DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement(s) (IDS) submitted on 11/08/2024 was filed before the mailing date of this office action. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Claim Objections
Claim 14 is objected to because of the following informalities:
Claim 14, lines 1-2, the statement, “A system for carrying out a the method of claim 1,” should read “A system for carrying out [[a]] the method of claim 1,”.
Appropriate correction is required.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 4, 7, 9-11, 19 and 22-23 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claims 4 and 19 recite the limitation "the pure authorization information," in line 1, respectively. There is insufficient antecedent basis for this limitation in the claim.
Claims 7, 9-11 and 22-23 recite the limitation "the device" in lines 4, 3-4, 3, 3, 1-2 and 2, respectively. There is insufficient antecedent basis for this limitation in the claims.
Claims 9 and 22 recite the limitation "this encrypted information " in lines 4 and 3, respectively. There is insufficient antecedent basis for this limitation in the claims.
Claims 11 and 23 recite the limitation "the keys," in line 1, respectively. There is insufficient antecedent basis for this limitation in the claims.
Claim 22 recites the limitation "the respective other device," in line 4. There is insufficient antecedent basis for this limitation in the claim.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claims 1-9, 14-22 and 25-26 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by US-PGPUB No. 2014/0273824 A1 to Fenner et al. (hereinafter “Fenner”)
Regarding claim 1:
Fenner discloses:
(Currently Amended) A method (see the method of Fig. 10) for enabling a communication connection between a mobile device (see Fig. 1, Remote Device 106) and a further device (see Fig. 1, Implantable Device 110), the mobile device and the further device having a common interface for data exchange (¶19: “… method for pairing an implantable device with a remote device using an NFC tag associated with the implantable device …”, see the method of Fig. 10), wherein said method comprises the following steps in the specified order:
sending a communication request to the further device by means of the mobile device via the interface (¶63: “remote device 210 can move within close proximity of NFC device 204 and send a request induction signal that is received by communication component 206 (e.g., an NFC induction coil antenna).”);
transmitting an encrypted challenge from the further device to the mobile device via the interface (¶63: “The request induction signal can energize the NFC device, causing the NFC device to transmit identification information stored therein back to remote device 210 using NFC protocol.”, see also ¶28: “remote device 106 and implantable device 108 can establish a secure and authorized communication channel, thus becoming "paired." … remote device 106 and implantable device 108 can exchange secure, private, or otherwise protected information between one another only after becoming paired.”);
transferring the encrypted challenge from the mobile device via a data connection to the server as authentication server (¶64: “remote device 210 can communicate the identification information to the server 212 …”), at which the user of the mobile device has logged on or at which the user of the mobile device has not logged on (¶35: “This could be accomplished by entering user information associated with an account on the remote device 106”);
checking an access authorization in the authentication server on the basis of the encrypted challenge (¶64: “server 212 can determine that a pairing between remote device 210 and implantable device 202 is authorized”), and
if the access authorization is absent, outputting a corresponding message and/or terminating the communication by means of the authentication server (implicitly disclosed in ¶64, and claim 12: “wherein the identification information comprises information that facilitates determining whether a device is authentic, unauthorized, or a counterfeit.”, Note: “information” implies message to be displayed);
or if the access authorization is absent, generating an encrypted authentication, the content of which is an absent authentication, and
if the access authorization is provided, generating an encrypted authentication, and the following steps in the specified order:
transferring the encrypted authentication from the authentication server to the mobile device via the data connection (¶64: “send a message or signal (e.g., a key or password) back to the remote device indicating this authorization.”);
transmitting the encrypted authentication from the mobile device to the device via the interface (¶65: “remote device 210 can send the authorization message or signal to implantable device 202 …”);
checking the access authorization in the device on the basis of the encrypted authentication (¶65: “The implantable device can then authenticate the authorization message or signal (e.g., perform a key matching procedure)”), and
if the access authorization is absent, outputting or transmitting a corresponding message to the mobile device (implicitly disclosed in ¶84: “If authorized based on the key matching procedure, the authorization component 816 can allow the communication component 814 to communicate with the remote device”), if the access authorization is provided, enabling the data exchange between the mobile device and the further device and/or the data exchange between the further device and the server via the mobile device within the scope of the authentication (¶65: “and open up communication with remote device 210 (e.g., communication of sensitive information over a secure data channel)”).
