DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
Claims 1-23 were previously pending in this application. The amendment filed 13 March 2026 has been entered and the following has occurred: Claims 1, 4-5, 8, & 16-17 have been amended. No Claims have been cancelled or added.
Claims 1-23 remain pending in the application.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-23 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
The claims recite subject matter within a statutory category as a process (claims 8-16 & 22), machine (claims 1-7 & 21), and manufacture (claims 17-20 & 23) which recite steps of:
receiving an enrollment request from the user device, wherein the user device is associated with an individual;
generating a profile associated with the individual, wherein the profile comprises profile data;
storing the profile on a blockchain network;
receiving the test result from the facility device, wherein the test result is associated with a diagnostic test of the individual and the facility device is associated with a facility;
appending the profile of the individual with the test result;
determining whether the facility is an approved certifying facility;
creating, responsive to determining that the facility is one of the approved certifying facilities, a unique code associated with the individual the unique code (i) comprising a human-perceptible color attribute selected from a plurality of discrete colors, the color attribute corresponding to the indication of the test result, and (ii) being associated with a validity period such that, upon expiration of the validity period, the color attribute is automatically updated to a predefined default color indicating the unique code is no longer valid;
create a unique code associated with the individual, the unique code encoding the digitally signed token;
transmitting the unique code to the user device associated with the individual;
transmit a key to the establishment device located at the physical establishment, wherein the establishment device is configured to verify the unique code against the key and to confirm that the color attribute corresponds to the indication of the test result before granting the individual entry to the physical establishment before granting the individual entry to the physical establishment;
verify the unique code against the key;
determine whether the validity period has expired based at least in part on the expiration time;
confirm that the color attribute corresponds to the indication of the test result;
upon expiration of the validity period, present a predefined default color indicating the unique code is no longer valid; and
output, via an electronic output of the establishment device, an authorization indication for permitting or denying the individual entry to the physical establishment.
These steps of receiving an enrollment request associated with an individual, generating a profile associated with the individual, wherein the profile comprises profile data, storing the profile, receiving a diagnostic test result associated with a test of the individual, appending the profile of the individual with the test result, determining whether a facility associated with the test result is an approved certifying facility, creating a unique code associated with the individual, comprising an indication of the test result, receiving the unique code, verifying the test result based on the unique code, transmitting a message that indicates that the test result is verified, upon expiration of the validity period, present a predefined default color indicating the unique code is no longer valid, and output, via an electronic output of the establishment device, an authorization indication for permitting or denying the individual entry to the physical establishment, as drafted, under the broadest reasonable interpretation, includes performance of the limitation in the mind but for recitation of generic computer components. That is, other than reciting steps as performed by the generic computer components, nothing in the claim element precludes the step from practically being performed in the mind. For example, but for the receiving an enrollment request associated with an individual language, receiving an enrollment request in the context of this claim encompasses a mental process of the user receiving either a physical, verbal, etc. request for enrolling a patient or person. Similarly, the limitation of generating a profile comprising profile data and storing the profile data, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, such as a user maintaining a physical user record and storing the record in a database or physical record archive. For example, but for the receiving a test result associated with the patient and appending the profile with the test result language, receiving a test result and appending the result to the profile of the patient in the context of this claim encompasses a mental process of the user updating a medical record/profile of a patient given newly received test results. Similarly, the limitation of determining whether a facility associated with the test result is an approved certifying facility and creating a unique associated with the individual, wherein the unique code comprises an indication of the test result, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, such as a user confirming the test result came from an approved facility, such as an external facility that cooperates with the medical facility the user/patient is currently at. For example, but for the receiving the unique code, verifying the test result based on the unique code, and transmitting a message that indicates that the test result is verified language, receiving the unique code, verifying the test result based on the unique code, and transmitting a message that indicates that the test result is verified in the context of this claim encompasses a mental process of a user receiving a unique code, reading and analyzing the code that contains details about verification of test results to determine if the test results are verified, and transmitting a message back, such as by use of a generic user device, to the originating device to indicate that the test result has been verified. Similarly, the limitation of presenting a predefined default color indicating the unique code is no longer valid, and outputting an authorization indication for permitting or denying the individual entry to the physical establishment If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea.
Additionally, these steps of receiving a test result associated with a test of the individual, appending the profile of the individual with the test result, determining whether a facility associated with the test result is an approved certifying facility, creating, responsive to determining that the facility is one of the approved certifying facilities, a unique code associated with the individual, wherein the unique code comprises an indication of the test result, transmitting the unique code to the user device associated with the individual, upon expiration of the validity period, presenting a predefined default color indicating the unique code is no longer valid, and outputting an authorization indication for permitting or denying the individual entry to the physical establishment as drafted, under the broadest reasonable interpretation, includes methods of organizing human activity. MPEP 2106.04(a)(2)(II) describes certain Methods of Organizing Human Activity relating to commercial or legal interactions and/or managing personal behavior or relationships or interactions between people. For instance, the instant set of claims recite limitations relating to transmitting test results, i.e. medical results, to an individual via generic computer and electronic security components. That is, the typical interaction that could occur between a provider and a patient regarding the delivery of test results is effectively being managed by the instantly claimed system. Furthermore, recitation of presenting one or more colors and/or outputting an authorization indication for permitting or denying the individual entry to the physical establishment further amounts to a user’s behaviors being managed at least by indicating whether a user should be granted entry to an establishment. These aspects fall within the “Methods of Organizing Human Activity” grouping of abstract ideas in the form of commercial or legal interactions (managing/transmitting health data which constitutes a legal interaction in view of varying medical statutes/policies such as HIPAA) and/or managing personal behavior or relationships or interactions between people by effectively managing a typical interaction that would occur between a provider and a patient during the delivery of medical test results and/or granting entry to a facility.
Dependent claims recite additional subject matter which further narrows or defines the abstract idea embodied in the claims (such as claims 2-7, 9-16, & 18-23, reciting particular aspects of how securing and validating information associated with a user’s healthcare data may be performed in the mind but for recitation of generic computer components).
This judicial exception is not integrated into a practical application. In particular, the additional elements do not integrate the abstract idea into a practical application, other than the abstract idea per se, because the additional elements amount to no more than limitations which:
amount to mere instructions to apply an exception (such as recitation of a memory, one or more processors, a computer, a blockchain network, a non-transitory machine-readable storage medium, a communication interface, one or more devices, such as a user device, a facility device, and an establishment device, amounts to invoking computers as a tool to perform the abstract idea, see Applicant’s Specification [0045], [0045], [0048], [0018], [0052], [0024], [0022] for the varying devices, respectively, see MPEP 2106.05(f));
add insignificant extra-solution activity to the abstract idea (such as recitation of receiving an enrollment request, receive a test result, transmitting the unique code to the user device, transmitting a message that indicates that the test result is verified, and transmitting a key to the facility/establishment device, amounts to mere data gathering; recitation of generating a profile associated with the individual comprising profile data, storing the profile on a blockchain network, appending the profile of the individual with the test result, determining whether a facility associated with the test result is approved certifying facility, creating a unique code associated with the individual with an indication of the test result upon determining that the facility is an approved facility the unique code (i) comprising a human-perceptible color attribute selected from a plurality of discrete colors, the color attribute corresponding to the indication of the test result, and (ii) being associated with a validity period such that, upon expiration of the validity period, the color attribute is automatically updated to a predefined default color indicating the unique code is no longer valid, and verifying the unique code against the key and confirming that the color attribute corresponds to the indication of the test result before granting the individual entry to the physical establishment before granting the individual entry to the physical establishment amounts to selecting a particular data source or type of data to be manipulated; recitation of transmitting the unique code to the user device associated with the individual, the unique code (i) comprising a human-perceptible color attribute selected from a plurality of discrete colors, the color attribute corresponding to the indication of the test result, and (ii) being associated with a validity period such that, upon expiration of the validity period, the color attribute is automatically updated to a predefined default color indicating the unique code is no longer valid, presenting a predefined default color indicating the unique code is no longer valid, enabling a user entry to a datastore/establishment based on authentication, outputting an authorization indication for permitting or denying entry to the establishment amounts to insignificant application, see MPEP 2106.05(g));
generally link the abstract idea to a particular technological environment or field of use (such as recitation of the test results specifically being a medical test result and/or recitation of a blockchain network see MPEP 2106.05(h)).
Dependent claims recite additional subject matter which amount to limitations consistent with the additional elements in the independent claims (such as claims 2-7, 9-16, & 18-23, additional limitations which recite limitations relating to a security/secured validation system, a computer-implemented method, a machine-readable storage medium, one or more digitally signed tokens, an Elliptic Curve Digital Signature Algorithm (See Applicant’s Specification [0051]/[0056], [0048], [0052], [0056], & [0056] respectively) which amount to invoking computers as a tool to perform the abstract idea, claims 2-6, 9-11, & 18-20 which recite limitations relating to what particular test results are received, the source of the test results, the composition of the data/message/key (such as an image of the individual in the public key/unique code), receiving a digitally signed token/public key, transmitting a key to the facility/establishment device, additional limitations which add insignificant extra-solution activity to the abstract idea which amounts to mere data gathering; claims 5, 7, 10, 14-16, & 19, which recite limitations relating to a digitally signed token being created using in indication of the test result and the profile data, signing a digital token using an Elliptic Curve Digital Signal Algorithm, the public key being configured to support certificate pinning, creating a one-way hash using the digitally signed token, additional limitations which add insignificant extra-solution activity to the abstract idea by selecting a particular data source or type of data to be manipulated; claims 7, 12-13, 15, & 21-23, which recite limitations relating to the digitally signed token being signed using an Elliptic Curve Digital Signal Algorithm in particular or utilizing security key rotation, further defining the physical environment to be an airport, hotel, resort, park, cruise ship, train, mass transit vehicle, workplace, factory, school, fitness center, retail store, port of entry, healthcare facilities, or sports venue, additional limitations which generally link the abstract idea to a particular technological environment or field of use). Looking at the limitations as an ordered combination adds nothing that is not already present when looking at the elements taken individually. There is no indication that the combination of elements improves the functioning of a computer or improves any other technology. Their collective functions merely provide conventional computer implementation and do not impose a meaningful limit to integrate the abstract idea into a practical application.
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to discussion of integration of the abstract idea into a practical application, the additional elements amount to no more than mere instructions to apply an exception, add insignificant extra-solution activity to the abstract idea, and generally link the abstract idea to a particular technological environment or field of use. Additionally, the additional limitations, other than the abstract idea per se, amount to no more than limitations which:
amount to elements that have been recognized as well-understood, routine, and conventional activity in particular fields (such receiving an enrollment request, receive a test result, transmitting the unique code to the user device, transmitting a message, and transmitting a key to the facility/establishment device that allows for granting the user entry to the physical establishment, e.g., receiving or transmitting data over a network, Symantec, MPEP 2106.05(d)(II)(i); generating a profile for an individual, determining whether a facility is an approved certifying facility based on stored rules/regulations, creating a unique code associated with the individual comprising an indication of the test result, the unique code (i) comprising a human-perceptible color attribute selected from a plurality of discrete colors, the color attribute corresponding to the indication of the test result, and (ii) being associated with a validity period such that, upon expiration of the validity period, the color attribute is automatically updated to a predefined default color indicating the unique code is no longer valid, verifying the unique code against the key and to confirming that the color attribute corresponds to the indication of the test result before granting the individual entry to the physical establishment before granting the individual entry to the physical establishment, e.g., performing repetitive calculations, Flook, MPEP 2106.05(d)(II)(ii); updating a user profile by appending test results, enabling a user entry to a datastore/establishment based on authentication, the unique code (i) comprising a human-perceptible color attribute selected from a plurality of discrete colors, the color attribute corresponding to the indication of the test result, and (ii) being associated with a validity period such that, upon expiration of the validity period, the color attribute is automatically updated to a predefined default color indicating the unique code is no longer valid, presenting a predefined default color indicating the unique code is no longer valid, enabling a user entry to a datastore/establishment based on authentication, outputting an authorization indication for permitting or denying entry to the establishment amounts, e.g., electronic recordkeeping, Alice Corp., MPEP 2106.05(d)(II)(iii); storing computerized instructions in a computer memory for performance of the methods recited, storing the profile on a blockchain network, storing rules for determining approved certifying facilities, storing unique codes on a user device, e.g., storing and retrieving information in memory, Versata Dev. Group, MPEP 2106.05(d)(II)(iv));
Dependent claims recite additional subject matter which, as discussed above with respect to integration of the abstract idea into a practical application, amount to invoking computers as a tool to perform the abstract idea. Dependent claims recite additional subject matter which amount to limitations consistent with the additional elements in the independent claims (such as claims 2-7, 9-16, & 18-23, additional limitations which amount to elements that have been recognized as well-understood, routine, and conventional activity in particular fields, claims 2-6, 9-11, & 18-20 which recite limitations relating to what particular test results are received, the source of the test results, the composition of the data/message/key (such as an image of the individual in the public key/unique code), receiving a digitally signed token/public key, transmitting a key to the facility/establishment device for allowing the system to grant access to the user to enter the physical establishment, e.g., receiving or transmitting data over a network, Symantec, MPEP 2106.05(d)(II)(i); claims 5, 7, 10, 14-16, & 19, which recite limitations relating to a digitally signed token being created using in indication of the test result and the profile data, signing a digital token using an Elliptic Curve Digital Signal Algorithm, the public key being configured to support certificate pinning, creating a one-way hash using the digitally signed token, e.g., performing repetitive calculations, Flook, MPEP 2106.05(d)(II)(ii); claims 3-7, 10, 12-14, & 18-20 which recite limitations relating to maintaining test results, profiles, and/or digital tokens/security keys for an individual, rotating digital keys, specifying physical locations to maintain security protocols/access for, e.g., electronic recordkeeping, Alice Corp., MPEP 2106.05(d)(II)(iii); claims 2-7, 9-16, & 18-23, which recite limitations relating to storing computerized instructions such as on a non-transitory computer readable medium or in memory, storing test results, storing digitally signed tokens/cryptographic keys, storing a universally unique identifier for an image of the individual, e.g., storing and retrieving information in memory, Versata Dev. Group, MPEP 2106.05(d)(II)(iv)). Looking at the limitations as an ordered combination adds nothing that is not already present when looking at the elements taken individually. There is no indication that the combination of elements improves the functioning of a computer or improves any other technology. Their collective functions merely provide conventional computer implementation.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or
nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed inventions absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-6, 8-11, 14, & 17-23 are rejected under 35 U.S.C. 103 as being unpatentable over Rose et al. (U.S. Patent Publication No. 2018/0254093), hereinafter “Rose” in view of Holmes et al. (U.S. Patent Publication No. 2014/0081665), hereinafter “Holmes”, further in view of Mahaffey et al. (U.S. Patent Publication No. 2020/0097665), hereinafter “Mahaffey”.
