or more criteria related to insecure blockchain access behavior… [0041] “Here, the adversary uses their position in the system to intercept the recipient's request for valid messages, instead responding with their own unauthorized message.”)
 ….and the one or more criteria related to insecure blockchain access behavior… [0041] “Here, the adversary uses their position in the system to intercept the recipient's request for valid messages, instead responding with their own unauthorized message.”)

Therefore, it would have obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to expand Aunger’s techniques for trust based access to records with Seger II’s techniques for a blockchain enhanced database. The motivation for the combination of Aunger and Seger II is to enhance the security of a blockchain while also solving data storage problems through coupling with a database (See Seger II, Abstract).
Regarding claim 22, Aunger does not explicitly disclose however Seger II teaches wherein the one or more criteria related to insecure blockchain access behavior include at least one of accessing multiple unrelated blocks, remaining logged in with a private key too long, suspected spoofing, downloading of too much information, and accessing too many points of access ([0045] “Here the adversary uses their compromise of the system's cryptographic keys to spoof the identity of the appropriate sender, craft their desired message, and submit it normally to the system.”)

Therefore, it would have obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to expand Aunger’s techniques for trust based access to records with Seger II’s techniques for a blockchain enhanced database. The motivation for the combination of Aunger and Seger II is to enhance the security of a blockchain while also solving data storage problems through coupling with a database (See Seger II, Abstract).
Regarding claim 25, Aunger discloses granting the access request when the data matches or correlates to database containing the one or more criteria related to insecure blockchain access behavior ([0157] “Additionally, the blockchain may be store trust information. For example, as a patient trusts new medical professionals, the blockchain can be updated to record the trust.” [0168] “Based on being positively identified, the medical trust system 100 can provide one or more certificates for local storage on the patient's user device. A certificate can provide an ongoing validation that an operator of the user device is associated with particular medical records…... That is, the authorized token enables access to the personally identifiable information, but the token itself does not identify a name of the patient.”)
Claims 23 is rejected under 35 U.S.C. 103 as being unpatentable over Aunger et al. (US20180211058A1) in view of Seger II et al. (US20170228371A1) and further in view of Epstein (US20020124176A1). 
Regarding claim 23, Aunger in view of Seger II does not explicitly disclose however Epstein teaches updating an existing correlation with the new access request when the new access request is identified as an insecure behavior ([0024] “Upon discovery of a breach of security, for example a mysterious disappearance of the token 200, the token 200 can be invalidated by a mere removal of the public key U 331 from the database of authorized users' public keys 330. A new token 200′ can then be issued to the user, using a new pair of keys U′, V′.”)

Therefore, it would have obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to expand Aunger’s techniques for trust based access to records with Seger II’s techniques for a blockchain enhanced database and Epstein’s techniques for authentication and access control. The motivation for the combination of Aunger, Seger II, and Epstein is to uniquely identify and control access to individuals (See Epstein, Abstract).
Claims 24 is rejected under 35 U.S.C. 103 as being unpatentable over Aunger et al. (US20180211058A1) in view of Seger II et al. (US20170228371A1) and further in view of Raisch (US20120246483A1). 
Regarding claim 24, Aunger in view of Seger II does not explicitly disclose however Raisch teaches and waiting for permission to be granted to the health information of the user on the different device ([0008] “The computer-implemented can further comprise receiving a first request to access the computing resource; determining a first access request time associated with the first request to access the computing resource…”)

Therefore, it would have obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to expand Aunger’s techniques for trust based access to records with Seger II’s techniques for a blockchain enhanced database and Raisch’s techniques for an authentication system. The motivation for the combination of Aunger, Seger II, and Raisch is to selectively provide access based on comparison of access request (See Raisch, Abstract).


