CTFR 18/446,304 CTFR 86598 DETAILED ACTION Notice of Pre-AIA or AIA Status 07-03-aia AIA 15-10-aia The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA. This action is in response to the communication filed on March 09, 2026 in response to the Non-Final office action mailed December 16, 2025. Remarks Pending claims for reconsideration are claims 1, 3-16, and 19-21. Applicant has Amended claims 1, 4, 6, 16, and 20. Canceled claims 2, 17, and 18. Added new claim 21. Response to Arguments 07-37 AIA Applicant’s arguments filed on March 09, 2026 have been fully considered but they are not persuasive. In the remarks, applicant argues in substance: In response to argument (Page 7, Para: 3) - Examiner respectfully disagrees with applicant’s argument that the applied prior art failed to disclose “wherein the classification model was trained on a conditional indicator set that includes a file indicator subset, a folder indicator subset, a process indicator subset, a prerequisite indicator subset, a peripheral device subset, and the conditional indicator set evaluates the different sets of variances that modify a memory state of the memory”. But Carleton discloses a classification model is trained using training data sets; using DICOM files with a variety of modalities, attachments, embedded objects, using known-malicious files and malware samples (Para 0033); the classification model is training using data set from a database; and “…training data set may include a plurality of files collected over time from multiple different medical imaging device(s) 110 associated with a particular medical facility or entity…” (Para 0051); and “the classification model of anomaly detector 212 is trained on a data set that is specific to a particular entity ( e.g., a medical facility, a group of medical facilities, etc.)” (Para 0053); and “…the classification models of anomaly detector 212 and/or malware detector 214 may be trained using greyscale-converted images…” etc. (Para 0058). Therefore, training a classification model using different objects is taught by the applied art . Claim Rejections - 35 USC § 112 07-30-02 AIA The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 1, 4, 20, and 21 are rejected under 35 U.S.C. 112(b) or pre-AIA 35 U.S.C. 112 , second paragraph , as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112 , the applicant), regards as the invention. Claim 1 recites the limitation “ the different sets of variances” on line 5 but such limitations has not been introduced. There is insufficient antecedent basis for this limitation in the claim. Independent claims 4, and 20 also has similar insufficient antecedent basis for this limitation in the claim. Claims 3, 5-16, 19, and 21 inherit the deficiencies of the base claims 1, 4, and 20 respectively and therefore are rejected under 35 USC § 112 by virtue of their dependency. Appropriate correction is requested. Claim Rejections - 35 USC § 103 07-20-aia AIA The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 07-23-aia AIA The factual inquiries set forth in Graham v. John Deere Co. , 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. 07-21-aia AIA Claim s 1, 3-16, and 19-21 are rejected under 35 U.S.C. 103 as being unpatentable over Jesse Carleton (US 20240311478 A1 / or “Carleton” hereinafter) in view of Khatri et al. (U.S. Patent Publication No.: 2019/0012490 A1 / or “Khatri” hereinafter) . Regarding claim 1 , Carleton discloses “ A medical imaging device comprising ” (Para 0003: a medical imaging device) : “memory storing instructions that include a classification model” (Para 0003: memory storing instructions; and evaluate the medical imaging file using classification model) , “wherein the classification model was trained on a conditional indicator set that includes a file indicator subset, a folder indicator subset, a process indicator subset, a prerequisite indicator subset, a peripheral device subset, and the conditional indicator set evaluates the different sets of variances that modify a memory state of the memory ” (Para 0033: a classification model is trained using training data sets; using DICOM files with a variety of modalities, attachments, embedded objects, using known-malicious files and malware samples; Para 0051: the classification model is training using data set from a database; and “…training data set may include a plurality of files collected over time from multiple different medical imaging device(s) 110 associated with a particular medical facility or entity…”; and Para 0053: “the classification model of anomaly detector 212 is trained on a data set that is specific to a particular entity ( e.g., a medical facility, a group of medical facilities, etc.)”; and Para 0058: “…the classification models of anomaly detector 212 and/or malware detector 214 may be trained using greyscale-converted images…” etc.) ; “and a processor communicatively coupled to the memory, wherein the instructions, when executed by the processor, cause the medical imaging device to ” (Para 0003: the medical imaging device memory storing model and the medical imaging device with processor) : “implement an imaging-related functionality by generating medical image data ” (Par 0013: medical image data is generated) ; Furthermore, Carleton discloses detecting malicious or anomalous in a medical image file and using classification model to detect the malicious or anomalous in the medical image file (Carleton, Abstract). But Carleton fails to specially disclose detecting an event that modifies the memory state of a medical device, validate the change event, and update an integrity state of the medical device. However, Khatri discloses “detect a change event that modifies a state of the memory ” (Fig. 5: Step 502; and Para 0052: detects changes in modification of memory) ; “validate, [utilizing the classification model], the change event based on a comparison between the