Claim 1 –
Regarding Claim 1, Rose discloses a secured validation system for restricting access to a physical establishment by verifying authenticity of a test result, the secured validation system comprising:
a memory (See Rose Par [0116] & [0119] which discloses a computer memory, e.g. RAM, ROM, EPROM, EEPROM, etc.);
a communication interface that is communicatively coupled to a user device, facility device, and an establishment device located at the physical establishment (See Rose Par [0005] which discloses the use of a communication interface for transmitting information; See Rose Par [0037] & [0043] which discloses the communication interface communicating with other devices and specifically recite interfacing to health provider’s medical records systems; See Rose Par [0089] which discloses transmitting information to/from the diagnostic device and being able to establish a communication link with a mobile communication device associated with a unique patient identifier, therefore a user device, a facility device, and establishment device are all met by the mobile communication device, the diagnostic device, and the health provider’s medical records systems, such that the health provider’s medical records system is understood to comprise an establishment device located at the physical establishment); and
one or more processors that are communicatively coupled to the communication interface and the memory (See Rose Par [0116] & [0119] which discloses various processors and controllers to execute instructions stored on one or more memories that are coupled/connected to the system; See Rose Par [0089] which discloses the various processing entities being coupled to a storage device and/or a communication interface) are collectively configured to execute instructions which, when executed cause the processor (See Rose Par [0116] & [0119] which discloses various processors and controllers to execute instructions stored on one or more memories that are coupled/connected to the system) to:
receive, via the communication interface, an enrollment request from the user device associated, the user device being associated with an individual (While not an “enrollment request” per se, see Rose Par [0050] which discloses receiving a “patient registration request” at the centralized authentication server which is understood to read on an enrollment request; See Rose Par [0111] which discloses the method being operational by a mobile communication device to facilitate performing a test with a diagnostic device and securely sharing test results, such that a unique patient identifier is associated with a particular user of the mobile communication device and/or user of the communication device, i.e. the user device is associated with an individual; See Rose Par [0005] which discloses the use of a communication interface for transmitting information; See Rose Par [0089] which discloses the various processing entities being coupled to a storage device and/or a communication interface);
generate a profile associated with the individual (Without further specifying a “profile”, any account/registration with an electronic entity that contains patient information can constitute a “profile” under broadest reasonable interpretation (BRI), therefore, see Rose Par [0046] which discloses the application gathering various registration information from the patient and issuing the patient certificates to be stored on the patient phone/tablet, i.e. interpreted to be a profile for a patient; further, see Rose Par [0050] which discloses the patient registering with the software application and including patient information in a patient certificate associated with the software application/devices such as to be used for generation of a private digital key), the profile comprising profile data (“Profile data” is understood to constitute any type of electronic, demographic, or identifying information associated with a user for populating an electronic profile, therefore see Rose Par [0050] which discloses the patient registering with the software application and including patient information in a patient certificate associated with the software application/devices, the certificates containing patient information such as name, address, patient identifier, etc.);
store the profile on a blockchain network (See Rose Fig. 2E and Par [0084]-[0085] which discloses relaying test results and a zero-knowledge proof, the proof used in the private digital key for the patient form that contains the patient/profile information certificates discussed above, and the test results and zero-knowledge proof being stored in either both an internal database or a public blockchain network);
receive, via the communication interface, a test result from the facility device, the test result being associated with a diagnostic test of the individual, the facility device being associated with a facility (See Rose Fig. 2E and Par [0084]-[0085] which discloses relaying test results and a zero-knowledge proof, the proof used in the private digital key for the patient form that contains the patient/profile information certificates discussed above; See Rose Par [0005], [0013]-[0014] which discloses the testing device specifically being a diagnostic testing device for diagnostic tests and thereby the associated test results constituting diagnostic test results under BRI; See Rose Par [0037] & [0043] which discloses the communication interface communicating with other devices and specifically recite interfacing to health provider’s medical records systems; See Rose Par [0089] which discloses transmitting information to/from the diagnostic device and being able to establish a communication link with a mobile communication device associated with a unique patient identifier, therefore a user device, a facility device, and establishment device or all met by the mobile communication device, the diagnostic device, and the health provider’s medical records systems);
append the profile of the individual with the test result (under BRI, “append” is understood to include associating the test results to a profile/record/certificate of the individual, therefore see Rose Par [0044] which discloses transcribing the medical reports, i.e. test results, into the medical service provider’s patient records system thereby associating the test results with a medical profile/record of the individual; further, see Rose Par [0084]-[0085] which discloses relaying test results and a zero-knowledge proof, the proof used in the private digital key for the patient form that contains the patient/profile information certificates discussed above thereby also associating or appending test results to certificates/profile of the individual);
determine whether a facility associated with the facility is an approved certifying facility (See Rose Par [0055] which discloses establishing a link between a patient’s phone and the correct doctor’s printer such that the software application knows the correct printer box identifier and the diagnostic box results, i.e. test results, can be sent by the patient phone to the correct doctor/printer, i.e. the facility ordering the test is an approved facility for receiving the results);
create, responsive to determining that the facility is one of the approved certifying facilities, a digitally signed token comprising an indication of the test result (See Rose Par [0055] which discloses establishing a link between a patient’s phone and the correct doctor’s printer such that the software application knows the correct printer box identifier and the diagnostic box results, i.e. test results, can be sent by the patient phone to the correct doctor/printer, i.e. the facility ordering the test is an approved facility for receiving the test results; See Rose Par [0090] which further specifies the embodiments of Par [0055], i.e. the diagnostic device may be provisioned, pre-loaded, or pre-configured with a first private key and a first public key cryptographic pair, and a unique box identifier stored in the storage device, the used to encrypt or cryptographically secure test results sent from the diagnostic box and the box may serve to restrict usage of the diagnostic box to an approved user/patient (e.g., a user/patient that is able to provide the same box identifier), however Rose does not seem to explicitly disclose the unique code comprising an indication of the test result, for example, a test result being positive/negative/flagged if out of ordinary for the patient or typical physiological range and/or different perceptible colors)
create a unique code associated with the individual, the unique code encoding the digitally signed token (See Rose Par [0055] which discloses establishing a link between a patient’s phone and the correct doctor’s printer such that the software application knows the correct printer box identifier and the diagnostic box results, i.e. test results, can be sent by the patient phone to the correct doctor/printer, i.e. the facility ordering the test is an approved facility for receiving the test results; See Rose Par [0090] which further specifies the embodiments of Par [0055], i.e. the diagnostic device may be provisioned, pre-loaded, or pre-configured with a first private key and a first public key cryptographic pair, and a unique box identifier stored in the storage device, the used to encrypt or cryptographically secure test results sent from the diagnostic box and the box may serve to restrict usage of the diagnostic box to an approved user/patient (e.g., a user/patient that is able to provide the same box identifier); while not a “token” per se, see Rose Par [0010] which discloses digitally signing an encrypted test result using a diagnostic device private key and Par [0030] & [0057] which discloses that the test result can be digitally signed so that a receiving party/entity can be certain that the test was performed, i.e. a token indicating and verifying that the test was performed and digitally signed by an entity, however Rose does not seem to explicitly disclose the unique code comprising an indication of the test result, for example, a test result being positive/negative/flagged if out of ordinary for the patient or typical physiological range),
transmit, via the communication interface, the unique code encoding to the user device associated with the individual (See Rose Par [0057] which discloses the test results being sent to the patient phone by encrypting the results using the patient public key and the diagnostic box private key, i.e. the unique code associated with the individual is sent or transmitted to the user device; See Rose Par [0005] which discloses the use of a communication interface for transmitting information; See Rose Par [0089] which discloses the various processing entities being coupled to a storage device and/or a communication interface);
transmit, via the communication interface, a key to the establishment device, located at the physical establishment, wherein the establishment device is configured verify the unique code against the key and to confirm that the color attribute corresponds to the indication of the test result before granting the individual entry to the physical establishment (See Rose Par [0076] which discloses communicating with a patient’s phone to send a message requesting the patient to come in for a visit, while having authenticated proof that the message was delivered to the patient’s phone; See Rose Par [0097] which discloses a test authorization message being received from the authorization server if the test authorization request is authorized; See Rose Par [0102] which discloses a test result decryption module that decrypts encrypted test results from an authentication server when a diagnostic device public key is matched by the authentication server, i.e. the health provider’s medical records systems has an associated unique code that has to match the diagnostic device’s code to upload said results, and is checked by the authentication server, therefore constituting transmitting a key to an establishment device, and verifying the unique code against the key; See Rose Par [0037] & [0043] which discloses the communication interface communicating with other devices and specifically recite interfacing to health provider’s medical records systems; See Rose Par [0089] which discloses transmitting information to/from the diagnostic device and being able to establish a communication link with a mobile communication device associated with a unique patient identifier, therefore a user device, a facility device, and establishment device are all met by the mobile communication device, the diagnostic device, and the health provider’s medical records systems with the associated authentication server; See Rose Par [0090] which discloses the diagnostic device being provisioned, preloaded, or pre-configured with a first private key and a first public key cryptographic pair, and a unique box identifier stored in the storage device; however, Rose does not specifically recite granting the user access to a physical establishment, per se, by verifying the unique code against the key per se);
output, via an electronic output of the establishment device, an authorization indication for permitting or denying the individual entry to the physical establishment (See Rose Par [0090] which discloses the diagnostic device being provisioned, preloaded, or pre-configured with a first private key and a first public key cryptographic pair, and a unique box identifier stored in the storage device; however, Rose does not specifically recite granting the user access to a physical establishment, per se).
As discussed above, Rose Par [0090] discloses that the diagnostic device may be provisioned, pre-loaded, or pre-configured with a first private key and a first public key cryptographic pair, and a unique box identifier stored in the storage device, the used to encrypt or cryptographically secure test results sent from the diagnostic box and the box may serve to restrict usage of the diagnostic box to an approved user/patient (e.g., a user/patient that is able to provide the same box identifier), however Rose does not seem to explicitly disclose the unique code comprising an indication of the test result, for example, a test result being positive/negative/flagged if out of ordinary for the patient or typical physiological range. Furthermore, Rose does not seem to specifically disclose granting the user access to a physical establishment, per se, by verifying the unique code against the key.
However, Holmes discloses a system wherein the digitally signed token comprises (i) an indication of the test result (See Holmes Par [0160] which discloses the device being loaded or preloaded with information to be used for subsequent subject identification, such that assay results in said device may be analyzed and compared to data stored on said device (and/or external to the device) to determine the identification of an individual and Holmes Par [0164] further discloses that the assay data and/or associated subject identification being transmitted in an encrypted manner, i.e. the unique code comprises an indication of the test result, i.e. indication of the test result for determining the user of the device) and granting the user access to a physical establishment (See Holmes Par [0436]-[0437] which discloses the subject’s identity being verified prior to providing access for a subject to an item, location, and/or service, such as a healthcare facility, hospital, emergency room, clinic, laboratory, pharmacy, physician office, financial facility, and/or means of transportation, such as vehicles, cars, buses, etc.). The disclosure of Holmes is directly applicable to the disclosure of Rose because both disclosures share limitations and capabilities, such as both being directed towards secure communication and transmission of medical test results between patient and provider systems.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the disclosure of Rose, which already discloses creating a unique code associated with the individual, to further specifically include the unique code comprising an indication of the test result and providing access to a physical establishment, as disclosed by Holmes. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the disclosure of Rose with the disclosure of Holmes regarding the unique code comprises an indication of the test result, because the unique code comprising an indication of the test result allows for the system to receive and utilize conditional information to determine whether information should be transmitted, such as in the case of Holmes Par [0160] & [0164] which uses confirmation of the subject’s identification. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the disclosure of Rose with the disclosure of Holmes regarding granting the user access to a physical establishment by verifying the unique code against the key, because this allows for identification, e.g. genetic signature identification, of a subject to grant the subject access to a location, item, and/or service to control access (See Holmes Par [0436]-[0437])
While Rose and Holmes disclose generation of a unique code comprising an indication of the test result, Rose and Holmes do not explicitly disclose:
the unique code (i) comprising a human-perceptible color attribute selected from a plurality of discrete colors, the color attribute corresponding to the indication of the test result
the digitally signed token comprising (ii) a human-perceptible color attribute selected from a plurality of discrete colors, the color attribute corresponding to the indication of the test result, wherein
the digitally signed token is associated with an expiration time defining a validity period, the color attribute is automatically updated to a predefined default color indicating the unique code is no longer valid;
confirm that the color attribute corresponds to the indication of the test result before granting the individual entry to the physical establishment;
determine whether the validity period has expired based at least in part on the expiration time;
upon expiration of the validity period, present a predefined default color indicating the unique code is no longer valid; and
output an authorization indication for permitting or denying the individual entry to the physical establishment.