Response to Arguments
Applicant’s arguments filed on 08 August 2022 have been considered but are not fully persuasive.
Regarding the 101 rejection, the applicant argues on pages 8 to 10 that under Step 2A Prong 1 the Final Office Action failed to state the specific claimed elements that allegedly correspond to abstract ideas and because of this the 101 rejection should be withdrawn and the final office action was improper. The applicant then disagrees with the conclusion that the applicant's invention is performing a legal obligation as required HIPAA law. Applicant asserts that with this false reasoning, most inventions that include medical data would be abstract and patent ineligible points to examiner’s allowed patents U.S. Pat. Num. 11,238,980 and U.S. Pat. Num. 11,177,034, applications with claims that include health data subject to HIPAA are not per se abstract. Applicant then argues that the monitoring limitation in the claim is not human activity and asserts that a human cannot monitor network traffic. Applicant points to USPTO Example 40 where the additional limitations in this example were found to be additional elements. Applicant states that examiner failed to address claims 11 & 18 and requests withdrawal of the 101 rejection.
Examiner disagrees with the applicant’s arguments. Examiner asserts that the previous 101 rejection was not flawed and clearly referenced the italicized claim limitations under the Step 1 header with the following language: “These steps of enhancing security of data in a health care network, as drafted, under the broadest reasonable interpretation, includes methods of organizing human activity but for recitation of generic computer components. That is, other than reciting steps as performed by the generic computer components, nothing in the claim element precludes…..” Presently, the examiner has included the language of italicized to help the applicant further understand what limitations the examiner is referring to. Examiner also points out that claims 11 and 18 have been addressed in the analysis as they recite substantially similar limitations to claim 1. With new claim 21, examiner has clearly indicated how the added limitation of “one or more
criteria related to insecure blockchain access behavior” is being interpreted. In regards to the applicant’s arguments on HIPAA law and the referenced patents, examiner acknowledges the argument. Examiner will not go into the details of the merits of the referenced cases, but points out that the common trend is that the claims can be directed to the judicial exception under Step 1. However, it is the analysis under Step 2A and Step 2B which helps overcome the 101 rejections. As the examiner will point out later in the 101 arguments, the applicant’s claims lacks substantial limitations that helps shifts the claim(s) away from the abstract idea. The claims are recited at a very high level of generality. Examiner points to the October 2019 Guidance which states that “Claims can recite a mental process (human activity in this case) even if they are claimed as being performed on a computer.” The guidance also states to review the specification and upon such review the applicant is merely using a computer in the present application as a tool to perform the invention because the claim lacks specificity on how the artificial intelligence module is actually performing the monitoring and/or how the blockchain transaction or access behavior is being monitored (and later identified and compared) on the blockchain network. In FairWarning IP, LLC v. Iatric Sys., 839 F.3d 1089, 1095, 120 USPQ2d 1293, 1296 (Fed. Cir. 2016), “the court first found the claims were directed to a patent-ineligible abstract idea: “the concept of analyzing records of human activity to detect suspicious behavior.” This concept, the court explained, “is a basic and well-established abstract idea.” Likewise, the applicant’s claims of identifying and determining unusual access behavior corresponding to malicious attempts to breach the health information are an abstract idea. Examiner points to [0063] of the specification which clearly states that the human mind may be used to put all pieces together but may help form a picture of what an attacker may be up to within an organization's network. Furthermore, [0066] of the specification states that “The human element may include security analysts who analyze trends, patterns in data, behaviors, and reports.” These admissions in the applicant’s specification helps strengthen the examiner’s analysis and clearly shows that the 101 analysis in the final action was not without reason. In response to the applicant’s arguments that a human cannot perform the limitation of “monitoring, using an artificial intelligence learning module stored in memory and executed by a processor, a plurality of access events to a user's health information of a user by one or more devices to determine a typical access pattern, wherein the user's health information is managed by at a health information exchange server implemented server implemented over a blockchain network” this limitation should be an additional element, examiner points out that the final action indeed considered the monitored limitation as an additional element since it was evaluated under Step 2A Prong 2 and Step 2B. Presently, even when considered as an additional element, the monitoring limitation still does not integrate the judicial exception into a practical application.


