Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of claims
This office action is in response to claims filed on 10/17/2019.
Claims 1-23 are pending and rejected; claims 1, 12 and 20 are independent claims

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 05/04/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 12-23 are rejected under 35 U.S.C. 102(a)(2) as being anticipated  by Cockerill et al. US Pub. No.: 2018/0359244 A1 (hereinafter Cockerill).


Kockerill teaches:
As to claim 12, an intelligent electronic device (IED) (see Kockerill ¶¶181 184, applications on a smart phone/mobile device (intelligent electronic device/IED)), comprising: 
an input port to receive a request from a technician to install a configuration package (Kockerill ¶¶34 45 and Fig. 12, the user input device, or mobile device [IED] [input port]); 
an authorization subsystem to: (1) authenticate a technician token (see Kockerill ¶¶142 239, the login screen [authorization subsystem] presents a credential challenge dialog [to authenticate a technician token] through a user console of the administrative server [technician] provided by the technician to validate that the technician is authorized to install the configuration package (see Kockerill ¶¶51 155 168 184 and Fig. 11, when the administrator, or technical admin, requests that a user download and install an application [installation request] to a smart phone device, using the communication to grant access [token-authenticating information] from the server depicted in figure 11 [token generating server]), and
 (2) authenticate an engineer token (see Kockerill ¶¶166 431, using the signing certificate associated with the developer [engineer token] to identify [authenticate] the signer) associated with the configuration package to validate that the configuration package was developed by an authorized entity (see Kockerill ¶¶88 156 480, evaluating authentication factors to authenticate the user or technical admin/network operator [i.e. validate the technician is authorized], to install the application on the mobile device [IED])); and 
a configuration subsystem to allow installation of the configuration package by the technician upon authentication of both the technician token and the engineer token (see Kockerill ¶¶142 239, the login screen [authorization subsystem] presents a credential challenge dialog [to authenticate a technician token] through a user console of the administrative server [technician]). 

As to claim 13, the system of claim 12, wherein the engineer token is annotated and signed along with the configuration package (see Kockerill ¶¶166 184 431 476 480, an authenticity server 1005 (i.e. token generating server) to provide a signing certificate associated with a developer [i.e. engineer token] of a version of an application [i.e. configuration package] on the mobile device (IED)), and
wherein the authorization system uses token-authenticating information received by a token generating system to further authenticate the engineer token and the configuration package (see Kockerill ¶¶ 80 114 142 155, blocking service [reject installation of the configuration package] when the security evaluation indicates a risk state fails a threshold determination [failure to authenticate] upon access by the technical admin presented with the credential dialog challenge [technician token]). 

As to claim 14, the system of claim 12, wherein the authorization system uses token-authenticating information received by a token generating system to authenticate the technician token provided by the technician (see ¶¶71-72 and Fig. 11, wherein the information used to grant access [token-authenticating information] from the server of figure 11 [token generating server] is for the application obtained from the developer server [configuration package]). 

As to claim 15, the system of claim 12, wherein at least one of the technician token and the engineer token comprises an asymmetrical token, and wherein the authorization system uses token-authenticating information for authentication that is non-reverse-engineerable (see Kockerill ¶114, determines that the client application is not installed on mobile device 149, evaluation server 150 creates a fingerprint of mobile device 149 [i.e. non-reverse-engineerable]). 

As to claim 16, the system of claim 12, wherein the configuration package further comprises a hash, and wherein the authorization subsystem is further configured to authenticate that the configuration package is unmodified (see Kockerill ¶117, an application inventory of all apps installed on the device, version numbers for the apps, and what are the hashes and unique identifiers associated with those applications). 

As to claim 17, the system of claim 12, wherein the engineer token further identifies a device type for which the configuration package is intended, and wherein the authorization subsystem is further configured to authenticate that the configuration package is intended for at least one of a device type of the IED, a unique identifier of the IED, and a firmware version of the IED (see Kockerill ¶¶164-165, authorization subsystem to authenticate the configuration package) and is intended for installation on the device (software and hardware of the IED)). 

As to claim 18, the system of claim 12, wherein the engineer token identifies software and hardware for which the configuration package is intended, and wherein the authorization subsystem is further configured to authenticate that the configuration package is intended for the software and hardware of the IED (see Kockerill ¶¶141 143, when the login credentials (technician token) are verified, the token identifies that the device (hardware for which the configuration package is intended) is healthy, and also checks the firmware version (identifies software)). 