However, Mahaffey discloses the unique code (i) comprising a human-perceptible color attribute selected from a plurality of discrete colors, the color attribute corresponding to the indication of the test result (See Mahaffey Par [0160]-[0163] which discloses the overall security status of the user and associated mobile device with the color of an icon as a visual representation of the current security status, such that, for example, a green icon may indicate that everything is okay, i.e. indication of the result of a security test, a yellow icon may indicate a problem, and a red icon indicating immediate attention is necessary), (ii) being associated with a validity period such that, upon expiration of the validity period, the color attribute is automatically updated to a predefined default color indicating the unique code is no longer valid (See Mahaffey Par [0493]-[0494] which discloses that assessments and stored assessments are only considered valid for a period of time so that the data does not rely on data that is potentially out of data), and confirm that the color attribute corresponds to the indication of the test result before granting the individual entry to the physical establishment (See Mahaffey Par [0160]-[0163] which discloses the overall security status of the user and associated mobile device with the color of an icon as a visual representation of the current security status, such that, for example, a green icon may indicate that everything is okay, i.e. indication of the result of a security test, a yellow icon may indicate a problem, and a red icon indicating immediate attention is necessary; See Mahaffey Par [0911]-[0912] which discloses instances of the security component are instantiated on pieces of network infrastructure that are part of the route from the physical location of user to a destination computing device such that the system evaluates source information to determine whether to allow or deny access request) determine whether the validity period has expired based at least in part on the expiration time (See Mahaffey Par [0494] which discloses that assessment and definitions are only considered valid for a period of time so that the system does not rely on data or indications that are potentially out of date; See Mahaffey Par [0206] which discloses that server may check to see if the security state information for device is up to date, i.e. expired based on the validity period; See Mahaffey Par [0500] which discloses if the server returns an unknown assessment indicating identifying information for the data object, a temporary assessment indicating that the data object is allowed, and the time period the assessment is valid for, such that as described in Mahaffey Par [0160]-[0162], an indicator of the status of the device, such as the time period for valid assessment, can be outputted such that a yellow or red icon can be presented to indicate a potential problem and a red icon may indicate a high severity security event); upon expiration of the validity period, present a predefined default color indicating the unique code is no longer valid (See Mahaffey Par [0500] which discloses if the server returns an unknown assessment indicating identifying information for the data object, a temporary assessment indicating that the data object is allowed, and the time period the assessment is valid for, such that as described in Mahaffey Par [0160]-[0162], an indicator of the status of the device, such as the time period for valid assessment, can be outputted such that a yellow or red icon can be presented to indicate a potential problem and a red icon may indicate a high severity security event; See Mahaffey Par [0911]-[0912] which discloses instances of the security component are instantiated on pieces of network infrastructure that are part of the route from the physical location of user to a destination computing device such that the system evaluates source information to determine whether to allow or deny access request and as described in Mahffey Par [0500], said information can include temporary assessment indicating that the data object is allowed); and output an authorization indication for permitting or denying the individual entry to the physical establishment (See Mahaffey Par [0160]-[0163] which discloses the overall security status of the user and associated mobile device with the color of an icon as a visual representation of the current security status, such that, for example, a green icon may indicate that everything is okay, i.e. indication of the result of a security test, a yellow icon may indicate a problem, and a red icon indicating immediate attention is necessary; See Mahaffey Par [0911]-[0912] which discloses instances of the security component are instantiated on pieces of network infrastructure that are part of the route from the physical location of user to a destination computing device such that the system evaluates source information to determine whether to allow or deny access request; See Mahaffey Par [0500] which discloses if the server returns an unknown assessment indicating identifying information for the data object, a temporary assessment indicating that the data object is allowed, and the time period the assessment is valid for). The disclosure of Mahaffey is directly applicable to the combined disclosure of Rose and Holmes, because the disclosures share limitations and capabilities, such as being directed towards managing security systems, especially in medical settings.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined disclosure of Rose and Holmes which already discloses generation of a unique code comprising an indication of the test result, to further include the unique code (i) comprising a human-perceptible color attribute selected from a plurality of discrete colors, the color attribute corresponding to the indication of the test result and (ii) being associated with a validity period such that, upon expiration of the validity period, the color attribute is automatically updated to a predefined default color indicating the unique code is no longer valid and confirm that the color attribute corresponds to the indication of the test result before granting the individual entry to the physical establishment, as disclosed by Mahaffey, because this allows for (i) an icon being displayed in a dynamic manner that includes in the image an indication of the overall security status for immediate identification of if there are security issues that may need attention (See Mahaffey Par [0160]), and (ii) so that the mobile communications device does not rely on data that is potentially out of date (Se Mahaffey Par [0494]), and because this allows for the access request being denied if source information indicates that a network connection or access request is not trusted/valid (See Mahaffey Par [0912]), respectively. Furthermore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined disclosure of Rose and Holmes which already discloses generation of a unique code comprising an indication of the test result, to further include the unique code, determining whether the validity period has expired based at least in part on the expiration time upon expiration of the validity period, and presenting a predefined default color indicating the unique code is no longer valid output an authorization indication for permitting or denying the individual entry to the physical establishment, as further disclosed by Mahaffey, so that the system may check to see if the security state information for device is up to date and thereby does not rely on security data or indications that are potentially out of date (See Mahaffey Par [0494] & [0500]).
Claim 2 –
Regarding Claim 2, Rose, Holmes, and Mahaffey disclose the secured validation system of Claim 1 in its entirety. Rose further discloses a secured validation system, wherein:
the test result associated with the diagnostic test of the individual is received from a lab system entity (the BRI of “lab system entity” is understood to include any lab or physiological/patient diagnostic testing device, therefore see Rose Par [0037] which discloses the diagnostic/testing boxes/devices including an integrated lab that permits testing blood/bodily fluid for various conditions).
Claim 3 –
Regarding Claim 3, Rose, Holmes, and Mahaffey disclose the secured validation system of Claim 1 in its entirety. Rose further discloses a secured validation system, wherein:
the test result associated with the diagnostic test of the individual is received from a health system entity (it should be noted that without specifying the difference between the language of Claim 2 and Claim 3 regarding a “lab system entity” and/or “health system entity” the BRI of “health system entity” seem to overlap and are understood to both include any lab or physiological/patient diagnostic testing device that which a doctor or healthcare provider provides to the patient, therefore see Rose Par [0037] which discloses the diagnostic/testing boxes/devices including an integrated lab that permits testing blood/bodily fluid for various conditions).
Claim 4 –
Regarding Claim 4, Rose, Holmes, and Mahaffey disclose the secured validation system of Claim 1 in its entirety. Holmes further discloses a secured validation system, wherein:
the profile data comprises an image of the individual (See Holmes Par [0130] which discloses capturing an image of the individual such that the image may be associated with the genetic signature described throughout Holmes, the genetic signature constituting a profile of the patient; See Holmes Par [0209] which discloses capturing images or videos over one or more periods of time such as in Holmes Par [0222] for purposes of capturing an image of the subject’s face, body, etc., that may be useful for identifying the subject),
the one or more processors are further collectively configured to assign a universally unique identifier to the image of the individual (See Holmes Par [0130] which discloses capturing an image of the individual such that the image may be associated with the genetic signature described throughout Holmes, the genetic signature constituting a profile of the patient; See Holmes Par [0209] which discloses capturing images or videos over one or more periods of time such as in Holmes Par [0222] for purposes of capturing an image of the subject’s face, body, etc., that may be useful for identifying the subject; See Holmes Par [0225] which discloses the information collected by the system, e.g. the images/videos captured from Holmes Par [0209] & [0222], being used as a static and/or dynamic component of the genetic (i.e. unique) identifier of the individual; See Rose Par [0116] & [0119] which discloses various processors and controllers to execute instructions stored on one or more memories that are coupled/connected to the system; See Rose Par [0089] which discloses the various processing entities being coupled to a storage device and/or a communication interface), and
the image of the individual is included in the digitally signed token and encoded in the unique code (See Rose Par [0076] which discloses communicating with a patient’s phone to send a message requesting the patient to come in for a visit, while having authenticated proof that the message was delivered to the patient’s phone; See Rose Par [0097] which discloses a test authorization message being received from the authorization server if the test authorization request is authorized; while not a “token” per se, see Rose Par [0010] which discloses digitally signing an encrypted test result using a diagnostic device private key and Par [0030] & [0057] which discloses that the test result can be digitally signed so that a receiving party/entity can be certain that the test was performed, i.e. a token indicating and verifying that the test was performed and digitally signed by an entity; See Holmes Par [0222] which discloses using further identification of the subject such as an image captured of the subject; See Holmes Par [0209] which discloses capturing images or videos over one or more periods of time such as in Holmes Par [0222] for purposes of capturing an image of the subject’s face, body, etc., that may be useful for identifying the subject; See Holmes Par [0225] which discloses the information collected by the system, e.g. the images/videos captured from Holmes Par [0209] & [0222], being used as a static and/or dynamic component of the genetic (i.e. unique) identifier of the individual; ).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined disclosure of Rose, Holmes, and Mahaffey to further include the profile data comprising an image of the individual and assigning a unique code to the image of the individual, because this allows for assigning a unique identifier to an image of the subject’s face, body, etc., that may be useful for identifying the subject for assigning test results to the patient, ensuring the results are appended to the correct, identified patient (See Holmes Par [0222]).
Claim 5
Regarding Claim 5, Rose, Holmes, and Mahaffey disclose the secured validation system of Claim 4 in its entirety. Rose and Holmes further disclose a system, wherein:
the unique code is a (Applicant’s Specification does not specify a definition for “two-dimensional” code and is therefore understood to simply constitute a code that represents two variables/aspects of data, i.e. dimensions, and therefore see while not a “token” per se, see Rose Par [0010] which discloses digitally signing an encrypted test result using a diagnostic device private key and Par [0030] & [0057] which discloses that the test result can be digitally signed so that a receiving party/entity can be certain that the test was performed, i.e. a token indicating and verifying that the test was performed and digitally signed by an entity, i.e. two variables/aspects of the data; See Holmes Par [0160] which discloses the device being loaded or preloaded with information to be used for subsequent subject identification, such that assay results in said device may be analyzed and compared to data stored on said device (and/or external to the device) to determine the identification of an individual and Holmes Par [0164] further discloses that the assay data and/or associated subject identification being transmitted in an encrypted manner, i.e. the unique code comprises an indication of the test result, i.e. indication of the test result for determining the user of the device) and the profile data (see Rose Par [0050] which discloses the patient registering with the software application and including patient information in a patient certificate associated with the software application/devices, the certificates containing patient information such as name, address, patient identifier, etc.; See Rose Par [0084]-[0085] which discloses relaying test results and a zero-knowledge proof, the proof used in the private digital key for the patient form that contains the patient/profile information certificates discussed above thereby also associating or appending test results to certificates/profile of the individual), wherein
the digitally signed token is associated with the key (See Rose Par [0117] which discloses information data being passed, forwarded, or transmitted via token-passing such as the public keys described in Rose Par [0063]-[0064]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined disclosure of Rose, Holmes, and Mahaffey with the disclosure of Holmes regarding the unique code is a digitally signed token comprising the indication of the test result because the unique code comprising an indication of the test result allows for the system to receive and utilize conditional information to determine whether information should be transmitted, such as in the case of Holmes Par [0160] & [0164] which uses confirmation of the subject’s identification.
Claim 6 –
Regarding Claim 6, Rose, Holmes, and Mahaffey disclose the secured validation system of Claim 5 in its entirety. Rose further discloses a system, wherein:
the key is a public key (See Rose Par [0049] which discloses obtaining/generating a patient-specific public and private key pair and associating it with a printer box/device in response to an enrollment request; See Rose Par [0055] which discloses establishing a link between a patient’s phone and the correct doctor’s printer, i.e. the public key being sent to the establishment device, such that the software application knows the correct printer box identifier and the diagnostic box results, i.e. test results, can be sent by the patient phone to the correct doctor/printer, i.e. the facility ordering the test is an approved facility for receiving the test results; See Rose Par [0076] which discloses communicating with a patient’s phone to send a message requesting the patient to come in for a visit, while having authenticated proof that the message was delivered to the patient’s phone; See Rose Par [0097] which discloses a test authorization message being received from the authorization server if the test authorization request is authorized).
