DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Notice to Applicant
The following is a Final Office Action for Application Serial Number: 18/026,632, filed on March 16, 2023. In response to Examiner's Non-Final Office Action dated August 06, 2025, Applicant on November 05, 2025, amended claims 1, 6 and 7. Claims 1 and 4-7 are pending in this application and have been rejected below.
Response to Amendment
Applicant's amendments are acknowledged.
Regarding the non-statutory subject matter 35 U.S.C. 101 rejection, Applicants arguments and amendments have been considered but are insufficient to overcome the rejection.
The 35 U.S.C. § 103 rejections of claims 1 and 4-7 are hereby amended pursuant to Applicants amendments to claims 1, 6 and 7.
Response to Arguments
Applicant's Arguments/Remarks filed November 05, 2025 (hereinafter Applicant Remarks) have been fully considered but are not persuasive. Applicant’s Remarks will be addressed herein below in the order in which they appear in the response filed November 05, 2025.
Regarding the 35 U.S.C. 101 rejection, Applicant states when considering claim 1 as a whole, as required, the claim sets forth an improvement to the technology of user access controls in a system in which only users belonging to a facility associated with a case, which is associated with multiple facilities, may access the specific task data of the case. Independent claims 1, 6 and 7 have been amended to include additional elements that apply the alleged abstract idea in a meaningful way, i.e., to manage a chain of tasks of one or more regenerative medicine products as a model, each of the tasks being one of collecting a sample from a patient, transporting the sample, producing a drug using the sample, transporting the drug, and administering the drug, the model including a plurality of linked nodes and each node being one of the tasks or an article being the sample or the drug, and to limit the roles to being a doctor, a medical staff, a transportation personnel, or a pharmaceutical technician, which goes beyond generally linking the use of the abstract idea to a particular technological environment. Therefore, under the Step 2A Prong Two analysis, claim 1 is not directed to an abstract idea.
In response, Examiner respectfully disagrees. Examiner notes Diamond v. Diehr is an example that recites meaningful limitations beyond generally linking the use of the judicial exception to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception. Specifically, the claim is directed to the use of the Arrhenius equation in an automated process for operating a rubber‐molding press. The court found the claim recites meaningful limitations along with the judicial exception including installing rubber in a press, closing the mold, constantly measuring the temperature in the mold, constantly recalculating the cure time and opening the press at the proper time. These limitations sufficiently limit the claim to the practical application of molding rubber products and are clearly not an attempt to patent the mathematical equation and thus recite improvements to the technology. Examiner finds there are no similar technology, technological problem or solution here. Examiner finds Applicant merely restates the claim language and makes a blanket statement that the methods provide a specific solution without identifying any limitations in the claimed invention that show or submit that the technology used is being improved or there was a problem in the technology that the claimed invention solves. Therefore, Examiner maintains the claims recite addition elements used as tools to perform the instructions of the abstract idea without disclosing limitations that integrates the abstract idea into a practical application, nor do these elements provide meaningful limitations that transforms the judicial exception into significantly more than the abstract idea itself. Examiner maintains the claims are directed to an abstract idea.
Regarding the 35 U.S.C. 101 rejection, Applicant states the presently claimed invention "implements tenant-based access control for access to the case data by having, separately from the case data, execution facility data obtained by associating the case ID with the tenant." Para. [0025]. That is, the presently claimed invention sets forth a computer-implemented specific technical processes under technically relevant conditions to provide such access control (see p. 9-10, Applicant Remarks).
Even further, the improvement set forth in claim 1 is not to the alleged abstract idea itself. Additionally, this is not a case like Alice Corp. Pty. Ltd. v. CLS Bank Int'l, 573 U.S. 208, 216, 110 USPQ2d 1976, 1980 (2014) where the computer is merely used as a tool to perform an existing process.
