DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Notice to Applicant
Receipt of Applicant’s Amendment filed January 24, 2026 is acknowledged.
Response to Amendment
Claim 1 has been amended. Claim 1 is pending and are provided to be examined upon their merits.
Response to Arguments
Applicant’s arguments filed January 24, 2026 have been fully considered but they are not persuasive. A response is provided below.
Applicant argues Drawing Objections, pg. 6 of Remarks:
Examiner acknowledges Applicant’s right to file Replacement Sheets upon indication of allowable subject matter. Therefore, the objections are maintained as the Replacement Sheets have not been filed at this time.
Applicant argues Claim Objections, pg. 6 of Remarks:
Examiner acknowledges Applicant amendment and withdraws the claim objections.
Applicant argues 35 U.S.C. §101 Rejections, pg. 7 of Remarks:
Applicant draws parallels to Example 35 and argues that the claim integrates the abstract idea into a practical application as the combination of limitations provide an authentication method that has not been utilized in the conventional prescription and drug distribution business. Examiner respectfully disagrees.
Examiner notes that Example 35 provides an unconventional solution in banking as the code is applied to the additional element of an automatic teller machine. Specifically, as recited in the Subject Matter Eligibility Examples, Claim 2 of Example 35 is found to be eligible as “the combination of the steps (e.g., the ATM providing a random code, the mobile communication device’s generation of the image having encrypted code data in response to the random code, the ATM’s decryption and analysis of the code data, and the subsequent determination of whether the transaction should proceed based on the analysis of the code data) operates in a non conventional and non‐generic way to ensure that the customer’s identity is verified in a secure manner that is more than the conventional verification process employed by an ATM alone. In combination, these steps do not represent merely gathering data for comparison or security purposes, but instead set up a sequence of events that address unique problems associated with bank cards and ATMs (e.g., the use of stolen or “skimmed” bank cards and/or customer information to perform unauthorized transactions).”
In the instant application, providing encryption and decryption of random code to prescription and drug distribution businesses is merely indicating a field of use to which to apply abstract idea of user and courier identity verification and does not amount to significantly more than the abstract idea itself. Unlike Example 35, which performs encryption and decryption using an ATM machine, the present claim performs the encryption and decryption with generic servers and user terminal devices. Please see MPEP 2106.05(h), which recites: “The courts often cite to Parker v. Flook as providing a classic example of a field of use limitation. See, e.g., Bilski v. Kappos, 561 U.S. 593, 612, 95 USPQ2d 1001, 1010 (2010) ("Flook established that limiting an abstract idea to one field of use or adding token postsolution components did not make the concept patentable") (citing Parker v. Flook, 437 U.S. 584, 198 USPQ 193 (1978)). In Flook, the claim recited steps of calculating an updated value for an alarm limit (a numerical limit on a process variable such as temperature, pressure or flow rate) according to a mathematical formula "in a process comprising the catalytic chemical conversion of hydrocarbons." 437 U.S. at 586, 198 USPQ at 196. Processes for the catalytic chemical conversion of hydrocarbons were used in the petrochemical and oil-refining fields. Id. Although the applicant argued that limiting the use of the formula to the petrochemical and oil-refining fields should make the claim eligible because this limitation ensured that the claim did not preempt all uses of the formula, the Supreme Court disagreed. 437 U.S. at 588-90, 198 USPQ at 197-98.”
Additionally, applying encryption and decryption of random code for identity verification is an extra-solution activity that is incidental to the primary process of solving the abstract problem of delivering drugs after remote medical care identified by the Applicant ([0003], “there will be an increasing need for a service of delivering a drug without visiting a pharmacy after remote medical care.” [0004], “Also, the wait for receiving a prescription drug after receiving a medication guide at the door-to-door pharmacy is not long in the case of small hospitals and clinics, but the wait is long in the case of secondary and tertiary hospitals due to a large number of patients. In addition, the patients of the secondary and tertiary hospitals need to receive the drug, return to the hospitals, and go back home by car, which is cumbersome. There is need to address this inconvenience.”).
