DETAILED ACTION
Status
This communication is in response to the application filed on 11 December 2024. Claims 1-19 are pending and presented for examination.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority
Applicant’s claim for foreign priority to CN202311693205.8, filed on 11 December 2023, is acknowledged.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 11 December 2024 was filed after the mailing date of the application on 11 December 2024. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Claim Objections
Claim 14 is objected to because of the following informalities: there are two periods after the number “14”. Appropriate correction is required.
Examiner’s Note
The Examiner notes that Applicant claims 3, 9, and 14 refer to “one time programmable read-only memory (OTP-ROM)”, where the specification does not provide other name indications for this (only OPT-ROM, EPROM, and EEPROM are described, and not “PROM”). The Examiner notes, based at least on the Grout, Linux, Lenovo references (below at the pertinent prior art not relied on) that PROM (Programmable ROM) and OTP-ROM are synonymous.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-19 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
Please see the following Subject Matter Eligibility (“SME”) analysis:
For analysis under SME Step 1, the claims herein are directed to a method (claims 1-8), device (claims 9-11), and non-transitory computer-readable medium (claims 12-19), which would be classified under one of the listed statutory classifications (SME Step 1=Yes).
For analysis under revised SME Step 2A, Prong 1, independent claim 1 recites a hardware identity authentication method for a medical device, the method comprising: after all hardware to be authenticated of the medical device is powered on, acquiring unique identifiers of all the hardware to be authenticated; calculating a first key according to the unique identifiers of all the hardware to be authenticated; and matching the first key with a pre-stored second key, and determining whether the identity authentication is passed according to the matching result.
Independent claims 9 and 12 are analyzed in a similar manner since claim 9 is directed to a medical device, comprising: at least one first component, each first component storing a unique ID of said first component; a first OTP-ROM, the first OTP-ROM storing a unique ID of the first OTP-ROM, and storing a second key; at least one second component, each second component comprising a second OTP-ROM, and the second OTP-ROM storing a unique ID of said second OTP-ROM; and a processor connected to the first component, the first OTP-ROM and the second component, the processor being configured to perform the same or similar activities as at claim 1, and claim 12 is directed to a non-transitory computer-readable medium, the non-transitory computer-readable medium having a computer program stored therein, the computer program having at least one code segment, and the at least one code segment being executable by a machine so as to cause the machine to perform operations the same or similar activities as at claim 1.
The dependent claims (claims 2-8, 10-11, and 13-19) appear to be encompassed by the abstract idea of the independent claims since they merely indicate determining the authentication passed when the first and second key match, and not passed when the first and second do not match (claims 2 and 13), where the hardware comprises a processor, component, and first and second OTP-ROM (i.e., PROM), each with unique IDs (claims 3 and 14), having at least two first components, one of which is connected to flash memory for self-starting (claims 4 and 15), at least one second component with OTP-ROM (claims 5 and 16), the second component comprising power, input, and back end process modules (claims 6 and 17), prompting for matching success or failure (claims 7 and 18), the device comprising an ultrasound, monitor, ECG, anesthesia machine, ventilator, X-ray device, or MRI device (claims 8 and 19), a third component with a startup program in flash memory to start a first component (claim 10), and/or an LED and/or buzzer for success or failure prompting (claim 11).
The underlined portions of the claims are an indication of elements additional to the abstract idea (to be considered below).
The claim elements may be summarized as the idea of authenticating equipment such as a medical device; however, the Examiner notes that although this summary of the claims is provided, the analysis regarding subject matter eligibility considers the entirety of the claim elements, both individually and as a whole (or ordered combination). This idea is within the following grouping(s) of subject matter:
Mathematical concepts (e.g., relationships, formulas, equations, and/or calculations) based on calculating a key (assuming or if/when there is or may be a hash or encryption required – noting that an encryption algorithm may be used) and matching the first and second keys;
Certain methods of organizing human activity (e.g. … commercial or legal interactions such as agreements, contracts, …or business relations; and/or managing personal behavior or relationships between people such as social activities, teaching, and following rules or instructions) based on the identifier and/or key matching (noting that no encryption or hash is required); and
Mental processes (e.g., concepts performed in the human mind such as observation, evaluation, judgment, and/or opinion) based on the determination of matching keys as observing the keys and/or identifiers and the evaluation or judgment of whether matching passes or not.
