Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment and Arguments
	Applicant has amended claims 1 & 11. The amendment has overcome claim objections issued for claims 1 & 11 and hence these objections are withdrawn. The Applicant’s argument against issuance 112b based invocation of 112f of claim 11 has been reviewed and found persuasive and 112b rejections  for claims 11, 13-14 & 16-21 has been withdrawn. However, issuance of 112f for claim11 has been maintained as the claim still invokes 112f.
The Applicants argument in remarks (page 11) that “Fischer, Bugrov and Aull, as well as Hammad, each fails to teach or suggest anything with respect to the OPC UA protocol. Moreover, while Hammad describes the issuance of certificates, these certificates are issued for mobile phones. A cellular network in which mobile phones are typically found has nothing to do with an industrial plant in which a device can use the OPC UA protocol”, has been reviewed, however, found moot due to change of ground. 

		Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 
The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:


The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: “the first local registration service authenticates” in claim 11. 
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claims 1-8, and 11, 13-14 & 16-20 are rejected under 35 USC 103 as being unpatentable over Fischer (US20140173688 ) in view of Bugrov (US20160112406.), Aull (US 20030115455) and Brown (US20140208390)
Regarding claim 1,Fisher teaches a method for authenticating at least one of devices and applications web applications in a control system for an industrial plant, wherein the control system includes an engineering station having a first at least one local registration service, a configuration service and a processor including memory, of the industrial plant, the method comprising: a) determining by the at least one local registration service information regarding at least one of (i) which communications protocols and/or applications are supported by the devices and/or the applications. [0033] As can be seen from FIG. 1, an automation installation 1 in the illustrated exemplary embodiment has at least one automation device 2 that can be connected to further devices 4-1, 4-2 via a field bus 3, for example. The further devices 4-1, 4-2 may be automation devices, particularly field devices. In one possible embodiment, the automation device 2 is an automation controller for actuating further devices 4-1, 4-2 via a bus, particularly a field bus 3. In addition, the automation device 2 may be a PLC controller or a field device. In the exemplary embodiment shown in FIG. 1, the automation device 2 is connected to a data network 6 via a network access switch 5. This data network 6 has an authentication server 7 and a policy enforcement server 8 connected to it. In addition, the policy enforcement server 8 may be connected to a configuration server 9 via the network 6 or directly. The automation device 2 has at least one authentication credential that the automation device can use to authenticate itself to the authentication server 7 of the automation installation 1. This authentication credential may be a device certificate Z of the automation device 2, for example. The existence of current device-specific operator data from the installation operator of the automation installation 1 for an automation device 2 prompts these current device-specific operator data to be linked to the authentication credential of the automation device 2. In one possible embodiment, this linking of the current device-specific operator data to the authentication credential can be effected by the policy enforcement server 8 (see FIG. 1) of the automation installation 1. The policy enforcement server 8 links the current device-specific operator data as soon as the policy enforcement server 8 is notified of successful authentication of the automation device 5 to the authentication server 7 of the automation installation 1. In one possible embodiment, the policy enforcement server 8 obtains the current device-specific operator data from the configuration server 9. Examiner’s Comment: Local Registration Service corresponds to service provided by combination of Authentication Server, Policy Enforcement Server and Configuration Server.]]