change event and a baseline representation of the state ” (Fig. 6: Steps 610-616; and Para 0055: detects change in the device memory by comparing base-line hashes with newly generated hashes) ; “and update an integrity state of the medical imaging device based on the comparison ” (Para 0057; and Para 0035: the device may be updated) . It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of detecting an event that modifies the memory state of a medical device, validate the change event, and update an integrity state of the medical device of Khatri to the system of Carleton where comparing the memory state of device is performed and the ordinary person skilled in the art would have been motivated to combine detect tamper of an information handling system (Khatri, Abstract). Regarding claim 3 , in view of claim 1, Carleton discloses “ wherein the change event modifies a digital imaging and communications in medicine (DICOM) file stored in the memory ” (Carleton, Para 0031: DICOM file with anomalies) . Regarding claim 4 , claim 4 is directed to a method corresponding to the device recited in claim 1. Claim 4 is similar in scope to claim 1, and is therefore, rejected under similar rationale. Regarding claim 5 , in view of claim 4, Carleton in view of Khatri disclose “ wherein detecting the change event comprises continuously monitoring file system data that characterizes the memory state of the medical imaging device ” (Khatri, Para 0053: monitoring for changes to memory state of the device) . Regarding claim 6 , in view of claim 5, Carleton discloses “ wherein validating the change event comprises providing file data that characterizes the change event as an input to the classification model ” (Carleton, Para 0050: classification model predicts a class level based on the input data) . Regarding claim 7 , in view of claim 6, Carleton discloses “ wherein the classification model is trained using the baseline representation of the memory state ” (Carleton, Fig. 6: Steps 610-616; and Para 0055: detects change in the device memory by comparing base-line hashes with newly generated hashes) . Regarding claim 8 , in view of claim 6, Carleton discloses “ wherein validating the change event comprises receiving a malicious classification or a benign classification as an output of the classification model based on the file data that characterizes the change event and a similarity measurement ” (Carleton, Fig. 3: Steps 304-320; and Para 0069: anomaly score is determined using classification model) . Regarding claim 9 , in view of claim 6, Carleton discloses “ wherein the classification model is included in a self-contained application package that is stored in a memory of the medical imaging device ” (Carleton, Fig. 1: Payload Classification System 200; and Para 0043) . Regarding claim 10 , in view of claim 4, Carleton discloses “ wherein the baseline representation of the memory state includes file data obtained from a file system in a reference configuration ” (Carleton, Para 0043) . Regarding claim 11 , in view of claim 4, Carleton discloses “ further comprising: determining, by the processor, a risk metric for the change event based on the comparison, wherein the risk metric estimates a likelihood that malware operation initiated the change event ” (Carleton, Para 0069: anomaly score) . Regarding claim 12 , in view of claim 11, Carleton in view of Khatri discloses “ further comprising: transmitting, by the processor, a notification to an administrator device when the risk metric exceeds a defined threshold ” (Para 0057, admin is notified). Regarding claim 13 , in view of claim 4, Carleton discloses “ wherein detecting the change event comprises accessing file data that characterizes the change event using an application programming interface or a library provided by an operating system of the medical imaging device ” (Carleton, Para 0046) . Regarding claim 14 , in view of claim 4, Carleton in view of Khatri disclose “ further comprising: triggering, by the processor, a remedial action when the updated integrity state is a compromised integrity state ” (Para 0057; and Para 0035: the device may be updated) . Regarding claim 15 , in view of claim 4, Carleton in view of Khatri disclose “ further comprising: recording, by the processor, file data that characterizes the change event to an event log file ” (Para 0046, logs) . Regarding claim 16 , in view of claim 4, Carleton discloses “ further comprising: updating, by the processor, a classification model using an event log file that stores aggregated file data characterizing a plurality of detected change events ” (Carleton, Para 0090) . Regarding claim 19 , in view of claim 4, Carleton discloses “ wherein the change event is initiated on another device that is communicatively coupled to the medical imaging device via a network interface ” (Carleton: Fig. 1; and Para 0063) . Regarding claim 20 , Carleton discloses “ A non-transitory computer-readable medium, the computer-readable medium comprising processor-executable code that when executed by a processor, causes the processor to ” (Para 0003: a medical imaging device; and Para 0022: computer readable medium) : [detect a change event that modifies a memory state of a computing device]; “provide file data characterizing the change event as input to a classification model that is trained using a baseline representation of the [memory state], wherein the classification model was trained on a conditional indicator set that includes a file indicator subset, a folder indicator subset, a process indicator subset, a prerequisite indicator subset, a peripheral device subset, and the conditional indicator set evaluates the different sets of variances that [modify the memory state of the computing device] ” (Para 0033: a classification model is trained using training data sets; using DICOM files with a variety of modalities, attachments, embedded