Therefore, the claims are found to be directed to an abstract idea.
For analysis under revised SME Step 2A, Prong 2, the above judicial exception is not integrated into a practical application because the additional elements do not impose a meaningful limit on the judicial exception when evaluated individually and as a combination. The additional elements are the indication(s) of a medical device, comprising: at least one first component, a first OTP-ROM, and storing a second key; at least one second component comprising a second OTP-ROM, and a processor connected to the first component, the first OTP-ROM and the second component, the processor being configured to perform activities (at claim 9) and a non-transitory computer-readable medium, the non-transitory computer-readable medium having a computer program stored therein, the computer program having at least one code segment, and the at least one code segment being executable by a machine so as to cause the machine to perform operations as at claim 1 (for claim 12). These additional elements do not reflect an improvement in the functioning of a computer or an improvement to other technology or technical field, effect a particular treatment or prophylaxis for a disease or medical condition (there is no medical disease or condition, much less a treatment or prophylaxis for one), implement the judicial exception with, or by using in conjunction with, a particular machine or manufacture that is integral to the claim, effect a transformation or reduction of a particular article to a different state or thing (there is no transformation/reduction of a physical article), and/or apply or use the judicial exception in some other meaningful way beyond generically linking use of the judicial exception to a particular technological environment.
The claims appear to merely apply the judicial exception, include instructions to implement an abstract idea on a computer, or merely use a computer as a tool to perform the abstract idea. The additional elements appear to merely add insignificant extra-solution activity to the judicial exception and/or generally link the use of the judicial exception to a particular technological environment or field of use.
For analysis under SME Step 2B, the claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements, as indicated above, are merely “[a]dding the words ‘apply it’ (or an equivalent) with the judicial exception, or mere instructions to implement an abstract idea on a computer, e.g., a limitation indicating that a particular function such as creating and maintaining electronic records is performed by a computer, as discussed in Alice Corp.” that MPEP § 2106.05(I)(A) indicates to be insignificant activity
There is no indication the Examiner can find in the record regarding any specialized computer hardware or other “inventive” components, but rather, the claims merely indicate computer components which appear to be generic components and therefore do not satisfy an inventive concept that would constitute “significantly more” with respect to eligibility. At least Applicant ¶ 0101 indicates the computer(s) used to implement or apply the abstract idea encompass merely using one or more general purpose computer(s).
The individual elements therefore do not appear to offer any significance beyond the application of the abstract idea itself, and there does not appear to be any additional benefit or significance indicated by the ordered combination, i.e., there does not appear to be any synergy or special import to the claim as a whole other than the application of the idea itself.
The dependent claims, as indicated above, appear encompassed by the abstract idea since they merely limit the idea itself; therefore the dependent claims do not add significantly more than the idea.
Therefore, SME Step 2B=No, any additional elements, whether taken individually or as an ordered whole in combination, do not amount to significantly more than the abstract idea, including analysis of the dependent claims.
Please see the Subject Matter Eligibility (SME) guidance and instruction materials at https://www.uspto.gov/patent/laws-and-regulations/examination-policy/subject-matter-eligibility, which includes the latest guidance, memoranda, and update(s) for further information.
NOTICE
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claims 1-2, 8-10, 12-13, and 19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Aarnio et al. (U.S. Patent Application Publication No. 2018/0013571, hereinafter Aarnio) .
