DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments with respect to claims 1-15, 17-19, and 21-22 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-15, 17-19, and 21-22 are rejected under 35 U.S.C. 103 as being unpatentable over Mahler et al. (US 2023/0017157).
In regard to claim 1, Mahler disclosed a system for providing a bio-firewall for a medical device, the system comprising:
a bio-firewall electronic processor configured to: (Mahler [0009]-[0010])
receive a processed network command from a device electronic processor, (Mahler [0009]-[0010], [0115])
determine, prior to execution of the processed network command by the medical device, whether the processed network command is associated with a cyberattack based on at least one rule, (Mahler [0010]-[0011], [0115], [0147])
…
in response to determining that the processed network command is associated with the cyberattack, (Mahler [0036], [0113])
prevent transmission, via the non-networked communication interface, of the processed network command to the non-networked component such that the non-networked component does not receive the processed network command. (Mahler [0036])
Mahler failed to explicitly disclose in response to determining that the processed network command is not associated with the cyberattack,
enable transmission, via a non-networked communication interface, of the processed network command to a non-networked component.
However, Mahler did disclose blocking commands that were associated with a cyberattack.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to allow non-malicious commands in Mahler to be sent to the medical device since those commands were not stopped as being malicious by Mahler.
In regard to claim 2, Mahler disclosed wherein the processed network command includes at least one selected from a group consisting of an operating parameter, an alert setting, a dosage setting, a dosage schedule, a testing schedule, and an operating range. Mahler [0054]
In regard to claim 3, Mahler disclosed wherein the bio-firewall electronic processor is further configured to:
determine whether the processed network command is associated with the cyberattack prior to execution of the processed network command by the medical device based on a comparison of the processed network command to the at least one rule and data collected by a sensor associated with the medical device; Mahler [0107]
wherein the at least one rule includes a safety range for an operating parameter of the medical device and the data comprises a current sensor reading of a user health characteristic that would be affected if the processed network command were to be executed by the medical device. Mahler [0107]
In regard to claim 4, Mahler disclosed wherein the bio-firewall electronic processor is further configured to:
in response to determining that the processed network command is associated with the cyberattack,
generate and transmit a cyberattack warning for display via a human-machine interface associated with the medical device, the cyberattack warning comprising a copy of the processed network command, a copy of the at least one rule which triggered the cyberattack warning, and source information for the processed network command, and Mahler [0107]
discard the processed network command such that the non-networked component of the medical device does not execute any part of the processed network command. Mahler [0036]
In regard to claim 5, Mahler disclosed wherein the bio-firewall electronic processor is:
housed within the medical device; Mahler [0125]
connected to receive network commands from a network communication interface of the medical device, prior to such network commands being received by a device controller that is configured to execute such commands for the medical device; and Mahler [0010]-[0011], [0115], [0147]
configured to execute a set of bio-firewall software instructions stored in a bio-firewall memory separate from a memory associated with the device controller; Mahler [0036]
wherein the device controller is:
housed within the medical device; Mahler [0125]
connected to receive one or more network commands filtered by the bio-firewall electronic processor; and Mahler [0010]-[0011], [0115], [0147]
configured to execute the network commands received from the bio-firewall electronic processor according to device software stored in the memory associated with the device controller. Mahler [0010]-[0011], [0115], [0147]
In regard to claim 6, Mahler disclosed wherein the at least one rule includes a maximum threshold for an operating parameter of the medical device over a period of time, and wherein the bio-firewall electronic processor is further configured to:
determine that the processed network command is associated with the cyberattack by comparing a log of prior values of the operating parameter over the period of time and an instructed value for the operating parameter of the processed network command to a cumulative threshold; and Mahler [0105]
in response to determining that the processed network command is associated with the cyberattack, prevent the medical device from performing an operation using the instructed value for the operating parameter based on the processed network command. Mahler [0036]
In regard to claim 7, Mahler disclosed wherein the at least one rule includes an operating parameter based on a health condition of a user associated with the medical device, and wherein the bio-firewall electronic processor is further configured to: Mahler [0107], [0130]
determine that the processed network command is associated with the cyberattack by determining that the processed network command would instruct the medical device to alter the operating parameter in a manner that would be unsafe for the user. Mahler [0107]
Claim 8 is rejected for substantially the same reasons as claim 1.
Claim 9 is rejected for substantially the same reasons as claim 2.
Claim 10 is rejected for substantially the same reasons as claim 3.
In regard to claim 11, Mahler disclosed wherein enabling transmission of the processed network command to the non-networked component includes enabling transmission of the processed network command to a sensor configured to collect data related to a health condition of a user of the medical device. Mahler [0114]
In regard to claim 12, Mahler disclosed wherein enabling transmission of the processed network command to the non-networked component includes enabling transmission of the processed network command to an electro-mechanical element configured to perform an action or operation related to a health condition of a user of the medical device. Mahler [0144]
Claim 13 is rejected for substantially the same reasons as claim 4.
In regard to claim 14, Mahler disclosed wherein determining whether the processed network command is associated with a cyberattack based on the at least one rule includes:
comparing a log of prior values of the operating parameter over the period of time and an instructed value for the operating parameter of the processed network command to a cumulative threshold; and Mahler [0107]
evaluating whether transmission of the instructed value for the operating parameter from the processed network command would alter the operating parameter such that a health condition of a user associated with the medical device is maliciously impacted. Mahler [0107]
Claim 15 is rejected for substantially the same reasons as claim 1.
Claim 17 is rejected for substantially the same reasons as claim 4.
In regard to claim 18, Mahler disclosed wherein the at least one rule includes a range for an operating parameter of the medical device, and wherein determining whether the network command is a safe input includes determining whether the network command maintains operation of the medical device within a safe operating range or alters the operating parameter such that the operating parameter is no longer within a patient-specific range. Mahler [0107]
In regard to claim 19, Mahler disclosed wherein the non-networked component includes:
a sensor configured to collect data related to a health condition of a user of the medical device; and Mahler [0114]
an electro-mechanical element configured to perform an action or operation related to a health condition of a user of the medical device. Mahler [0144]
Claim 21 is rejected for substantially the same reasons as claim 5.
Claim 22 is rejected for substantially the same reasons as claim 6.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jeffrey R. Swearingen whose telephone number is (571)272-3921. The examiner can normally be reached M-F 8:00 am - 5:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar Louie can be reached at 571-270-1684. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
Jeffrey R. Swearingen
Primary Examiner
Art Unit 2445
/Jeffrey R Swearingen/ Primary Examiner, Art Unit 2445