b) storing the device-specific information determined by the at least one local registration service in the software inventory of the control system for an industrial plant, wherein the control system includes an engineering station having a first at least one local registration service, a configuration service and a processor including memory, of the industrial plant, [0039] In one possible embodiment, the operator data are coded directly into a certificate Z, particularly a device certificate. Here, the size of the certificate can grow, which means that the necessary memory for this needs to be available. In a further possible embodiment, the certificate Z has a device-specific or series-specific serial number that provides sufficient information together with the issuer and the serial number of the certificate Z, so that a server can request the possible operator data or configuration data from the operator of the automation installation 1. In a further embodiment, the certificate Z contains a link to a web page of the installation operator that may store possible device-specific operator data or configuration data in the form of a device configuration database. In a further embodiment, the operator data provided by the operator are digitally signed to protect the integrity of these data, so that they can be used for automation in the planning of installations. In one possible embodiment, the device-specific operator data are written to an attribute certificate for a device certificate of the automation device 2. In one embodiment, it is possible to use the logotype extension in order to code devices or series-specific information as a 1D or 2D barcode. When an attribute certificate is used, a change requires only the attribute certificate to be renewed, this resulting in simplified handling, because no secret cryptographic keys need to be translated in this case. The request for the operator data from a configuration database of the configuration server 9 is made online in one possible embodiment. Please also see para [0033] as depicted above] 
during authentication of at least one of () the devices and (ii) the applications within the control system and (ii) [[which]] communications protocols [[and/or]] or applications [[are]] active, during authentication of at least one of (i) the devices and (ii) the applications within the control system;
Fisher, although, teaches  registration service/authentication, he does not explicitly teach, however, Bugrov teaches (ii) which communications protocols and/or applications are active, during authentication of at least one of (i) the devices and (ii) the applications within the control system; [0034] As seen in FIG. 1, the components of the industrial control system 100 are in signal communication via various communication links 122. The communication links 122 may be direct connections between devices of the industrial control system 100. For example, the I/O devices 110 may each be directly connected to the sensor 112, motor 114, and valve 116 respectively. The communication links 122 may also be links in a network such as, for example, a local area network (LAN), a wide area network (WAN) such as the Internet. As another example, the PLC 104 may be connected to the I/O devices 110 through a backplane interconnection. Accordingly the communication links 122 may include both wired and wireless communication links. In addition the components of the industrial control system 100 may, for example, communicate via an industrial Ethernet and operate, for example, according to the EtherNet/IP protocol (EtherNet/Industrial Process) or MODBUS protocol. 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Fischer with the disclosure of Bugrov. The motivation or suggestion would have been to implement a system that will provide improvements to authenticating and authorizing interconnected devices in industrial control systems. (para 0001-0006, Bugrov)  
Although, Fischer & Bugrov teach control system and  first local registration service, they do not teach explicitly, however, Aull teaches includes an engineering station having, a system server having a second local registration service which obtains certificates on behalf of a replacement device, a certification authority which is accessible at runtime, [0006] FIG. 1 shows a block diagram of an example PKI system architecture. Current PKIs that provide strong authentication of user identity accomplish this via the use of a local registration authority officer (LRAO) 12. LRAO 12 operates at a work station or server platform 14 that runs a local registration (second local registration service) authority software application 16. Server platform 14 may be any known computing device that may serve as a server, e.g., computer, workstation, etc. The local registration authority application 16 interfaces to other server platforms that may contain applications such as a certificate authority application 18, a registration authority application 20, and/or a key recovery authority application 22. Each application may be on the same server platform, or on separate individual server platforms 14. A user 10, that uses or desires access to the PKI system architecture, accesses the system via a web browser 22 on a client platform 24. A hardware token 26, such as a smart card, may also be operably connectable to client platform 24. Typically in current systems, user 10 presents a photo I.D. to the local registration authority officer 12 in order to authenticate the user's identity. Local registration authority officer 12 then uses workstation 14 and local registration authority application 16 to signal a registration authority application 20 to register new user 10 in the system. Local registration authority