Claim 1: Aarnio discloses a hardware identity authentication method for a medical device, the method comprising:
after all hardware to be authenticated of the medical device is powered on, acquiring unique identifiers of all the hardware to be authenticated (see Aarnio at least at, e.g., ¶¶ 0028, “systems and methods for authenticating remote medical component endpoints. A medical network may include a plurality of local medical equipment (LME) nodes that are communicatively coupled downstream to one or more remote medical component endpoints and/or one or more other LME nodes” – indicating medical devices, 0034, “The medical network 100 includes one or more trusted authentication computing devices (CDs) 130 that is bi-directionally coupled to one or more local medical networks over a link 103, such as the Internet 109” – noting that the device(s) must be powered on to establish or be communicatively coupled, 0035, “The medical network 100 includes one or more local healthcare (LME) computing devices 106, also referred to as nodes, communicatively coupled along a bi-directional communication link 103 to a local medical network computing device 102” – the bi-directional link indicating the device(s) are powered on, ; citation hereafter by number only) ;
calculating a first key according to the unique identifiers of all the hardware to be authenticated (0009, “The method receives, at a local medical equipment (LME) node, a cipher message combination that includes a challenge and at least one of a corresponding valid response or a hash function code (HFC) of a valid response, the LME node is unable to independently calculate the valid response. The method conveys the challenge, from the LME node, to a medical component endpoint that includes an authentication circuit, receives a candidate response from the component endpoint, where the candidate response is generated by the authentication circuit based on the challenge and determines whether the candidate response matches the valid response from the corresponding cipher message combination”, 0030, “A technical effect of various embodiments is to verify the authenticity of component endpoints through management of cipher message combinations. The cipher message combinations include a challenge and at least one of a corresponding valid response or an HFC of a valid response. The challenges are generated at the trusted authentication computing device and the responses are calculated at the trusted authentication computing device, based on the challenge and one or more private encryption keys”, 0042, “The trusted authentication computing device 130 may represent an authentication server that maintains a database of, among other things, component endpoint 108 serial numbers, LME node 106 serial numbers, encryption keys, authentication circuit identifiers, and the like” – at least the serial numbers indicating unique identifiers, 0044, “a separate record may be maintained for each local medical network, each local medical equipment node, each component endpoint 108, and the like. A record may include a unique identifier (ID), hardware and software version information, configuration information, technical specifications, MAC address, and the like for the associated equipment”); and
matching the first key with a pre-stored second key, and determining whether the identity authentication is passed according to the matching result (0009, “The method receives, at a local medical equipment (LME) node, a cipher message combination that includes a challenge and at least one of a corresponding valid response or a hash function code (HFC) of a valid response, the LME node is unable to independently calculate the valid response. The method conveys the challenge, from the LME node, to a medical component endpoint that includes an authentication circuit, receives a candidate response from the component endpoint, where the candidate response is generated by the authentication circuit based on the challenge and determines whether the candidate response matches the valid response from the corresponding cipher message combination”, 0032, “The LME nodes and/or local medical network computing devices determine whether individual component endpoints are authenticate based on matches between the cipher message combinations and candidate responses returned from the component endpoints”).
Claim 2: Aarnio discloses the method according to claim 1, wherein determining whether the identity authentication is passed according to a matching result comprises:
based on the first key matching the second key, determining that the hardware identity authentication of the medical device is passed (0065, “When the component endpoint 108 returns a candidate response that matches the valid response 276, the controller circuit 250 determines that the component endpoint 108 represents an authorized component”); and/or
based on the first key not matching the second key, determining that the hardware identity authentication of the medical device is not passed (0066, “when the component endpoint 108 returns a response that does not match the valid response 276 and/or does not convert to a valid hash function code 278, the controller circuit 250 determines that the component endpoint 108 represents an unauthorized component. In connection there with, the controller circuit 250 adds an identification of the component endpoint 108 to the unauthorized component endpoint 108 list 282”).
Claim 8: Aarnio discloses the method according to any one of claim 1, wherein the medical device comprises at least one of an ultrasound device, a monitor, an electrocardiograph, an anesthesia machine, a ventilator, an X-ray imaging device, and a magnetic resonance imaging device (0035, “the LME nodes 106 may represent patient monitors, life-support devices (e.g., an anesthesia delivery device, or a ventilation device), an infusion pump, and the like”, 0036, “the component endpoints 108 may represent ECG sensors, respiration sensors, impedance sensors, pulse oximetry sensors, drug delivery sensors, blood pressure sensors, etc.”).