Regarding claim 2:
Fenner discloses:
(Currently Amended) The method of claim 1, wherein the data exchange between the further device and the server is effected via the mobile device (¶33: “Upon receipt of the message by implantable device 108, implantable device 108 and server 102 can begin secure communication using remote device 106 as a proxy.”), and parameters which supervise the further device and are stored on the server (¶34: “in order to pair remote device 106 and implantable device 108, server 102 can pass a message to the remote device 106 (e.g., a key or password) … for the purpose of setting up a secure data communications channel between the implantable device 108 and the server 102.”) , or are applied to the server by the user of the mobile device , are written to the further device from the server via the mobile device.
Regarding claim 3:
Fenner discloses:
(Currently Amended) The method of claim 1, wherein the common interface is a wireless interface, preferably a Bluetooth, BLE, WLAN, NFC (¶63: “… the remote device 210 interacts with NFC device 204 to receive identification information stored by the NFC device 204.”), RFID, and/or sound interface, and/or in that the common interface is a wired interface.
Regarding claim 4:
Fenner discloses:
(Currently Amended) The method of claim 1, wherein besides the pure authorization information, the authentication includes information about the scope of the authorization (¶34: “… the message can indicate and thus authorize secure data transfer from implantable device 108 to remote device 106 yet deny data transfer from remote device 106 to implantable device 108.”).
Regarding claim 5:
Fenner discloses:
(Currently Amended) The method of claim 1, wherein checking the access authorization in the authentication server takes into account not just the encrypted challenge but additionally information about the mobile device, and/or information about the user logged on at the mobile device and/or at the authentication server (¶35: “… the only way the remote device 106 would then be authorized to view and/or program information on implantable device 108 would be if it were authorized by server 102. This could be accomplished by entering user information associated with an account on the remote device 106 in response to a request by the remote device to communicate with the implantable device 108.”), and/or information from a token of such a user.
Regarding claim 6:
Fenner discloses:
(Currently Amended) The method of claim 1, wherein the mobile device is a laptop or a cellular phone (¶60: “remote device 106 can include but is not limited to, a handheld computing device, a desktop computer, a laptop computer, a smart-phone, a tablet personal computer (PC), a personal digital assistant (PDA) or a server.”).
Regarding claim 7:
Fenner discloses:
(Currently Amended) The method of claim 1, wherein within the scope of the enabled data exchange, data are read from the memory of the further device (¶60: “remote device 106 can include a reader device configured to read information from NFC device 110 and implantable device 108.”), an update is loaded on the device, the device is reconfigured, or a combination thereof.
Regarding claim 8:
Fenner discloses:
(Currently Amended) The method of claim 1, wherein the further device comprises at least the mentioned interface (see Fig. 8, Communication Component 814) and also a data processing unit with memory (see Fig. 8, Processor 810 and Memory 812), and also at least one further functionality (¶81: “communication component 814 is restricted regarding the type of information that it can transmit and/or receive to and from a remote device as a function of establishment of a secure pairing with the remote device.”).
Regarding claim 9:
Fenner discloses:
(Currently Amended) The method of claim 1, wherein on the authentication server and the device, private keys for the generation of challenge and respectively authentication and the verification of this encrypted information are present (¶37: “server 102 employs a PKI infrastructure to facilitate authenticating and authorizing pairing between remote device 106 and implantable device 108 … PKI provides each party in an authentication agreement with a pair of keys, a private key, and a public key, used in every signed transaction.”).
Regarding claim 14:
Fenner discloses:
(Currently Amended) A system for carrying out the method of claim 1 (see the system of Fig. 1), wherein the system comprises a server (see Fig. 1, Server 102) and/or an authentication server, at least one mobile device (see Fig. 1, Implantable Device 108) and at least one further device (see Fig. 1, Remote Device 106), and wherein a data connection is present between server and/or authentication server and mobile device (see Fig. 1, Implantable device 108 connected to Server 102 via Network 104), and the mobile device and the further device comprise at least one common interface for data exchange (¶27: “system 100 employs NFC device 110 attached to implantable device 108 to facilitate transmitting and/or receiving information using NFC protocol in associating with pairing implantable device 108 and remote device 106.”).
