DETAILED ACTION
Acknowledgements
The amendment filed 12/9/2025 is acknowledged
Claims 19-40 are pending.
Claims 19-40 have been examined.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114 was filed in this application after a decision by the Patent Trial and Appeal Board, but before the filing of a Notice of Appeal to the Court of Appeals for the Federal Circuit or the commencement of a civil action. Since this application is eligible for continued examination under 37 CFR 1.114 and the fee set forth in 37 CFR 1.17(e) has been timely paid, the appeal has been withdrawn pursuant to 37 CFR 1.114 and prosecution in this application has been reopened pursuant to 37 CFR 1.114. Applicant’s submission filed on 12/9/2025 has been entered.
Response to Amendment/Arguments
Regarding the rejection of the claims under 35 USC 101, applicant states that the amended claims are directed to data access and security technologies. Applicant states that the features of combining the values of the common subset of the identifying fields with the organization secret key and generating the cryptographic hash contribute to the improvement of data and communication security, and the feature of sending the obfuscated ID and hash to the remote service and storing it in a local cache responsive to detecting that the hash differs from a cached hash or there is no cached hash contributes to the improvement of data access control and flexibility.
Examiner notes that the steps of combining the values of the common subset of the identifying fields with the organization secret key and generating the cryptographic hash only involve processing and modifying data values, such as by performing mathematical calculations, which are abstract. Additionally, sending the obfuscated ID and hash to the remote service and storing it in a local cache responsive to detecting that the hash differs from a cached hash or there is no cached hash only involves transmitting and storing information. These features do not provide an improvement to a technology or technical field. Rather, they only involve using a computer to perform computing functions to automate the abstract idea. Therefore, these features do not provide a practical application or significantly more than the abstract idea.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 19-40 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
In the instant case, claims 19-28 and 39-40 are directed to a method, claims 29-34 are directed to a system comprising at least one nontransitory processor-readable storage medium and one or more processors, and claims 35-38 are directed to a non-transitory computer-readable storage medium. Therefore, these claims fall within the four statutory categories of invention.
The claims recite obtaining information regarding fields of information to be used to create an anonymous identifier, and creating, sharing, and storing an anonymous identifier based on identifying information obtained from those fields in the study after determining that the identifier differs from a previous identifier or is a new identifier, which is an abstract idea. Specifically, the claims recite “querying . . . to retrieve a configuration to link de-identified DICOM studies, wherein the de-identified DICOM studies have been processed . . . to remove or obfuscate personally identifiable information and are stored . . . accessible to third parties, “for each of a plurality of DICOM studies, including identifying fields, that is stored . . ., obtaining . . . values of a common subset of the identifying fields present in the DICOM study, wherein the common subset is specified by the configuration retrieved . . .;” “obtaining . . . an organizational secret key associated with an organization . . .;” “combining . . . the values of the common subset of the identifying fields with the organizational secret key to provide a combination basis,” “generating . . . a cryptographic hash based on appending the combination basis and a cryptographic key, wherein the cryptographic hash matches another cryptographic hash generated for another DICOM study of the plurality of DICOM studies which has the same values of the common subset of the identifying fields,” “responsive to detecting that the cryptographic hash differs from a [stored] cryptographic hash previously generated for the DICOM study or that is no [stored] cryptographic hash previously generated for the DICOM study: sending . . . (a) an obfuscated ID that uniquely maps to a de-identified DICOM study stored . . . that corresponds to the DICOM study and (b) the cryptographic hash linking the de-identified DICOM study to at least another de-identified DICOM study stored . . . that corresponds to the other DICOM study with the same values of the common subset of the identifying fields,” and “storing the cryptographic hash . . .,” which is grouped within the “certain methods of organizing human activity” grouping of abstract ideas in prong one of step 2A of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 54 (January 7, 2019)) because the claims describe a process of obtaining information about identifying fields to use to link studies, obtaining the identifying fields of a study based on the information, obtaining a key, performing operations on the fields to generate anonymized data, and based on determining that the anonymized data is new or differs from previously stored anonymized data, both storing the anonymized data locally and sending the anonymized data and an identifier to another entity that stores it and relates it to another study, which involves managing personal behavior or relationships or interactions between people because it protects the identity of the patients involved in the study while allowing the other entity to keep track of and correlate studies. Further, generating a cryptographic hash only involves performing mathematical calculations, which is grouped within the “mathematical concepts” grouping of abstract ideas. A claim that combines one abstract idea with another remains abstract. RecogniCorp, LLC v. Nintendo Co., 855 F.3d 1322, 1327, 122 USPQ2d 1377 (Fed. Cir. 2017) ("Adding one abstract idea (math) to another abstract idea (encoding and decoding) does not render the claim non-abstract"). Accordingly, the claims recite an abstract idea (See pages 7, 10, Alice Corporation Pty. Ltd. v. CLS Bank International, et al., US Supreme Court, No. 13-298, June 19, 2014; 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 53-54 (January 7, 2019)).