Claim 10: Aarnio discloses the medical device according to claim 9, further comprising: a third component that is connected to the processor (Aarnio at 0036, “component endpoints 108” and Fig. 1, indicating at least 6 components), but does not appear to explicitly disclose being connected to a second flash memory, the third component being configured to: read a startup program from the second flash memory under the control of the processor; and configure at least one of the first components using the startup program, so as to start at least one of the first components. Aarnio in view of Hua, however, does not appear to explicitly disclose and at least one of the first components is connected to a first flash memory in which a startup program for self-starting the first component is stored. But Aarnio specifically indicates “Storage media and computer readable media for containing code, or portions of code, can include any appropriate media known or used in the art, including storage media and communication media, such as, but not limited to, volatile and non-volatile, removable and non-removable media implemented in any method or technology for storage and/or transmission of information such as computer readable instructions, data structures, program modules or other data, including RAM, ROM, Electrically Erasable Programmable Read-Only Memory (“EEPROM”), flash memory or other memory technology, Compact Disc Read-Only Memory (“CD-ROM”), digital versatile disk (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices or any other medium which can be used to store the desired information and which can be accessed by the system device. Based on the disclosure and teachings provided herein, a person of ordinary skill in the art will appreciate other ways and/or methods to implement the various embodiments” (Aarnio at 0112). Therefore, Aarnio indicates a finite number of specific memory types on or at which the startup program for a component may be stored – each of them indicated as possible and having the same reasonable expectation of success, among them being flash memory. As such, the Examiner understands and finds that to use flash memory to store a startup program for a component would be obvious to try since choosing from a finite number of identified, predictable solutions, with a reasonable expectation of success so as to enable the starting and communication of the components so that it/they can be authenticated for security.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine or modify the authentication of Aarnio with the listed memory options in Aarnio in order to use flash memory to store a startup program for a component so as to enable the starting and communication of the components so that it/they can be authenticated for security.
The rationale for combining in this manner is that to use flash memory to store a startup program for a component would be obvious to try since choosing from a finite number of identified, predictable solutions, with a reasonable expectation of success so as to enable the starting and communication of the components so that it/they can be authenticated for security as explained above
Claims 9, 12-13, and 19 are rejected on the same basis as claims 1-8 above since Aarnio discloses a device having the same or similar operation as at claim 1 above (as cited above) and a non-transitory computer-readable medium, the non-transitory computer-readable medium having a computer program stored therein, the computer program having at least one code segment, and the at least one code segment being executable by a machine so as to cause the machine to perform operations (Aarnio at 0051, “the control circuit 202 may execute instructions stored on a tangible and non-transitory computer readable medium (e.g., memory 206) to perform one or more operations as described herein” the same as, or similar to, the activities indicated at claims 1-8 above.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 3-6 and 14-17 are rejected under 35 U.S.C. 103 as being unpatentable over Aarnio in view of Hua et al. (U.S. Patent Application Publication No. 2022/0202290, hereinafter Hua) .