Furthermore, usage of servers and terminal devices in encrypting and decrypting code to verify identity is known, as evidenced by the references provided on pgs. 14-16 of the prior Office Action as well as pgs. 17-19, below. Examiner notes that Williams (US 20190246463), which has been previously provided, is specifically directed towards medicine delivery ([0093], “Yet another feature of the system to provide digital identity authentication and methods of use may be its ability to meet HIPAA Privacy Rules for Patients' Rights, including HIPPA 3b and 3d to prevent medical identity theft, keep treatment and diagnosis as accurate as possible, and while maintain privacy and security of patient… Prescription drug loopholes can be closed by adding medicine delivery where requestor (pharmacy or online pharmacy and delivery person) authenticates individual prior to release of prescription.”).
Drawings
Figs. 1-6 are objected to because the drawings are difficult to read as they have been horizontally compressed to fit a portrait orientation. Examiner suggests resubmitting the drawings in a landscape orientation to prevent the horizontal compression.
Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claim 1 recites the amended limitation "transmitting, by the cloud server, a confirmation of the identity authentication of the user terminal and the courier terminal to the delivery server…". There is insufficient antecedent basis for this limitation in the claim.
Examiner notes that “a delivery server” is recited in a later claim limitation (“proceeding with, by the pharmacy server, drug preparation, requesting, by the pharmacy server, checking of delivery information from a delivery server”). Examiner suggests modifying the claim limitation to instead read “the delivery server” as it is clear from Applicant specification that there is only one delivery server, as indicated by Fig. 3.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claim 1 is rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
Subject Matter Eligibility Criteria – Step 1:
The claims recite subject matter within a statutory category as a process (claim 1). Accordingly, claim 1 is all within at least one of the four statutory categories.
Subject Matter Eligibility Criteria – Step 2A – Prong One:
Regarding Prong One of Step 2A of the Alice/Mayo test, the claim limitations are to be analyzed to determine whether, under their broadest reasonable interpretation they “recite” a judicial exception or in other words whether a judicial exception is “set forth” or “described” in the claims. MPEP §2106.04(II)(A)(1). An “abstract idea” judicial exception is subject matter that falls within at least one of the following groupings: a) certain methods of organizing human activity, b) mental processes, and /or c) mathematical concepts. MPEP §2106.04(a).
The Examiner identifies method claim 1 as the claim that represents the claimed invention.
Claim 1:
A method of authenticating and providing prescription drug preparation, distribution and delivery services through an electronic prescription, the method comprising:
obtaining, by a cloud server a unique identification (ID) of an electronic prescription received from a hospital server; and
comparing, by the cloud server, a random code generated based on the unique ID with encrypted code data generated by a user terminal and a courier terminal to verify an identity authentications of the user terminal and the courier terminal, by
generating, by the cloud server, the random code and transmitting the random code to the user terminal and a pharmacy server,
transmitting, by the pharmacy server, the random code to the courier terminal,
generating, by the user terminal and the courier terminal, an encrypted code data in response to receipt of the random code and transmitting the encrypted code data to the cloud server,
decrypting, by the cloud server, the encrypted code data to generate a decrypted code data, and analyzing the decrypted code data and the generated random code to determine if the decrypted code data matches the generated random code, and
transmitting, by the cloud server, a confirmation of the identity authentication of the user terminal and the courier terminal to the delivery server and the pharmacy server, wherein the method further comprises:
executing, by the user terminal, a patient-only application to select a hospital where to receive medical care and whether to receive remote medical care, and to transmit a result of the selection to the cloud server;
determining, by the cloud server, whether a hospital appointment and remote medical care are possible based on a selection result received from the user terminal, and requesting, by the cloud server, an appointment and remote medical care to the hospital server available of provision of medical care based on a determination result;
proceeding with, by the hospital server, the appointment of the remote medical care and the remote medical care, requesting, by the hospital server, payment of medical expenses from the cloud server, and requesting, by the cloud server, confirmation of medical expenses from the user terminal;
making, by the user terminal, payment for medical care and prescription inquiry, requesting, by the user terminal, drug dispensing from the cloud server, and requesting and receiving, by the cloud server, the electronic prescription from the hospital server;
