DETAILED ACTION
The present application, filed on 11/28/2023 is being examined under the AIA first inventor to file provisions.
The following is a FINAL Office Action in response to Applicant’s amendments filed on 3/3/2026.
Claims 1, 12, 19 are amended
Overall, claims 1-24 are pending and have been considered below.
Claim Rejections - 35 USC § 112(a)
Written Description (New Matter)
The following is a quotation of 35 U.S.C. 112(a):
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode contemplated by the inventor of carrying out his invention.
The following is a quotation of the relevant portion of 35 U.S.C. §132(a):
No amendment shall introduce new matter into the disclosure of the invention.
Claims 1-24 are rejected under 35 U.S.C. 112(a), for failing to comply with the written description requirement. MPEP 2163.06 stipulates – If new matter is added to the claims, the examiner should reject the claims under 35 U.S.C. 112(a) – written description requirement. In re Rasmussen, 650 F.2d 1212, 211 USPQ 323 (CCPA 1981).
PNG
media_image1.png
18
19
media_image1.png
Greyscale
Claims 1, 12, 19 have been amended by Applicant to include the limitation “wherein the cryptographic hash is computed on data that is different from the medical record information.” The limitation has no support in the specification, drawings or initial set of claims.
As per independent claims 1, 12, 19, Applicant has pointed out that the amendments have support in paragraphs [0031]-[0032] of the specification as filed. However, [0032] discloses “Cryptographic hash codes are created by a mathematical function that turns digital information into a string of numbers and letters. If that information is edited in any way, then the hash code changes as well.” The quoted paragraphs do not disclose that the data from which the cryptographic hash is calculated, is different from the medical record information. Moreover, [0032] discloses ‘information,’ while the claim recites ‘data.’
Therefore, it is concluded that the amended claim limitation “wherein the cryptographic hash is computed on data that is different from the medical record information” is not supported by the application description as filed.
The remainder of the claims are rejected by virtue of dependency. The reference is provided for the purpose of compact prosecution.
Claim Rejections - 35 USC § 103
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the difference between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103(a) are summarized as follows:
i. Determining the scope and contents of the prior art.
ii. Ascertaining the differences between the prior art and the claims at issue.
iii. Resolving the level of ordinary skill in the pertinent art.
iv. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-7, 9-24 are rejected under 35 U.S.C. 103 as being unpatentable over Saliman et al (US 2020/0005912), in view of Katuwal et al (US 2021/0098092), in further view of Lee et al (US 2018/0101653) in further view of Kurkure (US 2014/0165166).
Regarding Claims 1, 12, 19: Saliman discloses: A server comprising: one or more processors; and non-transitory computer readable medium having stored therein instructions that when executed by the one or more processors, causes the server to perform functions comprising: {see at least ((0004] "securely storing patient information and providing access thereto", [0030] "As used herein "patient information" may include, but is not limited to, patient identification information, patient medical history, patient notes, and so on")}
receiving, at a server {see at least fig. 18(140, 170) "Server" cf. [0038] "server 170 will manage data storage within patient account database 120 and/or EMR database and access there to"}, an input from a first computer system {see at least fig.18 rc155, rc175 "User device 155" 'Treatment provider/facility device 175" cf. [0038] "Treatment provider/facility device 175 may be a computer, or the like, that facilitates communication between a treatment provider (e.g., doctor, nurse, etc.) and/or treatment facility (e.g., clinic, hospital, assisted care facility, etc.} and server B 170"}, the input comprising medical record information associated with a
saving the medical record information to a pass-word protected storage, a second computer system different from the first computer system; {see at least fig.18(125} "EMR data" cf. [0037] "EMR database 125 stores electronic medical record information for one or more patients, some of whom may have a patient account and information about that corresponding patient account may be stored in patient account database 120"; [0072] information may include storage of the received information on a database (not on the blockchain) such as patient information database (reads on pass-word protected storage)}
updating, by the server accessing a distributed network of nodes, a distributed ledger to record a transaction associating the
receiving, at the server {see at least fig.18(140, 170} "Server" cf. [0038] "server 170 will manage data storage within patient account database 120 and/or EMR database and access there to"}, an access request from a third computer system different from the first computer system and the second computer system, the access request associated with the
accessing the distributed ledger, using the A 140 or server B 170, server A 140 or server B 170 may query distributed ledger and/or blockchain 110 for the information and/or a link to the patient information" [0052], [0059], [0061] the "cryptographic hash" is updated with each saved transaction associated to the
based on the cryptographic hash, the server
electronically enabling access by the third computer system to the medical record information of the
Saliman does not disclose, however Katuwal discloses:
the cryptographic hash electronically documenting the transaction of associating the
It would have been obvious to one of ordinary skill in the art, at the time of filing, to modify Saliman to include the elements of Katuwal. One would have been motivated to do so, in order to prevent tempering with the respective medical documents. In the instant case, Saliman evidently discloses receiving access to medical records over a distributed ledger. Katuwal is merely relied upon to illustrate the functionality of cryptographically hashing the electronic medical documents in the same or similar context. Since both receiving access to medical records over a distributed ledger, as well as cryptographically hashing the electronic medical documents are implemented through well-known computer technologies in the same or similar context, combining their features as outlined above using such well-known computer technologies (i.e., conventional software/hardware configurations), would be reasonable, according to one of ordinary skill in the art. Moreover, since the elements disclosed by Saliman, as well as Katuwal would function in the same manner in combination as they do in their separate embodiments, it would be reasonable to conclude that their resulting combination would be predictable. Accordingly, the claimed subject matter is obvious over Saliman / Katuwal.