This judicial exception is not integrated into a practical application because, when analyzed under prong two of step 2A of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 54-55 (January 7, 2019)), the additional elements of the claims such as a remote service, at least one processor of a protected health information (PHI) system, cached data, a local cache and a system comprising at least one nontransitory processor-readable storage medium and one or more processors, merely use a computer as a tool to perform an abstract idea. Specifically, these additional elements perform the steps or functions of “querying . . . to retrieve a configuration to link de-identified DICOM studies, wherein the de-identified DICOM studies have been processed . . . to remove or obfuscate personally identifiable information and are stored . . . accessible to third parties, “for each of a plurality of DICOM studies, including identifying fields, that is stored . . ., obtaining . . . values of a common subset of the identifying fields present in the DICOM study, wherein the common subset is specified by the configuration retrieved . . .;” “obtaining . . . an organizational secret key associated with an organization . . .;” “combining . . . the values of the common subset of the identifying fields with the organizational secret key to provide a combination basis,” “generating . . . a cryptographic hash based on appending the combination basis and a cryptographic key, wherein the cryptographic hash matches another cryptographic hash generated for another DICOM study of the plurality of DICOM studies which has the same values of the common subset of the identifying fields,” “responsive to detecting that the cryptographic hash differs from a [stored] cryptographic hash previously generated for the DICOM study or that is no [stored] cryptographic hash previously generated for the DICOM study: sending . . . (a) an obfuscated ID that uniquely maps to a de-identified DICOM study stored . . . that corresponds to the DICOM study and (b) the cryptographic hash linking the de-identified DICOM study to at least another de-identified DICOM study stored . . . that corresponds to the other DICOM study with the same values of the common subset of the identifying fields,” and “storing the cryptographic hash . . . .” The use of a processor/computer as a tool to implement the abstract idea does not integrate the abstract idea into a practical application because it requires no more than a computer performing functions that correspond to acts required to carry out the abstract idea. The additional elements do not involve improvements to the functioning of a computer, or to any other technology or technical field (MPEP 2106.05(a)), the claims do not apply or use the abstract idea to effect a particular treatment or prophylaxis for a disease or medical condition (Vanda Memo), the claims do not apply the abstract idea with, or by use of, a particular machine (MPEP 2106.05(b)), the claims do not effect a transformation or reduction of a particular article to a different state or thing (MPEP 2106.05(c)), and the claims do not apply or use the abstract idea in some other meaningful way beyond generally linking the use of the abstract idea to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception (MPEP 2106.05(e) and Vanda Memo). Therefore, the claims do not, for example, purport to improve the functioning of a computer. Nor do they effect an improvement in any other technology or technical field. Accordingly, the additional elements do not impose any meaningful limits on practicing the abstract idea, and the claims are directed to an abstract idea.