application 16 may be off-the-shelf product software that comes typically bundled with a certificate authority application 18, registration authority application 20, and key recovery authority 22 software. [0007] A public/private key pair is generated by either the local registration authority application 16 or the registration authority application 20 (depending on products chosen and depending on how they've been configured). The public key is sent to certificate authority application 18 to be signed, thereby, generating a certificate for new user 10. A backup copy of the private key may also be sent to key recovery authority application 22, however, normally the private key is kept on a token 26, or at client platform 24 by user 10. Once the public key is sent to a certificate authority 18 and signed, a user certificate is generated and provided to a local registration authority server. Local registration authority officer 12 copies the certificate (including the private key) onto a floppy disk, hardware token, or other storage medium, and then provides the certificate/private key to the user.] 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Fischer and Bugrov with the disclosure of Aull. The motivation or suggestion would have been to implement a system that will provide secure and efficient techniques for digital certificate generation and deliverance.(paras 0046-0047, Aull)  
Although, Fischer, Bugrov and Aull teach control system and  first local registration service, they do not teach explicitly, however,Brown teaches which issues operating certificates for devices or applications determines a device certificate and a serial number of one of the devices or applications is stored in the at least one software inventory included in the control system, [0028] FIG. 3 is an information flow diagram that illustrates an embodiment of communications between the OPC UA client 46 and the OPC UA server 40 in accordance with the process 120 described in FIG. 2. The communication between the OPC UA client 46 and OPC UA server 40 may be using any standard security protocol such as Transport Layer Security (TLS) or Secure Sockets Layer (SSL). For example, in one embodiment, after an initial connection 130 between the OPC UA server 40 and the OPC UA client 46, the OPC UA server 40 will send the server certificate 49 to the OPC UA client 46 so that the OPC UA client 46 can verify that it is communicating with the desired server 40. Once the OPC UA client 46 is sure it is communicating with the desired server 40, the OPC UA client 46 will send an Application Certificate 50 to the OPC UA server 40 to identify the user 44 using or associated with the OPC UA client 46. One type of Application Certificate 50 that may be used is an X.509 certificate. The X.509 certificate standard cryptographically binds the certificate holder with its public key. The X.509 certificate includes a data section (i.e. the version number, the certificate's serial number, algorithm, identify of issuer, valid period, and identity of subject) and a signature section. Other certificate types may include Extended Validation (EV) SSL Certificates, Organization Validation (OV) SSL Certificates, and Domain Validation (DV) SSL Certificates]
such that only certificates required for use of a specific protocol comprising at least Open Platform Communications Unified Architecture (OPC) Unified Architecture (UA) are provided to the replacement device within the industrial plant, [0028] FIG. 3 is an information flow diagram that illustrates an embodiment of communications between the OPC UA client 46 and the OPC UA server 40 in accordance with the process 120 described in FIG. 2. The communication between the OPC UA client 46 and OPC UA server 40 may be using any standard security protocol such as Transport Layer Security (TLS) or Secure Sockets Layer (SSL). For example, in one embodiment, after an initial connection 130 between the OPC UA server 40 and the OPC UA client 46, the OPC UA server 40 will send the server certificate 49 to the OPC UA client 46 so that the OPC UA client 46 can verify that it is communicating with the desired server 40. Once the OPC UA client 46 is sure it is communicating with the desired server 40, the OPC UA client 46 will send an Application Certificate 50 to the OPC UA server 40 to identify the user 44 using or associated with the OPC UA client 46. One type of Application Certificate 50 that may be used is an X.509 certificate.] 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Fischer, Bugrov, Aull with the disclosure of Brown. The motivation or suggestion would have been to implement a system that will provide secure techniques to improve control system security.(paras 0001-0006, Brown)  
Regarding claim 2,although Fischer teaches authentication as illustrated above in claim 1, he does not explicitly teach, however, Bugrov teaches wherein at least one of (i) the devices and (ii) applications authenticate themselves to the local registration service upon start-up of the industrial plant to register themselves as trustworthy communication participants in the industrial plant. [0036] In FIG. 2, another example of an implementation of an industrial control system 200 in accordance with aspects of the present disclosure is shown. As seen in FIG. 2, a requesting device 202 is in signal communication with a target device 204. The requesting device 202 may connect to the target device 204 and, once connected, submit access requests to the target device. [0037] Access requests may include data requests to retrieve data stored at the target device 204 as well as command requests to invoke functionality the target device is configured to perform. As described above, the requesting device 202 may transmit a digital certificate 206 to the target device 204, which the target device uses to authenticate and authorize the requesting device.]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Fischer with the disclosure of Bugrov. The motivation or suggestion would have been to implement a system that will provide improvements to authenticating and authorizing interconnected devices in industrial control systems. (para 0001-0006, Bugrov)  
