DETAILED ACTION
This office action is in response to applicant’s submission filed on 04/10/2019, which has an effective filing date of 10/12/2016. Claims 1-27 are pending and are directed towards system, apparatus, method, and computer product for Provision of Secure Communication in a Communication Network Capable of Operating in Real Time.  This is Non-Final action.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Drawings
1.	The drawings are objected to because Fig. 1 does not assign element numbers for each components shown.  Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and 
Claim Analysis – 35 USC § 112 (f)
2.	The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

3.	The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)      the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)      the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)     the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
4.	This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting 
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. 
5.	Claim limitation “a unit for correlating”, “a unit for emitting”, and “one unit for synchronizing” has/have been interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because it uses/they use a generic placeholder “unit” 
Since the claim limitation(s) invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, claim(s) 9 and 12 has/have been interpreted to cover the corresponding structure described in the specification that achieves the claimed function, and equivalents thereof.  
6.	A review of the specification shows that the following appears to be the corresponding structure described in the specification for the 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph limitation: Regarding the phrase “a unit for correlating”, paragraph 20 and paragraph 43 and Fig. 1 (of the Pre-Grant Publication) recite that a test unit IA of Fig. 1 correlates and check the integrity reference values.  Therefore, the disclosure does provide corresponding structure for this limitation.
Regarding the “a unit for emitting a warning” limitation, paragraph 17 and paragraph 29 and Fig. 1 (of the Pre-Grant Publication) recite that the test unit IA of Fig. 1 generates a warning or alarm signal.  Therefore, the disclosure does provide corresponding structure for this limitation.

If applicant wishes to provide further explanation or dispute the examiner’s interpretation of the corresponding structure, applicant must identify the corresponding structure with reference to the specification by page and line number, and to the drawing, if any, by reference characters in response to this Office action. 
If applicant does not intend to have the claim limitation(s) treated under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112 , sixth paragraph, applicant may amend the claim(s) so that it/they will clearly not invoke 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, or present a sufficient showing that the claim recites/recite sufficient structure, material, or acts for performing the claimed function to preclude application of 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.
For more information, see MPEP § 2173 et seq. and Supplementary Examination Guidelines for Determining Compliance With 35 U.S.C. 112 and for Treatment of Related Issues in Patent Applications, 76 FR 7162, 7167 (Feb. 9, 2011).
Claim Rejections - 35 USC § 112
7.	The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
8.	Claims 4 and 15 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claim 4 recites the limitations "the message type" and “the sender” in line 2.  There is insufficient antecedent basis for this limitation in the claim.
Claim 15 recites the limitations “the at least one definable filtering criterion”, "the message type", and “the sender” in line 2-3.  There is insufficient antecedent basis for these limitations in the claim.
Claim Rejections - 35 USC § 103
9.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.

10.	Claims 1-27 are rejected under 35 U.S.C. 103 as being unpatentable over Falk (US Pub. 2013/0132730) filed on Jul. 22, 2011 in view of Rayapeta et al. (US Pub. 2016/0344754), hereinafter Rayapeta, filed on May 22, 2015.
Regarding claim 1, Falk teaches a method for providing secure communication between at least one first communication partner and at least one second communication partner within a communication network capable of operating in real time (para 48, line 1-6 and para 49, line 1-6; transmitting data between control unit SE1 and control unit SE2 in a secure manner and transmission of data over the network occurs in real time), the method comprising: 
providing at least two interfaces, each of which are assigned to a communication partner (para 49, line 1-12; unit IPEE of control unit SE1 transmits information to receiving unit IPVE of control unit SE2);
Falk does not teach isolating at least one message transmitted and/or received between the communication partners at the respectively associated interface, by means of at least one definable filtering criterion, wherein the at least one isolated message undergoes an integrity check;

