DETAILED ACTION
This first non-final office action is in response to applicants’ preliminary amendment filed on 04/13/2022 which canceled Claim 1 and added new Claims 2-21.  Therefore, Claims 2-21 are currently pending and have been considered as follows.
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 06/01/2022 has been placed in the application file, and the information referred therein has been considered as to the merits.
Drawings
The drawings filed on 04/01/2022 are accepted.
Claim Objections
Claims 16 and 20 are objected to because of the following informalities:
Claim 16 line 3 recites “with the a first level of access control” which should be corrected as “with [[the]] a first level of access control”;
Claim 20 line 4 recites “with the a first level of access control” which should be corrected as “with [[the]] a first level of access control”;
Appropriate correction is required.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Parent Patent No. 8,769,625 C1
Claims 2-4, 6, 7, 9-15, 17-19, and 21 are non-provisionally rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over Claims 1, 5, 6, 16, 17, 22, 24, 30, 32, 33, 37, 38, and 48 of parent U.S. Patent No. 8,769,625 C1 (common inventive entity and assignee).  Although the conflicting claims are not identical, they are not patentably distinct from each other because it is clear that all the elements of the instant application claims 2-4, 6, 7, 9-15, 17-19, and 21 are to be found in the parent patent claims 1, 5, 6, 16, 17, 22, 24, 30, 32, 33, 37, 38, and 48.  The difference between the application claims and the patent claims lies in the fact that the patent claims include more elements and are more specific.  Thus, the invention of claims 1, 5, 6, 16, 17, 22, 24, 30, 32, 33, 37, 38, and 48 of the patent is in effect a “species” of the “generic” invention of the instant application claims 2-4, 6, 7, 9-15, 17-19, and 21.  It has been held that the generic invention is “anticipated” by the “species”.  See In re Goodman, 29 USPQ2d 2010 (Fed. Cir. 1993).  The following Claims Comparison Table illustrates the anticipatory relationship of the claims at issue.
Instant Application:
15/910,276
U.S. Patent No. 8,769,625 C1
(common inventive entity and assignee)
Claim 2:
A system comprising:
a network device;
multiple medical machines connected to the network device over a network; and 
one or more client devices connected to the network device over the network, wherein the network device is configured to perform operations comprising: receiving, from a client device in the one or more client devices, a request to connect to at least one of the multiple medical machines; determining, based on an access control list, that the client device is authorized to access one or more particular medical machines, wherein the access control list indicates which client devices have authorization to access which medical machines; receiving designations of respective levels of access control to each of the one or more particular medical machines; and transferring, through the network, and between the client device and at least one medical machine in the one or more particular medical machines, information pertaining to one or more of an operation of the at least one medical machine or an operation of the client device in accordance with the designation received for the at least one medical machine.
Claim 17:
A system comprising:
a server;
a first dialysis machine configured to connect to the server;
a second dialysis machine configured to connect to the server;
a first client device configured to connect to the server; and
a second client device configured to connect to the server, wherein the server is configured to:
maintain an access control list to determine whether the first client device is authorized to connect to the first dialysis machine, and whether the second client device is authorized to connect to the second dialysis machine;
provide a connection for transfer of data between the first dialysis machine and the first client device;
provide a connection for transfer of data between the second dialysis machine and the second client device;
establish a first network connection with the first dialysis machine;
establish a second network connection with the second dialysis machine;
receive a designation of a level of access to the first dialysis machine granted to the first client device;
receive a designation of a level of access to the second dialysis machine granted to the second client device;
receive, from the first client device, a request to access the first dialysis machine;
receive, from the second client device, a request to access the second dialysis machine;
authorize the first client device to access the first dialysis machine;
authorize the second client device to access the second dialysis machine;
receive, from the first dialysis machine, information pertaining to an operation of the first dialysis machine;
receive, from the second dialysis machine, information pertaining to an operation of the second dialysis machine; provide, to the first client device, the information pertaining to the operation of the first dialysis machine; and
provide, to the second client device, the information pertaining to the operation of the second dialysis machine… 

Claim 3:
The system of claim 2, wherein the one or more particular medical machines include a first medical machine and a second medical machine.

Claim 17:
… a first dialysis machine configured to connect to the server;
a second dialysis machine configured to connect to the server;

Claim 4:
The system of claim 3, wherein transferring the information includes transferring information between the client device and the first medical machine in accordance with the designation received for the first medical machine, and transferring information between the client device and the second medical machine in accordance with the designation received for the second medical machine.
Claim 17:
… receive a designation of a level of access to the first dialysis machine granted to the first client device;
receive a designation of a level of access to the second dialysis machine granted to the second client device;
receive, from the first client device, a request to access the first dialysis machine… receive, from the first dialysis machine, information pertaining to an operation of the first dialysis machine;
receive, from the second dialysis machine, information pertaining to an operation of the second dialysis machine; provide, to the first client device, the information pertaining to the operation of the first dialysis machine; and
provide, to the second client device, the information pertaining to the operation of the second dialysis machine…
Claim 6:
The system of claim 2, wherein the network device is further configured to update the access control list by updating authorization of the client devices to access respective medical machines.
Claim 5:
The method of claim 1, wherein authorizing the first and second client devices comprises using an access control list stored on the data processor.

Claim 6:
The method of claim 5, wherein the access control list is configured to allow updating of a set of client devices that are authorized to access the dialysis machine by updating, at the data processor, the access control list stored on the data processor.