Thus, Applicant's claim 1 is not directed to an abstract idea because claim 1 includes additional elements that integrate the alleged abstract idea into a practical application of the abstract idea demonstrated by a particular improvement to user access controls in supply chains as set forth in claim 1. Therefore, the presently claimed invention is not directed to an abstract idea under the Step 2A and the rejection of the present claims under 35 U.S.C. §101 should be withdrawn.
In response, Examiner respectfully disagrees. Examiner finds the pending claims recite similar limitations to claims the courts have indicated may not be sufficient in showing an improvement in computer-functionality, such as accelerating a process of analyzing audit log data when the increased speed comes solely from the capabilities of a general-purpose computer, FairWarning IP, LLC v. Iatric Sys., 839 F.3d 1089, 1095, 120 USPQ2d 1293, 1296 (Fed. Cir. 2016); Mere automation of manual processes, such as using a generic computer to process an application for financing a purchase, Credit Acceptance Corp. v. Westlake Services, 859 F.3d 1044, 1055, 123 USPQ2d 1100, 1108-09 (Fed. Cir. 2017), A commonplace business method being applied on a general purpose computer, Alice Corp., 573 U.S. at 223, 110 USPQ2d at 1976; Versata Dev. Group, Inc. v. SAP Am., Inc., 793 F.3d 1306, 1334, 115 USPQ2d 1681, 1701 (Fed. Cir. 2015); Gathering and analyzing information using conventional techniques and displaying the result, TLI Communications, 823 F.3d at 612-13, 118 USPQ2d at 1747-48; see MPEP 2106.05(a)(I) and MPEP 2106.05(a)(II). Examiner maintains the recitation of an access control system comprising a memory storing instructions executable by a central processing unit configured to control role and task authorities for an executor at facilities, are merely instructions implemented using generic computer components. Again, Examiner finds Applicant has not identified any disclosure in the claimed invention showing and/or submitting that the technology used is being improved, there was a technical problem in the technology that the claimed invention solves, or the ordered combinations of the known elements is significantly more than the abstract idea. For at least these reasons the claims remain rejected under 35 U.S.C. § 101 as being directed to non-statutory subject matter.
Examiner notes Applicant’s arguments, see pg. 12-15, filed November 05, 2025, with respect to the rejections of claims 1, 6 and 7 under 35 U.S.C. 103 have been fully considered. Upon further consideration, a new ground(s) of rejection is made. Applicant’s arguments are considered moot because they do not apply to the combination of references being used in the current rejection. Please refer to the 35 U.S.C. 103 rejections for further explanation and rationale.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.
The following is a quotation of pre-AIA 35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA 35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.
Claim 5 rejected under 35 U.S.C. 112(d) or pre-AIA 35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends. The limitations of claim 5 is identical to a limitation in claim 1, from which it depends. Therefore claim 5 fails to further limit the subject matter. Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Step 1: The claimed subject matter falls within the four statutory categories of patentable subject matter.
Claims 1, 4 and 5 are directed towards a system, claim 6 is directed towards a method and claim 7 is directed towards a program, which are among the statutory categories of invention.
Step 2A – Prong One: The claims recite an abstract idea.
Claims 1 and 4-7 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claims recite controlling role and task authorities for an executor at a facility.
Claim 1 recites limitations directed to an abstract idea based on certain methods of organizing human activity and mental processes. Specifically, manage a chain of tasks as a of one or more regenerative medicine products as a model, each of the tasks being one of collecting a sample from a patient, transporting the sample, producing a drug using the sample, transporting the drug, and administering the drug, the model including a plurality of linked nodes and each node being one of the tasks or an article being the sample or the drug, refer to the execution facility data when access from the executor of the at least one task is accepted, and permit access to a case associated with the facility to which the executor belongs, wherein each case is associated with a plurality of individual facilities, which are associated with one or more roles, the one or more roles each being a doctor, a medical staff, a transportation personnel, or a pharmaceutical technician, assign a role to the executor of the task for management, set an access authority for the role to generate access authority information, refer to the access authority information based on the role assigned to the executor, and accept an operation permitted by the access authority information for the case associated with the facility to which the executor belongs, generate function access authority information in which a function-specific access authority is set for the role and task access authority information in which task-specific access authority is set for the role, and accept an operation permitted by both the task access authority information and the function access authority information constitutes methods based on managing personal behavior, as well as, observations, evaluations and judgements that can be performed by a combination of the human mind and a human using pen and paper. The recitation of an access control system comprising a memory storing instructions executable by a central processing unit do not take the claim out of the certain methods of organizing human activity and mental processes groupings. Thus the claim recites an abstract idea. Claims 6 and 7 recite certain method of organizing human activity and mental processes for similar reasons as claim 1.