Regarding claim 3, although, Fischer, Aull and Brown teach authentication as illustrated above in claim 1, they does not explicitly teach, however, Bugrov teaches wherein at least one of (i) the devices and (ii) the applications authenticate themselves to the first local registration service during runtime of the industrial plant to register themselves as trustworthy communication participants in the industrial plant.  [0036] In FIG. 2, another example of an implementation of an industrial control system 200 in accordance with aspects of the present disclosure is shown. As seen in FIG. 2, a requesting device 202 is in signal communication with a target device 204. The requesting device 202 may connect to the target device 204 and, once connected, submit access requests to the target device. [0037] Access requests may include data requests to retrieve data stored at the target device 204 as well as command requests to invoke functionality the target device is configured to perform. As described above, the requesting device 202 may transmit a digital certificate 206 to the target device 204, which the target device uses to authenticate and authorize the requesting device.]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Fischer and Aull and Brown with the disclosure of Bugrov. The motivation or suggestion would have been to implement a system that will provide improvements to authenticating and authorizing interconnected devices in industrial control systems. (para 0001-0006, Bugrov)  
Regarding claim 4, Fischer teaches wherein information regarding a configuration of at least one of (i) the control system and (ii) the industrial plant operated with the control system is stored in the at least one software inventory.  [0039] In one possible embodiment, the operator data are coded directly into a certificate Z, particularly a device certificate. Here, the size of the certificate can grow, which means that the necessary memory for this needs to be available. In a further possible embodiment, the certificate Z has a device-specific or series-specific serial number that provides sufficient information together with the issuer and the serial number of the certificate Z, so that a server can request the possible operator data or configuration data from the operator of the automation installation 1. In a further embodiment, the certificate Z contains a link to a web page of the installation operator that may store possible device-specific operator data or configuration data in the form of a device configuration database. In a further embodiment, the operator data provided by the operator are digitally signed to protect the integrity of these data, so that they can be used for automation in the planning of installations. In one possible embodiment, the device-specific operator data are written to an attribute certificate for a device certificate of the automation device 2. In one embodiment, it is possible to use the logotype extension in order to code devices or series-specific information as a 1D or 2D barcode. When an attribute certificate is used, a change requires only the attribute certificate to be renewed, this resulting in simplified handling, because no secret cryptographic keys need to be translated in this case. The request for the operator data from a configuration database of the configuration server 9 is made online in one possible embodiment.] 
Regarding claim 5, Fischer teaches wherein the information with regard to the configuration of at least one of (i) the control system and (ii) the industrial plant is read out from the engineering station and stored in the at least one software inventory.[0039] In one possible embodiment, the operator data are coded directly into a certificate Z, particularly a device certificate. Here, the size of the certificate can grow, which means that the necessary memory for this needs to be available. In a further possible embodiment, the certificate Z has a device-specific or series-specific serial number that provides sufficient information together with the issuer and the serial number of the certificate Z, so that a server can request the possible operator data or configuration data from the operator of the automation installation 1. In a further embodiment, the certificate Z contains a link to a web page of the installation operator that may store possible device-specific operator data or configuration data in the form of a device configuration database. In a further embodiment, the operator data provided by the operator are digitally signed to protect the integrity of these data, so that they can be used for automation in the planning of installations. In one possible embodiment, the device-specific operator data are written to an attribute certificate for a device certificate of the automation device 2. In one embodiment, it is possible to use the logotype extension in order to code devices or series-specific information as a 1D or 2D barcode. When an attribute certificate is used, a change requires only the attribute certificate to be renewed, this resulting in simplified handling, because no secret cryptographic keys need to be translated in this case. The request for the operator data from a configuration database of the configuration server 9 is made online in one possible embodiment.] 