Claim 7:
The system of claim 2, wherein the one or more particular medical machines form a first set of medical machines, and the operations further comprise:
receiving, from a second client device in the one or more client devices, a request to connect to one or more of the multiple medical machines; determining, based on the access control list, that the second client device is authorized to access a second set of medical machines, the second set of medical machines being different from the first set of medical machines in at least one medical machine; and
transferring, through the network, and between the second client device and at least one medical machine in the second set of medical machines, information pertaining to one or more of an operation of the medical machine or an operation of the second client device.
Claim 17:
… server is configured to:
maintain an access control list to determine whether the first client device is authorized to connect to the first dialysis machine, and whether the second client device is authorized to connect to the second dialysis machine… provide a connection for transfer of data between the second dialysis machine and the second client device… receive, from the second client device, a request to access the second dialysis machine… authorize the second client device to access the second dialysis machine… receive, from the second dialysis machine, information pertaining to an operation of the second dialysis machine… provide, to the second client device, the information pertaining to the operation of the second dialysis machine… 

Claim 9:
The system of claim 2, wherein transferring the information includes transferring commands from the client device to the at least one medical machine to control the medical machine virtually.
Claim 30:
The system of claim 29, wherein, when there is a conflict between the instructions received from the second client device for the second dialysis machine and the instructions received from the third client device for the second dialysis machine, the instructions received from the second client device are executed by the second dialysis machine, and the instructions received from the third client device are not executed by the second dialysis machine.
Claim 10:
The system of claim 2, wherein the level of access control associated with a medical machine includes allowing one or more of monitoring or controlling the medical machine over the network.
Claim 32:
The system of claim 17, wherein the level of access comprises authority to control and monitor the dialysis machine.
Claim 11:
The system of claim 2, wherein the access control list is stored on the network device.
Claim 17:
… wherein the server is configured to:
maintain an access control list to determine whether the first client device is authorized to connect to the first dialysis machine, and whether the second client device is authorized to connect to the second dialysis machine…

Claim 22:
The system of claim 17, wherein the access control list is configured to allow updating of a set of client devices that are authorized to access the dialysis machine by updating, at the server, the access control list stored on the server.
Claim 12:
The system of claim 2, wherein the network device and the client device are implemented on a user device.
Claim 17:
… a first client device 
Claim 24:
… wherein the server is at a clinic



Claim 13:
The system of claim 2, wherein each of the medical machines is configured to perform a respective dialysis treatment.
Claim 17:
… a first dialysis machine configured to connect to the server;
a second dialysis machine configured to connect to the server…
Claim 14:
A method executed by a computer, the method comprising:
receiving, from a client device, a request to connect to at least one of multiple medical machines;
determining, based on an access control list, that the client device is authorized to access one or more particular medical machines in the multiple medical machines, wherein the access control list indicates which client devices have authorization to access which medical machines;
receiving designations of respective levels of access control to each of the one or more particular medical machines; and
transferring, through a network, and between the client device and at least one medical machine in the one or more particular medical machines, information pertaining to one or more of an operation of the at least one medical machine or an operation of the client device in accordance with the designation received for the at least one medical machine
Claim 1:
A method performed by a data processor, the method comprising:
sending a first access request to a first dialysis machine, the first access request requesting access to the first dialysis machine;
sending a second access request to a second dialysis machine, the second access request requesting access to the second dialysis machine;
establishing a first network connection with the first dialysis machine;
establishing a second network connection with the second dialysis machine; receiving a designation of a level of access to each dialysis machine granted to the data processor;
receiving, from a first client device, a request to access the first dialysis machine;
receiving, from a second client device, a request to access the second dialysis machine;
authorizing the first client device to access the first dialysis machine; 
authorizing the second client device to access the second dialysis machine; receiving, from the first dialysis machine, information pertaining to an operation of the first dialysis machine;
receiving, from the second dialysis machine, information pertaining to an operation of the second dialysis machine; 
providing, to the first client device, the information pertaining to the operation of the first dialysis machine; and 
providing, to the second client device, the information pertaining to the operation of the second dialysis machine.

Claim 5:
The method of claim 1, wherein authorizing the first and second client devices comprises using an access control list stored on the data processor.

Claim 6:
The method of claim 5, wherein the access control list is configured to allow updating of a set of client devices that are authorized to access the dialysis machine by updating, at the data processor, the access control list stored on the data processor.
Claim 15:
The system of claim 2, wherein each of the medical machines is configured to perform a respective dialysis treatment.
Claim 1:
… sending a first access request to a first dialysis machine… sending a second access request to a second dialysis machine …
Claim 17:
The method of claim 14, wherein transferring the information includes transferring commands from the client device to the at least one medical machine to control the medical machine virtually.
Claim 16:
The method of claim 1, wherein the level of access comprises authority to control and monitor the dialysis machine.
Claim 18:
A non-transitory, computer-readable medium storing one or more instructions executable by a computer system to perform operations comprising:
receiving, from a client device, a request to connect to at least one of multiple medical machines;
determining, based on an access control list, that the client device is authorized to access one or more particular medical machines in the multiple medical machines, wherein the access control list indicates which client devices have authorization to access which medical machines;
receiving designations of respective levels of access control to each of the one or more particular medical machines; and transferring, through a network, and between the client device and at least one medical machine in the one or more particular medical machines, information pertaining to one or more of an operation of the at least one medical machine or an operation of the client device in accordance with the designation received for the at least one medical machine.
Claim 33:
A computer-readable storage device storing a computer program including instructions for causing a computer to: 
send a first access request to a first dialysis machine, the first access request requesting access to the first dialysis machine;
send a second access request to a second dialysis machine, the second access request requesting access to the second dialysis machine;
establish a first network connection with the first dialysis machine;
establish a second network connection with the second dialysis machine; receive a designation of a level of access to each dialysis machine granted to the computer; receive, from a first client device, a request to access the first dialysis machine;
receive, from a second client device, a request to access the second dialysis machine;
authorize the first client device to access the first dialysis machine;
authorize the second client device to access the second dialysis machine;
receive, from the first dialysis machine, information pertaining to an operation of the first dialysis machine;
receive, from the second dialysis machine, information pertaining to an operation of the second dialysis machine; provide, to the first client device, the information pertaining to the operation of the first dialysis machine; and
provide, to the second client device, the information pertaining to the operation of the second dialysis machine.

Claim 37:
The computer-readable storage device of claim 33, wherein authorizing the first and second client devices comprises using an access control list stored on the computer.