Step 2A – Prong Two: The judicial exception is not integrated into a practical application.
The judicial exception is not integrated into a practical application. In particular, claim 1 recites store an execution history of the tasks as case data; store identification information of a facility that performs at least one task among the chain of tasks in association with case identification information, as execution facility data; store a facility to which an executor of the task belongs, which are limitations considered to be an insignificant extra-solution activity of collecting and delivering data; see MPEP 2106.05(g). Additionally, claim 1 recites system comprising a memory storing instructions executable by a coupled central processing unit at a high-level of generality such that it amount to no more than generic computer components used as tools to apply the instructions of the abstract idea; see MPEP 2106.05(f). Thus, the additional element do not integrate the abstract idea into practical application because it does not impose any meaningful limitations on practicing the abstract idea. Claim 1 as a whole, looking at the additional elements individually and in combination, does not integrate the judicial exception into a practical application and therefore is directed to an abstract idea. The method comprising a computer recited in claim 6 and non-transitory computer readable medium recited in claim 7 also amount to no more than mere instructions to apply the exception using a generic computer component; see MPEP 2106.05(f). Thus, the additional elements recited in claims 6 and 7 do not integrate the abstract idea into practical application for similar reasons as claim 1.
Step 2B: The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception.
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. The additional elements in the claims other than the abstract idea per se, including the system comprising a memory storing instructions executable by a coupled central processing unit, computer and non-transitory computer medium amount to no more than a recitation of generic computer elements utilized to perform generic computer functions, such as receiving or transmitting data over a network, e.g., using the Internet to gather data, Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network); electronic recordkeeping, Ultramercial, 772 F.3d at 716, 112 USPQ2d at 1755 (updating an activity log) and storing and retrieving information in memory, Versata Dev. Group, Inc. v. SAP Am., Inc., 793 F.3d 1306, 1334, 115 USPQ2d 1681, 1701 (Fed. Cir. 2015); OIP Techs., 788 F.3d at 1363, 115 USPQ2d at 1092-93; see MPEP 2106.05(d)(II). Viewed as a whole, these additional claim elements do not provide meaningful limitations to transform the abstract idea into a patent eligible application of the abstract idea such that the claims amount to significantly more than the abstract idea itself. Therefore, since there are no limitations in the claim that transform the abstract idea into a patent eligible application such that the claim amounts to significantly more than the abstract idea itself, the claims are rejected under 35 U.S.C. § 101 as being directed to non-statutory subject matter.
§ 101 Analysis of the dependent claims.
Regarding the dependent claims 4 and 5 recite steps that further narrow the abstract idea constituting methods based on managing personal behavior, as well as, observations, evaluations and judgements that can be performed by a combination of the human mind and a human using pen and paper. No additional elements are disclosed in the dependent claims that were not considered in independent claim 1.Therefore claims 4 and 5 do not provide meaningful limitations to transform the abstract idea into a patent eligible application of the abstract idea such that the claims amount to significantly more than the abstract idea itself.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1 and 5-7 are rejected under 35 U.S.C. 103 as being unpatentable over Spurlock et al., U.S. Publication No. 2020/0076819 [hereinafter Spurlock], in view of Chung, U.S. Publication No. 2001/0034623 [hereinafter Chung], and further in view of Mahmood et al., U.S. Publication No. 2020/0177386 [hereinafter Mahmood].
