DETAILED ACTION
The following claims are pending in this office action: 1-7
The following claims are amended: 1-7 
The following claims are new: -
The following claim is cancelled: -
Claims 1-7 are rejected. This rejection is FINAL.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 02/02/2021 has been considered.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, an initialed and dated copy of Applicant’s IDS form 1449 filed 02/02/2021 is attached to the instant Office action. 
Previous Objections Withdrawn
The 35 U.S.C. 112(b) rejections to claims 1-7 are withdrawn based on the amendments. 
RESPONSE TO ARGUMENTS
Applicant’s arguments filed in the amendment filed 02/02/2021 have been fully considered but are they are not persuasive.  The reasons are set forth below.
Applicant’s position is that the “previous and current frames” describes in Grubbs do not correspond to “a pair of the current state and the state after transition” as claimed.  Applicant explains:
The change in the output state (output pin data) has been caused by the change in input values of the logic function block 114 (i.e., the change in signals from the power generation equipment 140), and thus, does not correspond to “the state after transition” to which the power generation equipment 140 is supposed to transit when the power generation equipment 140 receives a control command for controlling the power generation equipment 140.  Thus, Grubbs does not teach or suggest “a pair of the current state and the state after transition” as claimed.  

Furthermore:

[Grubbs] teaches that the configuration may be executed if the permissive logic configurations are valid, and the configuration may be rejected if the received permissive logic configurations are not valid.  In contrast, the determination unit of claim 1 appropriately blocks even a normal (valid) control command in accordance with the pair of the current state and the state after transition which is clearly different from Grubbs in technical concept.  Thus, Grubbs does not disclose or suggest determining whether to permit or block the passage in accordance with the pair of the current state and the state after transition.  

Also: 
Fischer merely discloses determining whether to permit or block passage of the message based on whether the current state (the current pressure) falls within a normal pressure range

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

The amended claims are within the scope and content of the prior art.  The Examiner agrees that Grubbs teaches previous and current frames which corresponds a pair of the current state and the state after transition.  However, the change in the output state (output pin data) is not solely caused by the change in input values of the logic function block 114 (i.e. the change in signals from the power generation equipment 140).  Grubbs explicitly teaches at column 5, lines 42-44: “… an output pin associated with the one or more combinational blocks may be updated based at least in part on the received signals”.  Grubbs also teaches at column 3, lines 63-65L “one or more input pins associated with the combinational logic blocks may be updated based on data associated with their corresponding signal input
 “…signals associated with power generation equipment” (152, 154, 156, and 158 on Fig. 1B) 
And “…send signals that may control such equipment” (162, 164, 166, and 168 on Fig. 1B, force open, force close, failed to open alarm, and tripped alarm)
One set of inputs represent “signals associated with power generation equipment” which is the “state before transition” of the power generation equipment (see Mark* Vle Controller DCS Block Library, Issued 2008, pg. 8; and for an example of an embodiment, pg. 566).  The other set of inputs are “signals that control such equipment” which alter the first set of inputs and can cause a change in the output state (see, for an embodiment, Mark* Vle Controller DCS Block Library, Issued 2008, pg. 563).  The “signals associated with the power generation equipment” is the output after a transition of time without a control command.  Mark* Vle Controller DCS Block Library, Issued 2008, pg. 8, and for an example of an embodiment, pg. 566).  The controls set by the operator, depending on the input and outputs of the block (pair of the current and the state after transition), which are determined by the sensors (see Grubbs, col. 2, ln. 45-47), may then be executed (permitted) or rejected, blocked (see Grubbs, col. 7, ln. 24-32).  Examiner also notes that Fischer is not being used to teach determining whether to permit or block passage in accordance with the pair of the current state and the state after transition.  As the limitations of the amendments is recited by the Grubbs reference, the content of the amendments are within the scope and content of the prior art.  
In considering the prior art references as a whole, there is no substantive difference between the claim limitations at issue and the prior art.  The Applicant explains that the intrusion prevention device, a normal control command is appropriately blocked, for instance, according to the example described in Fig. 5, if the current state is fully operating, and the state after transition is fully stopping, the operation is prohibited.  Likewise, Grubbs teaches if the current valve state is not “failed to open”, and the output is monitored as “ready to open”, then the close command is acceptable from a user (see, for an embodiment, Mark* Vle Controller DCS Block Library, Issued 2008, pg. 570) and the code may be 
A person of ordinary skill in the in the pertinent art would have been able to use the Grubbs reference.  If the only facts of record pertaining to the level of skill in the art are found within the prior art of record, the court has held that an invention may be held to have been obvious without a specific finding of a particular level of skill where the prior art itself reflects an appropriate level. Chore-Time Equipment, Inc. v. Cumberland Corp., 713 F.2d 774, 218 USPQ 673 (Fed. Cir. 1983). See also Okajima v. Bourdeau, 261 F.3d 1350, 1355, 59 USPQ2d 1795, 1797 (Fed. Cir. 2001). At the time of filing, it would have been obvious to use Grubbs to satisfy the limitation of determining whether to permit or block the passage in accordance with the pair of the current state and the state after transition.  The invention, as claimed, would be within the level of ordinary skill in the art.  
The Applicant has not provided any objective indicia of nonobviousness in the record to be considered, and it is assumed that there are no secondary considerations supporting nonobviousness.
In conclusion, the Applicant’s arguments are not persuasive.  The Graham factors, as analyzed above, support a finding that the claims are within the metes and bounds possessed by the public.  