Claim 38:
The computer-readable storage device of claim 37, wherein the access control list is configured to allow updating of a set of client devices that are authorized to access the dialysis machine by updating the access control list.
Claim 19:
The computer-readable medium of claim 18, wherein the one or more particular medical machines include a first medical machine and a second medical machine.
Claim 33:
… send a first access request to a first dialysis machine, the first access request requesting access to the first dialysis machine;
send a second access request to a second dialysis machine, the second access request requesting access to the second dialysis machine…
Claim 21:
The computer-readable medium of claim 18, wherein transferring the information includes transferring commands from the client device to the at least one medical machine to control the medical machine virtually.
Claim 48:
The computer-readable storage device of claim 33, wherein the level of access comprises authority to control and monitor the dialysis machine


Claims 5, 16, and 20 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over Claims 1, 17, 33, and 38 of parent U.S. Patent No. 8,769,625 C1 (common inventive entity and assignee) in view of prior art Basaglia (US 8905959 B2).  Although the claims at issue are not identical, they are not patentably distinct from each other because the examined application Claims 5, 16, and 20 are an obvious variation of Claims 1, 17, 33, and 38 of the parent patent in view of the prior art reference Basaglia.  All the elements of Claims 5, 16, and 20 of the instant application are found within the scope of Claims 1, 17, 33, and 38 of parent U.S. Patent No. 8,769,625 C1 except for the features of “receiving a first level of access control for the first medical machine, and receiving a second level of access control, different from the first level of access control, for the second medical machine” [Claim 5], “a second level of access control received for the second medical machine, the second level being different from the first level” [Claims 16 and 20].
However, the analogous prior art Basaglia does disclose “receiving a first level of access control for the first medical machine, and receiving a second level of access control, different from the first level of access control, for the second medical machine” and “a second level of access control received for the second medical machine, the second level being different from the first level” (e.g. Basaglia “The access authorisations define the remote interventions the user can make on the medical machine. They comprise at least the authorisation to passive access to vision, i.e. to be allowed to view the web pages of the web server 11 without however being able to control any machine 2 functions, and at least permission to actively access in order to control, i.e. to actively control (i.e. change or set machine operating parameters or activate/deactivate functions) from a remote location.  In reality the access levels can be many, and can be easily customised such that each user can only view and/or intervene on the machines 2 to pre-decided extents.  Some users might only be authorised to view the GUI, while others might be authorised to view all machine data but without any authority to intervene. Others besides might have active control access only to some machine functions and not others, while still others might have total access to all machine functions both passively (viewing) and actively (controlling).  Thus levels of access can be defined, for example for medical personnel, nurses, technical staff controlling and maintaining the machine, or net system administrators.  On each connection, after the ID procedure, the control unit 4 (or as mentioned the web server 11 or the central control program 12) will verify access authorisation and will assign the user the level of access afforded to him or her. In other words, according to the type of protected access afforded, the remote user will be able to operate at least in a solely monitoring mode (having access to all the above-mentioned data without any power to interact actively with the medical machine) and a full machine control mode (where she or he will be able to interact and command the medial machine as if standing right before it)” [column 10 lines 21-52]).
It would have been an obvious modification to the invention of Claims 1, 17, 33, and 38 of parent U.S. Patent No. 8,769,625 C1 to include “receiving a first level of access control for the first medical machine, and receiving a second level of access control, different from the first level of access control, for the second medical machine” and “a second level of access control received for the second medical machine, the second level being different from the first level” (as taught by Basaglia) for the purpose of discerning both an authorisation level and the intervention level for the subject accessing from a remote position (Basaglia [column 12 lines 24-30]).  
Therefore, the invention as specified in the instant application Claims 5, 16, and 20 is not patentably distinct from Claims 1, 17, 33, and 38 of parent U.S. Patent No. 8,769,625 C1 in view of prior art Basaglia.
Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims under pre-AIA  35 U.S.C. 103(a), the examiner presumes that the subject matter of the various claims was commonly owned at the time any inventions covered therein were made absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and invention dates of each claim that was not commonly owned at the time a later invention was made in order for the examiner to consider the applicability of pre-AIA  35 U.S.C. 103(c) and potential pre-AIA  35 U.S.C. 102(e), (f) or (g) prior art under pre-AIA  35 U.S.C. 103(a).
Claims 2-5, 7, and 9-21 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Simpson et al. (US 10173008 B2, IDS submitted 06/01/2022, hereinafter Simpson) in view of Basaglia (US 8905959 B2, IDS submitted 06/01/2022).
As to Claim 2:
Simpson discloses a system (e.g. Simpson FIG. 1, 3, patient care system 100 can include a plurality of medical 30 devices 120 connected to hub, digital assistants, [column 5 lines 1-57], one or more servers [column 6]) comprising:
a network device (e.g. Simpson central system servers/computers [column 6 lines 42-67]);
multiple medical machines connected to the network device (e.g. Simpson plurality of medical 30 devices including infusion pumps connected to hub and central computer system [column 5 lines 1-67]) over a network (e.g. Simpson system network [column 6 lines 27-28]); and 
one or more client devices (e.g. Simpson one or more electronic computing devices [column 4 lines 62-67]; clinician digital assistant [column 5 line 47]) connected to the network device over the network (e.g. Simpson the medical devices 120 and user interface 118 generally communicate directly with the first central computer 109 [column 6]), 
wherein the network device is configured to perform operations comprising: 
receiving, from a client device in the one or more client devices, a request to connect to at least one of the multiple medical machines (e.g. Simpson digital assistant may send data, commands, setup information, or any other type of information to the medical device [column 100 lines 38-45]);
determining, based on an access control list, that the client device is authorized to access one or more particular medical machines, wherein the access control list indicates which client devices have authorization to access which medical machines (e.g. Simpson “server 109 may then determine which user(s) are authorized to receive this data at block 6914 and which digital assistant(s) 118 those users are currently associated with at block 6916. For example, a lookup table stored in the first central server 109 database may be used” [column 100 lines 32-37]);
transferring, through the network, and between the client device and at least one medical machine in the one or more particular medical machines, information pertaining to one or more of an operation of the at least one medical machine or an operation of the client device in accordance with the designation received for the at least one medical machine (e.g. Simpson “Secure one-way communications may now be sent from the medical device 120 to the digital assistant 118. For example, the medical device 120 may report settings, generate alarms, etc. In the example illustrated, the medical device 120 determines data to be sent to the digital assistant 118 via the first central server 109 at block 6908. This data is then sent to the first central server 109 at block 6910 and received by the first central server 109 at block 6912. The first central server 109 may then determine which user(s) are authorized to receive this data at block 6914 and which digital assistant(s) 118 those users are currently associated with at block 6916. For example, a lookup table stored in the first central server 109 database may be used” [column 100 lines 28-45]);