Referring to Claim 1, Spurlock teaches:
An access control system comprising:
A central processing unit (CPU) (Spurlock, [0094]); and
A memory coupled to the CPU, the memory storing instructions that when executed by the CPU configures the CPU to (Sanders, [0094]):
manage a chain of tasks as a model (Spurlock, [0061]), “business defined project policy and/or in a general business security policy. The policy may include specification of projects, duration and/or a completion date of the project, operational states of the project, durations and/or completion dates of the operational states of the project, identification of roles/users to have increased (promoted) privileges during the project or project state (e.g., user A and user B), privilege level(s) to promote users to (e.g., three to four or user to admin), identification of roles/users to have decreased (demoted) privileges during the project or project state (e.g., user A and user B), and privilege level(s) to demote users to (e.g., four to three or admin to user), among others”; (Spurlock, [0060]), “different operational states for each different active, funded business project or team. The operational states of a project may include design, prototype, validation, pre-production, production, steady-state, sunset, decommissioned, and other operational states. The operational states of the project may affect roles and permissions”;
store an execution history of the tasks as case data (Spurlock, [0054]), “… A ledger or database of business projects and teams may be stored and may be analyzed to identify active, funded business projects and teams. In addition, business project management systems may be analyzed by the dynamic authorization control application 110 to identify task assignments for individuals or groups…”; (Spurlock, [0052]; [0063]),
store identification information of a facility that performs at least one task among the chain of tasks in association with case identification information, as execution facility data (Spurlock, [0064]), “The system 100 may allow each organization, sub-organization, teams, and projects to define local authorization control prioritizations that may drive conflict, event, or threat resolution and decisions. Organizations, sub-organizations, teams, and projects may include departments (e.g., finance, audit, development)”; (Spurlock, [0026]), “Authorization controls are the processes by which individuals or entities are validated to have proper security authentication (e.g., identity verification) and access control (e.g., permissions/privileges) to execute some action (e.g., access, view, edit, move, write, delete, topology rendering, configure, etc.) against some resource (e.g., a building, a bank account, an application, data, a computing resource, an IT resource, an operation center, a public cloud service, etc.)”, Examiner considers resource teaches facility; (Spurlock, [0049]; [0063]; [0089]),
store a facility to which an executor of the task belongs (Spurlock, [0026]), “Authorization controls are the processes by which individuals or entities are validated to have proper security authentication (e.g., identity verification) and access control (e.g., permissions/privileges) to execute some action (e.g., access, view, edit, move, write, delete, topology rendering, configure, etc.) against some resource (e.g., a building, a bank account, an application, data, a computing resource, an IT resource, an operation center, a public cloud service, etc.)”, Examiner considers resource teaches facility; (Spurlock, [0025]; [0044]; [0064]),
refer to the execution facility data when access from the executor of the at least one task is accepted, and permit access to a case associated with the facility to which the executor belongs (Spurlock, [0100]), “a user may submit a file access request using a particular username and a password. The monitoring module 206 may determine whether the user having a particular role is active and part of an active, funded business project that may access the file associated with the file access request”; (Spurlock, [0054]), “business project management systems may be analyzed by the dynamic authorization control application 110 to identify task assignments for individuals or groups…authorization requests from roles or IDs may be validated against active, funded business projects or teams to determine if authorization privileges for a requested task may be granted”; (Spurlock, [0074]), “a user requesting permission to perform a task against specific applications, data, or computing resources during the M&A deal may be dynamically checked to determine if authorization privileges for the task may be allowed”; (Spurlock, [0041]; [0055]; [0058]; [0085]; [0091]),
assign a role to the executor of the task for management (Spurlock, [0044]), “… each user associated with the system 100 may have associated information stored in the database such as an identifier associated with the user and a role associated with the user that may be dynamically modified by the system”; (Spurlock, [0049]; [0061];[0064]; [0091]),