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2 and 4-7 are rejected under 35 U.S.C. 103 as being unpatentable over Grubbs et al., (US 9684347) (hereinafter “Grubbs”) in view of Fischer et al., (WIPO Pub. 2016/154036) (hereinafter “Fischer”), and further in view of Katsumata (US Pub. 2013/0290763) (hereinafter “Katsumata”)
As per claim 1, Grubbs teaches a processor configured to ([Grubs, col. 1, ln. 46-51] at least one processor is used execute the methods described)
Receive, from a control target device, a notification indicating a state of the control target device; ([Grubs, col. 5, ln. 50-55; and col. 7, 41-48] the data collection module, or the processor, receives from a power generation unit, or a target device, signals associated with input pins. The input pins indicate the output state of the power generation unit, and thus constitute a notification indicating a state of the control target device)
specify a current state of the control target device based on the notification received, and specify a state after transition that is made in a case in which the control target device receives the control command; and ([Grubbs, col. 6, ln. 5-11] the data upload module, the processor, may convert the system data to representations of input and output pins, which respectively represent the current state of the target device and the state after transition made by receiving the control command)
determine whether to permit or block passage of the control command received in accordance with a pair of the current state and the state after transition specified. ([Grubbs, col. 5, ln. 28-34; col. 7, ln. 23-32; col. 5, ln. 50-66] the logic execution module, or the processor, permits or blocks passage in accordance the state of the target device, i.e. as in a state machine.  The permissive logic configurations, or control commands, received by the logic builder block and are verified by the logic execution module.  The logic execution module determines whether or not to execute permissive logic instructions based on received signals, including the input and output data [a pair of the current state and the state after transition] from the data collection module [received in accordance with], to control the solenoid operated valve, another example of a control target device) 

However, Fischer teaches receive a control command transmitted from a control device to the control target device; ([Fischer, para. 0050] the data guard device, receives a report pressure message, or control command, that is sent from the external control terminal, or control device, to the control target device, or SCADA device.)
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the elements disclosed by Grubbs to include the additional element, receive a control command transmitted from a control device to the control target device.  One of ordinary skill in the art would have been motivated to make this modification as a monitoring device can assist to validate the integrity of all data commands sent to the target device and provide data security protection (Fischer, para. 0006).  
Alternatively, Katsumata teaches determine whether to permit or block passage of the control command received in accordance with a pair of the current state and the state after transition specified ([Katsumata, para. 0149] initially, the device receives a power-on request for the server blade.  [Para. 0161, Fig. 10, Step 19] The startup control unit determines, in accordance with a current state, the state information of whether the start-up processing unit of the server blade is in state 3 [the current state] where start-up processing is being performed.  [Para. 0168-0170, Fig. 11, Step. 25] the determination is also made in according to the maximum allowable power and whether it is possible to supply power from the power module to the server blade if the sever blade were to transition to state 4 [the state after transition] [see para. 0102].  [Para. 0191] the start-up control unit of the blade management unit determines whether to permit the server blade to transition to be completely started based on collected information [the current state, and the state after transition])
determine whether to permit or block passage of the control command received in accordance with a pair of the current state and the state after transition specified.  One of ordinary skill in the art would have been motivated to make this modification as such a system would allow the server blade to be reliably started in a state where reliability of the whole blade server system is maintained (Katsumata, para. 0003).  