But Simpson does not specifically disclose:
receiving designations of respective levels of access control to each of the one or more particular medical machines.
However, the analogous art Basaglia does disclose receiving designations of respective levels of access control to each of the one or more particular medical machines (e.g. Basaglia the dialysis machines 2 include a control unit 4 and central control program 12 for designating a level of access among a plurality of levels of access for communicating with the dialysis machine 2 which is granted to and received in data processor (i.e., VNC client) [column 6 lines 39-51]; [column 10 lines 18-55]).  Simpson and Basaglia are analogous art because they are from the same field of endeavor in user authentication through actions.
(e.g. Basaglia “The access authorisations define the remote interventions the user can make on the medical machine. They comprise at least the authorisation to passive access to vision, i.e. to be allowed to view the web pages of the web server 11 without however being able to control any machine 2 functions, and at least permission to actively access in order to control, i.e. to actively control (i.e. change or set machine operating parameters or activate/deactivate functions) from a remote location.  In reality the access levels can be many, and can be easily customised such that each user can only view and/or intervene on the machines 2 to pre-decided extents.  Some users might only be authorised to view the GUI, while others might be authorised to view all machine data but without any authority to intervene. Others besides might have active control access only to some machine functions and not others, while still others might have total access to all machine functions both passively (viewing) and actively (controlling).  Thus levels of access can be defined, for example for medical personnel, nurses, technical staff controlling and maintaining the machine, or net system administrators.  On each connection, after the ID procedure, the control unit 4 (or as mentioned the web server 11 or the central control program 12) will verify access authorisation and will assign the user the level of access afforded to him or her. In other words, according to the type of protected access afforded, the remote user will be able to operate at least in a solely monitoring mode (having access to all the above-mentioned data without any power to interact actively with the medical machine) and a full machine control mode (where she or he will be able to interact and command the medial machine as if standing right before it)” [column 10 lines 21-52]).
At the time of applicants' invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Simpson and Basaglia before him or her, to modify the invention of Simpson with the teachings of Basaglia to include receiving designations of respective levels of access control to each of the one or more particular medical machines as claimed because Simpson provides a patient care system and method of servers connected with clinician devices and medical devices (Simpson [Abstract]-[0100]) which could include different levels of access that can be defined (Basaglia [column 10 lines 18-55]).  The suggestion/motivation for doing so would have been to enable both exclusive monitoring of dialysis machine(s) and, possibly, a selective remote control such as to be able to perform routine operations including maintenance, intervention on the part of a health operative or a doctor or a technician, without any need to actually go to the machine or machines location by discerning both an authorisation level and the intervention level for the subject accessing from a remote position (Basaglia [column 12 lines 24-30; 45-50]).  Therefore, it would have been obvious to combine Simpson and Basaglia to obtain the invention as specified in the instant claim(s).
As to Claim 3:
Simpson in view of Basaglia discloses the system of claim 2, wherein the one or more particular medical machines include a first medical machine and a second medical machine (e.g. Simpson plurality of medical 30 devices including infusion pumps connected to hub and central computer system [column 5 lines 1-67]).
As to Claim 4:
Simpson in view of Basaglia discloses the system of claim 3, wherein transferring the information includes transferring information between the client device and the first medical machine (e.g. Simpson “Secure one-way communications may now be sent from the medical device 120 to the digital assistant 118. For example, the medical device 120 may report settings, generate alarms, etc. In the example illustrated, the medical device 120 determines data to be sent to the digital assistant 118 via the first central server 109 at block 6908. This data is then sent to the first central server 109 at block 6910 and received by the first central server 109 at block 6912. The first central server 109 may then determine which user(s) are authorized to receive this data at block 6914 and which digital assistant(s) 118 those users are currently associated with at block 6916. For example, a lookup table stored in the first central server 109 database may be used” [column 100 lines 28-45]) in accordance with the designation received for the first medical machine, and transferring information between the client device and the second medical machine in accordance with the designation received for the second medical machine (e.g. Basaglia “The access authorisations define the remote interventions the user can make on the medical machine. They comprise at least the authorisation to passive access to vision, i.e. to be allowed to view the web pages of the web server 11 without however being able to control any machine 2 functions, and at least permission to actively access in order to control, i.e. to actively control (i.e. change or set machine operating parameters or activate/deactivate functions) from a remote location.  In reality the access levels can be many, and can be easily customised such that each user can only view and/or intervene on the machines 2 to pre-decided extents.  Some users might only be authorised to view the GUI, while others might be authorised to view all machine data but without any authority to intervene. Others besides might have active control access only to some machine functions and not others, while still others might have total access to all machine functions both passively (viewing) and actively (controlling).  Thus levels of access can be defined, for example for medical personnel, nurses, technical staff controlling and maintaining the machine, or net system administrators.  On each connection, after the ID procedure, the control unit 4 (or as mentioned the web server 11 or the central control program 12) will verify access authorisation and will assign the user the level of access afforded to him or her. In other words, according to the type of protected access afforded, the remote user will be able to operate at least in a solely monitoring mode (having access to all the above-mentioned data without any power to interact actively with the medical machine) and a full machine control mode (where she or he will be able to interact and command the medial machine as if standing right before it)” [column 10 lines 21-52]).  The Examiner supplies the same rationale for the combination of references Simpson and Basaglia as in Claim 2 above.
As to Claim 5:
Simpson in view of Basaglia discloses the system of claim 3, wherein receiving the designations of respective levels of access control includes receiving a first level of access control for the first medical machine, and receiving a second level of access control, different from the first level of access control, for the second medical machine (e.g. Basaglia “The access authorisations define the remote interventions the user can make on the medical machine. They comprise at least the authorisation to passive access to vision, i.e. to be allowed to view the web pages of the web server 11 without however being able to control any machine 2 functions, and at least permission to actively access in order to control, i.e. to actively control (i.e. change or set machine operating parameters or activate/deactivate functions) from a remote location.  In reality the access levels can be many, and can be easily customised such that each user can only view and/or intervene on the machines 2 to pre-decided extents.  Some users might only be authorised to view the GUI, while others might be authorised to view all machine data but without any authority to intervene. Others besides might have active control access only to some machine functions and not others, while still others might have total access to all machine functions both passively (viewing) and actively (controlling).  Thus levels of access can be defined, for example for medical personnel, nurses, technical staff controlling and maintaining the machine, or net system administrators.  On each connection, after the ID procedure, the control unit 4 (or as mentioned the web server 11 or the central control program 12) will verify access authorisation and will assign the user the level of access afforded to him or her. In other words, according to the type of protected access afforded, the remote user will be able to operate at least in a solely monitoring mode (having access to all the above-mentioned data without any power to interact actively with the medical machine) and a full machine control mode (where she or he will be able to interact and command the medial machine as if standing right before it)” [column 10 lines 21-52]).  The Examiner supplies the same rationale for the combination of references Simpson and Basaglia as in Claim 2 above.
As to Claim 7:
Simpson in view of Basaglia discloses the system of claim 2, wherein the one or more particular medical machines form a first set of medical machines (e.g. Simpson “Devices can be identified as part of a general group, a specific group, and/or be associated with a particular patient by including the device address in a table in a database” [column 50 lines 1-3]), and the operations further comprise:
receiving, from a second client device in the one or more client devices (e.g. Simpson “As described above, the system may include a plurality of digital assistants 118 and a plurality of medical devices (e.g., infusion pumps 120) communicating over a wired or wireless network” [column 95 lines 66-67]-[column 96 lines 1-2]), a request to connect to one or more of the multiple medical machines (e.g. Simpson digital assistant may send data, commands, setup information, or any other type of information to the medical device [column 100 lines 38-45]);
determining, based on the access control list, that the second client device is authorized to access a second set of medical machines (e.g. Simpson “server 109 may then determine which user(s) are authorized to receive this data at block 6914 and which digital assistant(s) 118 those users are currently associated with at block 6916. For example, a lookup table stored in the first central server 109 database may be used” [column 100 lines 32-37]), the second set of medical machines being different from the first set of medical machines in at least one medical machine (e.g. Simpson “Devices can be identified as part of a general group, a specific group, and/or be associated with a particular patient by including the device address in a table in a database” [column 50 lines 1-3]); and
transferring, through the network, and between the second client device and at least one medical machine in the second set of medical machines, information pertaining to one or more of an operation of the medical machine or an operation of the second client device (e.g. Simpson “Secure one-way communications may now be sent from the medical device 120 to the digital assistant 118. For example, the medical device 120 may report settings, generate alarms, etc. In the example illustrated, the medical device 120 determines data to be sent to the digital assistant 118 via the first central server 109 at block 6908. This data is then sent to the first central server 109 at block 6910 and received by the first central server 109 at block 6912. The first central server 109 may then determine which user(s) are authorized to receive this data at block 6914 and which digital assistant(s) 118 those users are currently associated with at block 6916. For example, a lookup table stored in the first central server 109 database may be used” [column 100 lines 28-45]).
As to Claim 9:
Simpson in view of Basaglia discloses the system of claim 2, wherein transferring the information includes transferring commands from the client device to the at least one medical machine to control the medical machine virtually (e.g. Simpson digital assistant may send data, commands, setup information, or any other type of information to the medical device [column 100 lines 38-45]).
As to Claim 10:
Simpson in view of Basaglia discloses the system of claim 2, wherein the level of access control associated with a medical machine includes allowing one or more of monitoring or controlling the medical machine over the network (e.g. Basaglia “The access authorisations define the remote interventions the user can make on the medical machine. They comprise at least the authorisation to passive access to vision, i.e. to be allowed to view the web pages of the web server 11 without however being able to control any machine 2 functions, and at least permission to actively access in order to control, i.e. to actively control (i.e. change or set machine operating parameters or activate/deactivate functions) from a remote location.  In reality the access levels can be many, and can be easily customised such that each user can only view and/or intervene on the machines 2 to pre-decided extents.  Some users might only be authorised to view the GUI, while others might be authorised to view all machine data but without any authority to intervene. Others besides might have active control access only to some machine functions and not others, while still others might have total access to all machine functions both passively (viewing) and actively (controlling).  Thus levels of access can be defined, for example for medical personnel, nurses, technical staff controlling and maintaining the machine, or net system administrators.  On each connection, after the ID procedure, the control unit 4 (or as mentioned the web server 11 or the central control program 12) will verify access authorisation and will assign the user the level of access afforded to him or her. In other words, according to the type of protected access afforded, the remote user will be able to operate at least in a solely monitoring mode (having access to all the above-mentioned data without any power to interact actively with the medical machine) and a full machine control mode (where she or he will be able to interact and command the medial machine as if standing right before it)” [column 10 lines 21-52]).  The Examiner supplies the same rationale for the combination of references Simpson and Basaglia as in Claim 2 above.
As to Claim 11:
Simpson in view of Basaglia discloses the system of claim 2, wherein the access control list is stored on the network device (e.g. Simpson “server 109 may then determine which user(s) are authorized to receive this data at block 6914 and which digital assistant(s) 118 those users are currently associated with at block 6916. For example, a lookup table stored in the first central server 109 database may be used” [column 100 lines 32-37]).
As to Claim 12:
Simpson in view of Basaglia discloses the system of claim 2, wherein the network device and the client device are implemented on a user device (e.g. Simpson “FIG. 2 is a block diagram of a computer 200 representative of the pharmacy computer 104, the central system 108, the CPOE, the digital assistant 118 of FIG. 1, and/or a computer included in any number of other subsystems that communicate via the network 102 such as the medication treatment cart 132” [column 26 lines 59-64]).
As to Claim 13:
Simpson in view of Basaglia discloses the system of claim 2, wherein each of the medical machines is configured to perform a respective dialysis treatment (e.g. Simpson “it is understood that other medical devices may be used within the system 210 10 without departing from the scope of the present invention. For example, various types of medical devices include, but are not limited to, infusion pumps, ventilators, dialysis machines” [column 50 lines 37-42]).