Saliman, Katuwal, does not disclose, however, Lee discloses:
… veterinary patient … {see at least [0008] veterinary clinic where patients are treated}
It would have been obvious to one of ordinary skill in the art, at the time of filing, to modify Saliman, Katuwal to include the elements of Lee. One would have been motivated to do so, in order to apply the method for veterinary patients as well. In the instant case, Saliman, Katuwal evidently discloses receiving access to medical records over a distributed ledger. Lee is merely relied upon to illustrate the functionality of veterinary clinic for animal patients in the same or similar context. Since both receiving access to medical records over a distributed ledger, as well as veterinary clinic for animal patients are implemented through well-known computer technologies in the same or similar context, combining their features as outlined above using such well-known computer technologies (i.e., conventional software/hardware configurations), would be reasonable, according to one of ordinary skill in the art. Moreover, since the elements disclosed by Saliman, Katuwal, as well as Lee would function in the same manner in combination as they do in their separate embodiments, it would be reasonable to conclude that their resulting combination would be predictable. Accordingly, the claimed subject matter is obvious over Saliman, Katuwal / Lee.
Saliman, Katuwal, Lee does not disclose, however, Kurkure discloses:
wherein the cryptographic hash is computed on data that is different from the medical record information; {see at least fig1, rc120, rc135, password hash generated by on-way hash function … is updated (based on BRI (MPEP 2111), reads on the utilized data is not the medical record information)}
automatically synchronizing, by the server, the password-protected storage of the second computer system by setting the cryptographic hash as a password for the password-protected storage, such that the password for the medical record information is updated in response to each transaction recorded on the distributed ledger; {see at least fig4, rc120, [0038]-[0042] updating the password hash; updated password hash (reads on hash as password); fig7, rc730, rc740 [0059]-[0060] updating the password hash with a count and storing the updated password}
It would have been obvious to one of ordinary skill in the art, at the time of filing, to modify Saliman, Katuwal to include the elements of Kurkure. One would have been motivated to do so, in order to improve the system security. In the instant case, Saliman, Katuwal evidently discloses receiving access to veterinary medical records over a distributed ledger. Kurkure is merely relied upon to illustrate the functionality of password protected storage in the same or similar context. Since both receiving access to medical records over a distributed ledger, as well as password protected storage are implemented through well-known computer technologies in the same or similar context, combining their features as outlined above using such well-known computer technologies (i.e., conventional software/hardware configurations), would be reasonable, according to one of ordinary skill in the art. Moreover, since the elements disclosed by Saliman, Katuwal, as well as Kurkure would function in the same manner in combination as they do in their separate embodiments, it would be reasonable to conclude that their resulting combination would be predictable. Accordingly, the claimed subject matter is obvious over Saliman, Katuwal, Lee / Kurkure.