Claims 3 and 14: Aarnio discloses the method and medium according to claims 1 and 13, wherein all the hardware to be authenticated comprises:
a processor; a first component; and a second component (Aarnio at 0036, “component endpoints 108” and Fig. 1, indicating at least 6 components, 0040, “the component endpoints 108 may be equipped with an authentication circuit that comprises a microprocessor running software that performs the authentication process”) and
wherein acquiring unique identifiers of all the hardware to be authenticated comprises: acquiring a unique ID of the processor; acquiring a unique ID of the first component (Aarnio at 0028, “systems and methods for authenticating remote medical component endpoints. A medical network may include a plurality of local medical equipment (LME) nodes that are communicatively coupled downstream to one or more remote medical component endpoints and/or one or more other LME nodes”)
Aarnio, however, does not appear to explicitly disclose a first one time programmable read-only memory (OTP-ROM) in which the second key is stored; including a second OTP-ROM; and acquiring unique IDs of the first OTP-ROM and the second OTP-ROM. Hua, though, teaches ensuring “secure operations … in a medical monitoring system” (Hua at 0048), including medical hardware and sensors (Hua at 0049), where “certain values used in the authentication process are provided to the devices during manufacture. As an example, private keys and certificate values held by the sensor 110 or receiver 120 can be set by their respective manufacturer. Values such as the private keys and certificate values can be written to memory with a limited number of rewrites, such as non-reprogrammable or one-time programmable (OTP) memory in a containerized manner…. In particular embodiments, a version number, timestamp, or other identifier attributed to the security configuration of the sensor 110 or receiver 120 can be used by another device attempting to authenticate the sensor 110 or receiver 120 to determine how to evaluate an offered certificate or public key.” (Hua at 0115). Therefore, the Examiner understands and finds that to store and acquire identifiers and/or keys from OTP-ROM is applying a known technique to a known device, method, or product ready for improvement to yield predictable results so as to securely authenticate the system components.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine or modify the authentication of Aarnio with the use of one-time programmable read-only memory (OP-ROM) of Hua in order to store and acquire identifiers and/or keys from OTP-ROM so as to securely authenticate the system components.
The rationale for combining in this manner is that to store and acquire identifiers and/or keys from OTP-ROM is applying a known technique to a known device, method, or product ready for improvement to yield predictable results so as to securely authenticate the system components as explained above.
Claims 4 and 15: Aarnio in view of Hua discloses the method and medium according to claims 3 and 14, wherein the number of said first components is at least two (Aarnio at 0036, “component endpoints 108” and Fig. 1, indicating at least 6 components, 0040, “the component endpoints 108 may be equipped with an authentication circuit that comprises a microprocessor running software that performs the authentication process”). Aarnio in view of Hua, however, does not appear to explicitly disclose and at least one of the first components is connected to a first flash memory in which a startup program for self-starting the first component is stored. But Aarnio specifically indicates “Storage media and computer readable media for containing code, or portions of code, can include any appropriate media known or used in the art, including storage media and communication media, such as, but not limited to, volatile and non-volatile, removable and non-removable media implemented in any method or technology for storage and/or transmission of information such as computer readable instructions, data structures, program modules or other data, including RAM, ROM, Electrically Erasable Programmable Read-Only Memory (“EEPROM”), flash memory or other memory technology, Compact Disc Read-Only Memory (“CD-ROM”), digital versatile disk (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices or any other medium which can be used to store the desired information and which can be accessed by the system device. Based on the disclosure and teachings provided herein, a person of ordinary skill in the art will appreciate other ways and/or methods to implement the various embodiments” (Aarnio at 0112). Therefore, Aarnio indicates a finite number of specific memory types on or at which the startup program for a component may be stored – each of them indicated as possible and having the same reasonable expectation of success, among them being flash memory. As such, the Examiner understands and finds that to use flash memory to store a startup program for a component would be obvious to try since choosing from a finite number of identified, predictable solutions, with a reasonable expectation of success so as to enable the starting and communication of the components so that it/they can be authenticated for security.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine or modify the authentication of Aarnio in view of Hua with the listed memory options in Aarnio in order to use flash memory to store a startup program for a component so as to enable the starting and communication of the components so that it/they can be authenticated for security.
The rationale for combining in this manner is that to use flash memory to store a startup program for a component would be obvious to try since choosing from a finite number of identified, predictable solutions, with a reasonable expectation of success so as to enable the starting and communication of the components so that it/they can be authenticated for security as explained above.
Claims 5 and 16: Aarnio in view of Hua discloses the method and medium according to claims 3 and 14, wherein the number of said second components is at least one, and each second component comprises one second OTP-ROM (Aarnio at 0028, “systems and methods for authenticating remote medical component endpoints. A medical network may include a plurality of local medical equipment (LME) nodes that are communicatively coupled downstream to one or more remote medical component endpoints and/or one or more other LME nodes”, 0036, “component endpoints 108” and Fig. 1, indicating at least 6 components, 0040, “the component endpoints 108 may be equipped with an authentication circuit that comprises a microprocessor running software that performs the authentication process”).