As to Claim 14:
Simpson discloses a method executed by a computer (e.g. Simpson methods [Abstract]; FIG. 1, 3, patient care system 100 can include a plurality of medical 30 devices 120 connected to hub, digital assistants, [column 5 lines 1-57], one or more servers [column 6]), the method comprising: 
receiving, from a client device (e.g. Simpson one or more electronic computing devices [column 4 lines 62-67]; clinician digital assistant [column 5 line 47]), a request to connect to at least one of multiple medical machines (e.g. Simpson digital assistant may send data, commands, setup information, or any other type of information to the [column 100 lines 38-45] plurality of medical 30 devices including infusion pumps connected to hub and central computer system [column 5 lines 1-67]);
determining, based on an access control list, that the client device is authorized to access one or more particular medical machines in the multiple medical machines, wherein the access control list indicates which client devices have authorization to access which medical machines (e.g. Simpson “server 109 may then determine which user(s) are authorized to receive this data at block 6914 and which digital assistant(s) 118 those users are currently associated with at block 6916. For example, a lookup table stored in the first central server 109 database may be used” [column 100 lines 32-37]);
transferring, through a network, and between the client device and at least one medical machine in the one or more particular medical machines, information pertaining to one or more of an operation of the at least one medical machine or an operation of the client device in accordance with the designation received for the at least one medical machine (e.g. Simpson “Secure one-way communications may now be sent from the medical device 120 to the digital assistant 118. For example, the medical device 120 may report settings, generate alarms, etc. In the example illustrated, the medical device 120 determines data to be sent to the digital assistant 118 via the first central server 109 at block 6908. This data is then sent to the first central server 109 at block 6910 and received by the first central server 109 at block 6912. The first central server 109 may then determine which user(s) are authorized to receive this data at block 6914 and which digital assistant(s) 118 those users are currently associated with at block 6916. For example, a lookup table stored in the first central server 109 database may be used” [column 100 lines 28-45]);
But Simpson does not specifically disclose:
receiving designations of respective levels of access control to each of the one or more particular medical machines.
However, the analogous art Basaglia does disclose receiving designations of respective levels of access control to each of the one or more particular medical machines (e.g. Basaglia the dialysis machines 2 include a control unit 4 and central control program 12 for designating a level of access among a plurality of levels of access for communicating with the dialysis machine 2 which is granted to and received in data processor (i.e., VNC client) [column 6 lines 39-51]; [column 10 lines 18-55]).  Simpson and Basaglia are analogous art because they are from the same field of endeavor in user authentication through actions.
(e.g. Basaglia “The access authorisations define the remote interventions the user can make on the medical machine. They comprise at least the authorisation to passive access to vision, i.e. to be allowed to view the web pages of the web server 11 without however being able to control any machine 2 functions, and at least permission to actively access in order to control, i.e. to actively control (i.e. change or set machine operating parameters or activate/deactivate functions) from a remote location.  In reality the access levels can be many, and can be easily customised such that each user can only view and/or intervene on the machines 2 to pre-decided extents.  Some users might only be authorised to view the GUI, while others might be authorised to view all machine data but without any authority to intervene. Others besides might have active control access only to some machine functions and not others, while still others might have total access to all machine functions both passively (viewing) and actively (controlling).  Thus levels of access can be defined, for example for medical personnel, nurses, technical staff controlling and maintaining the machine, or net system administrators.  On each connection, after the ID procedure, the control unit 4 (or as mentioned the web server 11 or the central control program 12) will verify access authorisation and will assign the user the level of access afforded to him or her. In other words, according to the type of protected access afforded, the remote user will be able to operate at least in a solely monitoring mode (having access to all the above-mentioned data without any power to interact actively with the medical machine) and a full machine control mode (where she or he will be able to interact and command the medial machine as if standing right before it)” [column 10 lines 21-52]).
At the time of applicants' invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Simpson and Basaglia before him or her, to modify the invention of Simpson with the teachings of Basaglia to include receiving designations of respective levels of access control to each of the one or more particular medical machines as claimed because Simpson provides a patient care system and method of servers connected with clinician devices and medical devices (Simpson [Abstract]-[0100]) which could include different levels of access that can be defined (Basaglia [column 10 lines 18-55]).  The suggestion/motivation for doing so would have been to enable both exclusive monitoring of dialysis machine(s) and, possibly, a selective remote control such as to be able to perform routine operations including maintenance, intervention on the part of a health operative or a doctor or a technician, without any need to actually go to the machine or machines location by discerning both an authorisation level and the intervention level for the subject accessing from a remote position (Basaglia [column 12 lines 24-30; 45-50]).  Therefore, it would have been obvious to combine Simpson and Basaglia to obtain the invention as specified in the instant claim(s).