Regarding Claims 2, 13, 20: Saliman, Katuwal, Lee, Kurkure discloses the limitations of Claims 1, 12, 19. Saliman further discloses:
receiving the input from the first computer system comprises
receiving the input from a first
Regarding Claims 3, 14: Saliman, Katuwal, Lee, Kurkure discloses the limitations of Claims 1, 12. Saliman further discloses:
wherein, the password-protected storage includes a password-protected database, and {see at least [claim1] cryptographic has to protect the storage and records}
wherein: saving the medical record information to the second computer system comprises
saving the medical record information to a password-protected database. {see at least [0041] "One or more security protocols (e.g., passwords, SIM card number validation, source of the request verification, etc.) may be in place to protect the security of the patient information that is accessed via activation of the link/pointer/indicator}
Regarding Claims 4, 15: Saliman, Katuwal, Lee, Kurkure discloses the limitations of Claims 1, 12. Saliman further discloses:
updating the distributed ledger comprises
updating a public blockchain, wherein the public blockchain is a decentralized network with open access rights. {see at least fig.18(110) cf. [0005] "The blockchain may be public, private, or some combination thereof".}
Regarding Claims 5, 16: Saliman, Katuwal, Lee, Kurkure discloses the limitations of Claims 1, 12. Saliman further discloses:
updating the distributed ledger comprises
updating a private blockchain, wherein the private blockchain is a permission-based network accessible by invitation. {see at least fig.18(110) cf. [0005] "The blockchain may be public, private, or some combination thereof".}
Regarding Claims 6, 17, 21 Saliman, Katuwal, Lee, Kurkure discloses the limitations of Claims 1, 12. Saliman further discloses:
aggregating additional medical record information for the
Regarding Claims 7, 18, 22: Saliman, Katuwal, Lee, Kurkure discloses the limitations of Claims 1, 12. Saliman further discloses:
receiving a biometric identifier of the
Regarding Claim 9: Saliman, Katuwal, Lee, Kurkure discloses the limitations of Claim 7. Saliman further discloses:
receiving the biometric identifier of the
receiving a nose-print of the
Regarding Claim 10: Saliman, Katuwal, Lee, Kurkure discloses the limitations of Claim 7. Saliman further discloses:
receiving the biometric identifier of the
receiving a voice-print of the
Regarding Claim 11: Saliman, Katuwal, Lee, Kurkure discloses the limitations of Claim 7. Saliman further discloses:
receiving the biometric identifier of the
receiving an image of the
Regarding Claim 23: Saliman, Katuwal, Lee, Kurkure discloses the limitations of Claim 1. Saliman further discloses: wherein electronically enabling access by the third computer system to the medical record information of the veterinary patient saved at the second computer system includes
providing
Kurkure further discloses:
… the cryptographic hash … {see at least [claim1] cryptographic hash}
It would have been obvious to one of ordinary skill in the art, at the time of filing, to modify Saliman, Katuwal, Lee, Kurkure to include additional elements of Kurkure. One would have been motivated to do so, in order to improve system security. In the instant case, Saliman, Katuwal, Lee, Kurkure evidently discloses receiving access to veterinary medical records over a distributed ledger. Kurkure is merely relied upon to illustrate the additional functionality of cryptographic hash in the same or similar context. Since the subject matter is merely a combination of old elements, and in the combination each element would have performed the same function it performed separately, one having ordinary skill in the art before the effective filing date would have recognized that the results of the combination were predictable.
Regarding Claim 24: Saliman, Katuwal, Lee, Kurkure discloses the limitations of Claim 1. Saliman further discloses: wherein electronically enabling access by the third computer system to the medical record information of the veterinary patient saved at the second computer system includes:
retrieving, from the password-protected storage, at least a portion of the medical record information; and {see at least fig10, rc1015, rc1025 [0083] medical records are accessed}
providing the at least a portion of the medical record information to the third computer system. {see at least fig10, rc1015, rc1025, rc1025, [0083] medical records are accessed}
Kurkure further discloses:
accessing, using the retrieved cryptographic hash, the password-protected storage; {see at least [0491], [0510] storage being accessed; [claim1] cryptographic hash for protecting the storage}
It would have been obvious to one of ordinary skill in the art, at the time of filing, to modify Saliman, Katuwal, Lee, Kurkure to include additional elements of Kurkure. One would have been motivated to do so, in order to improve system security. In the instant case, Saliman, Katuwal, Lee, Kurkure evidently discloses receiving access to veterinary medical records over a distributed ledger. Kurkure is merely relied upon to illustrate the additional functionality of password protected storage in the same or similar context. Since the subject matter is merely a combination of old elements, and in the combination each element would have performed the same function it performed separately, one having ordinary skill in the art before the effective filing date would have recognized that the results of the combination were predictable.
Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Saliman et al (US 2020/0005912), in view of Katuwal et al (US 2021/0098092), in further view of Lee et al (US 2018/0101653), in further view of Kurkure (US 2014/0165166), in further view of Stephen (US 2020/0303044).