Claims 6 and 17: Aarnio in view of Hua discloses the method and medium according to claims 5 and 16, wherein the second component comprises at least one of the following: a power module (Aarnio at 0050, “The component endpoint 108 may include a power supply 208, such as a battery (e.g., lithium-ion battery), solar cell, and/or the like. The power supply 208 is configured to provide electrical power (e.g., current, voltage) to the components of the component endpoint 108”); a user input module (Aarnio at 0069, “The user interface 254 controls operations of the controller circuit 250 and is configured to receive inputs from a user”); and a back end process module.
Claims 7, 11, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Aarnio in view of Mare et al. (U.S. Patent Application Publication No. 2021/0264012, hereinafter Mare) .
Claims 7 and 18: Aarnio discloses the method and medium according to claims 1 and 12, wherein the method further comprises: based on the first key matching the second key (0065, “When the component endpoint 108 returns a candidate response that matches the valid response 276, the controller circuit 250 determines that the component endpoint 108 represents an authorized component”), writing the unique identifiers and the first key in a memory (0066, “when the component endpoint 108 returns a response that does not match the valid response 276 and/or does not convert to a valid hash function code 278, the controller circuit 250 determines that the component endpoint 108 represents an unauthorized component. In connection there with, the controller circuit 250 adds an identification of the component endpoint 108 to the unauthorized component endpoint 108 list 282”). Aarnio, however, does not appear to explicitly disclose performing matching success prompting based on the first key matching the second key; and/or based on the first key not matching with the second key, performing matching failure prompting. Mare, though, teaches “an authentication device for authenticating an authorized user” (Mare at 0016), “generating a set of data points representing authentication device motion data between the start and end times in the query; sending the set of data points to the digital device for correlation with data points generated from the input apparatus; receiving a response from the digital device: if the response is a success message (Ms), returning an okay-to-authenticate message (Ma); if the response if a failure message (Mf) or a retry message (Mr), alerting the authorized user to retry the intent action” (Mare at 0016), where “[e]mbodiments below are described in terms of multi-user shared-digital device settings in, for example, hospitals and other enterprise environments…. The disclosed systems and methods may be further adapted to other digital devices such as a TV/monitor, smart appliance, door, game controller, medical device”, and “A notification or alert may be conveyed by any of a variety of ways of communication with a user, such as a vibration, audible tone, message on a display, or a color change” (Mare at 0090). Therefore, the Examiner understands and finds that to prompt for success or failure in authentication is applying a known technique to a known device, method, or product ready for improvement to yield predictable results so as to inform a system and/or device operator of authorization for the device.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine or modify the authentication of Aarnio with the messaging of Mare in order to prompt for success or failure in authentication so as to inform a system and/or device operator of authorization for the device.
The rationale for combining in this manner is that to prompt for success or failure in authentication is applying a known technique to a known device, method, or product ready for improvement to yield predictable results so as to inform a system and/or device operator of authorization for the device as explained above.