As to claim 19, the system of claim 12, wherein the engineer token identifies a time window for installation of the configuration package(see Kockerill ¶¶237 296, determine the time of installation of the side loaded app associated with the mobile device entering the 'untrusted' state using the signing certificate (token identifies a time window), and 
wherein the authorization subsystem is further configured to prevent installation of the configuration package outside of the time window (see Kockerill ¶¶256 296, if the side-loaded application is in an untrusted state based on the time of installation, preventing installation of the application (outside of the time window). 

Kockerill teaches:
As to claim 20, a method for intelligent electronic device (IED) access control (see Kockerill ¶¶181 184, policies are defined to control or restrict [i.e., access control system] applications on a smart phone/mobile device (intelligent electronic device/IED)), comprising: 
generating an engineer token to validate that a configuration package for an IED was developed by an authorized entity (see Kockerill ¶¶476 480, determining whether the version of the application [configuration package] is signed by a developer that claims authorship [authorized entity] or rather another potentially illegitimate entity); 
generating a technician token to validate that a technician is authorized to install the configuration package on the IED (see Kockerill ¶¶88 156 480, evaluating authentication factors to authenticate the user or technical admin/network operator [i.e. validate the technician is authorized], to install the application on the mobile device [IED])); 
providing token-authenticating information to the IED to enable the IED to subsequently authenticate each of the engineer token and the technician token (see Kockerill ¶¶142 239, the login screen [authorization subsystem] presents a credential challenge dialog [to authenticate a technician token] through a user console of the administrative server [technician]); 
receiving a request by the technician to install the configuration package (see Kockerill ¶¶51 155 168 184 and Fig. 11, when the administrator, or technical admin, requests that a user download and install an application [installation request] to a smart phone device, using the communication to grant access [token-authenticating information] from the server depicted in figure 11 [token generating server]); 
receiving the technician token from the technician (see Kockerill ¶¶ 80 114 142 155, blocking service [reject installation of the configuration package] when the security evaluation indicates a risk state fails a threshold determination [failure to authenticate] upon access by the technical admin presented with the credential dialog challenge [technician token]); 
authenticating the technician token to validate that the technician is authorized to install the configuration package (see Kockerill ¶¶ 80 114 142 155, blocking service [reject installation of the configuration package] when the security evaluation indicates a risk state fails a threshold determination [failure to authenticate] upon access by the technical admin presented with the credential dialog challenge [technician token]); 
receiving the configuration package for installation on the IED, wherein the configuration package is signed by the authorized entity (see Kockerill ¶¶164 165, where the software itself is checked against a whitelist (authorization subsystem to authenticate the configuration package) and is intended for installation on the device (software and hardware of the IDE)); 
authenticating the engineer token to validate the configuration package (see Kockerill ¶¶ 80 114 142 155, blocking service [reject installation of the configuration package] when the security evaluation indicates a risk state fails a threshold determination [failure to authenticate] upon access by the technical admin presented with the credential dialog challenge [technician token]); and 
modifying at least one setting of the IED as dictated within the configuration package in response to authentication of both the technician token and the engineer token (see Kockerill ¶118, calculates a fingerprint for the device so evaluation server 150 can determine when a device is running modified firmware or other (improperly) modified software). 

As to claim 21, the method of claim 20, wherein the engineer token identifies a time window for installation of the configuration package (see Kockerill ¶¶237 296, determine the time of installation of the side loaded app associated with the mobile device entering the 'untrusted' state using the signing certificate (token identifies a time window), and 
wherein the method further comprises authenticating that a technician's request to modify at least one setting of the IED is within the specified time window (see Kockerill ¶¶256 296, if the side-loaded application is in an untrusted state based on the time of installation, preventing installation of the application (outside of the time window)). 

As to claim 22, the method of claim 20, wherein the engineer token is appended to and signed along with the configuration package (see Kockerill ¶¶166 184 431 476 480, an authenticity server 1005 (i.e. token generating server) to provide a signing certificate associated with a developer [i.e. engineer token] of a version of an application [i.e. configuration package] on the mobile device (IED)), and 
wherein the method further comprises using asymmetrical token-authenticating information to authenticate the engineer token and validate that the configuration package is unmodified (see Kockerill ¶¶166 184 431 476 480, an authenticity server 1005 (i.e. token generating server) to provide a signing certificate associated with a developer [i.e. engineer token] of a version of an application [i.e. configuration package] on the mobile device (IED)). 

As to claim 23, the method of claim 20, further comprising logging at least one of the engineer token and the technician token (see Kockerill ¶170, stored data is used in later comparisons of source identifiers for new applications being installed on a computing device. The source identifier for a new application is compared to such previously-associated source identifier/application identifier records).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-11 are rejected under 35 U.S.C. 103 as being unpatentable over Cockerill et al. US Pub. No.: 2018/0359244 A1 (hereinafter Cockerill) in view of Orsini et al. US Pub. No.: 20120166818 A1 (hereinafter Orsini).

