DETAILED ACTION

Claims 1-12 are presented for examination.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 07/26/2019 and 10/16/2020 has/have filed in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

	Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-12 are rejected under 35 U.S.C. 103 as being unpatentable over Malluru et al. (US Patent Application No. 20200028696) (Hereinafter Malluru) in view of Smith et al. (US Patent Application No. 2018004953) (Hereinafter Smith).

As per claim 1, Malluru discloses a method for initializing a server formed as an operator station server in a technical installation including at least one server comprising an engineering station server and at least one certification authority for issuing certificates, the method comprising: 
a) establishing a connection from the engineering station server (204-1, fig 2) to the operator station server (fig 2, para 42, 204-1 and 204-2 are connected via network); 
b) installing a trust chain valid for the engineering station server on the operator station server (fig 2, para 44, 230-2, trust chain of CA); 
c) installing a trust chain valid for the operator station server (204-1, fig 2)  on the engineering station server (fig 2, para 44, 230-4, trust chain of CA); 

e) transmitting the validation certificate of the operator station server to the engineering station server to permit validation of the operator station server by the engineering station server via the previously installed corresponding trust chain (fig 2, para 29, 44, 230-2, signed CA information, must be transmitted, please see para 3, downloading signed certification authority (CA) information); and
 f) transmitting configuration information from the engineering station server to a certification service implemented on the operator station server, (fig 2, para 29, 44, 230-2, signed CA information, must be transmitted, please see para 3, The BIOS may also, when the first root CA chain from the first server is authenticated, establish a first secure encrypted transport layer security (TLS) session with the first server based on one or more certificates of the first root CA chain from the first server.). Malluru does not disclose the configuration information depending on a role of the operator station server in the technical installation and comprising information identifying which certificates of the certification service of the operator station server must be requested from the certification authority of the technical installation. However, Smith discloses the configuration information depending on a role of the operator station server in the technical installation and comprising information identifying which certificates of the certification service of the operator station server must be requested from the certification authority of the technical installation (fig 9, para, 60, 63, “The directory 

As per claim 2, claim is rejected for the same reasons as claim 1, above. In addition, Smith discloses wherein at least one registration service of the technical installation is interposed between the certification service of the operator station server and the certification authority and, in place of the certification service of the operator station server, which requests required certificates from the certification authority of the technical installation (fig 9, para 33, “an industrial control system controller that utilizes public key infrastructure services to issue and manage certificates for code signing 
of software and firmware on components of the industrial control system”, please also see para 60-63, operators and administrators may have different privileges on the ICS components). 

As per claim 3, claim is rejected for the same reasons as claim 2, above. In addition, Smith discloses wherein the configuration information transmitted from the engineering station server to a certification service implemented on the operator station server comprises information indicating from which registration service of the technical installation the certificates must be requested (910, fig 9, para 60, certificate authority). 

As per claim 4, claim is rejected for the same reasons as claim 1, above. In addition, Smith discloses wherein said configuration information depends on a role of the operator station server in the technical installation and comprises information identifying which certificates the certification service of the operator station server must again remove (para 75, removing the storage device from a system and installing and accessing) from the operator station server (fig 9, para 33, “an industrial control system controller that utilizes public key infrastructure services to issue and manage certificates for code signing of software and firmware on components of the industrial control system”, please also see para 60-63, operators and administrators may have different privileges on the ICS components). 

As per claim 5, claim is rejected for the same reasons as claim 2, above. In addition, Smith discloses wherein the configuration information transmitted to the certification service implemented on the operator station server is also transmitted by the engineering station server to the at least one registration service of the technical installation (fig 9, para 33, “an industrial control system controller that utilizes public key infrastructure services to issue and manage certificates for code signing of software and firmware on components of the industrial control system”, please also see para 60-63, operators and administrators may have different privileges on the ICS components). 

As per claim 6, claim is rejected for the same reasons as claim 3, above. In addition, Smith discloses wherein the configuration information transmitted to the 
own computing systems”). 

As per claim 7, claim is rejected for the same reasons as claim 4, above. In addition, Smith discloses wherein the configuration information transmitted to the certification service implemented on the operator station server is also transmitted by the engineering station server to the at least one registration service of the technical installation (fig 9, para 63, “an industrial control system controller that utilizes public key infrastructure services to issue and manage certificates for code signing of software and firmware on components of the industrial control system”, please also see para 62, certificate and registration authority services). 

As per claim 8, claim is rejected for the same reasons as claim 5, above. In addition, Smith discloses wherein an additional operator station server establishes a connection to the at least one registration service (para 62, certificate and registration authority services ) such that the additional operator station server becomes integrated into the technical installation; wherein the registration service (para 62, certificate and registration authority services), requests the required certificates from the certification authority of the technical installation in place of a certification service of the additional operator station server (fig 9, para 33, “an industrial control system controller that utilizes public key infrastructure services to issue and manage certificates for code 

As per claim 9, claim is rejected for the same reasons as claim 1, above. In addition, Smith discloses wherein the technical installation is a production or process installation (para 75, installing and accessing the information) . 

As per claim 11, claim is rejected for the same reasons as claim 7, above. In addition, Smith discloses A technical installation, in particular production or process installation, comprising: at least one engineering station server; at least one operator station server; and at least one certification authority, wherein the operator station server is configured as claimed in claim 7 (fig 9, para 60- 62, “in order for a device to function in a distributed ICS, various networking security services may support the deployment of a hardened ICS controller in the overall ICS”; certificate and registration authority services). 

As per claim 12, claim is rejected for the same reasons as claim 11, above. In addition, Smith discloses wherein the technical installation is a production or process installation (fig 9, para 60- 62, “in order for a device to function in a distributed ICS, various networking security services may support the deployment of a hardened ICS controller in the overall ICS”; certificate and registration authority services).

As per claim 10, Malluru discloses an operator station server of a technical installation upon which a certification service is implemented (fig 2, para 42, 204-1), wherein the operator station is configured to receive configuration information (fig 2, para 42); 
wherein the configuration information comprises information identifying which certificates of the certification service of the operator station server must be requested from a certification authority of the technical installation (para 41-44, “The management of the CA certificates is managed in the back-end server systems in a centralized manner instead of by each of the distributed client systems”). Malluru does not explicitly disclose which depends on a role of the operator station server in the technical installation, from at least one of (i) an engineering station server and (ii) a registration service of the technical installation. However, Smith discloses which depends on a role of the operator station server in the technical installation, from at least one of (i) an engineering station server(fig 9, para, 60, 63, “The directory services provide centralized management and administration of users and devices as well as respective roles and responsibilities in the ICS”, broadly reads on configuration management) and (ii) a registration service of the technical installation  (para 60- 62, “in order for a device to function in a distributed ICS, various networking security services may support the deployment of a hardened ICS controller in the overall ICS”; certificate and registration authority services). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Malluru and Smith. The motivation would have been to build the network that provide endpoint security solutions (both hardware and software based). 


Conclusion

Please see the attached PTO-892 for the prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD A SIDDIQI whose telephone number is (571)272-3976.  The examiner can normally be reached on Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl G Colin can be reached on 571-272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.