As per claim 2, Grubbs, in view of Fischer teaches claim 1.  
Grubbs also teaches a memory that stores therein a table in which processing content indicating whether to permit or block passage of the control command is specified for each pair of the current state of the control target device and the state after transition made by receiving the control command; ([Grubbs, col. 6, ln. 5-6; col. 5, ln. 50-67; col. 7, ln. 36-38; col. 7, ln. 41-42] the storage unit is a database table that receives system data, or processing content.  The logic execution module, permits or prohibits progression of a control command based on system data.  System data, or the processing content, pairs the output state of the generation unit vis-à-vis the input pin data, or the current state of the control target device, with the state of the generation unit after receiving the permissive logic configurations vis-à-vis the output pin data associated with a logic function block, or a state after transition made by receiving the control command)
the processor is configured to acquire, from the table stored in the memory, the processing content corresponding to the pair of the current state and the state after transition specified, and determine whether to permit or block passage of the control command in accordance with the processing content. ([Grubbs, col. 5, ln. 28-34; col. 5, ln. 64 – col. 6, ln. 2] the logic execution module [the processor], acquires from the database table system data [the memory], or processing content, input and output pin data [pair of the current state and the state after transition], specified by the data upload and determines whether to permit or prohibit progression of execution of the permissive logic instructions, or control command, in accordance with the system data)
Alternatively, Katsumata teaches a memory that stores therein a table in which processing content indicating whether to permit or block passage of the control command is specified for each pair of the current state of the control target device and the state after transition made by receiving the control command; ([Katsumata, para. 0149] initially, the device receives a power-on request for the server blade.  [Para. 0161, Fig. 10, Step 19] The startup control unit determines, in accordance with a current state, the state information of whether the start-up processing unit of the server blade [control target device] is in state 3 [the current state] where start-up processing is being performed.  [Para. 0168-0170, Fig. 11, Step. 25] the determination is also made in according to the maximum allowable power and whether it is possible to supply power from the power module to the server blade if the sever blade were to transition to state 4 [the state after transition] [see para. 0102].  [Para. 0191] the start-up control unit of the blade management unit determines whether to permit the server blade to transition to be completely started based on collected information [the current state, and the state after transition].  [Para. 0111-0112, Fig. 7] state information for each of the server blades is stored on a table in memory [see para. 0100])
At the time of filing it would have been obvious to one of ordinary skill in the art to combine the teachings of Grubbs and Katsumata for the same reasons as disclosed above.

As per claim 4, Grubbs, in view of Fischer teaches claim 1.  
Grubbs also teaches wherein the processor configured to determine whether to permit or block passage of the control command received in accordance with the pair of the current state and the state after transition of the control target device, ([Grubbs, col. 5, ln. 28-34; col. 7, ln. 23-32; col. 5, ln. 50-66] the logic execution module, or the processor, permits or blocks passage in accordance the state of the target device, i.e. as in a state machine.  The permissive logic configurations, or control commands, received by the logic builder block and are verified by the logic execution module.  The logic execution module determines whether or not to execute permissive logic instructions based on received signals, including the input and output data [a pair of the current state and the state after transition] from the data collection module [received in accordance with], to control the solenoid operated valve, another example of a control target device)
transmit the control command to the control target device when determining to permit the passage, and ([Grubbs, Fig. 4; col. 7, ln. 24-28;  col. 3, ln. 6-7) if the permissive logic configurations, or control command, is valid, they are compiled and may be executed to control the power generation equipment, or the control target device) 
discard the control command when determining to block the passage. ([Grubbs, Fig. 4; col. 7, ln. 28-31; col. 3, ln. 6-7) if the received permissive logic configurations, or control command, is not valid then the configurations may be rejected or discarded to block passage)
Alternatively, Katsumata teaches wherein the processor configured to determine whether to permit or block passage of the control command received in accordance with the pair of the current state and the state after transition of the control target device ([Katsumata, para. 0149] initially, the device receives a power-on request for the server blade.  [Para. 0161, Fig. 10, Step 19] The startup control unit determines, in accordance with a current state, the state information of whether the start-up processing unit of the server blade [control target device] is in state 3 [the current state] where start-up processing is being performed.  [Para. 0168-0170, Fig. 11, Step. 25] the determination is also made in according to the maximum allowable power and whether it is possible to supply power from the power module to the server blade if the sever blade were to transition to state 4 [the state after transition] [see para. 0102].  [Para. 0191] the start-up control unit of the blade management unit determines whether to permit the server blade to transition to be completely started based on collected information [the current state, and the state after transition])
At the time of filing it would have been obvious to one of ordinary skill in the art to combine the teachings of Grubbs and Katsumata for the same reasons as disclosed above.