Claim 8 –
Regarding Claim 8, Rose discloses a computer-implemented method for restricting access to a physical establishment by verifying authenticity of a test result, the method comprising:
receiving an enrollment request from a user device associated with an individual (While not an “enrollment request” per se, see Rose Par [0050] which discloses receiving a “patient registration request” at the centralized authentication server which is understood to read on an enrollment request; See Rose Par [0111] which discloses the method being operational by a mobile communication device to facilitate performing a test with a diagnostic device and securely sharing test results, such that a unique patient identifier is associated with a particular user of the mobile communication device and/or user of the communication device, i.e. the user device is associated with an individual; See Rose Par [0089] which discloses transmitting information to/from the diagnostic device and being able to establish a communication link with a mobile communication device associated with a unique patient identifier);
generating a profile associated with the individual (Without further specifying a “profile”, any account/registration with an electronic entity that contains patient information can constitute a “profile” under broadest reasonable interpretation (BRI), therefore, see Rose Par [0046] which discloses the application gathering various registration information from the patient and issuing the patient certificates to be stored on the patient phone/tablet, i.e. interpreted to be a profile for a patient; further, see Rose Par [0050] which discloses the patient registering with the software application and including patient information in a patient certificate associated with the software application/devices such as to be used for generation of a private digital key), the profile comprising profile data (“Profile data” is understood to constitute any type of electronic, demographic, or identifying information associated with a user for populating an electronic profile, therefore see Rose Par [0050] which discloses the patient registering with the software application and including patient information in a patient certificate associated with the software application/devices, the certificates containing patient information such as name, address, patient identifier, etc.);
storing the profile on a blockchain network (See Rose Fig. 2E and Par [0084]-[0085] which discloses relaying test results and a zero-knowledge proof, the proof used in the private digital key for the patient form that contains the patient/profile information certificates discussed above, and the test results and zero-knowledge proof being stored in either both an internal database or a public blockchain network);
receiving a test result from a facility device, associated with a facility, the test result being associated with a diagnostic test of the individual (See Rose Fig. 2E and Par [0084]-[0085] which discloses relaying test results and a zero-knowledge proof, the proof used in the private digital key for the patient form that contains the patient/profile information certificates discussed above; See Rose Par [0005], [0013]-[0014] which discloses the testing device specifically being a diagnostic testing device for diagnostic tests and thereby the associated test results constituting diagnostic test results under BRI; See Rose Par [0037] & [0043] which discloses the communication interface communicating with other devices and specifically recite interfacing to health provider’s medical records systems; See Rose Par [0089] which discloses transmitting information to/from the diagnostic device and being able to establish a communication link with a mobile communication device associated with a unique patient identifier, therefore a user device, a facility device, and establishment device or all met by the mobile communication device, the diagnostic device, and the health provider’s medical records systems);
appending the profile of the individual with the test result (under BRI, “append” is understood to include associating the test results to a profile/record/certificate of the individual, therefore see Rose Par [0044] which discloses transcribing the medical reports, i.e. test results, into the medical service provider’s patient records system thereby associating the test results with a medical profile/record of the individual; further, see Rose Par [0084]-[0085] which discloses relaying test results and a zero-knowledge proof, the proof used in the private digital key for the patient form that contains the patient/profile information certificates discussed above thereby also associating or appending test results to certificates/profile of the individual);
determining whether the facility is an approved certifying facility (See Rose Par [0055] which discloses establishing a link between a patient’s phone and the correct doctor’s printer such that the software application knows the correct printer box identifier and the diagnostic box results, i.e. test results, can be sent by the patient phone to the correct doctor/printer, i.e. the facility ordering the test is an approved facility for receiving the results);
creating, responsive to determining that the facility is one of the approved certifying facilities, a digitally signed token comprising an indication of the test result (See Rose Par [0055] which discloses establishing a link between a patient’s phone and the correct doctor’s printer such that the software application knows the correct printer box identifier and the diagnostic box results, i.e. test results, can be sent by the patient phone to the correct doctor/printer, i.e. the facility ordering the test is an approved facility for receiving the test results; See Rose Par [0090] which further specifies the embodiments of Par [0055], i.e. the diagnostic device may be provisioned, pre-loaded, or pre-configured with a first private key and a first public key cryptographic pair, and a unique box identifier stored in the storage device, the used to encrypt or cryptographically secure test results sent from the diagnostic box and the box may serve to restrict usage of the diagnostic box to an approved user/patient (e.g., a user/patient that is able to provide the same box identifier), however Rose does not seem to explicitly disclose the unique code comprising an indication of the test result, for example, a test result being positive/negative/flagged if out of ordinary for the patient or typical physiological range and/or different perceptible colors);
creating a unique code associated with the individual, the unique code encoding the digitally signed token (See Rose Par [0055] which discloses establishing a link between a patient’s phone and the correct doctor’s printer such that the software application knows the correct printer box identifier and the diagnostic box results, i.e. test results, can be sent by the patient phone to the correct doctor/printer, i.e. the facility ordering the test is an approved facility for receiving the test results; See Rose Par [0090] which further specifies the embodiments of Par [0055], i.e. the diagnostic device may be provisioned, pre-loaded, or pre-configured with a first private key and a first public key cryptographic pair, and a unique box identifier stored in the storage device, the used to encrypt or cryptographically secure test results sent from the diagnostic box and the box may serve to restrict usage of the diagnostic box to an approved user/patient (e.g., a user/patient that is able to provide the same box identifier); while not a “token” per se, see Rose Par [0010] which discloses digitally signing an encrypted test result using a diagnostic device private key and Par [0030] & [0057] which discloses that the test result can be digitally signed so that a receiving party/entity can be certain that the test was performed, i.e. a token indicating and verifying that the test was performed and digitally signed by an entity, however Rose does not seem to explicitly disclose the unique code comprising an indication of the test result, for example, a test result being positive/negative/flagged if out of ordinary for the patient or typical physiological range),
transmitting the unique code to the user device associated with the individual (See Rose Par [0057] which discloses the test results being sent to the patient phone by encrypting the results using the patient public key and the diagnostic box private key, i.e. the unique code associated with the individual is sent or transmitted to the user device);
receiving the unique code from an establishment device (See Rose Par [0057] which discloses upon the test result becoming available two copies of the results are encrypted and sent to the patient phone, i.e. received by the patient phone, such as in the form of a private key, i.e. unique code, and being generated by the diagnostic box/system); and
transmitting a key to an establishment device located at the physical establishment, the establishment device verifying the unique code against the key (See Rose Par [0076] which discloses communicating with a patient’s phone to send a message requesting the patient to come in for a visit, while having authenticated proof that the message was delivered to the patient’s phone; See Rose Par [0097] which discloses a test authorization message being received from the authorization server if the test authorization request is authorized; See Rose Par [0102] which discloses a test result decryption module that decrypts encrypted test results from an authentication server when a diagnostic device public key is matched by the authentication server, i.e. the health provider’s medical records systems has an associated unique code that has to match the diagnostic device’s code to upload said results, and is checked by the authentication server, therefore constituting transmitting a key to an establishment device, and verifying the unique code against the key; See Rose Par [0037] & [0043] which discloses the communication interface communicating with other devices and specifically recite interfacing to health provider’s medical records systems; See Rose Par [0089] which discloses transmitting information to/from the diagnostic device and being able to establish a communication link with a mobile communication device associated with a unique patient identifier, therefore a user device, a facility device, and establishment device are all met by the mobile communication device, the diagnostic device, and the health provider’s medical records systems with the associated authentication server; See Rose Par [0090] which discloses the diagnostic device being provisioned, preloaded, or pre-configured with a first private key and a first public key cryptographic pair, and a unique box identifier stored in the storage device; however, Rose does not specifically recite granting the user access to a physical establishment, per se, by verifying the unique code against the key per se);
outputting, via an electronic output of the establishment device, an authorization indication for permitting or denying the individual entry to the physical establishment (See Rose Par [0090] which discloses the diagnostic device being provisioned, preloaded, or pre-configured with a first private key and a first public key cryptographic pair, and a unique box identifier stored in the storage device; however, Rose does not specifically recite granting the user access to a physical establishment, per se).
As discussed above, Rose Par [0090] discloses that the diagnostic device may be provisioned, pre-loaded, or pre-configured with a first private key and a first public key cryptographic pair, and a unique box identifier stored in the storage device, the used to encrypt or cryptographically secure test results sent from the diagnostic box and the box may serve to restrict usage of the diagnostic box to an approved user/patient (e.g., a user/patient that is able to provide the same box identifier), however Rose does not seem to explicitly disclose the unique code comprising an indication of the test result, for example, a test result being positive/negative/flagged if out of ordinary for the patient or typical physiological range. Furthermore, Rose does not seem to specifically disclose granting the user access to a physical establishment, per se, by verifying the unique code against the key.
However, Holmes discloses a system wherein the unique code comprises an indication of the test result (See Holmes Par [0160] which discloses the device being loaded or preloaded with information to be used for subsequent subject identification, such that assay results in said device may be analyzed and compared to data stored on said device (and/or external to the device) to determine the identification of an individual and Holmes Par [0164] further discloses that the assay data and/or associated subject identification being transmitted in an encrypted manner, i.e. the unique code comprises an indication of the test result, i.e. indication of the test result for determining the user of the device) and granting the user access to a physical establishment (See Holmes Par [0436]-[0437] which discloses the subject’s identity being verified prior to providing access for a subject to an item, location, and/or service, such as a healthcare facility, hospital, emergency room, clinic, laboratory, pharmacy, physician office, financial facility, and/or means of transportation, such as vehicles, cars, buses, etc.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the disclosure of Rose, which already discloses creating a unique code associated with the individual, to further specifically include the unique code comprising an indication of the test result and providing access to a physical establishment, as disclosed by Holmes. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the disclosure of Rose with the disclosure of Holmes regarding the unique code comprises an indication of the test result, because the unique code comprising an indication of the test result allows for the system to receive and utilize conditional information to determine whether information should be transmitted, such as in the case of Holmes Par [0160] & [0164] which uses confirmation of the subject’s identification. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the disclosure of Rose with the disclosure of Holmes regarding granting the user access to a physical establishment by verifying the unique code against the key, because this allows for identification, e.g. genetic signature identification, of a subject to grant the subject access to a location, item, and/or service to control access (See Holmes Par [0436]-[0437])
While Rose and Holmes disclose generation of a unique code comprising an indication of the test result, Rose and Holmes do not explicitly disclose:
the unique code (i) comprising a human-perceptible color attribute selected from a plurality of discrete colors, the color attribute corresponding to the indication of the test result
the digitally signed token comprising (ii) a human-perceptible color attribute selected from a plurality of discrete colors, the color attribute corresponding to the indication of the test result, wherein
the digitally signed token is associated with an expiration time defining a validity period, the color attribute is automatically updated to a predefined default color indicating the unique code is no longer valid;
determining, by the establishment device, whether the validity period has expired based at least in part on the expiration time;
confirming that the color attribute corresponds to the indication of the test result before granting the individual entry to the physical establishment;
upon expiration of the validity period, presenting a predefined default color indicating the unique code is no longer valid; and
outputting an authorization indication for permitting or denying the individual entry to the physical establishment.