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when analyzed under step 2B of the Alice/Mayo test (See 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50, 52, 56 (January 7, 2019)), the additional elements of using a remote service, at least one processor of a protected health information (PHI) system, cached data, a local cache, and a system comprising at least one nontransitory processor-readable storage medium and one or more processors to perform the steps amounts to no more than using a computer or processor to automate and/or implement the abstract idea of obtaining information regarding fields of information to be used to create an anonymous identifier, and creating, sharing, and storing an anonymous identifier based on identifying information obtained from those fields in the study after determining that the identifier differs from a previous identifier or is a new identifier. As discussed above, taking the claim elements separately, these additional elements perform the steps or functions of “querying . . . to retrieve a configuration to link de-identified DICOM studies, wherein the de-identified DICOM studies have been processed . . . to remove or obfuscate personally identifiable information and are stored . . . accessible to third parties, “for each of a plurality of DICOM studies, including identifying fields, that is stored . . ., obtaining . . . values of a common subset of the identifying fields present in the DICOM study, wherein the common subset is specified by the configuration retrieved . . .;” “obtaining . . . an organizational secret key associated with an organization . . .;” “combining . . . the values of the common subset of the identifying fields with the organizational secret key to provide a combination basis,” “generating . . . a cryptographic hash based on appending the combination basis and a cryptographic key, wherein the cryptographic hash matches another cryptographic hash generated for another DICOM study of the plurality of DICOM studies which has the same values of the common subset of the identifying fields,” “responsive to detecting that the cryptographic hash differs from a [stored] cryptographic hash previously generated for the DICOM study or that is no [stored] cryptographic hash previously generated for the DICOM study: sending . . . (a) an obfuscated ID that uniquely maps to a de-identified DICOM study stored . . . that corresponds to the DICOM study and (b) the cryptographic hash linking the de-identified DICOM study to at least another de-identified DICOM study stored . . . that corresponds to the other DICOM study with the same values of the common subset of the identifying fields,” and “storing the cryptographic hash . . . .” These functions correspond to the actions required to perform the abstract idea. Viewed as a whole, the combination of elements recited in the claims merely recite the concept of obtaining information regarding fields of information to be used to create an anonymous identifier, and creating, sharing, and storing an anonymous identifier based on identifying information obtained from those fields in the study after determining that the identifier differs from a previous identifier or is a new identifier. Therefore, the use of these additional elements does no more than employ the computer as a tool to automate and/or implement the abstract idea. The use of a computer or processor to merely automate and/or implement the abstract idea cannot provide significantly more than the abstract idea itself (MPEP 2106.05 (f) & (h)). Therefore, the claim is not patent eligible.
Dependent claims 19-28, 30-34, and 36-40 further describe the abstract idea of obtaining information regarding fields of information to be used to create an anonymous identifier, and creating, sharing, and storing an anonymous identifier based on identifying information obtained from those fields in the study after determining that the identifier differs from a previous identifier or is a new identifier. Specifically, claims 20, 21, 30, 31, and 37 further describe updating the anonymous identifier used to link studies by using a new set of fields, and claims 22, 23, 32, 33, and 38 describe updating the anonymous identifier used to link the studies by using an updated key, which only involve repeating the abstract idea using new fields or a new key. Claims 24-26 and 34 describe characteristics of the common subset of identifying fields, the organizational key, and the cryptographic hash, but do not require any steps or functions to be performed. Claim 27 further describes the abstract idea because it only involves receiving and storing the cryptographic hash generated as part of the abstract idea. Claims 28 and 36 describe periodically generating updated cryptographic hashes for the studies, which only provides further detail regarding the aspect of the abstract idea that involves generating