It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Falk to incorporate the teachings of Rayapeta to provide for quarantine of a message communicated between two nodes of a network and analyze if message may be indicative of an attack by determining characteristics of the message.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Falk teaches for the purposes of integrity checking, constituting a first integrity reference value for at least one message transmitted and/or received by message received and/or transmitted by at least the second communication partner (para 38, line 1-14 and para 40, line 1-4; generate integrity check information for control unit SE on the transmitter side and generate integrity check information for the control data on the receiver side);
Falk does not teach at least one isolated message
Rayapeta teaches at least one isolated message (para 24, line 23-30; quarantine the message on the network communication)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Falk to incorporate the teachings of Rayapeta to provide for quarantine of a message communicated between two nodes of a network.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Falk teaches providing a test unit for integrity checking; correlating the first integrity reference value with the second integrity reference value, and comparing of same by the test unit (para 41, line 1-8; integrity check verification 
generating a warning and/or alarm signal by the test unit, or the referral of the warning and/or alarm signal originating from the test unit to an authority responsible for the deployment of corresponding counter-measures, in the event that the correlated integrity reference values deviate from each other (para 42, line 19-48; the integrity check verifying unit IPVE generates an alarm signal and transmits the alarm signal to an operating person as well as initiating an operationally secure state for the network if the integrity check information of the receiver side deviates from the integrity check information of the transmitter side). 
	Regarding claim 2, Falk and Rayapeta teach method of claim 1.
	Falk teaches wherein, for communication between the communication partners, a communication protocol below level 3, also described as the network layer in the OSI reference model applied in communication technology, is employed (para 23, line 1-4 and para 36, line 1-13; data are transmitted between control units SEs where each control unit SE is connected to a gateway via a bus 5-1 in an Ethernet transmission network).
	Regarding claim 3, Falk and Rayapeta teach method of claim 1.

Rayapeta teaches wherein, for communication between the communication partners, a fieldbus communication protocol is employed (para 36, line 1-4 and line 25-29; communication between various nodes on the network uses fieldbus protocol).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Falk to incorporate the teachings of Rayapeta to provide for communication between various nodes on the network using fieldbus protocol.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
	Regarding claim 4, Falk and Rayapeta teach method of claim 1.
	Falk does not teach wherein the at least one filtering criterion relates to the message type, the sender and/or receiver, a random message filtering function, a bandwidth and/or network load and/or a filterable message content, and/or any combination thereof.

	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Falk to incorporate the teachings of Rayapeta to provide for analyzing if message may be indicative of an attack by determining characteristics of the message, such as a message type or a certain sender or receiver.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Regarding claim 5, Falk and Rayapeta teach method of claim 1.
	Falk does not teach the at least two interfaces undertake a passive monitoring of transmitted and/or received messages.

It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Falk to incorporate the teachings of Rayapeta to provide for managing the flow of message traffic into and out of a communication node and analyzing each of the messages.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Regarding claim 6, Falk and Rayapeta teach method of claim 1.
Falk teaches wherein, as an integrity reference value, a hash value of an sent/received message and/or elements thereof, and/or an accumulation of a plurality of filtered messages and/or elements thereof is employed (para 43, line 1-8; integrity check information is formed by a hash value of at least part of the control data packet or a particular number of control data packets).
an isolated sent/received message
Rayapeta teaches an isolated sent/received message (para 24, line 5-11 and line 23-30; quarantined message into or out of a communication node)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Falk to incorporate the teachings of Rayapeta to provide for quarantine of a message into or out of a communication node.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Regarding claim 7, Falk and Rayapeta teach method of claim 1.
Falk teaches the at least one first integrity reference value from a definable time window is compared with at least the second correlating integrity reference value from the same time window (para 41, line 1-8 and para 52, line 1-6 and para 53, line 1-5; integrity check verification unit IPVE compares the integrity check information, containing a timestamp with value range within a particular timespan, generated on the receiver side with that of the transmitter side).  
Regarding claim 8, Falk and Rayapeta teach method of claim 1.