However, Mahaffey discloses the unique code (i) comprising a human-perceptible color attribute selected from a plurality of discrete colors, the color attribute corresponding to the indication of the test result (See Mahaffey Par [0160]-[0163] which discloses the overall security status of the user and associated mobile device with the color of an icon as a visual representation of the current security status, such that, for example, a green icon may indicate that everything is okay, i.e. indication of the result of a security test, a yellow icon may indicate a problem, and a red icon indicating immediate attention is necessary), (ii) being associated with a validity period such that, upon expiration of the validity period, the color attribute is automatically updated to a predefined default color indicating the unique code is no longer valid (See Mahaffey Par [0493]-[0494] which discloses that assessments and stored assessments are only considered valid for a period of time so that the data does not rely on data that is potentially out of data), and confirm that the color attribute corresponds to the indication of the test result before granting the individual entry to the physical establishment (See Mahaffey Par [0160]-[0163] which discloses the overall security status of the user and associated mobile device with the color of an icon as a visual representation of the current security status, such that, for example, a green icon may indicate that everything is okay, i.e. indication of the result of a security test, a yellow icon may indicate a problem, and a red icon indicating immediate attention is necessary; See Mahaffey Par [0911]-[0912] which discloses instances of the security component are instantiated on pieces of network infrastructure that are part of the route from the physical location of user to a destination computing device such that the system evaluates source information to determine whether to allow or deny access request) determine whether the validity period has expired based at least in part on the expiration time (See Mahaffey Par [0494] which discloses that assessment and definitions are only considered valid for a period of time so that the system does not rely on data or indications that are potentially out of date; See Mahaffey Par [0206] which discloses that server may check to see if the security state information for device is up to date, i.e. expired based on the validity period; See Mahaffey Par [0500] which discloses if the server returns an unknown assessment indicating identifying information for the data object, a temporary assessment indicating that the data object is allowed, and the time period the assessment is valid for, such that as described in Mahaffey Par [0160]-[0162], an indicator of the status of the device, such as the time period for valid assessment, can be outputted such that a yellow or red icon can be presented to indicate a potential problem and a red icon may indicate a high severity security event); and output an authorization indication for permitting or denying the individual entry to the physical establishment (See Mahaffey Par [0160]-[0163] which discloses the overall security status of the user and associated mobile device with the color of an icon as a visual representation of the current security status, such that, for example, a green icon may indicate that everything is okay, i.e. indication of the result of a security test, a yellow icon may indicate a problem, and a red icon indicating immediate attention is necessary; See Mahaffey Par [0911]-[0912] which discloses instances of the security component are instantiated on pieces of network infrastructure that are part of the route from the physical location of user to a destination computing device such that the system evaluates source information to determine whether to allow or deny access request; See Mahaffey Par [0500] which discloses if the server returns an unknown assessment indicating identifying information for the data object, a temporary assessment indicating that the data object is allowed, and the time period the assessment is valid for).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined disclosure of Rose and Holmes which already discloses generation of a unique code comprising an indication of the test result, to further include the unique code (i) comprising a human-perceptible color attribute selected from a plurality of discrete colors, the color attribute corresponding to the indication of the test result and (ii) being associated with a validity period such that, upon expiration of the validity period, the color attribute is automatically updated to a predefined default color indicating the unique code is no longer valid and confirm that the color attribute corresponds to the indication of the test result before granting the individual entry to the physical establishment, as disclosed by Mahaffey, because this allows for (i) an icon being displayed in a dynamic manner that includes in the image an indication of the overall security status for immediate identification of if there are security issues that may need attention (See Mahaffey Par [0160]), and (ii) so that the mobile communications device does not rely on data that is potentially out of date (Se Mahaffey Par [0494]), and because this allows for the access request being denied if source information indicates that a network connection or access request is not trusted/valid (See Mahaffey Par [0912]), respectively. Furthermore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined disclosure of Rose and Holmes which already discloses generation of a unique code comprising an indication of the test result, to further include the unique code, determining whether the validity period has expired based at least in part on the expiration time upon expiration of the validity period, and presenting a predefined default color indicating the unique code is no longer valid output an authorization indication for permitting or denying the individual entry to the physical establishment, as further disclosed by Mahaffey, so that the system may check to see if the security state information for device is up to date and thereby does not rely on security data or indications that are potentially out of date (See Mahaffey Par [0494] & [0500]).
Claim 9 –
Regarding Claim 9, Rose, Holmes, and Mahaffey disclose the computer-implemented method of Claim 8 of its entirety. Holmes further discloses a method, further comprising:
assigning a universally unique identifier to an image of the individual (See Holmes Par [0130] which discloses capturing an image of the individual such that the image may be associated with the genetic signature described throughout Holmes, the genetic signature constituting a profile of the patient; See Holmes Par [0209] which discloses capturing images or videos over one or more periods of time such as in Holmes Par [0222] for purposes of capturing an image of the subject’s face, body, etc., that may be useful for identifying the subject; See Holmes Par [0225] which discloses the information collected by the system, e.g. the images/videos captured from Holmes Par [0209] & [0222], being used as a static and/or dynamic component of the genetic (i.e. unique) identifier of the individual), wherein
the profile data comprises the image of the individual and the unique code includes the image of the individual (See Holmes Par [0130] which discloses capturing an image of the individual such that the image may be associated with the genetic signature described throughout Holmes, the genetic signature constituting a profile of the patient; See Holmes Par [0209] which discloses capturing images or videos over one or more periods of time such as in Holmes Par [0222] for purposes of capturing an image of the subject’s face, body, etc., that may be useful for identifying the subject; See Rose Par [0076] which discloses communicating with a patient’s phone to send a message requesting the patient to come in for a visit, while having authenticated proof that the message was delivered to the patient’s phone; See Rose Par [0097] which discloses a test authorization message being received from the authorization server if the test authorization request is authorized; See Holmes Par [0222] which discloses using further identification of the subject such as an image captured of the subject; See Holmes Par [0209] which discloses capturing images or videos over one or more periods of time such as in Holmes Par [0222] for purposes of capturing an image of the subject’s face, body, etc., that may be useful for identifying the subject; See Holmes Par [0225] which discloses the information collected by the system, e.g. the images/videos captured from Holmes Par [0209] & [0222], being used as a static and/or dynamic component of the genetic (i.e. unique) identifier of the individual).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined disclosure of Rose, Holmes, and Mahaffey to further include the profile data comprising an image of the individual and assigning a unique identifier to the image of the individual, because this allows for assigning a unique identifier to an image of the subject’s face, body, etc., that may be useful for identifying the subject for assigning test results to the patient, ensuring the results are appended to the correct, identified patient (See Holmes Par [0222]).
Claim 10 –
Regarding Claim 10, Rose, Holmes, and Mahaffey disclose the computer-implemented method of Claim 9 of its entirety. Rose and Holmes further disclose a method, wherein:
the unique code is a digitally signed token comprising the indication of the test result and the profile data (See Holmes Par [0160] which discloses the device being loaded or preloaded with information to be used for subsequent subject identification, such that assay results in said device may be analyzed and compared to data stored on said device (and/or external to the device) to determine the identification of an individual and Holmes Par [0164] further discloses that the assay data and/or associated subject identification being transmitted in an encrypted manner, i.e. the unique code comprises an indication of the test result, i.e. indication of the test result for determining the user of the device) and the profile data (see Rose Par [0050] which discloses the patient registering with the software application and including patient information in a patient certificate associated with the software application/devices, the certificates containing patient information such as name, address, patient identifier, etc.; See Rose Par [0084]-[0085] which discloses relaying test results and a zero-knowledge proof, the proof used in the private digital key for the patient form that contains the patient/profile information certificates discussed above thereby also associating or appending test results to certificates/profile of the individual), wherein
the digitally signed token is associated with the public key (See Rose Par [0117] which discloses information data being passed, forwarded, or transmitted via token-passing such as the public keys described in Rose Par [0063]-[0064]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined disclosure of Rose, Holmes, and Mahaffey with the disclosure of Holmes regarding the unique code is a digitally signed token comprising the indication of the test result because the unique code comprising an indication of the test result allows for the system to receive and utilize conditional information to determine whether information should be transmitted, such as in the case of Holmes Par [0160] & [0164] which uses confirmation of the subject’s identification.
Claim 11 –
Regarding Claim 11, Rose, Holmes, and Mahaffey discloses the computer-implemented method of Claim 8 of its entirety. Rose further discloses a method, wherein:
the key is a public key (See Rose Par [0049] which discloses obtaining/generating a patient-specific public and private key pair and associating it with a printer box/device in response to an enrollment request; See Rose Par [0055] which discloses establishing a link between a patient’s phone and the correct doctor’s printer, i.e. the public key being sent to the establishment device, such that the software application knows the correct printer box identifier and the diagnostic box results, i.e. test results, can be sent by the patient phone to the correct doctor/printer, i.e. the facility ordering the test is an approved facility for receiving the test results; See Rose Par [0076] which discloses communicating with a patient’s phone to send a message requesting the patient to come in for a visit, while having authenticated proof that the message was delivered to the patient’s phone; See Rose Par [0097] which discloses a test authorization message being received from the authorization server if the test authorization request is authorized).
Claim 14 –
Regarding Claim 14, Rose, Holmes, and Mahaffey disclose the computer-implemented method of Claim 11 of its entirety. Rose further discloses a method, wherein:
the public key is configured to support certificate pinning (See Rose Par [0039] which discloses that the infrastructure centralized service may also issue a certificate to be stored, i.e. pinned, in the testing device; See Rose Par [0049] which discloses obtaining/generating a patient-specific public and private key pair and associating it with a printer box/device in response to an enrollment request; See Rose Par [0055] which discloses establishing a link between a patient’s phone and the correct doctor’s printer, i.e. the public key being sent to the establishment device, such that the software application knows the correct printer box identifier and the diagnostic box results, i.e. test results, can be sent by the patient phone to the correct doctor/printer, i.e. the facility ordering the test is an approved facility for receiving the test results).
Claim 17 –
Regarding Claim 17, Rose discloses a non-transitory machine-readable storage medium comprising machine-readable instructions for restricting access to a physical establishment by verifying authenticity of a test result, the machine-readable instructions when executed by one or more processors cause the one or more processors to collectively perform a method (See Rose Par [0113] which discloses a non-transitory processor-readable storage medium; See Rose Par [0116] & [0119] which discloses various processors and controllers to execute instructions stored on one or more memories that are coupled/connected to the system; See Rose Par [0089] which discloses the various processing entities being coupled to a storage device and/or a communication interface) comprising:
receiving an enrollment request from a user device associated with an individual (While not an “enrollment request” per se, see Rose Par [0050] which discloses receiving a “patient registration request” at the centralized authentication server which is understood to read on an enrollment request; See Rose Par [0111] which discloses the method being operational by a mobile communication device to facilitate performing a test with a diagnostic device and securely sharing test results, such that a unique patient identifier is associated with a particular user of the mobile communication device and/or user of the communication device, i.e. the user device is associated with an individual);
generating a profile associated with the individual (Without further specifying a “profile”, any account/registration with an electronic entity that contains patient information can constitute a “profile” under broadest reasonable interpretation (BRI), therefore, see Rose Par [0046] which discloses the application gathering various registration information from the patient and issuing the patient certificates to be stored on the patient phone/tablet, i.e. interpreted to be a profile for a patient; further, see Rose Par [0050] which discloses the patient registering with the software application and including patient information in a patient certificate associated with the software application/devices such as to be used for generation of a private digital key), the profile comprising profile data (“Profile data” is understood to constitute any type of electronic, demographic, or identifying information associated with a user for populating an electronic profile, therefore see Rose Par [0050] which discloses the patient registering with the software application and including patient information in a patient certificate associated with the software application/devices, the certificates containing patient information such as name, address, patient identifier, etc.);
storing the profile on a blockchain network (See Rose Fig. 2E and Par [0084]-[0085] which discloses relaying test results and a zero-knowledge proof, the proof used in the private digital key for the patient form that contains the patient/profile information certificates discussed above, and the test results and zero-knowledge proof being stored in either both an internal database or a public blockchain network);
receiving a test result from a facility device, associated with a facility, the test result being associated with a diagnostic test of the individual (See Rose Fig. 2E and Par [0084]-[0085] which discloses relaying test results and a zero-knowledge proof, the proof used in the private digital key for the patient form that contains the patient/profile information certificates discussed above; See Rose Par [0005], [0013]-[0014] which discloses the testing device specifically being a diagnostic testing device for diagnostic tests and thereby the associated test results constituting diagnostic test results under BRI; See Rose Par [0037] & [0043] which discloses the communication interface communicating with other devices and specifically recite interfacing to health provider’s medical records systems; See Rose Par [0089] which discloses transmitting information to/from the diagnostic device and being able to establish a communication link with a mobile communication device associated with a unique patient identifier, therefore a user device, a facility device, and establishment device or all met by the mobile communication device, the diagnostic device, and the health provider’s medical records systems with the associated authentication server);
appending the profile of the individual with the test result (under BRI, “updating” is understood to include associating the test results to a profile/record/certificate of the individual, therefore see Rose Par [0044] which discloses transcribing the medical reports, i.e. test results, into the medical service provider’s patient records system thereby associating the test results with a medical profile/record of the individual; further, see Rose Par [0084]-[0085] which discloses relaying test results and a zero-knowledge proof, the proof used in the private digital key for the patient form that contains the patient/profile information certificates discussed above thereby also associating or appending test results to certificates/profile of the individual);
determining whether the facility is an approved certifying facility (See Rose Par [0055] which discloses establishing a link between a patient’s phone and the correct doctor’s printer such that the software application knows the correct printer box identifier and the diagnostic box results, i.e. test results, can be sent by the patient phone to the correct doctor/printer, i.e. the facility ordering the test is an approved facility for receiving the results);
creating, responsive to determining that the facility is one of the approved certifying facilities, a digitally signed token comprising an indication of the test result (See Rose Par [0055] which discloses establishing a link between a patient’s phone and the correct doctor’s printer such that the software application knows the correct printer box identifier and the diagnostic box results, i.e. test results, can be sent by the patient phone to the correct doctor/printer, i.e. the facility ordering the test is an approved facility for receiving the test results; See Rose Par [0090] which further specifies the embodiments of Par [0055], i.e. the diagnostic device may be provisioned, pre-loaded, or pre-configured with a first private key and a first public key cryptographic pair, and a unique box identifier stored in the storage device, the used to encrypt or cryptographically secure test results sent from the diagnostic box and the box may serve to restrict usage of the diagnostic box to an approved user/patient (e.g., a user/patient that is able to provide the same box identifier), however Rose does not seem to explicitly disclose the unique code comprising an indication of the test result, for example, a test result being positive/negative/flagged if out of ordinary for the patient or typical physiological range and/or different perceptible colors)
creating a unique code associated with the individual, the unique code encoding the digitally signed token (See Rose Par [0055] which discloses establishing a link between a patient’s phone and the correct doctor’s printer such that the software application knows the correct printer box identifier and the diagnostic box results, i.e. test results, can be sent by the patient phone to the correct doctor/printer, i.e. the facility ordering the test is an approved facility for receiving the test results; See Rose Par [0090] which further specifies the embodiments of Par [0055], i.e. the diagnostic device may be provisioned, pre-loaded, or pre-configured with a first private key and a first public key cryptographic pair, and a unique box identifier stored in the storage device, the used to encrypt or cryptographically secure test results sent from the diagnostic box and the box may serve to restrict usage of the diagnostic box to an approved user/patient (e.g., a user/patient that is able to provide the same box identifier); while not a “token” per se, see Rose Par [0010] which discloses digitally signing an encrypted test result using a diagnostic device private key and Par [0030] & [0057] which discloses that the test result can be digitally signed so that a receiving party/entity can be certain that the test was performed, i.e. a token indicating and verifying that the test was performed and digitally signed by an entity, however Rose does not seem to explicitly disclose the unique code comprising an indication of the test result, for example, a test result being positive/negative/flagged if out of ordinary for the patient or typical physiological range),
transmitting the unique code to the user device associated with the individual (See Rose Par [0057] which discloses the test results being sent to the patient phone by encrypting the results using the patient public key and the diagnostic box private key, i.e. the unique code associated with the individual is sent or transmitted to the user device);
receiving the unique code from an establishment device located at the physical establishment (See Rose Par [0057] which discloses upon the test result becoming available two copies of the results are encrypted and sent to the patient phone, i.e. received by the patient phone, such as in the form of a private key, i.e. unique code, and being generated by the diagnostic box/system); and
transmitting a key to the establishment device, the establishment device verifying the unique code against the key (See Rose Par [0076] which discloses communicating with a patient’s phone to send a message requesting the patient to come in for a visit, while having authenticated proof that the message was delivered to the patient’s phone; See Rose Par [0097] which discloses a test authorization message being received from the authorization server if the test authorization request is authorized; See Rose Par [0102] which discloses a test result decryption module that decrypts encrypted test results from an authentication server when a diagnostic device public key is matched by the authentication server, i.e. the health provider’s medical records systems has an associated unique code that has to match the diagnostic device’s code to upload said results, and is checked by the authentication server, therefore constituting transmitting a key to an establishment device, and verifying the unique code against the key; See Rose Par [0037] & [0043] which discloses the communication interface communicating with other devices and specifically recite interfacing to health provider’s medical records systems; See Rose Par [0089] which discloses transmitting information to/from the diagnostic device and being able to establish a communication link with a mobile communication device associated with a unique patient identifier, therefore a user device, a facility device, and establishment device are all met by the mobile communication device, the diagnostic device, and the health provider’s medical records systems with the associated authentication server; See Rose Par [0090] which discloses the diagnostic device being provisioned, preloaded, or pre-configured with a first private key and a first public key cryptographic pair, and a unique box identifier stored in the storage device; however, Rose does not specifically recite granting the user access to a physical establishment, per se, by verifying the unique code against the key per se);
outputting, via an electronic output of the establishment device, an authorization indication for permitting or denying the individual entry to the physical establishment (See Rose Par [0090] which discloses the diagnostic device being provisioned, preloaded, or pre-configured with a first private key and a first public key cryptographic pair, and a unique box identifier stored in the storage device; however, Rose does not specifically recite granting the user access to a physical establishment, per se).).