Regarding Claim 8: Saliman, Katuwa, Lee, Kurkure discloses the limitations of Claim 7. Saliman further discloses:
after authenticating the
Saliman, Katuwa, Lee, Kurkure does not disclose, however Stephen discloses: further comprising:
authenticating the
processing the medical record information associated with the
verifying that the
It would have been obvious to one of ordinary skill in the art, at the time of filing, to modify Saliman, Katuwa, Lee, Kurkure to include the elements of Stephen. One would have been motivated to do so, in order to verify the medical records belong to the respective patient. In the instant case, Saliman, Katuwa, Lee, Kurkure evidently discloses receiving access to veterinary medical records over a distributed ledger. Stephen is merely relied upon to illustrate the functionality of authenticating a patient in the same or similar context. Since both receiving access to medical records over a distributed ledger, as well as authenticating a patient are implemented through well-known computer technologies in the same or similar context, combining their features as outlined above using such well-known computer technologies (i.e., conventional software/hardware configurations), would be reasonable, according to one of ordinary skill in the art. Moreover, since the elements disclosed by Saliman, Katuwa, Lee, Kurkure, as well as Stephen would function in the same manner in combination as they do in their separate embodiments, it would be reasonable to conclude that their resulting combination would be predictable. Accordingly, the claimed subject matter is obvious over Saliman, Katuwa, Lee, Kurkure / Stephen.
The prior art made of record and not relied upon which, however, is considered pertinent to applicant's disclosure:
US 20200327250 A1 Wang; Shuang et al. SYSTEM FOR DECENTRALIZED OWNERSHIP AND SECURE SHARING OF PERSONALIZED HEALTH DATA - The system disclosed implements a secure method for facilitating secure exchange of health information among various stakeholders, including data owners or contributors, data requestors or miners, and medical providers, including hospitals, clinics, and research laboratories. Additional aspects of the system provide means for conducting secure research on health data collected from data contributors. Health information is exchanged using a decentralized system that incentivizes data contributors to provide health data to data miners. The data miners, which may be pharmaceutical companies, medical laboratories, or hospitals, use various methods in order to perform research on aggregated contributor data, while maintaining contributor privacy.
US 20210021423 A1 Latorre; Fernando et al. PROCEDURE OF UNIFIED GLOBAL REGISTRATION AND UNIVERSAL IDENTIFICATION OF SPATIALLY LOCATABLE OBJECTS - A procedure of unified registration and universal identification in any territory of spatially locatable objects, in order to achieve interoperability between objects or spatial locations, different types of computing systems, the procedure comprising: generation of a unique and non-transferable identifier for each connected, smart and spatial object device, in the URN UUID, OID and DID formats, without discarding others; creation of a DID document associated with the generated identifier; association of different identifiers of the object and of the user/owner; assignment of permissions, roles and creation of access control list (ACL); creation of encryption keys associated with the ACL; save in the DID document both data, service identifiers and other associated identifiers, as well as necessary permissions for accessing to object data; digital fingerprint generation of the DID document using hash; associated data and hash storage in the system and in one or more DLTs or blockchain networks.
US 20200211409 A1 LATORRE; Fernando et al. UNIFIED IDENTIFICATION PROTOCOL IN TRAINING AND HEALTH - The present invention discloses a unified identification protocol for training and health, comprising: unified multipurpose identifier that serves to identify individuals and the relationships established with these individuals, such as relationships with entities, professionals, products, services and transactions, generation of a multipurpose identifier, unique, non-transferable and univocally distinguishable through a computer system. The computer system that identifies them universally to avoid identification errors, based on UUID, DID and/or other formats and unify the data of the same individual existing in different systems, stored in one or several electronic devices of the individual and/or their legal guardians and, additionally, in one or more cloud services, certify access permissions granted /revoked to the different data compartments in the profile of the individual and the authenticity of the data, carried out in one or more distributed data ledger technologies or blockchains.
US 20200175611 A1 Gelfand; Matt Multi-channel data aggregation system and method for communicating animal breed, medical and profile information among remote user networks - A multi-channel data aggregation system communicates non-human animal data among multiple remote user networks, wherein users are provided for non-human animals among user networks for each of caregivers, owners, and breeders. Unique user interfaces are respectively associated with each user network, and configured to link a hosted server network to respective user devices. The hosted server network associates primary stored data for an individual non-human animal with each respective caregiver, owner, and breeder, and further associates derivative stored data with at least familial non-human animal relations and their respective caregivers, owners and breeders. The server network also provides unique identifiers for each respective caregiver, owner, and breeder, enables users to provide selective access to corresponding primary and/or derivative stored data by other users, and, responsive to a user search request, produces accessible primary and/or derivative data corresponding to parameters in the search request.