As per claim 5, Grubbs, in view of Fischer teaches claim 1.  
Grubbs also teaches the processor is configured to
receive, from a network device, the control command transmitted from the control device to the control target device, and ([Grubbs, col. 5, ln. 1-3; Fig. 2) the control device may include Ethernet drivers, or a network device, that allow it to communicate with other devices on the network, including the logic builder block)
determine whether to permit or block passage of the control command received in accordance with the pair of the current state and the state after transition of the control target device, ([Grubbs, col. 5, ln. 28-34; col. 7, ln. 23-32; col. 5, ln. 50-66] the logic execution module, or the processor, permits or blocks passage in accordance the state of the target device, i.e. as in a state machine.  The permissive logic configurations, or control commands, received by the logic builder block and are verified by the logic execution module.  The logic execution module determines whether or not to execute permissive logic instructions based on received signals, including the input and output data [a pair of the current state and the state after transition] from the data collection module [received in accordance with], to control the solenoid operated valve, another example of a control target device.  Based on the determination of the logic execution module, the control device by the network device then executes or discards the control commands)
instruct the network device to transmit the control command to the control target device when determining to permit the passage, and ([Grubbs, Fig. 4; col. 7, ln. 24-28;  col. 3, ln. 6-7) if the permissive logic configurations, or control command, is valid, they are compiled sent to the control device for execution vis-à-vis the Ethernet drivers to control the power generation equipment)
instruct the network device to discard the control command when determining to block the passage.  ([Grubbs, Fig. 4; Grubbs, col. 7, ln. 28-31; col. 3, ln. 6-7) if the received permissive logic configurations, or control command from the control device, is not valid then the configurations may still be compiled.  However, the control device vis-à-vis the Ethernet drivers, may not execute the object code, effectively discarding the control command and blocking passage)
Alternatively, Katsumata teaches determine whether to permit or block passage of the control command received in accordance with the pair of the current state and the state after transition of the control target device, ([Katsumata, para. 0149] initially, the device receives a power-on request for the server blade.  [Para. 0161, Fig. 10, Step 19] The startup control unit determines, in accordance with a current state, the state information of whether the start-up processing unit of the server blade [control target device] is in state 3 [the current state] where start-up processing is being performed.  [Para. 0168-0170, Fig. 11, Step. 25] the determination is also made in according to the maximum allowable power and whether it is possible to supply power from the power module to the server blade if the sever blade were to transition to state 4 [the state after transition] [see para. 0102].  [Para. 0191] the start-up control unit of the blade management unit determines whether to permit the server blade to transition to be completely started based on collected information [the current state, and the state after transition])
At the time of filing it would have been obvious to one of ordinary skill in the art to combine the teachings of Grubbs and Katsumata for the same reasons as disclosed above.

As per claims 6-7, these claims recite a method and a non-transitory computer-readable recording medium containing a program that, when executed by a computer, comprise steps performed by the .    

Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Grubbs, Fischer and Katsumata as applied to claim 2 above and in further view of Nobre Escravana et al., (EPO Pub. EP2911362A2) (hereinafter “Nobre”).  
As per claim 2, Grubbs, in view of Fischer teaches claim 2.
Grubbs also teaches the processor configured to acquire, from the table stored in the memory, the processing content corresponding to the pair of the current state and the state after transition specified, and ([Grubbs, col. 6, ln. 5-11; col. 5, ln. 28-34; col. 5, ln. 64 – col. 6, ln. 2] a database table, or the storage unit, contains system data, or processing content. The system data is converted by the data upload module, by an intermediary system, to input and output pin values unit, or current state and the state after transition.  The logic execution module [the processor] acquires system data to configure a control device.  )
in accordance with the processing content, determine whether to permit or block passage of the control command received [and notifies an external device of the anomaly].  ([col. 5, ln. 28-34; Grubbs, col. 5, ln. 64 – col. 6, ln. 2] the logic execution module receives the system data to determine whether or not to allow the control device to control the power generation equipment.  Notifying an external device of an anomaly will be taught later).  
Grubbs does not teach wherein in the table, whether to notify an external device of an anomaly is specified as the processing content.
However, Nobre teaches in the table, whether to notify an external device of an anomaly is specified as the processing content; ([Nobre, para. 0048-0056] the database, or table storage is used to store information regarding alerts to be displayed, or processing content.  The process verification module, uses the processing content to determine if an action corresponds to a valid process state and if an alarm should be displayed.  If the action does not correspond to a valid process state, an alarm/notification is generated to the operator console, or the external device)
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the elements disclosed by Grubbs to include the additional element of in the table, whether to notify an external device of an anomaly is specified as the processing content.  One of ordinary skill in the art would have been motivated to make this modification because the modification of adding an alarm would enable a human operator to detect attacks targeted at the control target device (Nobre, para. 0057).  
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHE LIU whose telephone number is (571) 272-3634.  The examiner can normally be reached on Monday - Friday: 8:30 AM to 5:30 PM.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000.

/Z.L./Examiner, Art Unit 2493                                                                                                                                                                                                        
/CARL G COLIN/Supervisory Patent Examiner, Art Unit 2493