As discussed above, Rose Par [0090] discloses that the diagnostic device may be provisioned, pre-loaded, or pre-configured with a first private key and a first public key cryptographic pair, and a unique box identifier stored in the storage device, the used to encrypt or cryptographically secure test results sent from the diagnostic box and the box may serve to restrict usage of the diagnostic box to an approved user/patient (e.g., a user/patient that is able to provide the same box identifier), however Rose does not seem to explicitly disclose the unique code comprising an indication of the test result, for example, a test result being positive/negative/flagged if out of ordinary for the patient or typical physiological range. Furthermore, Rose does not seem to specifically disclose granting the user access to a physical establishment, per se, by verifying the unique code against the key.
However, Holmes discloses a system wherein the unique code comprises an indication of the test result (See Holmes Par [0160] which discloses the device being loaded or preloaded with information to be used for subsequent subject identification, such that assay results in said device may be analyzed and compared to data stored on said device (and/or external to the device) to determine the identification of an individual and Holmes Par [0164] further discloses that the assay data and/or associated subject identification being transmitted in an encrypted manner, i.e. the unique code comprises an indication of the test result, i.e. indication of the test result for determining the user of the device) and granting the user access to a physical establishment (See Holmes Par [0436]-[0437] which discloses the subject’s identity being verified prior to providing access for a subject to an item, location, and/or service, such as a healthcare facility, hospital, emergency room, clinic, laboratory, pharmacy, physician office, financial facility, and/or means of transportation, such as vehicles, cars, buses, etc.). The disclosure of Holmes is directly applicable to the disclosure of Rose because both disclosures share limitations and capabilities, such as both being directed towards secure communication and transmission of medical test results between patient and provider systems.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the disclosure of Rose, which already discloses creating a unique code associated with the individual, to further specifically include the unique code comprising an indication of the test result and providing access to a physical establishment, as disclosed by Holmes. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the disclosure of Rose with the disclosure of Holmes regarding the unique code comprises an indication of the test result, because the unique code comprising an indication of the test result allows for the system to receive and utilize conditional information to determine whether information should be transmitted, such as in the case of Holmes Par [0160] & [0164] which uses confirmation of the subject’s identification. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the disclosure of Rose with the disclosure of Holmes regarding granting the user access to a physical establishment by verifying the unique code against the key, because this allows for identification, e.g. genetic signature identification, of a subject to grant the subject access to a location, item, and/or service to control access (See Holmes Par [0436]-[0437])
While Rose and Holmes disclose generation of a unique code comprising an indication of the test result, Rose and Holmes do not explicitly disclose:
the unique code (i) comprising a human-perceptible color attribute selected from a plurality of discrete colors, the color attribute corresponding to the indication of the test result
the digitally signed token comprising (ii) a human-perceptible color attribute selected from a plurality of discrete colors, the color attribute corresponding to the indication of the test result, wherein
the digitally signed token is associated with an expiration time defining a validity period, the color attribute is automatically updated to a predefined default color indicating the unique code is no longer valid;
confirming that the color attribute corresponds to the indication of the test result before granting the individual entry to the physical establishment;
determining whether the validity period has expired based at least in part on the expiration time;
upon expiration of the validity period, presenting a predefined default color indicating the unique code is no longer valid; and
outputting an authorization indication for permitting or denying the individual entry to the physical establishment.
However, Mahaffey discloses the unique code (i) comprising a human-perceptible color attribute selected from a plurality of discrete colors, the color attribute corresponding to the indication of the test result (See Mahaffey Par [0160]-[0163] which discloses the overall security status of the user and associated mobile device with the color of an icon as a visual representation of the current security status, such that, for example, a green icon may indicate that everything is okay, i.e. indication of the result of a security test, a yellow icon may indicate a problem, and a red icon indicating immediate attention is necessary), (ii) being associated with a validity period such that, upon expiration of the validity period, the color attribute is automatically updated to a predefined default color indicating the unique code is no longer valid (See Mahaffey Par [0493]-[0494] which discloses that assessments and stored assessments are only considered valid for a period of time so that the data does not rely on data that is potentially out of data), and confirm that the color attribute corresponds to the indication of the test result before granting the individual entry to the physical establishment (See Mahaffey Par [0160]-[0163] which discloses the overall security status of the user and associated mobile device with the color of an icon as a visual representation of the current security status, such that, for example, a green icon may indicate that everything is okay, i.e. indication of the result of a security test, a yellow icon may indicate a problem, and a red icon indicating immediate attention is necessary; See Mahaffey Par [0911]-[0912] which discloses instances of the security component are instantiated on pieces of network infrastructure that are part of the route from the physical location of user to a destination computing device such that the system evaluates source information to determine whether to allow or deny access request) determine whether the validity period has expired based at least in part on the expiration time (See Mahaffey Par [0494] which discloses that assessment and definitions are only considered valid for a period of time so that the system does not rely on data or indications that are potentially out of date; See Mahaffey Par [0206] which discloses that server may check to see if the security state information for device is up to date, i.e. expired based on the validity period; See Mahaffey Par [0500] which discloses if the server returns an unknown assessment indicating identifying information for the data object, a temporary assessment indicating that the data object is allowed, and the time period the assessment is valid for, such that as described in Mahaffey Par [0160]-[0162], an indicator of the status of the device, such as the time period for valid assessment, can be outputted such that a yellow or red icon can be presented to indicate a potential problem and a red icon may indicate a high severity security event); upon expiration of the validity period, present a predefined default color indicating the unique code is no longer valid (See Mahaffey Par [0500] which discloses if the server returns an unknown assessment indicating identifying information for the data object, a temporary assessment indicating that the data object is allowed, and the time period the assessment is valid for, such that as described in Mahaffey Par [0160]-[0162], an indicator of the status of the device, such as the time period for valid assessment, can be outputted such that a yellow or red icon can be presented to indicate a potential problem and a red icon may indicate a high severity security event; See Mahaffey Par [0911]-[0912] which discloses instances of the security component are instantiated on pieces of network infrastructure that are part of the route from the physical location of user to a destination computing device such that the system evaluates source information to determine whether to allow or deny access request and as described in Mahaffey Par [0500], said information can include temporary assessment indicating that the data object is allowed); and output an authorization indication for permitting or denying the individual entry to the physical establishment (See Mahaffey Par [0160]-[0163] which discloses the overall security status of the user and associated mobile device with the color of an icon as a visual representation of the current security status, such that, for example, a green icon may indicate that everything is okay, i.e. indication of the result of a security test, a yellow icon may indicate a problem, and a red icon indicating immediate attention is necessary; See Mahaffey Par [0911]-[0912] which discloses instances of the security component are instantiated on pieces of network infrastructure that are part of the route from the physical location of user to a destination computing device such that the system evaluates source information to determine whether to allow or deny access request; See Mahaffey Par [0500] which discloses if the server returns an unknown assessment indicating identifying information for the data object, a temporary assessment indicating that the data object is allowed, and the time period the assessment is valid for).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined disclosure of Rose and Holmes which already discloses generation of a unique code comprising an indication of the test result, to further include the unique code (i) comprising a human-perceptible color attribute selected from a plurality of discrete colors, the color attribute corresponding to the indication of the test result and (ii) being associated with a validity period such that, upon expiration of the validity period, the color attribute is automatically updated to a predefined default color indicating the unique code is no longer valid and confirm that the color attribute corresponds to the indication of the test result before granting the individual entry to the physical establishment, as disclosed by Mahaffey, because this allows for (i) an icon being displayed in a dynamic manner that includes in the image an indication of the overall security status for immediate identification of if there are security issues that may need attention (See Mahaffey Par [0160]), and (ii) so that the mobile communications device does not rely on data that is potentially out of date (Se Mahaffey Par [0494]), and because this allows for the access request being denied if source information indicates that a network connection or access request is not trusted/valid (See Mahaffey Par [0912]), respectively. Furthermore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined disclosure of Rose and Holmes which already discloses generation of a unique code comprising an indication of the test result, to further include the unique code, determining whether the validity period has expired based at least in part on the expiration time upon expiration of the validity period, and presenting a predefined default color indicating the unique code is no longer valid output an authorization indication for permitting or denying the individual entry to the physical establishment, as further disclosed by Mahaffey, so that the system may check to see if the security state information for device is up to date and thereby does not rely on security data or indications that are potentially out of date (See Mahaffey Par [0494] & [0500]).
Claim 18 –
Regarding Claim 18, Rose, Holmes, and Mahaffey disclose the non-transitory machine-readable storage medium of Claim 17 in its entirety. Holmes further discloses a non-transitory machine-readable storage medium, wherein the method further comprises:
assigning a universally unique identifier to an image of the individual (See Holmes Par [0130] which discloses capturing an image of the individual such that the image may be associated with the genetic signature described throughout Holmes, the genetic signature constituting a profile of the patient; See Holmes Par [0209] which discloses capturing images or videos over one or more periods of time such as in Holmes Par [0222] for purposes of capturing an image of the subject’s face, body, etc., that may be useful for identifying the subject; See Holmes Par [0225] which discloses the information collected by the system, e.g. the images/videos captured from Holmes Par [0209] & [0222], being used as a static and/or dynamic component of the genetic (i.e. unique) identifier of the individual); wherein
the profile data comprises the image of the individual and the unique code includes the message of the individual (See Holmes Par [0130] which discloses capturing an image of the individual such that the image may be associated with the genetic signature described throughout Holmes, the genetic signature constituting a profile of the patient; See Holmes Par [0209] which discloses capturing images or videos over one or more periods of time such as in Holmes Par [0222] for purposes of capturing an image of the subject’s face, body, etc., that may be useful for identifying the subject; See Rose Par [0076] which discloses communicating with a patient’s phone to send a message requesting the patient to come in for a visit, while having authenticated proof that the message was delivered to the patient’s phone; See Rose Par [0097] which discloses a test authorization message being received from the authorization server if the test authorization request is authorized; See Holmes Par [0222] which discloses using further identification of the subject such as an image captured of the subject).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined disclosure of Rose, Holmes, and Mahaffey to further include the profile data comprising an image of the individual and assigning a unique identifier to the image of the individual, because this allows for assigning a unique identifier to an image of the subject’s face, body, etc., that may be useful for identifying the subject for assigning test results to the patient, ensuring the results are appended to the correct, identified patient (See Holmes Par [0222]).