set an access authority for the role to generate access authority information (Spurlock, [0052]), “Roles, IDs, and others may be regularly monitored for authorization activity using audit logs, security logs, authorization directories, and others. An administrator of the system 100 may specify a time period of authorization inactivity and one or more steps for the system 100 to take after the time period is exceeded”; (Spurlock, [0064]), “Privilege levels may include roles and authorization levels (e.g., system, read-only, administrator, super-user, reader, writer, editor, policy, storage, operator, read, write, execute, among others)…The system 100 may allow each organization, sub-organization, teams, and projects to define local authorization control prioritizations”; (Spurlock, [0049]; [0061]-[0062]),
refer to the access authority information based on the role assigned to the executor, and accept an operation permitted by the access authority information for the case associated with the facility to which the executor belongs (Spurlock, [0026]), “Authorization controls are the processes by which individuals or entities are validated to have proper security authentication (e.g., identity verification) and access control (e.g., permissions/privileges) to execute some action (e.g., access, view, edit, move, write, delete, topology rendering, configure, etc.) against some resource (e.g., a building, a bank account, an application, data, a computing resource, an IT resource, an operation center, a public cloud service, etc.)”; (Spurlock, [0050]), “Traditional static permissions may include checking user credentials for functional (roles and tasks) and domain privileges to determine if a user is allowed to perform a particular function or task against specific applications, data, or computing resources”; (Spurlock, [0060]; [0064]; [0069]; [0075]; [0079]),
generate function access authority information in which a function-specific access authority is set for the role and task access authority information in which task-specific access authority is set for the role (Spurlock, [0055]), “dynamic authorization control application 110 may also dynamically adjust authorization privileges based on active business projects or teams. As an example, a user requesting permission to perform a task may be dynamically validated against a dynamically changing list of priority projects and teams associated with the business to determine if normal privileges have been increased or reduced based on various project activities”; (Spurlock, [0072]-[0074]), “business metadata and business state analysis may be used to influence authentication and access control privileges for applications, data, and/or computing resources… The dynamic authorization control application 110 may analyze these sources of business metadata and may dynamically adjust authentication and access control privileges… In one example, a company may be in the process of a merger and acquisition (M&A)… A technical due diligence team associated with the M&A may have to have access to source code, development processes, applications, and/other business resources at specific operational states in the M&A process. The dynamic authorization control application 110 may query the business metadata sources to determine operational states of the M&A process to determine particular members of the technical due diligence team and a current status of the M&A deal. As a result, the dynamic authorization control application 110 may modify authorization control of one or more users associated with the due diligence team at an appropriate time and only at an appropriate time during the M&A deal (e.g., modify the authorization control from a first level to a second level only during this time during the M&A deal)… a user requesting permission to perform a task against specific applications, data, or computing resources during the M&A deal may be dynamically checked to determine if authorization privileges for the task may be allowed”; (Spurlock, [0057]; [0078]; [0117]-[0118]), and
accept an operation permitted by both the task access authority information and the function access authority information (Spurlock, [0058]), “Business projects or teams… may in certain instances need additional transient or temporary privileges for a particular user, which may override a user's normal privileges and allow permission. For example, a data center migration team member or an audit team member may receive increased, promoted privileges during a data center migration or audit to perform functions… associated with the system 100 that the user may not normally be allowed to perform”; (Spurlock, [0075]), “… Users with a certain skill level may be allowed access and control to certain applications, data, and/or computing resources (e.g., mission critical applications)… users may be provided with an appropriate amount of access and control to applications, data, and computing resources based on skill assessments”; (Spurlock, [0071]; [0091]; [0093]; [0118]).