Regarding claim 15:
Fenner discloses:
(Currently Amended) A data processing program, on a data memory, for carrying out the method of claim 1 (¶76: “machine-executable components embodied within one or more machines (e.g., embodied in one or more computer-readable storage media associated with one or more machines).”), wherein the data processing program communicates on the mobile device with an output interface (¶62: “ Implantable device 202 and NFC device 204 include respective communication components 208 and 206.”).
Regarding claim 16:
Fenner discloses:
(New) The method of claim 1, wherein the method is also for data exchange between the further device and a server (¶26: “remote device 106 and/or server 102 are configured to communicate with one another over one or more networks 104.”).
Regarding claim 17:
Fenner discloses:
(New) The method of claim 2, wherein the data exchange between the further device and the server is effected via the mobile device (¶29: “… the message transmitted from the server 102 to the implantable device 108 via remote device 106 …”), and parameters which supervise the further device and are stored on the server (¶84: “The key or password can be generated and provided to the remote device by a server (e.g., in association with authenticating and authorizing NFC tag identification information for the implantable device 800).”), or are applied to the server by the user of the mobile device, are written to the further device from the server via the mobile device, without direct and/or indirect influencing by the user with or without logging of the data transmission via a display of the mobile device to the user.
Regarding claim 18:
Fenner discloses:
(New) The method of claim 3, wherein the common interface is a Bluetooth, BLE, WLAN, NFC (¶27: “system 100 employs NFC device 110”), RFID, and/or sound interface, and/or in that the common interface is a wired serial interface, a USB interface, Ethernet, CAN bus.
Regarding claim 19:
Fenner discloses:
(New) The method of claim 1, wherein besides the pure authorization information, the authentication includes information about the scope of the authorization (¶54: “information stored in memory of the NFC device 110 can be partitioned into different areas that can be restrictively accessed.”), namely user information (¶54: “patient information”), time information, location information, permitted intervention depth (¶34: “the message can indicate and thus authorize data transfer of a first set of information (e.g., information rated as mildly sensitive) yet deny data transfer of a second set of information (e.g., information rated as highly sensitive).”).
Regarding claim 20:
Fenner discloses:
(New) The method of claim 1, wherein checking the access authorization in the authentication server takes into account not just the encrypted challenge but additionally information about the mobile device, in the form of hardware-specific and individualized information, and/or information about the user logged on at the mobile device (¶41: “… the remote device 106 would first be authorized/authenticated to communicate with the NFC device 110 based on the authentication code/password provided thereto by the user 112.”) and/or at the authentication server, and/or information from a token of such a user.
Regarding claim 21:
Fenner discloses:
(New) The method of claim 1, wherein the further device comprises at least the mentioned interface (see Fig. 9, Remote Device 900 comprising NFC component 912) and also a data processing unit (CPU) with memory (see Fig. 9, Remote Device 900 comprising Processor 906 and Memory 908), and also at least one further functionality, in the form of a sensor, an output interface, including a display (see Fig. 9, Remote Device 900 comprising Display component 916), or a loudspeaker, or a combination of such functionalities.
Regarding claim 22:
Fenner discloses:
(New) The method of claim 1, wherein on the authentication server and the device, private keys for the generation of challenge and respectively authentication and the verification of this encrypted information are present (¶36: “the identification information can include private keys …”), and also corresponding associated public keys on the respective other device (¶36: “the identification information can include … public keys associated with a public key infrastructure (PKI). …”), wherein an incrementing number can be managed on the device (¶36: “… the identification information for implantable device 108 can include a secret or private key associated with the implantable device and required for user authorization in association with a public key.”).
Regarding claim 25:
Fenner discloses:
(New) The system of claim 14, wherein the system comprises a server and/or an authentication server (see Fig. 1, Server 102, ¶30: “Server 102 can include one or more suitable interconnected computing devices that have authorization and authentication capabilities.”), at least one mobile device (¶109: “a smart phone,”) and a plurality of further devices (¶30: “one or more implanted devices”).