Regarding claim 6, Fischer teaches wherein at least one of (i) the devices and (ii) the applications are authenticated based on operating certificates.  [0033] As can be seen from FIG. 1, an automation installation 1 in the illustrated exemplary embodiment has at least one automation device 2 that can be connected to further devices 4-1, 4-2 via a field bus 3, for example. The further devices 4-1, 4-2 may be automation devices, particularly field devices. In one possible embodiment, the automation device 2 is an automation controller for actuating further devices 4-1, 4-2 via a bus, particularly a field bus 3. In addition, the automation device 2 may be a PLC controller or a field device. In the exemplary embodiment shown in FIG. 1, the automation device 2 is connected to a data network 6 via a network access switch 5. This data network 6 has an authentication server 7 and a policy enforcement server 8 connected to it. In addition, the policy enforcement server 8 may be connected to a configuration server 9 via the network 6 or directly. The automation device 2 has at least one authentication credential that the automation device can use to authenticate itself to the authentication server 7 of the automation installation 1. This authentication credential may be a device certificate Z of the automation device 2, for example. The existence of current device-specific operator data from the installation operator of the automation installation 1 for an automation device 2 prompts these current device-specific operator data to be linked to the authentication credential of the automation device 2. In one possible embodiment, this linking of the current device-specific operator data to the authentication credential can be effected by the policy enforcement server 8 (see FIG. 1) of the automation installation 1. The policy enforcement server 8 links the current device-specific operator data as soon as the policy enforcement server 8 is notified of successful authentication of the automation device 5 to the authentication server 7 of the automation installation 1. In one possible embodiment, the policy enforcement server 8 obtains the current device-specific operator data from the configuration server 9. ]
Regarding claim 7,  Fisher teaches wherein the local registration service reads out the information stored in the at least one software inventory to check, during authentication of at least one of (i) the devices and (ii) the applications, which operating certificate is assignable to at least one of (a) respective device and (ii) a respective application; and wherein at least one of (i) the devices and (ii) the applications are authenticated based on operating certificates.  [0033] As can be seen from FIG. 1, an automation installation 1 in the illustrated exemplary embodiment has at least one automation device 2 that can be connected to further devices 4-1, 4-2 via a field bus 3, for example. The further devices 4-1, 4-2 may be automation devices, particularly field devices. In one possible embodiment, the automation device 2 is an automation controller for actuating further devices 4-1, 4-2 via a bus, particularly a field bus 3. In addition, the automation device 2 may be a PLC controller or a field device. In the exemplary embodiment shown in FIG. 1, the automation device 2 is connected to a data network 6 via a network access switch 5. This data network 6 has an authentication server 7 and a policy enforcement server 8 connected to it. In addition, the policy enforcement server 8 may be connected to a configuration server 9 via the network 6 or directly. The automation device 2 has at least one authentication credential that the automation device can use to authenticate itself to the authentication server 7 of the automation installation 1. This authentication credential may be a device certificate Z of the automation device 2, for example. The existence of current device-specific operator data from the installation operator of the automation installation 1 for an automation device 2 prompts these current device-specific operator data to be linked to the authentication credential of the automation device 2. In one possible embodiment, this linking of the current device-specific operator data to the authentication credential can be effected by the policy enforcement server 8 (see FIG. 1) of the automation installation 1. The policy enforcement server 8 links the current device-specific operator data as soon as the policy enforcement server 8 is notified of successful authentication of the automation device 5 to the authentication server 7 of the automation installation 1. In one possible embodiment, the policy enforcement server 8 obtains the current device-specific operator data from the configuration server 9. ]
Regarding claim 8,  Fischer teaches wherein the first local registration service reads out the information stored in the software inventory to check, during authentication of at least one of (i) the devices and (ii) the applications, which operating certificate is assignable to at least one of (a) respective device and (ii) a respective application; and wherein at least one of (i) the devices and (ii) the applications are authenticated based on operating certificates.  [0033] As can be seen from FIG. 1, an automation installation 1 in the illustrated exemplary embodiment has at least one automation device 2 that can be connected to further devices 4-1, 4-2 via a field bus 3, for example. The further devices 4-1, 4-2 may be automation devices, particularly field devices. In one possible embodiment, the automation device 2 is an automation controller for actuating further devices 4-1, 4-2 via a bus, particularly a field bus 3. In addition, the automation device 2 may be a PLC controller or a field device. In the exemplary embodiment shown in FIG. 1, the automation device 2 is connected to a data network 6 via a network access switch 5. This data network 6 has an authentication server 7 and a policy enforcement server 8 connected to it. In addition, the policy enforcement server 8 may be connected to a configuration server 9 via the network 6 or directly. The automation device 2 has at least one authentication credential that the automation device can use to authenticate itself to the authentication server 7 of the automation installation 1. This authentication credential may be a device certificate Z of the automation device 2, for example. The existence of current device-specific operator data from the installation operator of the automation installation 1 for an automation device 2 prompts these current device-specific operator data to be linked to the authentication credential of the automation device 2. In one possible embodiment, this linking of the current device-specific operator data to the authentication credential can be effected by the policy enforcement server 8 (see FIG. 1) of the automation installation 1. The policy enforcement server 8 links the current device-specific operator data as soon as the policy enforcement server 8 is notified of successful authentication of the automation device 5 to the authentication server 7 of the automation installation 1. In one possible embodiment, the policy enforcement server 8 obtains the current device-specific operator data from the configuration server 9. ]
Regarding claim 11, the claim is interpreted to be same as claim 1 and rejected for the same reasons as set forth for claim 1.