Spurlock teaches a dynamic authorization control application used to identify task assignments for business projects (see par. 0054) and access control (e.g., permissions/privileges) to execute an action against a resource (see par. 0026), but Spurlock does not explicitly teach:
tasks of one or more regenerative medicine products as a model, each of the tasks being one of collecting a sample from a patient, transporting the sample, producing a drug using the sample, transporting the drug, and administering the drug, the model including a plurality of linked nodes and each node being one of the tasks or an article being the sample or the drug, and
wherein each case is associated with a plurality of individual facilities, which are associated with one or more roles, the one or more roles each being a doctor, a medical staff, a transportation personnel, or a pharmaceutical technician.
However Chung teaches:
wherein each case is associated with a plurality of individual facilities, which are associated with one or more roles (Chung, [0081]), “… define and maintain listings of the various areas and facilities, and or regions therein, and the electronic lock 400 or facility access device 500 associated therewith and the access codes to be utilized therewith. The operator may also establish and define three or four levels of access and security as described above and the access cards that are to be issued in relation to each. The above may be for one property or location or other premises or for plural properties at one or more locations or other premises… when providing access cards 300 for storing therein the information appropriate to the type and kind of access to be permitted the user of such card 300”; (Chung, [0035]), “electronic access devices 400, 500, as well as the memory of access card 300 where access card 300 is a smart card, contains at least two, and preferably four, different levels or segments of memory for matching with different levels of access authorization, such as guest access (typically, the most limited access, such as to a particular room and certain amenity areas), worker access (typically, limited access to certain work areas as well as to certain guest areas, commensurate with work duties), management access (typically, a more expansive access commensurate with management duties) and supervisory access (typically complete access)”.
At the time the invention was filed, it would have been obvious to a person of ordinary skill in the art to have modified the access control in Spurlock to include the facilities limitation as taught by Chung. The motivation for doing this would have been to improve the method of dynamic, multi-dimensional authorization control techniques that are responsive to changes, conditions, or events in an environment in Spurlock (see par. 0008) to efficiently include the results of enabling full or partial access to certain facilities and/or services at a property or location or other premises (see Chung par. 0021).
Spurlock teaches role-based management control and authorization techniques (see par. 0027) and business defined project policies (see par. 0061), but Spurlock does not explicitly teach:
tasks of one or more regenerative medicine products as a model, each of the tasks being one of collecting a sample from a patient, transporting the sample, producing a drug using the sample, transporting the drug, and administering the drug, the model including a plurality of linked nodes and each node being one of the tasks or an article being the sample or the drug, and
the one or more roles each being a doctor, a medical staff, a transportation personnel, or a pharmaceutical technician.
However Mahmood teaches:
tasks of one or more regenerative medicine products as a model, each of the tasks being one of collecting a sample from a patient, transporting the sample, producing a drug using the sample, transporting the drug, and administering the drug (Mahmood, [0042]), “individualized medicine platform module 106 can employ commercial scale module 120 (for execution by a processor of server device(s) 102) to perform operations such as acquiring and curating data associated with the manufacturing of personalized medicines, training of various stakeholders (e.g., onboarding, training and collaboration activities of healthcare providers), and configuration tasks (e.g., configuring modules and functions of the platform to perform client specific activities such as clinical activities, etc.)”, Examiner considers individualized medicine to teach regenerative medicine; (Mahmood, [0023]), “individualized medicine platform module 106 can perform a range of operations related to data corresponding to individualized supply chain events such as point-of-care collection (e.g., collection of