On pages 10 to 16 the applicant argues that the present claims are integrated into a practical application. The applicant states that the final office action made a flawed analysis where it failed to state specific limitations that are additional elements and also failed to respond to the applicant’s transformation argument. In regards to the limitations amounting to using computers as a tool and adding insignificant extra solution activity, the applicant argues that the examiner has failed in not considering the combination of additional elements and asserts that when viewed as a whole the claims are directed at the practical application. The applicant then argues that in considering the improvement under Step 2A Prong 2, the examiner repeatedly states "appears". The Examiner has failed to perform a proper analysis
of determining the facts of instant application. Applicant asserts that just because an
invention has a judicial exception does not mean the claim invention is not an improvement in a computer and states that the Examiner has not stated what this supposed judicial exception improvement is. In response to the examiner’s argument that the invention is applying off-the-shelf blockchain to conventionally monitor, store, and track data & activity, applicant states that the statement is factually baseless and that if there was support examiner would have easily found a 35 U.S.C. 102 reference to teach the invention instead of using a group of references under USC 103. Applicant then disagrees with the statement that the invention improves efficiency not being sufficient to show an improvement in computer functionality by stating that the statement is factually baseless and demonstrates the weak position of the examiner. Applicant states that the cited [0008] by the examiner is a setup problem that the invention will solve and that the improvements are taught in the remainder of the specification. Additionally, applicant asserts that FairWarning does not apply to this invention as FairWarning's sole improvement was based on the capabilities of a general-purpose computer while this invention has multiple improvements to computer functionality. Specifically, one of the many possible improvements is the enhancement of the security for a health care network by monitoring for data breaches and unusual activity. Furthermore, applicant states that 
a person or ordinary skill in the art would appreciate a few of many possible technical benefits of not having an intruder on the network include saving the resources an intruder would waste (e.g., wasted computer memory, wasted CPU bandwidth, wasted network bandwidth, etc.), thereby improving the computer's performance a tangible consequence. Applicant then points to USPTO Example 42 to assert that the additional elements of example 42 are similar in nature to the additional elements in the recited subject matter. Applicant also points to Example 40 for support and states that because of the aforementioned reasons, the present claims are therefore patent-eligible under prong 2 of step 2A without further analysis.