Regarding claim 13, Fischer teaches wherein the software inventory is integrated in the process data archive. [0039] In one possible embodiment, the operator data are coded directly into a certificate Z, particularly a device certificate. Here, the size of the certificate can grow, which means that the necessary memory for this needs to be available. In a further possible embodiment, the certificate Z has a device-specific or series-specific serial number that provides sufficient information together with the issuer and the serial number of the certificate Z, so that a server can request the possible operator data or configuration data from the operator of the automation installation 1. In a further embodiment, the certificate Z contains a link to a web page of the installation operator that may store possible device-specific operator data or configuration data in the form of a device configuration database. In a further embodiment, the operator data provided by the operator are digitally signed to protect the integrity of these data, so that they can be used for automation in the planning of installations. In one possible embodiment, the device-specific operator data are written to an attribute certificate for a device certificate of the automation device 2. In one embodiment, it is possible to use the logotype extension in order to code devices or series-specific information as a 1D or 2D barcode. When an attribute certificate is used, a change requires only the attribute certificate to be renewed, this resulting in simplified handling, because no secret cryptographic keys need to be translated in this case. The request for the operator data from a configuration database of the configuration server 9 is made online in one possible embodiment.] 
Regarding claim 14, Fischerr teaches at least one operator system.  [0033] As can be seen from FIG. 1, an automation installation 1 in the illustrated exemplary embodiment has at least one automation device 2 that can be connected to further devices 4-1, 4-2 via a field bus 3, for example. The further devices 4-1, 4-2 may be automation devices, particularly field devices. In one possible embodiment, the automation device 2 is an automation controller for actuating further devices 4-1, 4-2 via a bus, particularly a field bus 3. In addition, the automation device 2 may be a PLC controller or a field device. In the exemplary embodiment shown in FIG. 1, the automation device 2 is connected to a data network 6 via a network access switch 5. This data network 6 has an authentication server 7 and a policy enforcement server 8 connected to it. In addition, the policy enforcement server 8 may be connected to a configuration server 9 via the network 6 or directly. The automation device 2 has at least one authentication credential that the automation device can use to authenticate itself to the authentication server 7 of the automation installation 1. This authentication credential may be a device certificate Z of the automation device 2, for example. The existence of current device-specific operator data from the installation operator of the automation installation 1 for an automation device 2 prompts these current device-specific operator data to be linked to the authentication credential of the automation device 2. In one possible embodiment, this linking of the current device-specific operator data to the authentication credential can be effected by the policy enforcement server 8 (see FIG. 1) of the automation installation 1. The policy enforcement server 8 links the current device-specific operator data as soon as the policy enforcement server 8 is notified of successful authentication of the automation device 5 to the authentication server 7 of the automation installation 1. In one possible embodiment, the policy enforcement server 8 obtains the current device-specific operator data from the configuration server 9. ]
Regarding claim 16, Fischerr teaches at least one operator system.  [0033] As can be seen from FIG. 1, an automation installation 1 in the illustrated exemplary embodiment has at least one automation device 2 that can be connected to further devices 4-1, 4-2 via a field bus 3, for example. The further devices 4-1, 4-2 may be automation devices, particularly field devices. In one possible embodiment, the automation device 2 is an automation controller for actuating further devices 4-1, 4-2 via a bus, particularly a field bus 3. In addition, the automation device 2 may be a PLC controller or a field device. In the exemplary embodiment shown in FIG. 1, the automation device 2 is connected to a data network 6 via a network access switch 5. This data network 6 has an authentication server 7 and a policy enforcement server 8 connected to it. In addition, the policy enforcement server 8 may be connected to a configuration server 9 via the network 6 or directly. The automation device 2 has at least one authentication credential that the automation device can use to authenticate itself to the authentication server 7 of the automation installation 1. This authentication credential may be a device certificate Z of the automation device 2, for example. The existence of current device-specific operator data from the installation operator of the automation installation 1 for an automation device 2 prompts these current device-specific operator data to be linked to the authentication credential of the automation device 2. In one possible embodiment, this linking of the current device-specific operator data to the authentication credential can be effected by the policy enforcement server 8 (see FIG. 1) of the automation installation 1. The policy enforcement server 8 links the current device-specific operator data as soon as the policy enforcement server 8 is notified of successful authentication of the automation device 5 to the authentication server 7 of the automation installation 1. In one possible embodiment, the policy enforcement server 8 obtains the current device-specific operator data from the configuration server 9. ]