Regarding claim 26:
Fenner discloses:
(New) The data processing program of claim 15 on a data memory, and, wherein the data processing program communicates on the mobile device with an output interface in the form of a display of the mobile device for communication with the user (¶92: “Remote device 900 can also include display component 916 to display information to a user. … display component 916 can display instructions to be transmitted to an implantable device and/or information received from an implantable device.”).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 10 is rejected under 35 U.S.C. 103 as being unpatentable over Fenner, and further in view of US-PGPUB No. 2022/0161039 A1 to Manicka
Regarding claim 10:
Fenner discloses the method of claim 9, but fails to disclose the following limitation taught by Manicka:
wherein a plurality of keys are kept available on the authentication server and the device (Manicka, ¶46: “Gatekeeping device 14 can then generate a public key based on the private key generated. This public key can be communicated to the remote internet-based server, such as hosting server 20, for use in decoding communications originated by gatekeeping device 14. Similarly, the remote internet-based server can also generate a private/public key combination and transmit the public key to gatekeeping device 14.”), and are then changed either randomly or after a specific time and/or after a specific number has been reached (Manicka, ¶46: “a new private key can be generated by the paired proximate device every new day, new hour, or at five-minute intervals, for communications conducted by gatekeeping device 14 and remote internet-based servers. … Such frequent changing of these private/public key combinations …”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Fenner to incorporate the functionality of the method to frequently change private/public keys, as disclosed by Manicka, such modification would enable the system to limit the time for a hacker to hack the private key to one day or less—a small fraction of the time required for such hacking for today's most powerful computers.
Claims 11 and 23 are rejected under 35 U.S.C. 103 as being unpatentable over Fenner, and further in view of US-PGPUB No. 2017/0345019 A1 to Radocchia et al. (hereinafter “Radocchia”)
Regarding claim 11:
Fenner discloses the method of claim 9, but fails to disclose the following limitation taught by Radocchia:
wherein the keys, alone or together with hardware-specific and individualized information of the device, are stored on a public blockchain (Radocchia, ¶07: “wirelessly reading the unique identifier from one or more of the identity tags with a mobile device … the blockchain associating and storing the unique identifier, a network accessible location identifier and a public key for each of the items,”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Fenner to incorporate the functionality of the method to associate, and store identification data, such as a unique identifier, a location identifier and a public key in a blockchain, as disclosed by Radocchia, such modification enables public access to the identification data with optional item registration anonymity.
Regarding claim 23:
Fenner discloses the method of claim 9, but fails to disclose the following limitation taught by Radocchia:
wherein the keys, together with hardware-specific and individualized information of the device, are stored on a public blockchain (Radochia, ¶07: “wirelessly reading the unique identifier from one or more of the identity tags with a mobile device … the blockchain associating and storing the unique identifier, a network accessible location identifier and a public key for each of the items,”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Fenner to incorporate the functionality of the method to associate, and store identification data, such as a unique identifier, a location identifier and a public key in a blockchain, as disclosed by Radocchia, such modification enables public access to the identification data with optional item registration anonymity.
Claims 12 is rejected under 35 U.S.C. 103 as being unpatentable over Fenner, USPAT No. 9980140 B1 to Spencer et al. (hereinafter “Spencer”), and further in view of US-PGPUB No. 2018/0181737 A1 to Tussy
Regarding claim 12:
Fenner discloses:
Fenner discloses the method of claim 1, but fails to disclose the following limitation taught by Tussy:
wherein, if the challenge leads to a non- authorization during checking on the authentication server, the authentication server transmits an authentication to the mobile device (Tussy, ¶103: “if the credentials provided by the user are not verified, the authentication server may transmit a message to display on the screen of the mobile device 112 …”), which either is recognized as non-authorization directly at the mobile device and leads to the outputting of a corresponding message to the user at the mobile device (Tussy, ¶103: “… the authentication server may transmit a message to display on the screen of the mobile device 112 indicating that the login attempt failed.”), or in that the authentication is transmitted to the further device, and on the latter a corresponding output is output or such an authentication is transmitted back from the further device to the mobile device for the output.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Fenner to incorporate the functionality of the authentication server to send a message to be displayed on a mobile device of a user to indicate a failed authentication attempt, as disclosed by Tussy, such modification allows the user to correct credentials and attempt to login a second time if the first attempt was a failure.