Claim 11: Aarnio discloses the medical device according to claim 9, but does not appear to explicitly disclose further comprising: a light emitting diode and/or a buzzer that is connected to the processor and configured to perform matching success and/or matching failure prompting under the control of the processor. Aarnio, however, does not appear to explicitly disclose performing matching success prompting based on the first key matching the second key; and/or based on the first key not matching with the second key, performing matching failure prompting. Mare, though, teaches “an authentication device for authenticating an authorized user” (Mare at 0016), “generating a set of data points representing authentication device motion data between the start and end times in the query; sending the set of data points to the digital device for correlation with data points generated from the input apparatus; receiving a response from the digital device: if the response is a success message (Ms), returning an okay-to-authenticate message (Ma); if the response if a failure message (Mf) or a retry message (Mr), alerting the authorized user to retry the intent action” (Mare at 0016), where “[e]mbodiments below are described in terms of multi-user shared-digital device settings in, for example, hospitals and other enterprise environments…. The disclosed systems and methods may be further adapted to other digital devices such as a TV/monitor, smart appliance, door, game controller, medical device”, and “A notification or alert may be conveyed by any of a variety of ways of communication with a user, such as a vibration, audible tone, message on a display, or a color change” (Mare at 0090). Therefore, the Examiner understands and finds that to prompt for success or failure in authentication via a light emitting diode and/or a buzzer is applying a known technique to a known device, method, or product ready for improvement to yield predictable results so as to inform a system and/or device operator of authorization for the device.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine or modify the authentication of Aarnio with the messaging of Mare in order to prompt for success or failure in authentication via a light emitting diode and/or a buzzer so as to inform a system and/or device operator of authorization for the device.
The rationale for combining in this manner is that to prompt for success or failure in authentication via a light emitting diode and/or a buzzer is applying a known technique to a known device, method, or product ready for improvement to yield predictable results so as to inform a system and/or device operator of authorization for the device as explained above.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
The Linux Documentation Project, Non-Volatile Memory chips, dated 29 November 2021, downloaded from the Archive.org WayBack Machine at https://web.archive.org/web/20211129025256/https://tldp.org/HOWTO/Network-boot-HOWTO/a610.html on 6 January 2026, indicating “PROM: Pronounced prom, an acronym for programmable read-only memory. A PROM is a memory chip on which data can be written only once” (at p. 1).
Lenovo, Glossary, Programmable ROM, undated, downloaded 6 January 2026 from https://www.lenovo.com/us/en/glossary/programmable-rom/index.html?orgRef=https%253A%252F%252Fwww.google.com%252F&srsltid=AfmBOopO5VFUavtiSIgFzj6rT8RbgeHPqafiQQSdCstwgiVFX9qPzHQt, indicating that “PROM is a type of read-only memory that you can program once. Unlike standard ROM, which comes with data permanently written, PROM allows you to write data to it a single time. It's often used in hardware programming”, and in response to “Can I erase and rewrite data on programmable ROM?”, “No, you can't erase and rewrite data on standard PROM. Once you've written data to it, it's there permanently” (at p. 2).