Regarding claim 17, although Fischer, Aul and Brown   teach authentication he does not teach explicitly, however, Bugrov teaches wherein the industrial plant is operated by the control system [0029] Referring now to FIG. 1, an example of an implementation of an industrial control system 100 is shown. As described above, an industrial control system may include multiple interconnected industrial devices. As also described above, industrial devices may include devices used to control, monitor, and coordinate operation of an industrial system, industrial facility, industrial process, industrial device, industrial machine, and the like. Industrial devices include "intelligent" (i.e., processor-based) control or monitoring devices that are configured to receive input from industrial devices (e.g., sensors) and issue commands to other industrial devices (e.g., industrial equipment). Industrial devices include devices that only provide output (e.g., some types of sensors), devices that only receive input (e.g., some types of industrial equipment), and devices that both receive input and provide output (e.g., I/O devices such as intelligent control devices). Industrial devices also include specially-configured computing devices having control software or monitoring software and computing devices that are otherwise configured with instructions for controlling or monitoring other industrial devices in the industrial control system. Industrial devices also include data collection devices and data storage devices. An industrial device may also include one or more industrial devices as sub-components.]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Fischer, Aull and Brown with the disclosure of Bugrov. The motivation or suggestion would have been to implement a system that will provide improvements to authenticating and authorizing interconnected devices in industrial control systems. (para 0001-0006, Bugrov)  
Regarding claim 18, although Fischer and Aull  and Brown  teach authentication they do not teach explicitly, however, Bugrov teaches wherein the industrial plant is operated by the control system [0029] Referring now to FIG. 1, an example of an implementation of an industrial control system 100 is shown. As described above, an industrial control system may include multiple interconnected industrial devices. As also described above, industrial devices may include devices used to control, monitor, and coordinate operation of an industrial system, industrial facility, industrial process, industrial device, industrial machine, and the like. Industrial devices include "intelligent" (i.e., processor-based) control or monitoring devices that are configured to receive input from industrial devices (e.g., sensors) and issue commands to other industrial devices (e.g., industrial equipment). Industrial devices include devices that only provide output (e.g., some types of sensors), devices that only receive input (e.g., some types of industrial equipment), and devices that both receive input and provide output (e.g., I/O devices such as intelligent control devices). Industrial devices also include specially-configured computing devices having control software or monitoring software and computing devices that are otherwise configured with instructions for controlling or monitoring other industrial devices in the industrial control system. Industrial devices also include data collection devices and data storage devices. An industrial device may also include one or more industrial devices as sub-components.]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Fischer, Aull and Brownwith the disclosure of Bugrov. The motivation or suggestion would have been to implement a system that will provide improvements to authenticating and authorizing interconnected devices in industrial control systems. (para 0001-0006, Bugrov)  
Regarding claim 19, although Fischer, Aull and Brwon teach authentication they not teach explicitly, however, Bugrov teaches wherein the industrial plant is operated by the control system [0029] Referring now to FIG. 1, an example of an implementation of an industrial control system 100 is shown. As described above, an industrial control system may include multiple interconnected industrial devices. As also described above, industrial devices may include devices used to control, monitor, and coordinate operation of an industrial system, industrial facility, industrial process, industrial device, industrial machine, and the like. Industrial devices include "intelligent" (i.e., processor-based) control or monitoring devices that are configured to receive input from industrial devices (e.g., sensors) and issue commands to other industrial devices (e.g., industrial equipment). Industrial devices include devices that only provide output (e.g., some types of sensors), devices that only receive input (e.g., some types of industrial equipment), and devices that both receive input and provide output (e.g., I/O devices such as intelligent control devices). Industrial devices also include specially-configured computing devices having control software or monitoring software and computing devices that are otherwise configured with instructions for controlling or monitoring other industrial devices in the industrial control system. Industrial devices also include data collection devices and data storage devices. An industrial device may also include one or more industrial devices as sub-components.]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Fischer , Aull and Brown with the disclosure of Bugrov. The motivation or suggestion would have been to implement a system that will provide improvements to authenticating and authorizing interconnected devices in industrial control systems. (para 0001-0006, Bugrov)  