objects, using known-malicious files and malware samples; Para 0051: the classification model is training using data set from a database; and “…training data set may include a plurality of files collected over time from multiple different medical imaging device(s) 110 associated with a particular medical facility or entity…”; and Para 0053: “the classification model of anomaly detector 212 is trained on a data set that is specific to a particular entity ( e.g., a medical facility, a group of medical facilities, etc.)”; and Para 0058: “…the classification models of anomaly detector 212 and/or malware detector 214 may be trained using greyscale-converted images…” etc.) ; “receive a classification and a risk score for the change event at an output of the classification model ” (Para 0074: determines anomaly score meets or exceeds the upper thresholds) , “wherein the risk score is an estimate of a likelihood that a malware operation initiated the change event ” (Para 0074: determines if malicious of not) ; “and [update an integrity state of the computing device] based on the classification and the risk score ” (Para 0090: takes corrective actions) . Furthermore, Carleton discloses detecting malicious or anomalous in a medical image file and using classification model to detect the malicious or anomalous in the medical image file (Carleton, Abstract). But Carleton fails to specially disclose detecting an event that modifies the memory state of a medical device, validate the change event, and update an integrity state of the medical device. However, detecting an event that modifies the memory state of a medical device, validate the change event, and update an integrity state of the medical device would have been obvious (see, Khatri Fig. 5: Step 502; and Para 0052: detects changes in modification of memory; Fig. 6: Steps 610-616; and Para 0055: detects change in the device memory by comparing base-line hashes with newly generated hashes; and Para 0057; and Para 0035: the device may be updated) . It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of detecting an event that modifies the memory state of a medical device, validate the change event, and update an integrity state of the medical device of Khatri to the system of Carleton where comparing the memory state of device is performed and the ordinary person skilled in the art would have been motivated to combine detect tamper of an information handling system (Khatri, Abstract). [Based on 112 Second] Regarding claim 21 , in view of claim 1, Carleton discloses “ wherein the different sets of variances [“ that modify a memory state of a computing device” (spec, [0037]) ] comprise file content being updated to encrypted data, intermittent file content encryption, protected health information data being accessed by users or services, file-level permission changes, file-level privilege escalation, folder-level permission changes, folder-level privilege escalation, directory-level permission changes, directory-level privilege escalation, file modifications by the users or the services, file transfer operations involving peripheral devices, file content deviations, file renaming, file deletion, file movement, orphaned software, orphaned folders, orphaned files, out-of-boundary file types, and orphaned processes in a running state ” (Khatri, Para 0043: during computer attack or firmware update the memory content of the memory device can be subjected to unwanted modification or tampering i.e., “…file modifications by the users or the services, file transfer operations involving peripheral devices, file content deviations, file renaming, file deletion, file movement…”; and para 0048: where the attack on the data could be result of a computer virus or attack to the boot code and/or firmware) [see claim 1 for motivation]. Relevant Prior Arts 07-96 AIA The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Lu et al . (US 2021/0406591 Al) discloses “…obtaining a medical image, obtaining a feature map and a medical image content recognition result that correspond to the medical image by using a medical image classification model, or obtaining the feature map and a lesion classification result that correspond to the medical image by using the medical classification model…” (Abstract). Ducatel et al. (U.S. Patent Application Publication No.: US 20230239304 A1) discloses “Storage of the characteristic data in the distributed ledger by the verification system 330 may be considered to correspond to registering of the characteristic data in the distributed ledger. The distributed ledger stores the characteristic data immutably, meaning that subsequent changes in the characteristic data stored in the storage of the computing system 322 can be detected” (Para 0073) . Conclusion 07-40 AIA Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. Contact Information Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABDULLAH ALMAMUN whose telephone number is (571) 270-3392. The examiner can normally be reached on 8 AM - 5 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /ABDULLAH ALMAMUN/Examiner, Art Unit 2431 /SHIN-HON (ERIC) CHEN/Primary Examiner, Art Unit 2431 Application/Control Number: 18/446,304 Page 2 Art Unit: 2431 Application/Control Number: 18/446,304 Page 3 Art Unit: 2431 Application/Control Number: 18/446,304 Page 5 Art Unit: 2431 Application/Control Number: 18/446,304 Page 6 Art Unit: 2431 Application/Control Number: 18/446,304 Page 7 Art Unit: 2431 Application/Control Number: 18/446,304 Page 8 Art Unit: 2431 Application/Control Number: 18/446,304 Page 9 Art Unit: 2431 Application/Control Number: 18/446,304 Page 10 Art Unit: 2431 Application/Control Number: 18/446,304 Page 11 Art Unit: 2431 Application/Control Number: 18/446,304 Page 12 Art Unit: 2431 Application/Control Number: 18/446,304 Page 13 Art Unit: 2431 Application/Control Number: 18/446,304 Page 14 Art Unit: 2431