Examiner disagrees with the applicant’s argument. Examiner asserts that no flawed analysis was performed and that applicant has a broad understanding and seems to misinterpret USPTO guidance. In the final office action examiner has clearly stated the additional elements and properly evaluated them under Step 2A Prong 2 while considering the combination of additional elements as a whole. The examiner has previously indicated that the applicant is using computers as a tool to perform the invention and now furthermore asserts that the applicant is also generally linking to a particular filed and technological environment. Also, the examiner has addressed the transformation argument by asserting that the invention does not show how the improvement is actually done and uses generic computer components to bolster efficiency; transformation aspect will further be elaborated on to help the applicant clear any misinterpretations of the USPTO guidance. Applicant generically states that that the improvements in the invention are taught in the remainder of the specification, but absolutely fails to cite or provide evidence which supports this assertion. The MPEP provides that improvements to the functioning of a computer or to any other technology or technical field can signal eligibility, see MPEP 2106.05(a), and provides examples of improvements to computer functionality, MPEP 2106.05(a)(I), and improvements to any other technology of technical field, MPEP 2106.05(a)(I). “In computer-related technologies, the examiner should determine whether the claim purports to improve computer capabilities or, instead, invokes computers merely as a tool”. Enfish, LLC v. Microsoft Corp., 822 F.3d 1327, 1336, 118 USPQ2d 1684, 1689 (Fed. Cir. 2016). In Enfish, the court evaluated the patent eligibility of claims related to a self-referential database. Id. The court concluded the claims were not directed to an abstract idea, but rather an improvement to computer functionality. Id. It was the specification' s discussion of the prior art and how the invention improved the way the computer stores and retrieves data in memory in combination with the specific data structure recited in the claims that demonstrated eligibility. 822 F.3d at 1339, 118 USPQ2d at 1691. The claim was not simply the addition of general purpose computers added post-hoc to an abstract idea, but a specific implementation of a solution to a problem in the software arts. 822 F.3d at 1339, 118 USPQ2d at 1691. Unlike Enfish, the instant claimed invention appears to improve upon a judicial exception rather than a problem in the software arts. Rather than improving a computer's algorithm, artificial intelligence module, or the blockchain network to improve data security, the claimed invention purports to improve the security of data in a healthcare network by applying off-the-shelf artificial intelligence and blockchain to conventionally monitor, store, and track data activity. The claimed invention appears similar to the example of improvements that are insufficient to show an improvement in computer-functionality such as arranging transactional information on a graphical user interface in a manner that assists traders in processing information more quickly, Trading Technologies v. IBG LLC, 921 F.3d 1084, 1093-94, 2019 USPQ2d 138290 (Fed. Cir. 2019). See MPEP 2106.05(a)(I)(viii). Additionally, improving efficiency ([0008] of the applicant’s specification) is not sufficient to show an improvement in computer functionality as set forth by the courts in FairWarning IP, LLC v. Iatric Sys., 839 F.3d 1089, 1095, 120 USPQ2d 1293, 1296 (Fed. Cir. 2016); accelerating a process of analyzing audit log data when the increased speed comes solely from the capabilities of a general-purpose computer. Examiner also points out that the applicant has stated on record in page 15 of the arguments that “person or ordinary skill in the art would appreciate a few of many possible technical benefits of not having an intruder on the network include saving the resources an intruder would waste (e.g., wasted computer memory, wasted CPU bandwidth, wasted network bandwidth, etc.), thereby improving the computer's performance a tangible consequence.” This strongly supports the examiner’s assertion as this statement lacks any support in the specification. The applicant has also not explained as to why one of ordinary skill in the art would not deduce that saving computing resources and improving efficiency would come solely from the capabilities of a general-purpose computer. Examiner points out that the claimed limitations have no indication in the specification that the operations recited invoke any inventive programming, require any specialized computer hardware or other inventive computer components, i.e., a particular machine, or that the claimed invention is implemented using other than generic computer components to perform generic computer functions. See DDR Holdings, LLC v. Hotels.com, L.P., 773 F.3d 1245, 1256 (fed Cir. 2014) (“[A]fter Alice, there can remain no doubt: recitation of generic computer limitations does not make an otherwise ineligible claim patent-eligible.”) The examiner also points out that there is no indication in the specification that the claimed invention affects a transformation or reduction of a particular article to a different state or thing. The claims state at a high level of generality that monitoring is performed and then a report is transmitted, but does not specify how the data is transformed. This is unlike Example 41 which specifically claims how each of the plaintext word signals are being transformed to one or more message blocks before being transmitted. In regards to Example 42, the examiner points out that the combination of elements recited a specific improvement over prior art systems by allowing remote users to share information in real time in a standardized format regardless of the format in which the information was input by the user. This is unlike the present application which does not solve a technological problem; specifically, applicant solves the problem of efficiently monitoring malicious behavior and breaches ([0008] of specification) which the applicant has stated in [0063] and [0066] can be performed by humans. Furthermore, Example 42 explicitly recites the term “real time” in the claim language while the present application has no such recitation in the claims. In regards to Example 40, examiner points out that the present limitations are similar to claim 2 rather than claim 1 which provided a specific improvement over prior art system, resulting in improved network monitoring. As set forth by the courts, additional elements are considered more than “apply it” or are not “mere instructions” when the claim recites a technological solution to a technological problem (MPEP 2106.05(f)). For instance, in Finjan, Inc. v. Blue Coat Systems the courts found that the claims were “directed to a non-abstract improvement in computer functionality…” (MPEP 2106.04(d)). The present invention neither improves a computer functionality nor solves a technological problem. 