Regarding claim 20, , although Fischer, Aull and Brown teach authentication they not teach explicitly, however, Bugrov teaches wherein the industrial plant is operated by the control system [0029] Referring now to FIG. 1, an example of an implementation of an industrial control system 100 is shown. As described above, an industrial control system may include multiple interconnected industrial devices. As also described above, industrial devices may include devices used to control, monitor, and coordinate operation of an industrial system, industrial facility, industrial process, industrial device, industrial machine, and the like. Industrial devices include "intelligent" (i.e., processor-based) control or monitoring devices that are configured to receive input from industrial devices (e.g., sensors) and issue commands to other industrial devices (e.g., industrial equipment). Industrial devices include devices that only provide output (e.g., some types of sensors), devices that only receive input (e.g., some types of industrial equipment), and devices that both receive input and provide output (e.g., I/O devices such as intelligent control devices). Industrial devices also include specially-configured computing devices having control software or monitoring software and computing devices that are otherwise configured with instructions for controlling or monitoring other industrial devices in the industrial control system. Industrial devices also include data collection devices and data storage devices. An industrial device may also include one or more industrial devices as sub-components.]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Fischer, Aull and Brown with the disclosure of Bugrov. The motivation or suggestion would have been to implement a system that will provide improvements to authenticating and authorizing interconnected devices in industrial control systems. (para 0001-0006, Bugrov)  
	 
Claim 9 is rejected under 35 USC 103 as being unpatentable over Fischer in view of Bugrov, Aull, Brown and Litichever (US20150020152)
Regarding claim 9, although Fischer, Bugrov, Aull and Brown teach authentication as illustrated above in claim 1, they do not teach explicitly, however, Litichever teaches wherein the authentication of at least one of (i) the devices and (ii) the applications has a specific period of validity which is stored as device-specific information in the at least one software inventory, wherein, prior to expiration of the specific period of validity of the authentication and independently of a request by at least one of (i) the devices and (ii) the applications, the first local registration service of the control system reads out information regarding the specific  period of validity from the at least one software inventory and renews the authentication to extend the period of validity thereof.   [0201] In some embodiments, each authentication unit is configured with a list of all the authentication units in the system 101 with which authentication is required. Each authentication unit can periodically initiate an authentication process with any other authentication unit. The period after which the authentication must be renewed can be fixed or variable per authentication unit. The authentication process can involve a challenge message from one authentication unit to another. The receiving authentication unit then responds to the challenge with a response (typically encrypted). The authentication unit that has sent the challenge message verifies the response and if correct, marks that authentication unit in the list as authenticated. If the response is not correct, the challenge may be repeated one or more times, after which that authentication unit will be marked in the list as unidentified (not authenticated).
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Fischer, Bugrov, Aull and Brown with the disclosure of Litichever. The motivation or suggestion would have been to implement a system that will provide efficient techniques to keep industrial system safe from cyber-attack.(para 0001-0005, Litichever)  

Claims 10 & 21 are rejected under 35 USC 103 as being unpatentable over Fischer in view of Bugrov, Aull, Brown and Eckl (US20170093838)
Regarding claim 10 & 21,  although Fischer, Bugrov, Aull and Brown teach authentication as illustrated above in claim 1, they do not teach explicitly, however, Eckl teaches  web applications, [0015] The origin of authentication messages can be checked by determining a domain of the first Web application during the authentication or authorization, where the activation is performed only if a domain provided for this purpose has been determined.]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Fischer, Bugrov, Aull and Brown with the disclosure of Eckl. The motivation or suggestion would have been to implement a system that will provide efficient techniques to provide improved authentication to a web application.(para 0001-0010, Eckl)  

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHER A KHAN whose telephone number is (571)272-8574.  The examiner can normally be reached on M-F 8:00 am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A Shiferaw can be reached on 571-272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/SHER A KHAN/Primary Examiner, Art Unit 2497