and storing the cryptographic hash. The use of a remote service, at least one processor of a protected health information (PHI) system, and a system comprising at least one nontransitory processor-readable storage medium and one or more processors to perform the steps only involves using a computer as a tool to automate and/or implement the abstract idea. Claims 39 and 40 describe the manner of obtaining the cryptographic key, either by generating it using a pseudo random number generator or by loading a previously-generated key. This only involves performing a mathematical calculation, which is abstract, or loading stored data, which does not provide a practical application or significantly more than the abstract idea because it only involves using a computer as a tool to automate and/or implement the abstract idea. Thus, the dependent claims do not include additional elements that integrate the abstract idea into a practical application or that provide significantly more than the abstract idea. Therefore, the dependent claims are also not patent eligible.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
El Emam (US 2015/0288665) (“El Emam”) for disclosing:
querying an entity, by at least one processor, to retrieve a configuration to link de-identified studies, the configuration including a plurality of common identifying fields present in the record (El Emam ¶¶ 73-74, 76, 126);
obtaining, by the at least one processor, an organizational key associated with the organization (El Emam ¶¶ 74-76, 118, 125);
combining, by the at least one processor, the plurality of common identifying fields with the organizational key (El Emam ¶¶ 76, 118, 126);
generating, by the at least one processor, a cryptographic hash using the combined common identifying fields and the organizational key (El Emam ¶¶ 69, 90-91);
sending, by the at least one processor to the remote service, the cryptographic hash (El Emam ¶¶ 79, 91).
El Emam further discloses that obtaining a plurality of common identifying fields comprises obtaining a plurality of common identifying fields selected by the organization (El Emam ¶¶ 65, 68, 73-74, 76, 126).
El Emam also discloses that obtaining a plurality of common identifying fields comprises obtaining a plurality of default common identifying fields, the default common identifying fields indicative of a patient identifier and other information (El Emam ¶¶ 65, 68, 73-74, 76, 126).
El Emam discloses that obtaining an organizational secret key comprises obtaining a key that is unique to the organization (El Emam ¶¶ 75-76, 118, 125).
El Emam discloses that generating a cryptographic hash provides a unique identifier that is common to all related studies (El Emam ¶¶ 69, 90-91).
El Emam discloses from time-to-time, sending, by the at least one processor associated with the organization, a query to the remote server to obtain the common identifying fields for the organization (El Emam ¶¶ 74).
Further, El Emam discloses:
for each of a plurality of records for which cryptographic keys have been previously generated,
obtaining, by the at least one processor, a plurality of common identifying fields present in the record, (El Emam ¶¶ 73-74, 76, 126);
obtaining, by the at least one processor, an organizational key (El Emam ¶¶ 74-76, 118, 125);
combining, by the at least one processor, the plurality of common identifying fields with an organizational key (El Emam ¶¶ 76, 118, 126);
generating, by the at least one processor, a cryptographic hash using the combined plurality of common identifying fields and the organizational key (El Emam ¶¶ 69, 90-91);
sending, by the at least one processor, the cryptographic hash to the remote service (El Emam ¶¶ 79, 91); and
generating a cryptographic key (El Emam ¶¶ 74-76, 118, 125).
Landi, et al. (US 2005/0165623) (“Landi”) for disclosing encrypting information from DICOM (digital imaging and communications in medicine) studies using a secret key (Landi ¶¶ 42-47, 77-78).
Vesper, et al. (US 2011/0153351) (“Vesper”) discloses storing an encrypted identification key for a DICOM file (Vesper ¶¶ 76-78, 175, 178), as well as generating a hash of the study or DICOM file (Vesper ¶¶ 88-89, 175-176, 254, 304, 328)
Casse (US 2015/0302223) discloses the use of a different plurality of common identifying fields, at least one of the common identifying fields the different plurality of common identifying fields different from at least one of the common identifying fields previously used to generate a key for the record (Casse ¶¶ 80, 81, 83).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Mohammad A. Nilforoush whose telephone number is (571)270-5298. The examiner can normally be reached Monday-Friday 12pm-7pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W. Hayes can be reached at 571-272-6708. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Mohammad A. Nilforoush/Primary Examiner, Art Unit 3697