Regarding claim 9, Falk teaches a device for integrity checking, which is suitable for the provision of secure communication between at least two communication partners within a communication network capable of operating in real time (para 48, line 1-6 and para 49, line 1-12; transmitting data between control unit SE1 and control unit SE2 in a secure manner for verifying integrity check information and transmission of data over the network occurs in real time), the device comprising: 
a unit for receiving a formed first integrity reference value for at least one message and/or for receiving at least one formed second integrity reference value for at least one message (para 41, line 1-8; integrity check verifying unit IPVE receives generated integrity check information from the transmitter side and integrity check information on receiver side);
Falk does not teach at least one isolated message 
at least one isolated message (para 24, line 23-30; quarantine the message on the network communication)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Falk to incorporate the teachings of Rayapeta to provide for quarantine of a message communicated between two nodes of a network.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Falk teaches a unit for correlating the first integrity reference value with the at least second integrity reference value, and for comparing same (para 41, line 1-8; integrity check verification unit IPVE compares the integrity check information generated on the receiver side with that of the transmitter side); and  PCT/EP2017/072801- 18 - 2016P19473WOUS 
a unit for emitting a warning and/or alarm signal, which is delivered to an authority responsible for the deployment of corresponding counter-measures, in the event that the correlated integrity reference values deviate from each other (para 42, line 19-48; the integrity check verifying unit IPVE generates an alarm signal and transmits the alarm signal to an operating person as well as initiating 
Regarding claim 10, Falk and Rayapeta teach device of claim 9.
Falk teaches correlation involves an association of the first integrity value with the at least second integrity value, with respect to the same message which is transmitted between the communication partners (para 41, line 1-8; integrity check verification unit IPVE compares the integrity check information generated on the receiver side with that of the transmitter side).
Falk does not teach the isolated message
Rayapeta teaches the isolated message (para 24, line 23-30; quarantine the message on the network communication)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Falk to incorporate the teachings of Rayapeta to provide for quarantine of a message communicated between two nodes of a network.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic 
Regarding claim 11, Falk and Rayapeta teach device of claim 9.
Falk teaches the at least one first integrity reference value from a definable time window is compared with at least the second correlating integrity reference value from the same time window (para 41, line 1-8 and para 52, line 1-6 and para 53, line 1-5; integrity check verification unit IPVE compares the integrity check information, containing a timestamp with value range within a particular timespan, generated on the receiver side with that of the transmitter side).
Regarding claim 12, Falk and Rayapeta teach device of claim 9.
Falk does not teach the device comprises at least one unit for synchronizing the isolation of at least one transmitted and/or received message between the communication partners, with reference to at least one definable filtering criterion.
Rayapeta teaches the device comprises at least one unit for synchronizing the isolation of at least one transmitted and/or received message between the communication partners, with reference to at least one definable filtering criterion (para 24, line 1-29 and para 27, line 1-6; quarantine a message communicated between two nodes, with an interface at each node, of a network 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Falk to incorporate the teachings of Rayapeta to provide for quarantine of a message communicated between two nodes of a network and analyze if message may be indicative of an attack by determining characteristics of the message.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Regarding claim 13, Falk and Rayapeta teach device of claim 9.
Falk teaches wherein, for communication between the communication partners, a communication protocol below level 3, also described as the network layer in the OSI reference model applied in communication technology, is employable (para 23, line 1-4 and para 36, line 1-13; data are transmitted between control units SEs where each control unit SE is connected to a gateway via a bus 5-1 in an Ethernet transmission network). 
Regarding claim 14, Falk and Rayapeta teach device of claim 9.
Falk does not teach wherein, for communication between the communication partners, a fieldbus communication protocol is employable.
Rayapeta teaches wherein, for communication between the communication partners, a fieldbus communication protocol is employable (para 36, line 1-4 and line 25-29; communication between various nodes on the network uses fieldbus protocol).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Falk to incorporate the teachings of Rayapeta to provide for communication between various nodes on the network using fieldbus protocol.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Regarding claim 15, Falk and Rayapeta teach device of claim 9.
Falk does not teach the at least one definable filtering criterion relates to the message type, the sender and/or receiver, a random message filtering 
Rayapeta teaches the at least one definable filtering criterion relates to the message type, the sender and/or receiver, a random message filtering function, a bandwidth and/or network load and/or a filterable message content, and/or any combination thereof (para 24, line 12-33; analyze if message may be indicative of an attack by determining characteristics of the message, such as a message type or a certain sender or receiver).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Falk to incorporate the teachings of Rayapeta to provide for analyzing if message may be indicative of an attack by determining characteristics of the message, such as a message type or a certain sender or receiver.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Regarding claim 16, Falk and Rayapeta teach device of claim 9.
sent/received message and/or elements thereof, and/or an accumulation of a plurality of filtered messages and/or elements thereof is employed (para 43, line 1-8; integrity check information is formed by a hash value of at least part of the control data packet or a particular number of control data packets).
Falk does not teach an isolated sent/received message
Rayapeta teaches an isolated sent/received message (para 24, line 5-11 and line 23-30; quarantined message into or out of a communication node)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Falk to incorporate the teachings of Rayapeta to provide for quarantine of a message into or out of a communication node.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Regarding claim 17, Falk and Rayapeta teach device of claim 9.
Falk teaches at least one channel for communication between the communication partners and at least one channel for the reception of the at least 
Regarding claim 18, Falk and Rayapeta teach device of claim 9.
Falk does not teach wherein, for integrity checking, plausibility data, specifically projection data and/or configuration data and/or physical properties of the communication partners, data derived from a simulation and/or digital twinning data can be incorporated.
Rayapeta teaches wherein, for integrity checking, plausibility data, specifically projection data and/or configuration data and/or physical properties of the communication partners, data derived from a simulation and/or digital twinning data can be incorporated (para 53, line 1-28; analyze messages into and out of the nodes of the network for expected behavior using various traffic pattern statistics generated at any particular node which reflects the configuration of the network).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Falk to incorporate the teachings of Rayapeta to provide for analyze messages for 
Regarding claim 19, Falk teaches a communication system for providing secure communication between at least two communication partners within a communication network capable of operating in real time, comprising at least two interfaces which are assigned to the communication partners, each having at least one unit for the constitution of an integrity reference value for a sent and/or received message (para 48, line 1-6 and para 49, line 1-12; transmitting data between transmitter and receiver, such as control unit SE1 and control unit SE2, in a secure manner for verifying integrity check information and transmission of data over the network occurs in real time), and 
for the transmission of the integrity reference value to at least one integrity reference value checking device as claimed in claim 9 (see rejection in claim 9).
Regarding claim 20, Falk and Rayapeta teach system of claim 19.