Claim 19 –
Regarding Claim 19, Rose, Holmes, and Mahaffey disclose the non-transitory machine-readable storage medium of Claim 18 in its entirety. Rose and Holmes further disclose a non-transitory machine-readable storage medium, wherein:
the unique code is a digitally signed token comprising the indication of the test result and the profile data (See Holmes Par [0160] which discloses the device being loaded or preloaded with information to be used for subsequent subject identification, such that assay results in said device may be analyzed and compared to data stored on said device (and/or external to the device) to determine the identification of an individual and Holmes Par [0164] further discloses that the assay data and/or associated subject identification being transmitted in an encrypted manner, i.e. the unique code comprises an indication of the test result, i.e. indication of the test result for determining the user of the device) and the profile data (see Rose Par [0050] which discloses the patient registering with the software application and including patient information in a patient certificate associated with the software application/devices, the certificates containing patient information such as name, address, patient identifier, etc.; See Rose Par [0084]-[0085] which discloses relaying test results and a zero-knowledge proof, the proof used in the private digital key for the patient form that contains the patient/profile information certificates discussed above thereby also associating or appending test results to certificates/profile of the individual), wherein
the digitally signed token is associated with the public key (See Rose Par [0117] which discloses information data being passed, forwarded, or transmitted via token-passing such as the public keys described in Rose Par [0063]-[0064]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined disclosure of Rose, Holmes, and Mahaffey with the disclosure of Holmes regarding the unique code is a digitally signed token comprising the indication of the test result because the unique code comprising an indication of the test result allows for the system to receive and utilize conditional information to determine whether information should be transmitted, such as in the case of Holmes Par [0160] & [0164] which uses confirmation of the subject’s identification.
Claim 20 –
Regarding Claim 20, Rose, Holmes, and Mahaffey disclose the non-transitory machine-readable storage medium of Claim 19 in its entirety. Rose further discloses a non-transitory machine-readable storage medium, wherein:
the key is a public key (See Rose Par [0049] which discloses obtaining/generating a patient-specific public and private key pair and associating it with a printer box/device in response to an enrollment request; See Rose Par [0055] which discloses establishing a link between a patient’s phone and the correct doctor’s printer, i.e. the public key being sent to the establishment device, such that the software application knows the correct printer box identifier and the diagnostic box results, i.e. test results, can be sent by the patient phone to the correct doctor/printer, i.e. the facility ordering the test is an approved facility for receiving the test results; See Rose Par [0076] which discloses communicating with a patient’s phone to send a message requesting the patient to come in for a visit, while having authenticated proof that the message was delivered to the patient’s phone; See Rose Par [0097] which discloses a test authorization message being received from the authorization server if the test authorization request is authorized).
Claim 21 –
Regarding Claim 21, Rose, Holmes, and Mahaffey disclose the secured validation system of claim 1 in its entirety. Holmes further discloses a system, wherein:
the physical establishment is an airport, hotel, resort, park, cruise ship, train, mass transit vehicle, workplace, factory, school, fitness center, retail store, port of entry, health care facilities or sports venue (See Holmes Par [0436]-[0437] which discloses the subject’s identity being verified prior to providing access for a subject to an item, location, and/or service, such as a healthcare facility, hospital, emergency room, clinic, laboratory, pharmacy, physician office, financial facility, and/or means of transportation, such as vehicles, cars, buses, etc.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the disclosure of Rose, Holmes, and Mahaffey with the disclosure of Holmes regarding granting the user access to a physical establishment, the physical establishment being an airport, hotel, resort, park, cruise ship, train, mass transit vehicle, workplace, factory, school, fitness center, retail store, port of entry, health care facilities or sports venue, by verifying the unique code against the key, because this allows for identification, e.g. genetic signature identification, of a subject to grant the subject access to a specific location, item, and/or service associated with a physical location to control access to that location/resource (See Holmes Par [0436]-[0437]).
Claim 22 –
Regarding Claim 22, Rose, Holmes, and Mahaffey disclose the computer-implemented method of claim 8 in its entirety. Holmes further discloses a method, wherein:
the physical establishment is an airport, hotel, resort, park, cruise ship, train, mass transit vehicle, workplace, factory, school, fitness center, retail store, port of entry, health care facilities or sports venue (See Holmes Par [0436]-[0437] which discloses the subject’s identity being verified prior to providing access for a subject to an item, location, and/or service, such as a healthcare facility, hospital, emergency room, clinic, laboratory, pharmacy, physician office, financial facility, and/or means of transportation, such as vehicles, cars, buses, etc.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the disclosure of Rose, Holmes, and Mahaffey with the disclosure of Holmes regarding granting the user access to a physical establishment, the physical establishment being an airport, hotel, resort, park, cruise ship, train, mass transit vehicle, workplace, factory, school, fitness center, retail store, port of entry, health care facilities or sports venue, by verifying the unique code against the key, because this allows for identification, e.g. genetic signature identification, of a subject to grant the subject access to a specific location, item, and/or service associated with a physical location to control access to that location/resource (See Holmes Par [0436]-[0437]).
Claim 23 –
Regarding Claim 23, Rose, Holmes, and Mahaffey disclose the non-transitory machine-readable storage medium of claim 17 in its entirety. Holmes further discloses a medium, wherein:
the physical establishment is an airport, hotel, resort, park, cruise ship, train, mass transit vehicle, workplace, factory, school, fitness center, retail store, port of entry, health care facilities or sports venue (See Holmes Par [0436]-[0437] which discloses the subject’s identity being verified prior to providing access for a subject to an item, location, and/or service, such as a healthcare facility, hospital, emergency room, clinic, laboratory, pharmacy, physician office, financial facility, and/or means of transportation, such as vehicles, cars, buses, etc.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the disclosure of Rose, Holmes, and Mahaffey with the disclosure of Holmes regarding granting the user access to a physical establishment, the physical establishment being an airport, hotel, resort, park, cruise ship, train, mass transit vehicle, workplace, factory, school, fitness center, retail store, port of entry, health care facilities or sports venue, by verifying the unique code against the key, because this allows for identification, e.g. genetic signature identification, of a subject to grant the subject access to a specific location, item, and/or service associated with a physical location to control access to that location/resource (See Holmes Par [0436]-[0437]).
Claims 7, 12-13, & 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Rose in view of Holmes, in view of Mahaffey, further in view of Brown et al. (U.S. Patent Publication No. 2018/0270065), hereinafter “Brown”.
Claim 7 –
Regarding Claim 7, Rose, Holmes, and Mahaffey discloses the secured validation system of Claim 5 in its entirety. Rose, Holmes, and Mahaffey do not further disclose a system, wherein:
the digitally signed token is signed using an Elliptic Curve Digital Signature Algorithm.
While the combined disclosure of Rose, Holmes, and Mahaffey disclose the use of a digitally signed token, Rose, Holmes, and Mahaffey do not seem to disclose signing the token using an Elliptic Curve Digital Signature Algorithm (ECDSA) in particular.
However, Brown discloses a system wherein the digitally signed token is signed using an ECDSA (See Brown Par [0068] which discloses that the mathematical properties of elliptic curves have been found desirable in cryptographic foundation and construction, such as for lattice-based approaches; See Brown Par [0143]-[0144] which discloses an ECDSA parameter being produced in signing the metadata fields/tokens corresponding to a distributed ledger transaction). The disclosure of Brown is directly applicable to the combined disclosure of Rose, Holmes, and Mahaffey because they share limitations and capabilities such as all being directed towards secure communication and transmission of electronic data/information over computer networks.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined disclosure of Rose, Holmes, and Mahaffey which already discloses the use of a digitally signed token to further include the digitally signed token being signed using an ECDSA, as disclosed by Brown, because the mathematical properties of elliptic curves have been found desirable in cryptographic foundation and construction, such as for lattice-based approaches (Brown [0068]).
Claim 12 –
Regarding Claim 12, Rose, Holmes, and Mahaffey disclose the computer-implemented method of Claim 11 of its entirety. Rose, Holmes, and Mahaffey do not disclose, but Brown further discloses a method, wherein:
the public key supports key rotation (See Brown Par [0103] which discloses the random keys being rotated periodically; See Brown Par [0157] which discloses one or more databases of keys rotating every so often, i.e. key rotation).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined disclosure of Rose, Holmes, and Mahaffey which already discloses the use of a public key that supports key rotation, as disclosed by Brown, because it helps generate and manage server secret values so that the authentication engine may remain a stateless service which does not need to maintain any state information w/r/t to the server secret values being issued, managed, and reissued (See Brown Par [0157]).
Claim 13 –
Regarding Claim 13, Rose, Holmes, and Mahaffey disclose the computer-implemented method of Claim 11 of its entirety. Rose, Holmes, and Mahaffey do not disclose, but Brown further discloses a method, wherein:
two or more active public keys are in key rotation (See Rose Par [0093] which discloses the use of one or more public keys intended for recipients; See Brown Par [0103] which discloses the random keys being rotated periodically; See Brown Par [0157] which discloses one or more databases of keys rotating every so often, i.e. key rotation).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined disclosure of Rose, Holmes, and Mahaffey which already discloses the use of multiple public keys that supports key rotation, as disclosed by Brown, because it helps generate and manage server secret values so that the authentication engine may remain a stateless service which does not need to maintain any state information w/r/t to the server secret values being issued, managed, and reissued (See Brown Par [0157]).
Claim 15 –
Regarding Claim 15, Rose, Holmes, and Mahaffey disclose the computer-implemented method of Claim 10 of its entirety. Rose, Holmes, and Mahaffey do not disclose, but Brown further discloses a method, wherein:
the digitally signed token is signed using an Elliptic Curve Digital Signature Algorithm (See Brown Par [0068] which discloses that the mathematical properties of elliptic curves have been found desirable in cryptographic foundation and construction, such as for lattice-based approaches; See Brown Par [0143]-[0144] which discloses an ECDSA parameter being produced in signing the metadata fields/tokens corresponding to a distributed ledger transaction).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined disclosure of Rose, Holmes, and Mahaffey which already discloses the use of a digitally signed token to further include the digitally signed token being signed using an ECDSA, as disclosed by Brown, because the mathematical properties of elliptic curves have been found desirable in cryptographic foundation and construction, such as for lattice-based approaches (Brown Par [0068]).
Claim 16 –
Regarding Claim 16, Rose, Holmes, and Mahaffey disclose the computer-implemented method of Claim 10 of its entirety. Rose, Holmes, and Mahaffey do not disclose, but Brown further discloses a method, further comprising:
creating a one-way hash using the digitally signed token (See Brown Par [0042] which discloses “zero-knowledge authentication information” being stored in a distributed ledger system, i.e. understood to constitute a token; See Brown Par [0018], [0023], [0055], & [0072] which discloses the zero-knowledge authentication information including a parameter derived at least in part from a one-way hash function); and
storing the one-way hash on the blockchain network (See Brown Par [0042] which discloses “zero-knowledge authentication information” being stored in a distributed ledger system, i.e. understood to constitute a token; See Brown Par [0018], [0023], [0055], & [0072] which discloses the zero-knowledge authentication information including a parameter derived at least in part from a one-way hash function; See Brown Par [0059] which discloses a block within the blockchain may include a zero-knowledge authentication information, i.e. the information derived at least in part from a one-way hash function).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined disclosure of Rose, Holmes, and Mahaffey which already discloses the use of a digitally signed token to further include creating a one-way hash using the digitally signed token and storing the one-way hash on the blockchain network, as disclosed by Brown, a one-way function computationally infeasible to reconstruct a user secret based on the mathematical principles used in a generator or base point of an elliptical curve which is already a public item (See Brown Par [0072]).
Response to Arguments
Applicant's arguments filed 13 March 2026 have been fully considered but they are not persuasive:
Regarding 35 U.S.C. 101 rejections of claims 1-23, Applicant argues on p. 14-15 that the claims are not fairly characterized because the operations recited are not reasonable performed in the human mind and are not fairly characterized as mere observation or mental evaluation of information. Therefore, under step 2A, Prong 1, the claims represent patent-eligible subject matter. Examiner respectfully disagrees with Applicant’s arguments. As characterized above, the limitations amount to mere efforts that can be reasonably performed in the human mind, but for recitation or performance by generic computer components, and/or directed towards methods of organizing human activity, such as by managing personal behavior or relationships or interactions between people by effectively managing a typical interaction that would occur between a provider and a patient during the delivery of medical test results and/or granting entry to a facility. Therefore, under Step 2A, Prong 1 the claims remain rejected under 35 U.S.C. 101.