Kockerill teaches:
As to claim 1, an access control system to restrict access to an intelligent electronic device (IED) in a power delivery system (see Kockerill ¶¶178 182, policies are defined to control or restrict [i.e., access control system] applications on a smart phone/mobile device (intelligent electronic device/IED)), comprising: 
a token generating server to: provide an engineer token to be associated with a configuration package for an IED (see Kockerill ¶¶164 182 429 474 478, an authenticity server 1005 (i.e. token generating server) to provide a signing certificate associated with a developer [i.e. engineer token] of a version of an application [i.e. configuration package] on the mobile device (IED)) validating that the configuration package was developed by an authorized entity (see Kockerill ¶¶474 480, determining whether the version of the application [configuration package] is signed by a developer that claims authorship [authorized entity] or rather another potentially illegitimate entity), and
provide a technician token to a technician (see Kockerill ¶¶142 239, a login screen presents a credential challenge dialog [i.e. to provide a technician token] through a user console of an administrative server [i.e. a technician]) to validate that the technician is authorized to install the configuration package on the IED (see Kockerill ¶¶88 156 480, evaluating authentication factors to authenticate the user or technical admin/network operator [i.e. validate the technician is authorized], to install the application on the mobile device [IED])); 
a communications network to transmit token-authenticating information from the token generating server to the IED (see Kockerill ¶¶ 34 43, and Fig. 11, authenticity or evaluation server illustrated in figure 11[i.e. token generating server] on an interconnect 221 [i.e. communications network] with the user input device, or mobile device [IED], sending information that grants access [token-authenticating information]); and 
an authorization subsystem of the IED to: (1) authenticate the technician token (see Kockerill ¶¶142 239, the login screen [authorization subsystem] presents a credential challenge dialog [to authenticate a technician token] through a user console of the administrative server [technician] in response to an installation request using the token-authenticating information from the token generating server (see Kockerill ¶¶51 155 168 184 and Fig. 11, when the administrator, or technical admin, requests that a user download and install an application [installation request] to a smart phone device, using the communication to grant access [token-authenticating information] from the server depicted in figure 11 [token generating server]), 
(2) authenticate the engineer token (see Kockerill ¶¶166 431, using the signing certificate associated with the developer [engineer token] to identify [authenticate] the signer) associated with the configuration package using the token-authenticating information from the token generating server (see ¶¶71-72 and Fig. 11, wherein the information used to grant access [token-authenticating information] from the server of figure 11 [token generating server] is for the application obtained from the developer server [configuration package]), 
(3) reject installation of the configuration package upon failure to authenticate one or both of the engineer token and the technician token (see Kockerill ¶¶ 80 114 142 155, blocking service [reject installation of the configuration package] when the security evaluation indicates a risk state fails a threshold determination [failure to authenticate] upon access by the technical admin presented with the credential dialog challenge [technician token]), and 
(4) log access and authentication results (see Kockerill ¶¶132 311 482, maintaining historical details of device activity on the dark web, usage/behavior [log access] as well as the history of usage of signatures that are known to be bad based on signer reputation [authentication results])
Kockerill does not explicitly teach but the related art Orsini discloses. 
	Wherein the IED is in a power delivery system (see Orsini ¶¶533-534, enabling smart grid resources [IED] providing secure access to the power grid [delivery system])
	Therefore it would have been obvious to one of ordinary skill in the art, at the time the invention was filed, to modify the teaching of KOCKERILL to include wherein the IED is in a power delivery system as disclosed by ORSINI, to gain the advantage of limiting access to network resources to authorized individuals for securing critical infrastructure protected using the "two man rule" (ORSINI; para [0533], (0534]))
As to claim 2, the combination of Kockerill and Orsini teaches the system of claim 1, wherein the authorization subsystem of the IED is further configured to log installation requests (see Kockerill ¶¶152 155 168 184, maintaining an extensive prior history (log) of prior downloads when the administrator, or technical admin, requests that a user download and install an application [installation requests]), authentication of engineer tokens (see Kockerill ¶482, history of usage including when the key used to sign the application is bad [authentication of engineer tokens]), and rejections (see Kockerill ¶80, and alerting the mobile device that the service is blocked (rejections)) . 

As to claim 3, the combination of Kockerill and Orsini teaches the system of claim 1, wherein the technician token identifies software and hardware for which the configuration package is intended (see Kockerill ¶¶141 143, when the login credentials (technician token) are verified, the token identifies that the device (hardware for which the configuration package is intended) is healthy, and also checks the firmware version (identifies software)), and wherein the authorization subsystem of the IED is further configured to authenticate that the configuration package is intended for the software and hardware of the IED (see Kockerill ¶¶164-165, authorization subsystem to authenticate the configuration package) and is intended for installation on the device (software and hardware of the IED)). 