samples that meet threshold quality standard requirements), tracking supply chain events (e.g., as relates to manufacturing a personalized therapeutic for a patient), optimizing resources (e.g., fulfilling manufacturing orders), security and compliance (e.g., ensuring data quality, data validation, and data encryption mechanisms are implemented), supply chain orchestration events (e.g., scheduling couriers, raw material delivery, tracking kits and materials and raw materials), ordering and scheduling activities (e.g., scheduling of sample collections, manufacturing, administration of medicine, etc.)”; (Mahmood, [0115]), “a center of excellence (COE) such as a hospital or laboratory may request the manufacture of a therapeutic drug (to administer to a target patient) from any of multiple manufacturing facilities. Furthermore, in an aspect, each manufacturing site can manufacture therapeutic drugs intended for commercial use, clinical use, and in some instance use by a particular pharmaceutical company”; (Mahmood, [0108]; [0041]),
the model including a plurality of linked nodes and each node being one of the tasks or an article being the sample or the drug (Mahmood, [0037]), “supply chain optimization module 110 can also execute operations based on intake of distribution center (e.g., global distribution) intake data (e.g., specimen status upon receipt, shipment verification data, COI data, condition of shipment data, etc.) and order status tracking intake data or presentation data (e.g., shipping status, satellite lab status, manufacturing status, distribution center status, infusion status, etc.). For instance, the collection stage can be presented (e.g., using display module 190) at a user interface with stage data, phase data (e.g., test result stage), shipping stage data (e.g., pending, shipped, complete, etc.), site data (e.g., center of excellence, cryogenic laboratory, test institution, distribution center, hospital, etc.), timeline data, and other such information”; (Mahmood, [0109]), “data stored on nodes of blockchain 320 can include transactional data (e.g., event data, identifier data, etc.) acquired, generated, curated, transformed, and/or received by individualized medicine platform module 106”; (Mahmood, [0108]; [0136]); and
the one or more roles each being a doctor, a medical staff, a transportation personnel, or a pharmaceutical technician (Mahmood, [0039]), “a first user (e.g., nurse, staff member) at a first site (e.g., center of excellence, hospital, etc.) may be assigned permissions to enroll patients and place orders for a patient therapy, a second user (e.g., patient operations or central scheduler user) at a second site (e.g., manufacturing facility) may be assigned permissions to access enrollment documentation (e.g., via individualized medicine platform module 106) and initiate transmission of a therapeutic order to a third user (e.g., logistics personnel) at a second site (e.g., manufacturing facility) with permissions to approve a therapy order and schedule a shipment of the therapy. Furthermore, the second user may be assigned permissions to send product data to first user. In such instance, each user device is assigned roles having permissions and limitations to facilitate execution of respective operations using individualized medicine platform module 106”; (Mahmood, [0099]), “server(s) 107 can be configured as a source of truth for employees of the individualized medicine platform module 106 (e.g., development operations staff, customer support staff or technical support staff. As such realm 100A and realm 100B can be configured as a source of credentials for development operator users and customer support users respectively”; (Mahmood, [0068]; [0024]; [0041]; [0075]).
At the time the invention was filed, it would have been obvious to a person of ordinary skill in the art to have modified the roles, authorizations, and policies in Spurlock to include the medicine, task and role limitations as taught by Mahmood. The motivation for doing this would have been to improve the method of multi-dimensional authorization control techniques in Spurlock (see par. 0008) to efficiently include the results of providing medicine supply chain monitoring, tracking and scheduling (see Mahmood par. 0062).
Referring to Claim 5, Spurlock in view of Chung in view of Mahmood teaches the access control system according to claim 1. Spurlock teaches business defined project policies (see par. 0061), but Spurlock does not explicitly teach:
wherein the CPU is configured to manage a model for a chain of tasks including a task of collecting a sample from a patient, a task of transporting the sample, a task of producing a drug using the sample, a task of transporting the drug, and a task of administering the drug.