As to Claim 15:
Simpson in view of Basaglia discloses the method of claim 14, wherein the one or more particular medical machines include a first medical machine and a second medical machine (e.g. Simpson plurality of medical 30 devices including infusion pumps connected to hub and central computer system [column 5 lines 1-67]).
As to Claim 16:
Simpson in view of Basaglia discloses the method of claim 15, wherein transferring information includes transferring information between the client device and the first medical machine (e.g. Simpson “Secure one-way communications may now be sent from the medical device 120 to the digital assistant 118. For example, the medical device 120 may report settings, generate alarms, etc. In the example illustrated, the medical device 120 determines data to be sent to the digital assistant 118 via the first central server 109 at block 6908. This data is then sent to the first central server 109 at block 6910 and received by the first central server 109 at block 6912. The first central server 109 may then determine which user(s) are authorized to receive this data at block 6914 and which digital assistant(s) 118 those users are currently associated with at block 6916. For example, a lookup table stored in the first central server 109 database may be used” [column 100 lines 28-45]) in accordance with the a first level of access control received for the first medical machine, and transferring information between the client device and the second medical machine in accordance with a second level of access control received for the second medical machine, the second level being different from the first level (e.g. Basaglia “The access authorisations define the remote interventions the user can make on the medical machine. They comprise at least the authorisation to passive access to vision, i.e. to be allowed to view the web pages of the web server 11 without however being able to control any machine 2 functions, and at least permission to actively access in order to control, i.e. to actively control (i.e. change or set machine operating parameters or activate/deactivate functions) from a remote location.  In reality the access levels can be many, and can be easily customised such that each user can only view and/or intervene on the machines 2 to pre-decided extents.  Some users might only be authorised to view the GUI, while others might be authorised to view all machine data but without any authority to intervene. Others besides might have active control access only to some machine functions and not others, while still others might have total access to all machine functions both passively (viewing) and actively (controlling).  Thus levels of access can be defined, for example for medical personnel, nurses, technical staff controlling and maintaining the machine, or net system administrators.  On each connection, after the ID procedure, the control unit 4 (or as mentioned the web server 11 or the central control program 12) will verify access authorisation and will assign the user the level of access afforded to him or her. In other words, according to the type of protected access afforded, the remote user will be able to operate at least in a solely monitoring mode (having access to all the above-mentioned data without any power to interact actively with the medical machine) and a full machine control mode (where she or he will be able to interact and command the medial machine as if standing right before it)” [column 10 lines 21-52]).  The Examiner supplies the same rationale for the combination of references Simpson and Basaglia as in Claim 14 above.
As to Claim 17:
Simpson in view of Basaglia discloses the method of claim 14, wherein transferring the information includes transferring commands from the client device to the at least one medical machine to control the medical machine virtually (e.g. Simpson digital assistant may send data, commands, setup information, or any other type of information to the medical device [column 100 lines 38-45]).
As to Claim 18:
Simpson discloses a non-transitory, computer-readable medium (e.g. Simpson any computer-readable medium for use by or in connection with any computer-related system or method storing computer program [column 29 lines 3-37]) storing one or more instructions executable by a computer system to perform operations comprising:
receiving, from a client device (e.g. Simpson one or more electronic computing devices [column 4 lines 62-67]; clinician digital assistant [column 5 line 47]), a request to connect to at least one of multiple medical machines (e.g. Simpson digital assistant may send data, commands, setup information, or any other type of information to the [column 100 lines 38-45] plurality of medical 30 devices including infusion pumps connected to hub and central computer system [column 5 lines 1-67]);
determining, based on an access control list, that the client device is authorized to access one or more particular medical machines in the multiple medical machines, wherein the access control list indicates which client devices have authorization to access which medical machines (e.g. Simpson “server 109 may then determine which user(s) are authorized to receive this data at block 6914 and which digital assistant(s) 118 those users are currently associated with at block 6916. For example, a lookup table stored in the first central server 109 database may be used” [column 100 lines 32-37]);
transferring, through a network, and between the client device and at least one medical machine in the one or more particular medical machines, information pertaining to one or more of an operation of the at least one medical machine or an operation of the client device in accordance with the designation received for the at least one medical machine (e.g. Simpson “Secure one-way communications may now be sent from the medical device 120 to the digital assistant 118. For example, the medical device 120 may report settings, generate alarms, etc. In the example illustrated, the medical device 120 determines data to be sent to the digital assistant 118 via the first central server 109 at block 6908. This data is then sent to the first central server 109 at block 6910 and received by the first central server 109 at block 6912. The first central server 109 may then determine which user(s) are authorized to receive this data at block 6914 and which digital assistant(s) 118 those users are currently associated with at block 6916. For example, a lookup table stored in the first central server 109 database may be used” [column 100 lines 28-45]);
But Simpson does not specifically disclose:
receiving designations of respective levels of access control to each of the one or more particular medical machines.
However, the analogous art Basaglia does disclose receiving designations of respective levels of access control to each of the one or more particular medical machines (e.g. Basaglia the dialysis machines 2 include a control unit 4 and central control program 12 for designating a level of access among a plurality of levels of access for communicating with the dialysis machine 2 which is granted to and received in data processor (i.e., VNC client) [column 6 lines 39-51]; [column 10 lines 18-55]).  Simpson and Basaglia are analogous art because they are from the same field of endeavor in user authentication through actions.
(e.g. Basaglia “The access authorisations define the remote interventions the user can make on the medical machine. They comprise at least the authorisation to passive access to vision, i.e. to be allowed to view the web pages of the web server 11 without however being able to control any machine 2 functions, and at least permission to actively access in order to control, i.e. to actively control (i.e. change or set machine operating parameters or activate/deactivate functions) from a remote location.  In reality the access levels can be many, and can be easily customised such that each user can only view and/or intervene on the machines 2 to pre-decided extents.  Some users might only be authorised to view the GUI, while others might be authorised to view all machine data but without any authority to intervene. Others besides might have active control access only to some machine functions and not others, while still others might have total access to all machine functions both passively (viewing) and actively (controlling).  Thus levels of access can be defined, for example for medical personnel, nurses, technical staff controlling and maintaining the machine, or net system administrators.  On each connection, after the ID procedure, the control unit 4 (or as mentioned the web server 11 or the central control program 12) will verify access authorisation and will assign the user the level of access afforded to him or her. In other words, according to the type of protected access afforded, the remote user will be able to operate at least in a solely monitoring mode (having access to all the above-mentioned data without any power to interact actively with the medical machine) and a full machine control mode (where she or he will be able to interact and command the medial machine as if standing right before it)” [column 10 lines 21-52]).