providing, by the cloud server, a pharmacy list to the user terminal, selecting, by the user terminal, information on a pharmacy, a delivery method, and a delivery time and date, transmitting, by the user terminal, a selection result to the cloud server, transmitting, by the cloud server, the electronic prescription to the pharmacy server, generating, by the cloud server, a random code based on the unique ID of the electronic prescription received from the hospital server, and transmitting, by the cloud server, the random code to the user terminal and the pharmacy server; and
checking, by the pharmacy server, stock based on the received electronic prescription, wherein when a drug included in the electronic prescription is not in stock, the pharmacy server transmits a drug barcode to a drug distribution server, retrieves the drug by checking the drug barcode, and transmits the drug to the pharmacy server, and when the drug included in the electronic prescription is in stock, the pharmacy server calculates a drug cost and requests payment of the drug cost from the user terminal,
the method, further comprising:
in response to proceeding with the payment of the drug cost by the user terminal, transmitting, by the user terminal, payment completion to the pharmacy server, requesting, by the pharmacy server, a supply from the drug distribution server, and automatically checking, by the drug distribution server, a delay time based on the user’s selection by the user terminal;
proceeding with, by the pharmacy server, drug preparation, requesting, by the pharmacy server, checking of delivery information from a delivery server, checking, by the delivery server, drug pickup information, requesting, by the delivery server, confirmation from the pharmacy server, transmitting, by the pharmacy server, the delivery information to the cloud server in response,
requesting, by the cloud server, identity authentication of the courier terminal from the pharmacy server, transmitting, by the pharmacy server, the random code to the courier terminal, generating, by the courier terminal, the first encrypted code data in response to receipt of the random code, transmitting, by the courier terminal, the first encrypted code data to the cloud server, decrypting, by the cloud server, the first encrypted code data to generate a first decrypted code data, and analyzing the first decrypted code data and the generated random code to determine, by the cloud server, if the first decrypted code data matches the generated random code, and transmitting, by the cloud server, the first confirmation of the identity authentication of the courier terminal to the delivery server and the pharmacy server, obtaining, by the delivery server, information with respect to receipt of the drug by the courier for delivery, and transmitting, by the delivery server, a delivery notification to the pharmacy server;
transmitting, by the pharmacy server, a prescription drug guide to the cloud server, requesting, by the cloud server, identity authentication of the user terminal, generating, by the user terminal, a second encrypted code data in response to receipt of the random code, transmitting, by the user terminal, the second encrypted code data to the cloud server, decrypting, by the cloud server, the second encrypted code data to generate a second decrypted code data, and analyzing, by the cloud server, the second decrypted code data and the generated random code to determine if the second decrypted code data matches the generated random code data, and transmitting, by the cloud server, a second confirmation of the identity authentication of the user terminal to the user terminal,
displaying, by the user terminal, a message indicating arrival in ten minutes, reading, by the user terminal, an image from the courier terminal that is generated, by courier terminal, in response to receipt of the random code, wherein the image includes the first encrypted code data, transmitting, by the user terminal, the image to the cloud server, decrypting, by the cloud server, the first encrypted data from the image, analyzing, by the cloud server, the decrypted code data from the image and the random code to determine if the decrypted code data from the image matches the generated random code, transmitting, by the cloud server, a determination to the user terminal, transmitting, by the user terminal or the cloud server, a delivery completion to pharmacy server,
in response to receiving the delivery completion, checking, by the pharmacy server, a medication guide and requesting, by the pharmacy server, settlement from the delivery server,
wherein the random code of the terminal user is configured to be automatically activated, by the delivery server, ten minutes before the arrival and is deactivated from when the random code is generated until the ten minutes before the arrival.
These above limitations under their broadest reasonable interpretation, cover performance of the limitation as certain methods of organizing human activity. The claim elements fall under managing personal behaviors, such as scheduling and performing a remote telemedicine appointment, prescription drug preparation, identity authentication of a courier for delivering medication and the user who ordered the delivery, and monitoring delivery progression. These claim elements fall also under fundamental economic practices, such as offering a service, managing pharmacy inventory, and facilitating payment for services and drugs.
Accordingly, the claim recites an abstract idea.