As to claim 4, the combination of Kockerill and Orsini teaches the system of claim 1, further comprising an engineering system to be used by an engineer to: request the engineer token from the token generating server (see Kockerill ¶¶166 184 431 476 480, the authenticity server 1005 (token generating server) provides the signing certificate associated with a developer (system used by an engineer to request) for the version of an application on the mobile device), and 
provide token-authenticating information to the IED for subsequent authentication of the configuration package prior to installation thereof (see Kockerill ¶¶51 155 164 168 184 and Fig. 11, when the administrator, or technical admin, requests that a user download and install an application to the smart phone device, using the communication to grant access (token-authenticating information for subsequent authentication of the package) for the application intended for installation (prior to installation) . 

As to claim 5, the combination of Kockerill and Orsini teaches the system of claim 1, further comprising a technician system to be used by a technician to: request the technician token from the token generating server (see Kockerill ¶¶142 239, the login screen (technician systems) presents a credential challenge dialog (to request the technician token) through a user console of the administrative server/evaluation server (token generating server), and 
provide the token-authenticating information to the IED for subsequent authentication of the technician prior to installation of the configuration package (see Kockerill Claim 6, sending the communication to grant access (token-authenticating information to the IED) to the service for which the evaluation server evaluates authenticity (subsequent authentication/ prior to installation). 

As to claim 6, the combination of Kockerill and Orsini teaches the system of claim 5, wherein the technician system communicates with the IED via the communications network (see Kockerill ¶¶142 187, login screen (technician system) accessed using the smart phone (IED) through a network with a web server). 

As to claim 7, the combination of Kockerill and Orsini teaches the system of claim 5, further comprising a remote technician system through which the technician provides the technician token and the configuration package to the IED independent of the communications network (see Lockout ¶¶142 187, login screen accessed via the device (remote technician system) to enter the login credentials (technician token… and select the application from the marketplace (configuration package) using Google Play (independent of the communications network)) . 

As to claim 8, the combination of Kockerill and Orsini teaches the system of claim 1, wherein the token generating server is configured to sign the configuration package annotated with the engineer token (see Kockerill ¶¶166 431, the authenticity server 1005 (token generating server) provides a first signing identifier (to sign the configuration package) using the signing certificate associated with the developer (annotated with the engineer token) and 
wherein the authorization subsystem is further configured to authenticate that the configuration package is unchanged (see Kockerill ¶474, verifying that the application (configuration package) is authentic or not (to authenticate the package is unchanged). 

As to claim 9, the combination of Kockerill and Orsini teaches the system of claim 1, wherein the engineer token identifies a device type for which the configuration package is intended (see Kockerill ¶¶71 90, he signing certificate (engineer token) used to download the application (configuration package) from the marketplace according to device factors including operating system version (device type)), and 
wherein the authorization subsystem is further configured to authenticate that the configuration package is intended for at least one of a device type of the IED, a unique identifier of the IED, and a firmware version of the IED (see Kockerill ¶¶141 154, checking the firmware version of the smart phone (IED)). 

As to claim 10, the combination of Kockerill and Orsini teaches the system of claim 1, wherein the engineer token uniquely identifies the IED for which the configuration package is intended (see Kockerill ¶, 71 valuation server uses the signing certificate (engineer token) to uniquely identify the mobile device (IED for which the configuration package is intended)), and 
wherein the authorization subsystem is further configured to authenticate that the configuration package is intended for the IED (see Kockerill ¶¶164 474, verifying that the application (configuration package) is authentic and intended for installation on the device). 

As to claim 11, the combination of Kockerill and Orsini teaches the system of claim 1, wherein the engineer token identifies a time window for installation of the configuration package (see Kockerill ¶¶237 296, determine the time of installation of the side loaded app associated with the mobile device entering the 'untrusted' state using the signing certificate (token identifies a time window), and 
wherein the authorization subsystem is further configured to prevent installation of the configuration package outside of the time window (see Kockerill ¶¶256 296, if the side-loaded application is in an untrusted state based on the time of installation, preventing installation of the application (outside of the time window). 
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NEGA WOLDEMARIAM whose telephone number is (571)270-7478.  The examiner can normally be reached on Monday to Friday, 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 5712726798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/NEGA WOLDEMARIAM/               Examiner, Art Unit 2433                                                                                                                                                                                         

/JEFFREY C PWU/             Supervisory Patent Examiner, Art Unit 2433