Rayapeta teaches a unit for the isolation of at least one transmitted and/or received message between the communication partners on the basis of least one definable filtering criterion is further assigned to each interface (para 24, line 1-29 and para 27, line 1-6; quarantine a message communicated between two nodes, with an interface at each node, of a network and analyze if message may be indicative of an attack by determining characteristics of the message, such as a message type or a certain sender or receiver), 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Falk to incorporate the teachings of Rayapeta to provide for quarantine of a message communicated between two nodes of a network and analyze if message may be indicative of an attack by determining characteristics of the message.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6. 

Regarding claim 21, Falk and Rayapeta teach system of claim 19.
Falk teaches the interface which is assigned to the message-receiving communication partner and/or which is assigned to the message-transmitting communication partner can moreover comprise a unit for the reception of an integrity value comparison result (para 41, line 1-8; integrity check verification unit IPVE compares the integrity check information generated on the receiver side with that of the transmitter side)
Falk and Rayapeta teaches a unit for the reception of an integrity value comparison result from the least one integrity reference value checking device (see rejection for claim 19).
Regarding claim 22, Falk and Rayapeta teach system of claim 21.
Falk teaches the interface further comprises an output unit for the delivery of a warning and/or alarm signal to an authority for the initiation of corresponding counter-measures, depending upon the integrity value comparison result (para 42, line 19-48; the integrity check verifying unit IPVE generates an alarm signal and transmits the alarm signal to an operating person as well as 
Regarding claim 23, Falk and Rayapeta teach system of claim 19.
Falk does not teach the interfaces are configured passively.
Rayapeta teaches the interfaces are configured passively (para 24, line 1-16 and para 26, line 4-9; robustness agent on node interface manage the flow of message traffic into and out of a communication node and analyze each of the messages for characteristics indicative of an attack).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Falk to incorporate the teachings of Rayapeta to provide for managing the flow of message traffic into and out of a communication node and analyzing each of the messages.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Regarding claim 24, Falk and Rayapeta teach system of claim 19.

Regarding claim 25, Falk and Rayapeta teach system of claim 19.
Falk does not teach wherein, for communication between the communication partners, a fieldbus communication protocol is employable.
Rayapeta teaches wherein, for communication between the communication partners, a fieldbus communication protocol is employable (para 36, line 1-4 and line 25-29; communication between various nodes on the network uses fieldbus protocol).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Falk to incorporate the teachings of Rayapeta to provide for communication between various nodes on the network using fieldbus protocol.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic 
Regarding claim 26, Falk and Rayapeta teach system of claim 19.
Falk teaches the communication between the communication partners and the communication between the respective interface and the device for integrity checking can be executed in mutually independent channels (para 39, line 1-16; transmitting control data and integrity check information from transmitter side to receiver side occurs over different networks or over different virtual local networks VLAN).
Regarding claim 27, Falk does not teach a computer program product comprising a computer readable hardware storage device having computer readable program code stored therein, said program code executable by a processor of a computer system to implement a method, at least one computer program, 
Rayapeta teaches a computer program product comprising a computer readable hardware storage device having computer readable program code stored therein, said program code executable by a processor of a computer system to implement a method, at least one computer program (para 63, line 10-
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Falk to incorporate the teachings of Rayapeta to provide for computer readable memory storing software that are executed by a processor.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Falk and Rayapeta teaches having means for the execution of the method as claimed in claim 1 (see rejection for claim 1).
Conclusion
11.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
	The following are the related patents and applications: Immonen (US Pub. 2003/0120924) discloses checking the integrity of a message transmitted between a Sender in a transmitting end and a recipient in a receiving end; Kim et 
the control network group for industrial control system; Milliken et al. (US Pub. 2004/0064737) discloses detects transmission of potentially malicious packets by comparing hash values associated with the packets.
12.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to NHAN H NGUYEN whose telephone number is (571)272-6443.  The examiner can normally be reached on Monday-Friday 8:30am - 4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information 






/NHAN HUU NGUYEN/Examiner, Art Unit 2492

/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492