Regarding 35 U.S.C. 101 rejections of claims 1-23, Applicant argues on p. 15-16 of Arguments/Remarks under step 2A, Prong 2 that any judicial exception is integrated into a practical application, via a technological improvement, because the additional elements of independent claims 1, 8, & 17 now recite the establishment-side operational outcome-an electronic authorization indication produced at the physical establishment as a result of the claimed cryptographic verification and validity-state determination-rather than stopping at a precondition. Examiner respectfully disagrees with Applicant’s arguments. The limitation in full reads “transmit, via the communication interface, a key to the establishment device located at the physical establishment, wherein the establishment device is configured to verify the unique code against the key and to confirm that the color attribute corresponds to the indication of the test result before granting the individual entry to the physical establishment”. Therefore, under broadest reasonable interpretation, the steps recited never actually implement the granting of the user entry to the establishment, and instead simply recites that the system checks an indication “before” granting the individual entry to the physical establishment. Because this limitation occurs “before” granting the individual entry, there is no actuation of the actual “granting” of access to the user, such as by a physical component and/or device, other than simply having the means to allow such an action to occur, which does not constitute a practical application under broadest reasonable interpretation. In terms of a technological improvement, the limitation “verify the unique code against the key and to confirm that the color attribute corresponds to the indication of the test result” recited merely amount to further processing already-processed data, i.e. selecting a particular data source or type of data to be manipulated and/or insignificant extra-solution activity that amounts to efforts of electronic recordkeeping and performing repetitive calculations. Additionally, the aspects of presenting predefined colors and/or authorization indications for information regarding permitting or denying entry amounts to mere data gathering/manipulation, and/or data outputting steps do not amount to a practical application or technological improvement, as argued by Applicant. Therefore, once the actual “granting” of access , such as via some type of actuation or physical component, such as following the aspects of outputting said determined/indicated information is recited in the claims, this would most likely constitute a practical application under the Alice/Mayo framework. But with the broadest reasonable interpretation of presenting predefined colors and/or authorization indications for information regarding permitting or denying entry includes mere data gathering, manipulation, and/or outputting. As such, claims 1-23 remain rejected under 35 U.S.C. 101.
Regarding 35 U.S.C. 101 rejections of claims 1-20, Applicant argues on p. 16-18 in view of the new recent Appeals Review Panel decision in Ex parte Desjardins, such that the ARP emphasized that Step 2A must be applied with discipline, claims should not be evaluated at such a high level of generality, where doing so collapses technical claim features into an abstract characterization, and reaffirmed that software innovations may constitute patent-eligible technological improvements even when defined by logical structures and processes rather than physical actuation, consistent with Enfish. Examiner respectfully disagrees with Applicant’s arguments. While Examiner concedes that software innovations can constitute patent-eligible technological improvements even when defined by logical structures and processes, nothing in the claim specifically sets forth a technological improvement. That is, Applicant argues in view of the amended claims reciting a technical secured-validation mechanism-cryptographic authenticity verification and time-bounded validity enforcement performed at an establishment device, this does not necessarily represent an improvement over prior art systems. That is, the claims make use of already-existing technology, such as blockchain, digital ledgers, and/or digital certificates in combination to perform substantially known processes of securing network communications. There is no indication that these combinations are novel and/or represent an improvement to the already-known technology and instead represent efforts of merely utilizing the technology for its already-known functions. As such, claims 1-23 do not represent patent-eligible subject matter in view of Desjardins and Enfish and therefore remain rejected under 35 U.S.C. 101.
Regarding 35 U.S.C. 101 rejections of claims 1-20, Applicant argues on p. 16-20 in view of the precedential court case CosmoKey Solutions GMBH & Co. v. Duo Security LLC (hereinafter “CosmoKey”), stating that this decision provides a closely analogous analytical framework for the amended claims, regarding “authentication” and/or “restricted access”, and eligibility turns on whether the claim recites a specific improvement to a particular computer-implemented authentication technique that addresses a security problem through an ordered set of steps, rather than merely invoking generic computer functionality. Applicant argues two more specific points that first, CosmoKey confirms that improvements to security and authentication can constitute patent-eligible subject matter when achieved by a specific technique that departs from prior approaches and yields a tangible technological benefit, rather than a result-oriented instruction to “authenticate” on a computer and second, CosmoKey explains that claims may satisfy Alice step two where the ordered combination of limitations provides the security improvement, and rejects analyses that treat security-focused claim steps as conventional without adequate record support, and therefore the claims at hand should be determined to be patent-eligible. Examiner respectively disagrees with Applicant’s arguments. To begin, while Applicant argues that CosmoKey is precedential, CosmoKey is not present in the MPEP or the Updates to Subject Matter Eligibility Guidance/SME Examples and therefore does not necessarily represent a precedential court case. Furthermore, while CosmoKey generally recited a specific improvement to a particular computer-implemented authentication technique that addressed a security problem, the instant application moreso relates to combining one or more already-known security aspects versus improving already-existing technologies. That is, the instant application does not relate necessarily to improvements over prior art security systems versus CosmoKey which provided support and defined specific shortcomings of prior art systems regarding security systems that the claims of CosmoKey were specifically determined to improve upon. Therefore, there lies a clear difference between CosmoKey defining specific shortcomings of prior art security systems and providing a clear and specific improvement over said shortcomings. As such, claims 1-23 do not represent patent-eligible subject matter in view of CosmoKey and therefore remain rejected under 35 U.S.C. 101.
Regarding 35 U.S.C. 103 rejections of claims 1-20, Applicant argues on p. 20-22 of Arguments/Remarks that previous 35 U.S.C. 103 rejections for claims 1-6, 8-11, 14 & 17-23 made over Rose in view of Holmes, further in view of Mahaffey and for claims 7, 12-13, & 15-16 made over Rose in view of Holmes, in view of Mahaffey, further in view of Brown do not account for the newly amended limitations found in the independent claims 1, 8, & 17. Examiner agrees with Applicant’s arguments. Therefore, the rejections have been withdrawn. However, upon further consideration, a new ground of rejection is made over Rose in view of Holmes, further in view of Mahaffey for claims 1-6, 8-11, 14 & 17-23, and Rose in view of Holmes, in view of Mahaffey, further in view of Brown for claims 7, 12-13, & 15-16. Newly cited portions of Mahaffey therefore disclose the newly amended limitations found in independent claims 1, 8, & 17 regarding determining varying aspects of a validity period, color attributes and authorization indications based on said validity period. As such, claims 1-6, 8-11, 14 & 17-23 remain rejected under 35 U.S.C. 103 over Rose in view of Holmes, further in view of Mahaffey, and claims 7, 12-13, & 15-16 remain rejected over under 35 U.S.C. 103 over Rose, in view of Holmes, in view of Mahaffey, further in view of Brown.
Regarding 35 U.S.C. 103 rejections of claims 1-20, Applicant argues on p. 22-23 that previous 35 U.S.C. 103 rejections for claims 1-6, 8-11, 14 & 17-23 made over Rose in view of Holmes, further in view of Mahaffey’s, such that Mahaffey’s “colored icon” does not constitute the unique code and/or color tied to a diagnostic test result for establishment entry. Examiner agrees with Applicant’s arguments. However, newly cited portions and a new ground of rejection has been made over Rose in view of Holmes, further in view of Mahaffey for claims 1-6, 8-11, 14 & 17-23. These newly cited portions of Mahaffey read on said aspects of color attributes and authorization indications based on said validity period and diagnostic test results/statuses. That is, Mahaffey Par [0500] which discloses if the server returns an unknown assessment indicating identifying information for the data object, a temporary assessment indicating that the data object is allowed, and the time period the assessment is valid for, such that as described in Mahaffey Par [0160]-[0162], an indicator of the status of the device, such as the time period for valid assessment, can be outputted such that a yellow or red icon can be presented to indicate a potential problem and a red icon may indicate a high severity security event; See Mahaffey Par [0911]-[0912] which discloses instances of the security component are instantiated on pieces of network infrastructure that are part of the route from the physical location of user to a destination computing device such that the system evaluates source information to determine whether to allow or deny access request and as described in Mahaffey Par [0500], said information can include temporary assessment indicating that the data object is allowed. As such, claims 1-6, 8-11, 14 & 17-23 remain rejected under 35 U.S.C. 103 over Rose in view of Holmes, further in view of Mahaffey, and claims 7, 12-13, & 15-16 remain rejected over under 35 U.S.C. 103 over Rose, in view of Holmes, in view of Mahaffey, further in view of Brown.
Regarding 35 U.S.C. 103 rejections of claims 1-20, Applicant argues on p. 23-25 that previous 35 U.S.C. 103 rejections for claims 1-6, 8-11, 14 & 17-23 made over Rose in view of Holmes, further in view of Mahaffey’s, such that Mahaffey does not disclose expiration-triggered automatic reversion of the color attribute to a predefined default color indicating invalidity. Examiner agrees with Applicant’s arguments. However, newly cited portions and a new ground of rejection has been made over Rose in view of Holmes, further in view of Mahaffey for claims 1-6, 8-11, 14 & 17-23. These newly cited portions of Mahaffey read on said aspects of expiration-triggered automatic reversion of the color attribute to a predefined default color indicating invalidity. That is, Mahaffey Par [0500] discloses if the server returns an unknown assessment indicating identifying information for the data object, a temporary assessment indicating that the data object is allowed, and the time period the assessment is valid for, such that as described in Mahaffey Par [0160]-[0162], an indicator of the status of the device, such as the time period for valid assessment, can be outputted such that a yellow or red icon can be presented to indicate a potential problem and a red icon may indicate a high severity security event and Mahaffey Par [0911]-[0912] which discloses instances of the security component are instantiated on pieces of network infrastructure that are part of the route from the physical location of user to a destination computing device such that the system evaluates source information to determine whether to allow or deny access request and as described in Mahaffey Par [0500], said information can include temporary assessment indicating that the data object is allowed. As such, claims 1-6, 8-11, 14 & 17-23 remain rejected under 35 U.S.C. 103 over Rose in view of Holmes, further in view of Mahaffey, and claims 7, 12-13, & 15-16 remain rejected over under 35 U.S.C. 103 over Rose, in view of Holmes, in view of Mahaffey, further in view of Brown.
Regarding 35 U.S.C. 103 rejections of claims 1-20, Applicant argues on p. 25 of Arguments/Remarks that there is a lack of supported rationale to modify Rose/Holmes with Mahaffey to arrive at the claimed credential format and lifecycle control. Examiner respectfully disagrees with Applicant’s arguments. That is, in the previous and current 35 U.S.C. 103 rejections, a motivation statement is provided for each teaching/suggesting provided by additional references, including Mahaffey with respect to Rose/Holmes. For instance, “It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined disclosure of Rose and Holmes which already discloses generation of a unique code comprising an indication of the test result, to further include the unique code (i) comprising a human-perceptible color attribute selected from a plurality of discrete colors, the color attribute corresponding to the indication of the test result and (ii) being associated with a validity period such that, upon expiration of the validity period, the color attribute is automatically updated to a predefined default color indicating the unique code is no longer valid and confirm that the color attribute corresponds to the indication of the test result before granting the individual entry to the physical establishment, as disclosed by Mahaffey, because this allows for (i) an icon being displayed in a dynamic manner that includes in the image an indication of the overall security status for immediate identification of if there are security issues that may need attention (See Mahaffey Par [0160]), and (ii) so that the mobile communications device does not rely on data that is potentially out of date (Se Mahaffey Par [0494]), and because this allows for the access request being denied if source information indicates that a network connection or access request is not trusted/valid (See Mahaffey Par [0912]), respectively. Furthermore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined disclosure of Rose and Holmes which already discloses generation of a unique code comprising an indication of the test result, to further include the unique code, determining whether the validity period has expired based at least in part on the expiration time upon expiration of the validity period, and presenting a predefined default color indicating the unique code is no longer valid output an authorization indication for permitting or denying the individual entry to the physical establishment, as further disclosed by Mahaffey, so that the system may check to see if the security state information for device is up to date and thereby does not rely on security data or indications that are potentially out of date (See Mahaffey Par [0494] & [0500])” is recited for each of the independent claims and provides clear evidence/motivation for the combination. As such, claims 1-6, 8-11, 14 & 17-23 remain rejected under 35 U.S.C. 103 over Rose in view of Holmes, further in view of Mahaffey, and claims 7, 12-13, & 15-16 remain rejected over under 35 U.S.C. 103 over Rose, in view of Holmes, in view of Mahaffey, further in view of Brown.
Regarding 35 U.S.C. 103 rejections of claims 1-20, Applicant argues on p. 26 of Arguments/Remarks that claims 2-7, 9-16 and 18-23 are directly or indirectly dependent from newly amended, purportedly allowable independent claims 1, 8, & 17 and should therefore also be allowable over the cited references based on at least their dependency. Examiner respectfully disagrees with Applicant’s arguments. Applicant' s arguments have been considered but are moot because, as stated above, claims 1, 8 & 17 remain rejected in view of a new ground of rejection made under 35 U.S.C. 103 over Rose in view of Holmes, further in view of Mahaffey and are therefore not allowable over the prior art, as argued by Applicant. As such, claims 2-7, 9-16 and 18-23 remain rejected under 35 U.S.C. 103 by virtue of dependency.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Georgiadis et al. (U.S. Patent Publication No. 2018/0137512) discloses a system that uses a distributed secure listing of transactions that includes encrypted data that can be used to authenticate a principal to a verifier for information exchange;
Kravitz et al. (U.S. Patent Publication No. 20418/0019879) discloses a system for securing data and data exchange, such as via blockchain implementation and encrypting said transactions through smart contracts and one or more tokens to be assigned and used by an entity.
Applicant's amendment necessitated the new ground of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HUNTER J RASNIC whose telephone number is (571)270-5801. The examiner can normally be reached M-F 8am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shahid Merchant can be reached on (571) 270-1360. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/H.R./Examiner, Art Unit 3684
/Shahid Merchant/Supervisory Patent Examiner, Art Unit 3684