However Mahmood teaches:
wherein the CPU is configured to manage a model for a chain of tasks including a task of collecting a sample from a patient, a task of transporting the sample, a task of producing a drug using the sample, a task of transporting the drug, and a task of administering the drug (Mahmood, [0023]), “individualized medicine platform module 106 can perform a range of operations related to data corresponding to individualized supply chain events such as point-of-care collection (e.g., collection of samples that meet threshold quality standard requirements), tracking supply chain events (e.g., as relates to manufacturing a personalized therapeutic for a patient), optimizing resources (e.g., fulfilling manufacturing orders), security and compliance (e.g., ensuring data quality, data validation, and data encryption mechanisms are implemented), supply chain orchestration events (e.g., scheduling couriers, raw material delivery, tracking kits and materials and raw materials), ordering and scheduling activities (e.g., scheduling of sample collections, manufacturing, administration of medicine, etc.)”; (Mahmood, [0115]), “a center of excellence (COE) such as a hospital or laboratory may request the manufacture of a therapeutic drug (to administer to a target patient) from any of multiple manufacturing facilities. Furthermore, in an aspect, each manufacturing site can manufacture therapeutic drugs intended for commercial use, clinical use, and in some instance use by a particular pharmaceutical company”; (Mahmood, [0041]).
At the time the invention was filed, it would have been obvious to a person of ordinary skill in the art to have modified the policies in Spurlock to include the task limitations as taught by Mahmood. The motivation for doing this would have been to improve the method of multi-dimensional authorization control techniques in Spurlock (see par. 0008) to efficiently include the results of providing medicine supply chain monitoring, tracking and scheduling (see Mahmood par. 0062).
Referring to Claim 6, Spurlock teaches:
An access control method comprising:
by a computer, a model management step of managing a chain of supply-related tasks as a model (Spurlock, [0060]-[0061]);
Claim 6 disclose substantially the same subject matter as Claim 1, and is rejected using the same rationale as previously set forth.
Referring to Claim 7, Spurlock teaches:
A non-transitory computer readable medium storing an access control program (Spurlock, [0094]; [0133]), which causes a computer to execute:
Claim 7 disclose substantially the same subject matter as Claim 1, and is rejected using the same rationale as previously set forth.
Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Spurlock, in view of Chung, in view of Mahmood, and further in view of Fahey, U.S. Publication No. 2009/0012834 [hereinafter Fahey].
Referring to Claim 4, Spurlock in view of Chung in view of Mahmood teaches the access control system according to claim 1. Spurlock teaches business defined project policies (see par. 0061), but Spurlock does not explicitly teach:
wherein the CPU is configured to, when a new case is to be registered, associate an execution facility with each task of the new case.
However Fahey teaches:
wherein the CPU is configured to, when a new case is to be registered, associate an execution facility with each task of the new case (Fahey, [0034]), “a workflow module 34 configured to process a workflow, a document module 26 configured to retrieve or store one or more documents 25, and an application specific module 36 configured to store and process information specific to an organization or industry…the attributes associated with a task or case can be defined automatically by the system. A user can manually add a document to the document library (i.e., a database). And in some implementations, one or more documents are automatically associated with a task and/or case”; (Fahey, [0036]), “All new tasks or cases are associated with a workflow 35. The workflow determines the steps of the case or task and who each step is assigned to, based on the assignment attribute”; (Fahey, [0035]).
At the time the invention was filed, it would have been obvious to a person of ordinary skill in the art to have modified the policies in Spurlock to include the case limitations as taught by Fahey. The motivation for doing this would have been to improve the method of multi-dimensional authorization control techniques in Spurlock (see par. 0008) to efficiently include the results of following compliance processes (see Fahey par. 0010).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Taira et al. (US 20170011356 A1) – A scheduling support device creates, on the basis of an execution sequence of a plurality of tasks defined by a plurality of pieces of task information, a first schedule related to the tasks; determines, when a new task defined by new task information is detected, the similarity between the task information on the detected new task and the pieces of the task information that define the tasks constituting the first schedule; decides, on the basis of the determined similarity, a candidate for an execution plan for the new task; and creates, on the basis of the execution sequence and the task information on the tasks in the first schedule and on the basis of the task information on the new task, a second schedule by deciding an execution plan for the new task from candidates for the execution plan for the new task.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Crystol Stewart whose telephone number is (571)272-1691. The examiner can normally be reached 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patty Munson can be reached on (571)270-5396. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/CRYSTOL STEWART/Primary Examiner, Art Unit 3624