Ian Grout, Digital Systems Design with FPGAs and CPLDs, 2008, chap. 5, downloaded 6 January 2026 from https://pdf.sciencedirectassets.com/277478/3-s2.0-B9780750683975X00013/3-s2.0-B9780750683975000052/main.pdf?X-Amz-Security-Token=IQoJb3JpZ2luX2VjEJz%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJGMEQCIA%2FS%2BgQD1OaSS8WrBAI%2BqnAkpVROZVOcF6cFjPDZ6FvUAiApfFNNcQBrBUUfajZMXP6cl5qNr4WjOAreFnhr7SXBUCqzBQhkEAUaDDA1OTAwMzU0Njg2NSIME%2B8kqtO7EZV3RhqiKpAFu5kSbeHV67F1WRPveEWgt4d7wOxjDoXCPOj0iIrPAje8sf98oZHKQsMthW7%2BcsarYmrBUPUtbTimRZxd9wC1%2BNKsBODhT6L1bGpwkhLvJ5Km0RQwHQAZBqyJMC9Tt%2Bc9z6COmO%2BGsjTYuhaqlLINZZmkyPEwkVNKKC1%2FC71W77Z6Da0z46G0Nmlm%2BXIF8%2Fk9ySacEe0na8i9Ye%2FOk0lv5BQR3VqxyZF%2Fd%2B44prk0XgFgbHfYp1sWuBJ3rnEuP6YFjjIvN8VTvknbqWjZc3W%2BR4Z%2BH2s0QlpmIz4xwX5tiey6l5TXleF8vzBQ1T%2B3opswtaU3saslU%2B7iw%2Bqa8sHQ1ebsdg5GJ5agsf7udoyyHqZma3Xe6RCgpqgNRMpAfgziVERz86cxSJWZp4z2MTJ7Ll3gYpZOcg53Yh1azRLE%2Fdh3zdt1lcU1oyXtGqNUNwdrArCFLUpqlhkPcc%2FHC57IuC8saaGH2SzigzRgBCaX5ztj3nScX6TEWIaDFKt4fIItaDUEXW3LTsXa%2FTEOW48izB0bqUhxt8iSUfiGYgM9oA%2FP4x2M5xgV59qNtssD2o5y2TRWYzLtaUdcV48ENaf6y5NBu6vs5wFRHz2fnNonaKjxK%2FmMX5gewYl784CPX5vDV%2FE%2BjXFbT%2FQ9OedBNBQrcHCFnHrPh03Uha4DFFN5skmRgaReqU1KctQbczP9fi8l0GZrPT%2BBeIsOoFx4x2fXkL5RIrM0%2FfNi2NNKo0c3TUHz%2FNi533AhmFxR0m6waxdEjd9ScRO2T9COixr0CskYih3ELL8GOUBZr2QAheGWNTOH9VqCctpWE9zr3w2156CunanQtrBc5%2ByPp9ccqkZ3dwFGjrOfcmssAHVhGs9RGBkw3bn1ygY6sgF2aq6D1%2BhX1GaGQkMUyIx%2BnKv12T2D5xXhWNWqrhORmLIx2SNNBqA8BpNBcrnHoZCjMFkZB4PCsXTz%2BxUQN9d3btLwNaSIZE%2Bj9CtabnLBYkljv6X2FT4JVtxmGiLFoLC01o8suE2zGssm3ggEDsMVjzOAV9R7OIhNZhxeQfF4arTLguEJE5JJCtVxbQaw4%2B1VbKPuub8i4U%2B1F5mZqyzs4L9XSTPRC2JleHhFoc40Z6iv&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20260106T201233Z&X-Amz-SignedHeaders=host&X-Amz-Expires=300&X-Amz-Credential=ASIAQ3PHCVTYZIJFFDM7%2F20260106%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=1c913c30bb18d76d71f71ed78be8322d8c31528918bc985cc3f1a6e283ba71dc&hash=0957fffe009ae81c3cd11e8ae8284f69ac85075fd873841de9905f02f67a2e20&host=68042c943591013ac2b2430a89b270f6af2c76d8dfd086a07176afe7c76c2c61&pii=B9780750683975000052&tid=spdf-8b8f6078-6431-4bcd-b620-f95a919becbc&sid=09bbfa34273c804f9c892ca95a5fa4183565gxrqa&type=client&tsoh=d3d3LnNjaWVuY2VkaXJlY3QuY29t&rh=d3d3LnNjaWVuY2VkaXJlY3QuY29t&ua=1a115b065705040707&rr=9b9ddef1dc1a1f55&cc=us, indicating “The code can either be fixed when the memory is fabricated (mask programmable ROM), electrically programmed once (PROM, programmable ROM) or electronically programmed multiple times. Multiple programming capacity requires the ability to erase prior programming, which is available with EPROM (electrically programmable ROM, erased using ultraviolet [UV] light), EEPROM or E2 PROM (electrically erasable PROM), or flash (also electrically erased). PROM is sometimes considered to be in the same category of circuit as simple programmable logic device (SPLD), although in this text, PROM is considered in the memory category only” (at 220).
Prabhu, P. et al. (2011). Extracting Device Fingerprints from Flash Memory by Exploiting Physical Variations. In: Trust and Trustworthy Computing. Trust 2011. Lecture Notes in Computer Science, vol 6740. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21599-5_14, downloaded 7 January 2026, indicating that “This paper examines seven techniques for extracting unique signatures from individual flash devices” (at 188).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SCOTT D GARTLAND whose telephone number is (571)270-5501. The examiner can normally be reached M-F 8:30 AM - 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Abdi can be reached at 571-272-6702. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SCOTT D GARTLAND/
Primary Examiner, Art Unit 3685