The applicant argues on pages 16 to 18 that under Step 2B the claims the cited Symantec case does state an encrypted report. Applicant also states that the limitations in Example 40 and Example 41 are not well-understood, routine, and convention nor patent ineligible. In regards to the citation of Flook, applicant states that Flook is limited to a formula not analogous to the comparing limitation. Applicant then states that the final action is flawed since it has not considered the whole limitation of the monitoring aspect. Furthermore, in regards to the Saxena reference, the applicant cites MPEP 2106.07(a)(IIl)(C) and states that US patents and published applications are not sufficient to demonstrate that the additional element is well-understood, routine, conventional, unless the patent or published application demonstrates that the additional element is widely prevalent or in common use in the relevant field. Applicant would like the written record of this application to show both the examiner’s prior reversal in a Pre-Brief Appeal Conference for App. Num.
15/999,135 (Now U.S. Pat. Num. 11,361,381) in which the Examiner's 101 analysis was reversed. Similarly, the analysis in that application contained the same mistake of only citing one reference to show an additional element is well-understood, routine, and conventional activity. The applicant requests withdrawal of the 101 rejection. 

Examiner disagrees with the applicant’s argument. Examiner agrees with the applicant that Symantec has been cited the present claims which state an encrypted report and the court case is relevant since it discloses a computer function the courts have recognized as well‐understood, routine, and conventional functions. As explained previously, the present claims are not similar to claim 1 of Example 40 and Example 41, but rather claim 2 of Example 40. As discussed with respect to Step 2A Prong Two, the additional elements in the claim amount to no more than mere instructions to apply the exception using a generic computer component. The same analysis applies here in 2B, i.e., mere instructions to apply an exception on a generic computer cannot integrate a judicial exception into a practical application at Step 2A or provide an inventive concept in Step 2B. In the present application, the transmitting step was considered to be extra-solution activity in Step 2A, and thus it was re-evaluated in Step 2B to determine if it is more than what is well-understood, routine, conventional activity in the field. As stated previously, Symantec was cited as mere transmitting over a network is a well‐understood, routine, and conventional function when it is claimed in a merely generic manner. In regards to citing patents and published applications, Examiner points out that it is not incorrect to cite them if the patent or published application demonstrates that the additional element is widely prevalent or in common use in the relevant field. In light of the added limitations, examiner has not cited art as new art has been used for the art rejection. The examiner also points out that the monitoring limitation is presently not interpreted as insignificant extra solution activity. The use of a computer or other machinery in its ordinary capacity for economic or other tasks or simply adding a general purpose computer or computer components after the fact to an abstract idea does not provide significantly more. See Affinity Labs v. DirecTV, 838 F.3d 1253, 1262, 120 USPQ2d 1201, 1207 (Fed. Cir. 2016) (cellular telephone); TLI Communications LLC v. AV Auto, LLC, 823 F.3d 607, 613, 118 USPQ2d 1744, 1748 (Fed. Cir. 2016) (computer server and telephone unit). Therefore, the 101 rejection is maintained.
Regarding the 103 rejection, Applicant’s arguments with respect to claim(s) 1-7, 9-14, and 16-25  have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.


Prior Art Cited but not Relied Upon
The following document(s) were found relevant to the disclosure but not applied:
Zhuang, Y., Sheets, L. R., Chen, Y. W., Shae, Z. Y., Tsai, J. J., & Shyu, C. R. (2018). A patient-centric health information exchange framework using blockchain technology. IEEE journal of biomedical and health informatics, 24(8), 2169-2176.

This reference is relevant since is describes improving Satoshi’s blockchain using smart contracts to resolve and privacy and security vulnerabilities.

Conclusion



 Any inquiry concerning this communication or earlier communications from the examiner should be directed to WINSTON FURTADO whose telephone number is (571)272-5349. The examiner can normally be reached Monday-Friday 8:00 AM to 4:00 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jason B. Dunham can be reached on (571)-272-8109. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/W.F./Examiner, Art Unit 3626                                                                                                                                                                                                        
/JOSHUA B BLANCHETTE/Primary Examiner, Art Unit 3626