Subject Matter Eligibility Criteria – Step 2A – Prong Two:
Regarding Prong Two of Step 2A of the Alice/Mayo test, it must be determined whether the claim as a whole integrates the idea into a practical application. As noted at MPEP §2106.04 (ID)(A)(2), it must be determined whether any additional elements in the claim beyond the abstract idea integrate the exception into a practical application in a manner that imposes a meaningful limit on the judicial exception. The courts have indicated that additional elements merely using a computer to implement an abstract idea, adding insignificant extra solution activity, or generally linking use of a judicial exception to a particular technological environment or field of use of a judicial exception to a particular technological environment or field of use do not integrate a judicial exception into a “practical application.” MPEP §2106.05(I)(A).
Additional elements:
A user terminal, a courier terminal, a cloud server, a hospital server, a pharmacy server, a delivery server, data encryption, data decryption, patient-only application, a drug distribution server (1)
The terminals (user and courier) are taught at a high level of generality, such that it amounts to no more than mere instructions to apply the exception using any generic computing component. Applicant specification does not describe wherein the user terminal is of or requires a specific or special configuration. Thus, the Examiner interprets the user terminal to encompass a wide range of computing devices, such as desktop computers, laptops, smart phones, etc. No specific, technical improvements are being made to the technology of computing devices as terminals are applied to perform the abstract ideas of scheduling and performing a remote telemedicine appointment, prescription drug preparation, identity authentication of a courier for delivering medication and the user who ordered the delivery, and monitoring delivery progression.
The various servers (cloud, hospital, pharmacy, delivery, and drug distribution) are also taught at a high level of generality, such that they amount to no more than mere instructions to apply the exception using any generic computing component. Applicant specification does not describe wherein these servers are of or require specific or special configurations. They appear to simply be generic server computers associated with either a cloud, hospital, pharmacy, drug distribution, or delivery service. Thus, no specific, technical improvements are being made to the technology of computer servers as they are applied to perform the abstract ideas of scheduling and performing a remote telemedicine appointment, prescription drug preparation, identity authentication of a courier for delivering medication and the user who ordered the delivery, and monitoring delivery progression.
The encryption and decryption of code data by the terminal devices and servers are also taught at a high level of generality, such that no specific, technical improvements are being made to the data security and encryption methods. Rather, the decryption of code data is applied to facilitate the abstract idea of identity authentication.
The patient-only application is also taught at a high level of generality. [0025] recites: “Referring to FIGS. 1 and 2, a user terminal200 executes a patient-only application in operation S 101, selects a hospital where to receive medical care from the patient-only application and whether to receive a remote medical care in operation S 103, and transmits a selection result to a cloud server in operation S 105. The drug delivery service in the present disclosure is not limited to remote medical care, and the drug delivery service may also be a drug delivery service after general medical care. When drug delivery starts, the patient-only application may provide a drug delivery status including a delivery location, a reception status, and order information.” No improvements are made to software implementation or software architecture as a generic application is used to perform the abstract idea of facilitating medical care and monitoring delivery.
Thus, taken alone, the additional elements do not integrate the at least one abstract idea into a practical application.
Looking at the additional elements as an ordered combination adds nothing that is not already present when looking at the elements taken individually. For instance, there is no indication that the additional elements, when considered as a whole with the limitations reciting the at least one abstract idea, reflect an improvement in the functioning of a computer or an improvement to another technology or technical field, apply or use the above-noted judicial exception with a particular machine or manufacture that is integral to the claim, effect a transformation or reduction of a particular article to a different state or thing, or apply or use the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment, such that the claim as a whole does not integrate the abstract idea into a practical application of the abstract idea. MPEP §2106.05(I)(A) and §2106.04(IID)(A)(2).
Subject Matter Eligibility Criteria – Step 2B:
Regarding Step 2B of the Alice/Mayo test, representative independent claims do not include additional elements (considered both individually and as an ordered combination) that are sufficient to amount to significantly more than the judicial exception for reasons the same as those discussed above with respect to determining that the claim does not integrate the abstract idea into a practical application.
These claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to discussion of integration of the abstract idea into a practical application, the additional elements amount to no more than mere instructions to apply an exception, add insignificant extra-solution activity to the abstract idea, and generally link the abstract idea to a particular technological environment or field use. Additionally, the additional limitations, other than the abstract idea per se, amount to no more than limitations which:
Amount to elements that have been recognized as activities in particular fields (such as Receiving or transmitting data over a network, e.g., using the Internet to gather data, Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information), MPEP §2106.05(d)(II)(i);storing and retrieving information in memory, Versata Dev. Group, MPEP §2106.05(d)(II)(iv)).
Examiner notes that encryption and decryption of code data for identity authentication using servers is known:
Weiss (US 20070198436): [0177], “Referring now to FIG. 24, there is illustrated one embodiment of a process 400 as identified by act 222 in FIG. 22 for verifying or authenticating the identity of the first user of the first device. According to this embodiment, which has been briefly discussed herein with respect to FIG. 23, the second wireless device can verify the identity of the respondent without necessarily interacting with a second user by decrypting the first user's digital signature from the digital signature field 306 at step 402 and verifying that it is the digital signature of the first user, decrypting the one-time code from the one-time code field 308 at step 404, and using this information at step 406 to authenticate the first user. If the first user is authenticated at 406 yes, an appropriate action such as allowing access to the secure site, or computer, or network can be granted.” [0178], “The wireless device looks up the public key of the first user from memory 2124 [See FIG. 21] or from a secure server based on the information provided in the public ID field 304 at step 524.”
Fosmark (US 20130311768): [0054], “The mobile device 112 sends a response message 230 to the trusted third party data processing system 106. For example, the response message 230 may include the random unique registration code from the message 215 and the signature of the mobile device 112, with the response message 230 encrypted with the public key for the trusted third party data processing system 106. The trusted third party data processing system 106 can match and associate the entity data processing system 104 session with the mobile device 112 session by matching the random unique registration codes.”
Van der Velden (US 20190273607): [Abstract], “A cryptography system for digital identity authentication, and security including computer system or platform to enable users (individual, identity editor, requestor) using one or more user devices, having user data including a public identifier and a hardware key, a server, a private key on an individual user device and a matching public key on the server linked to individual user data on the server, an individual user device converts an individual user data into an individual user code on individual user device, editor user device receives individual user code and communicates individual user code to server, server pairs individual user device and editor user device by matching individual user code transmitted by said editor user device to user data on the server, and requestor to request verification of an identity of individual via issuance of a verification request and verified if match of decrypted public identifier in an identity contract.”
Williams (US 20190246463): [0291], “Any number of authentication methods can be performed to establish a private network and approve a device's connection to the private network. These methods may involve symmetric or asymmetric encryption and key exchange, employing ‘certificate authority’ based identity confirmation through the exchange of digital CA-certificates, or exchanging cryptographic hash data to confirm a device holds the same shared secrets, meaning it was produced by a qualified manufacturer. For example, a numeric code installed and cryptographically hidden in both a PBT controller and an intelligent LED pad, i.e. a shared secret, can be used to confirm the authenticity of a network connected intelligent LED pad without ever divulging the key itself In one such method of LED pad validation executed on data link layer 2, the PBT controller passes a random number to the intelligent LED pad over the network or communication bus. In response, the microcontroller in the LED pad decrypts its copy of the shared secret (numeric code), merges it with the received random number then performs a cryptographic hash operation on the concatenated number. The intelligent LED pad then openly returns the cryptographic hash value across the same transceiver link.” [0286], “The architecture of FIG. 14 comprising a distributed PBT system having two or more microcontroller or computer “brains” represents a fundamental architecture change in PBT systems which otherwise generally comprise either an all-in-one pad with integral controller or an active PBT controller driving passive LED pads. It should be known to those skilled in the art that instead of being a separate hardware device, a PBT controller may alternatively comprise a notebook or desktop personal computer, a computer server, an application program running on a mobile device such as a tablet or smartphone, or any other host device capable of executing computer software such as a video game console, and IoT device or more.”
Therefore, whether taken individually or as an ordered combination, claim 1 is nonetheless rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAVID CHOI whose telephone number is (571)272-3931. The examiner can normally be reached M-Th:7:30-5:30 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shahid Merchant can be reached on (571)270-1360. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/D.C./Examiner, Art Unit 3684
/Shahid Merchant/Supervisory Patent Examiner, Art Unit 3684