Claims 13 and 24 are rejected under 35 U.S.C. 103 as being unpatentable over Fenner, USPAT No. 9980140 B1 to Spencer et al. (hereinafter “Spencer”), and further in view of US-PGPUB No. 2017/0295174 A1 to Kim et al. (hereinafter “Kim”)
Regarding claim 13:
Fenner discloses the method of claim 1, but fails to disclose the following limitation taught by Spencer:
wherein an identifier is provided on the further device (Spencer, col 2, lines 12-13: “a unique identifier for a medical device,”), which identifier can be read out by the mobile device and is used for the identification of the further device and for the communication with the authentication server by virtue of the corresponding device identifier being transmitted […] to the authentication server (Spencer, col 2, lines 11-16: “a mobile computing device can obtain a unique identifier for a medical device, such as through optical scanning (e.g., barcode/QR code scanner) and/or radio frequency detection (e.g., RFID), and transmit the unique identifier to a server system.”)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Fenner to incorporate the functionality of the mobile computing device to obtain a unique identifier for a medical device, such as through optical scanning (e.g., barcode/QR code scanner) and/or radio frequency detection (e.g., RFID), and transmit the unique identifier to a server system, as disclosed by Spencer, such modification would enable the mobile computing device to establish a secure connection with the medical device using the medical device's information, for example, as a secret shared between the mobile computing device and the medical device.
The combination of Fenner and Spencer does not explicitly disclose the following limitation taught by Kim:
[…] together with the challenge (Kim, ¶153: “… the user terminal 200 may transmit the generated OTP to the service providing server 100. The user terminal 200 may transmit the module identification information associated with the OTP … to the service providing server 100 together with the OTP”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of the combination of Fenner and Spencer to incorporate the functionality of the user terminal to transmit a generated OTP together with a module identification information associated with the OTP to a service providing server, as disclosed by Kim, such modification would enable the system to verify the authenticity of both the user terminal and the server to protect the service provider from a security breach.
Regarding claim 24:
Fenner discloses the method of claim 1, but fails to disclose the following limitation taught by Spencer:
wherein an identifier, in the form of a barcode or a QR code (col 2, lines 12-14: “a unique identifier for a medical device, such as through optical scanning (e.g., barcode/QR code scanner)”), is provided on the further device, which identifier can be read out by the mobile device and is used for the identification of the further device and for the communication with the authentication server by virtue of the corresponding device identifier being transmitted […] to the authentication server (Spencer, col 2, lines 11-16: “a mobile computing device can obtain a unique identifier for a medical device, such as through optical scanning (e.g., barcode/QR code scanner) and/or radio frequency detection (e.g., RFID), and transmit the unique identifier to a server system.”)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Fenner to incorporate the functionality of the mobile computing device to obtain a unique identifier for a medical device, such as through optical scanning (e.g., barcode/QR code scanner) and/or radio frequency detection (e.g., RFID), and transmit the unique identifier to a server system, as disclosed by Spencer, such modification would enable the mobile computing device to establish a secure connection with the medical device using the medical device's information, for example, as a secret shared between the mobile computing device and the medical device.
The combination of Fenner and Spencer does not explicitly disclose the following limitation taught by Kim:
[…] together with the challenge (Kim, ¶153: “… the user terminal 200 may transmit the generated OTP to the service providing server 100. The user terminal 200 may transmit the module identification information associated with the OTP … to the service providing server 100 together with the OTP”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of the combination of Fenner and Spencer to incorporate the functionality of the user terminal to transmit a generated OTP together with a module identification information associated with the OTP to a service providing server, as disclosed by Kim, such modification would enable the system to verify the authenticity of both the user terminal and the server to protect the service provider from a security breach.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Ahmad et al. (US 2018/0270340 A1)- disclosed a system, comprising: a portable medical device configured to generate medical measurement data, the portable medical device having a memory that stores an identifier of the portable medical device, the portable medical device further comprising a Bluetooth transceiver; a server system that stores account information of a user to which the portable medical device is assigned, the account information associating the identifier of the portable medical device with an account of the user; and a mobile application configured to run on a smartphone, the mobile application configured to communicate with the portable medical device using a Bluetooth transceiver of the smartphone, and configured to communicate with the server system using a cellular network.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHIAS HABTEGEORGIS whose telephone number is (571)272-1916. The examiner can normally be reached M-F 8am-5pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William R. Korzuch can be reached at (571)272-7589. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MATTHIAS HABTEGEORGIS/Examiner, Art Unit 2491