At the time of applicants' invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Simpson and Basaglia before him or her, to modify the invention of Simpson with the teachings of Basaglia to include receiving designations of respective levels of access control to each of the one or more particular medical machines as claimed because Simpson provides a patient care system and method of servers connected with clinician devices and medical devices (Simpson [Abstract]-[0100]) which could include different levels of access that can be defined (Basaglia [column 10 lines 18-55]).  The suggestion/motivation for doing so would have been to enable both exclusive monitoring of dialysis machine(s) and, possibly, a selective remote control such as to be able to perform routine operations including maintenance, intervention on the part of a health operative or a doctor or a technician, without any need to actually go to the machine or machines location by discerning both an authorisation level and the intervention level for the subject accessing from a remote position (Basaglia [column 12 lines 24-30; 45-50]).  Therefore, it would have been obvious to combine Simpson and Basaglia to obtain the invention as specified in the instant claim(s).
As to Claim 19:
Simpson in view of Basaglia discloses the computer-readable medium of claim 18, wherein the one or more particular medical machines include a first medical machine and a second medical machine (e.g. Simpson plurality of medical 30 devices including infusion pumps connected to hub and central computer system [column 5 lines 1-67]).
As to Claim 20:
Simpson in view of Basaglia discloses the computer-readable medium of claim 19, wherein transferring the information includes transferring information between the client device and the first medical machine (e.g. Simpson “Secure one-way communications may now be sent from the medical device 120 to the digital assistant 118. For example, the medical device 120 may report settings, generate alarms, etc. In the example illustrated, the medical device 120 determines data to be sent to the digital assistant 118 via the first central server 109 at block 6908. This data is then sent to the first central server 109 at block 6910 and received by the first central server 109 at block 6912. The first central server 109 may then determine which user(s) are authorized to receive this data at block 6914 and which digital assistant(s) 118 those users are currently associated with at block 6916. For example, a lookup table stored in the first central server 109 database may be used” [column 100 lines 28-45]) in accordance with the a first level of access control received for the first medical machine, and transferring information between the client device and the second medical machine in accordance with a second level of access control received for the second medical machine, the second level being different from the first level (e.g. Basaglia “The access authorisations define the remote interventions the user can make on the medical machine. They comprise at least the authorisation to passive access to vision, i.e. to be allowed to view the web pages of the web server 11 without however being able to control any machine 2 functions, and at least permission to actively access in order to control, i.e. to actively control (i.e. change or set machine operating parameters or activate/deactivate functions) from a remote location.  In reality the access levels can be many, and can be easily customised such that each user can only view and/or intervene on the machines 2 to pre-decided extents.  Some users might only be authorised to view the GUI, while others might be authorised to view all machine data but without any authority to intervene. Others besides might have active control access only to some machine functions and not others, while still others might have total access to all machine functions both passively (viewing) and actively (controlling).  Thus levels of access can be defined, for example for medical personnel, nurses, technical staff controlling and maintaining the machine, or net system administrators.  On each connection, after the ID procedure, the control unit 4 (or as mentioned the web server 11 or the central control program 12) will verify access authorisation and will assign the user the level of access afforded to him or her. In other words, according to the type of protected access afforded, the remote user will be able to operate at least in a solely monitoring mode (having access to all the above-mentioned data without any power to interact actively with the medical machine) and a full machine control mode (where she or he will be able to interact and command the medial machine as if standing right before it)” [column 10 lines 21-52]).  The Examiner supplies the same rationale for the combination of references Simpson and Basaglia as in Claim 18 above.
As to Claim 21:
Simpson in view of Basaglia discloses the computer-readable medium of claim 18, wherein transferring the information includes transferring commands from the client device to the at least one medical machine to control the medical machine virtually (e.g. Simpson digital assistant may send data, commands, setup information, or any other type of information to the medical device [column 100 lines 38-45]).
Claim 6 is rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Simpson in view of Basaglia as applied to Claim 2, and further in view of Duke (US-20070185545-A1, IDS submitted 06/01/2022).
As to Claim 6:
Simpson in view of Basaglia discloses the system of claim 2, but does not specifically disclose:
update the access control list by updating authorization of the client devices to access respective medical machines.
However, the analogous art Duke does disclose update the access control list by updating authorization of the client devices to access respective medical machines (e.g. Duke maintain and modifying access control list [0051] of users with computing devices [0029]; [0033]; [0051] that can access medical device’s patient data [0051]; [0058]).  Simpson, Basaglia, and Duke are analogous art because they are from the same field of endeavor in access control to networked medical devices.
(e.g. see Duke, “Further, in some embodiments, computing device 28 may download the patient data to other devices. For example, computing device 28 may take the form of a network server that downloads the data to a particular computer or system” [0029]; see also “Further, other medical devices may be able to protect patient data in the manner described herein with respect to defibrillator 14. For example, if DMD 24 stores patient data, DMD 24 may protect patient data in the manner described herein in response to downloading the patient data to computing device 28 via network 26" [0033]; see also “In such embodiments, processor 29 may maintain access control lists (ACLs) in memory 30 for resources of defibrillator 14, including patient data for patient 12 stored in memory 30, associating users or classes of users with a degree of access provided to the user or class for that resource. In such embodiments, processor 29 may protect the patient data for patient 12 by modifying an ACL for the patient data to change the degree of access for a subset of users or classes, and thereby prevent the subset of users from accessing the patient data" [0051]; see also “Further, as discussed above, other medical devices may protect patient data in response to downloading the patient data to another device in a substantially similar manner to that described herein with respect to defibrillators 14 and 44. For example, DMDs 24 and computing devices 28 may protect patient data as described herein” [0058]).
At the time of the invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Simpson, Basaglia, and Duke before him or her, to modify the combination of Simpson and Basaglia with the teachings of Duke to include update the access control list by updating authorization of the client devices to access respective medical machines as claimed because Simpson provides a patient care system and method of servers connected with clinician devices and medical devices with controlled access through authorization lookup tables (Simpson [Abstract]-[0100]) which could be modified to change the degree of access for a subset of users (Duke [0051]).  The suggestion/motivation for doing so would have been to protect patient data in medical devices by allowing changes to the degree of access for a subset of users through modifying ACLs (Duke [0051]).  Therefore, it would have been obvious to combine Simpson, Basaglia, and Duke to obtain the invention as specified in the instant claim(s).
Allowable Subject Matter
Claim 8 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicants’ disclosure.
Sato et al. (US 5911687 A) is cited for a wide area medical information system with medical treatment communication over a network. 
De La Huerga (US 20020038392 A1) is cited for controlling medication delivery and monitoring using a communication network with a server.
Fletcher-Haynes et al. (US 20030154108 A1) is cited for a networked medical device communication system including servers.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kenneth W Chang whose telephone number is (571)270-7530. The examiner can normally be reached Monday - Friday 9-5pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on 571-272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/KENNETH W CHANG/Primary Examiner, Art Unit 2438                                                                                                                                                                                                        
    PNG
    media_image1.png
    35
    280
    media_image1.png
    Greyscale

09.27.2022