US 11245691 B1 Dods; Victor Bovee et al. Secure messaging in a blockchain network - Disclosed is a method for cross-authenticating non-credentialed devices and trusted blockchain enabled applications using multiple communications modalities and gathering information upon request for a blockchain network.
US 11769577 B1 Dods; Victor Bovee et al. Decentralized identity authentication framework for distributed data - Disclosed is a method for authenticating requestors and granting access to a permissioned blockchain network shared among enterprise entities. A decentralized registry of credentialed users, in which credentialed users guard their own access information by keeping a private key of a public-private keypair enables systems to avoid keeping information of a large number of users in large, vulnerable containers. A further method removes authenticated users seeking to be forgotten from the registry of users and deletes any personally identifiable information of the withdrawing users.
Response to Amendments/Arguments
Applicant’s submitted remarks and arguments have been fully considered.
Applicant disagrees with the Office Action conclusions and asserts that the presented claims fully comply with the requirements of 35 U.S.C. § 101 regrading judicial exceptions. Further, Applicant is of the opinion that the prior art fails to teach Applicant’s invention.
Examiner respectfully disagrees with the latter.
With respect to Applicant’s Remarks as to the claims being rejected under 35 USC § 101.
Applicant’s arguments are persuasive (see arguments filed on 3/3/2026, paragraphs [0002]-[0004], [0020], [0024][0025], [0032]-[0037]).
In light of Applicant’s arguments and as a result of the presented amendments, the rejection is withdrawn.
With respect to Applicant’s Remarks as to the claims being rejected under 35 USC § 103.
Applicant submits that the prior art of record does not disclose “wherein the cryptographic hash is computed on data that is different from the medical record information" and "setting, by the server, the cryptographic hash as a password for the password-protected storage."”
Examiner has carefully considered, but doesn’t find Applicant’s arguments persuasive.
Kurkure discloses:
wherein the cryptographic hash is computed on data that is different from the medical record information; {see at least fig1, rc120, rc135, password hash generated by on-way hash function … is updated (based on BRI (MPEP 2111), reads on the utilized data is not the medical record information)}
… setting the cryptographic hash as a password for the password-protected storage, such that the password for the medical record information is updated in response to each transaction recorded on the distributed ledger; {see at least fig4, rc120, [0038]-[0042] updating the password hash; updated password hash (reads on hash as password); fig7, rc730, rc740 [0059]-[0060] updating the password hash with a count and storing the updated password}
Therefore, Kurkure disclose the amended claim limitations. Thus, the rejection is proper and has been maintained.
The other arguments presented by Applicant continually point back to the above arguments as being the basis for the arguments against the other 103 rejections, as the other arguments are presented only because those claims depend from the independent claims, and the main argument above is presented against the independent claims. Therefore, it is believed that all arguments put forth have been addressed by the points above.
Examiner has reviewed and considered all of Applicant’s remarks. The changes of the grounds for rejection, if any, have been necessitated by Applicant’s extensive amendments to the claims. Therefore, the rejection is maintained, necessitated by the extensive amendments.
Conclusion
THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Inquiries
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Radu Andrei whose telephone number is 313.446.4948. The examiner can normally be reached on Monday – Friday 8:30am – 5pm EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached at 571.272.7575. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http:/www.uspto.gov/interviewpractice.
As disclosed in MPEP 502.03, communications via Internet e-mail are at the discretion of the applicant. Without a written authorization by applicant in place, the USPTO will not respond via Internet e-mail to any Internet correspondence which contains information subject to the confidentiality requirement as set forth in 35 U.S.C. 122. A paper copy of such correspondence will be placed in the appropriate patent application. The following is a sample authorization form which may be used by applicant:
“Recognizing that Internet communications are not secure, I hereby authorize the USPTO to communicate with me concerning any subject matter of this application by electronic mail. I understand that a copy of these communications will be made of record in the application file.”
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Status information for published applications may be obtained from Patent Center information webpage. Status information for unpublished applications is available to registered users through Patent Center information webpage only.
To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov.
Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (in USA or CANADA) or 571-272-1000.
Any response to this action should be mailed to:
Commissioner of Patents and Trademarks
P.O. Box 1450
Alexandria, VA 22313-1450
or faxed to 571-273-8300
/Radu Andrei/
Primary Examiner, AU 3698
Prosecution Insights