Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
Applicant’s amendment filed 9/17/2021 has been entered.  Claims 11, 12 and 18 were amended.  Claim 20 was cancelled.  Applicant’s claim amendments have overcome the claim objection and 112b rejections in the Non-Final Office Action mailed 6/7/2021.
Claims 11-19 and 21 are presented for examination.

Response to Arguments
Applicant's arguments filed 9/17/2021 have been fully considered but they are not persuasive.
On page 6, Applicant argues with respect to claim 11 that Brandt does not teach “ascertaining at least one shared safety function that is activatable in each of the communication interfaces”.  On the top of page 7, Applicant argues that Brandt does not teach ascertaining/determining a safety function that is common to all devices in the process automation network. Examiner respectfully disagrees.  
The limitation “activatable safety function” is reasonably interpreted as manipulating transmitted information1.  Brandt teaches a security analysis method that includes policies.  Brandt teaches a system wide policy which satisfies the limitation “at least one shared safety function that is activatable in each of the communication interfaces”.  As an example, Brandt teaches a network load applied system wide and/or to a device or subset of devices.  [0062] Other policies include load-based policies, whereby network requests that are responded to are regulated in accordance with a specified amount of desired network traffic (e.g., regulated according to requests/hour). … the security analyzer can generate a load-based policy based on a relatively low amount of desired network traffic. Other policies may be related to the type of requests (e.g., all requests to write data to the PLC are to be denied, outside devices cannot update analog module configuration data, communications module to provide status data only, etc.). In general, substantially any policy that defines, regulates, and/or limits network activities in view of security considerations can be employed with the disclosed subject matter.)
On page 7, second paragraph, Applicant argues that Brandt’s checksums in section [0092] are not security features.  Checksums were disclosed in the specifications (page 2, lines 19-22)2 as the protection goal, integrity, which is unauthorized modification of the data.  Brandt teaches the same usage of checksums (Brandt, [0092] The Security Analysis Tool can also reference the recorded checksums during security monitoring to determine whether an attempt has been made to alter a device's configuration.))
For these reasons above and the mappings below, Brandt and Jin fully teach independent claims 11 and 18.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 11, 12, 13, 15, 16, 17, 18, 19 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Brandt (2016/0330222) in view of Jin (2009/0271709).

Regarding claim 11, Brandt teaches 
a method for preventing impermissible access to software applications implemented in field devices, wherein the field devices are integrated in a communication network of automation technology and wherein each software application exchanges information within the communication network via at least one communication interface, the method comprising: (Brandt, [0050] Referring now to FIG. 2, a system 200 illustrates various automation security tools in accordance with an aspect of the disclosed subject matter. One or more automation assets 220 communicate and cooperate with various network devices 224 across a network 230. … The network 230 includes public networks such as the Internet, Intranets, and automation networks such as Control and Information Protocol (CIP) networks, including DeviceNet and ControlNet. Other networks 230 include Ethernet, DH/DH+, Remote I/O, Fieldbus, Modbus, Profibus, wireless networks, serial protocols, and so forth. In addition to the automation assets 220, the network devices 224 include various possibilities (hardware and/or software components).)
registering currently activated, safety- and/or functional characteristic based, safety functions of each of the communication interfaces of the software applications; (Brandt, [0038] The validation 
registering all activatable safety functions of each communication interface; (Brandt, [0092] In addition to monitoring communication-related activity for the controller 1220 and devices 1218 and 1216, one or more embodiments of the learning component 1206 can also retrieve and record inherent or static information associated with the respective devices, such as MAC addresses, IP addresses, checksums, etc. For example, the Security Analysis Tool can reference recorded MAC address and IP address data during subsequent security monitoring of the automation system to determine if, for example, an entity is attempting to hijack a device identity by asserting an identical IP address as an existing network device or controller (e.g., the entity is claiming an unauthorized association between a MAC address and the IP address). The Security Analysis Tool can also reference the recorded checksums during security monitoring to determine whether an attempt has been made to alter a device's configuration.)
when at least one activatable safety function is present, (Brandt [0061] At 530, policy data can be provided. The policy can be general and/or specific, applied system wide and/or to a device or subset of devices.)  
ascertaining at least one shared safety function, that is activatable in each of the communication interfaces; (Brandt, [0055] The Security Analysis Method noted above, and security analyzer 400, can also be modeled on a risk-based/cost-based approach, if desired. A suitable level of protection can be determined to facilitate integrity, privacy, and/or availability of assets based on risk and/or cost. For example, the strength of recommended security parameters, policies, and procedures can be increased if lower security risks are desired, even though such measures are associated with higher implementation costs and/or maintenance costs.)
displaying the (Brandt, [0053] The GUI 330 includes a display 334 having one or more display objects (not shown) including such aspects as configurable icons, buttons, sliders, input boxes, selection options, menus, tabs and so forth having multiple configurable dimensions, shapes, colors, text, data and sounds to facilitate operations with the security analysis tool 300.) at least one shared safety function and selecting at least one displayed, shared safety function; and (Brandt, [0059] As can be appreciated, a plurality of such recommendations can be provided. In one or more embodiments, each recommendation can include an indication of a relative implementation cost associated therewith
[0060] At 520, configuration data can be provided. This type of data can include settings or parameters for adapting network components with suitable security measures (e.g., communications module word three should be set to value 03AA Hex for extended security checking, set dip switch two on gateway to cause authentication and authorization procedures with outside network devices, install virus detection software on network server . . . ). In another aspect, the configuration data can be sent or deployed to devices via the schema 500 and loaded to cause automatic configurations. At 524, an applications procedure element can be provided having associated procedure data. Such data can include the types of security applications to load, any security adjustments or settings relating to the applications, application status information to verify, and procedures for correctly operating respective security applications to mitigate potential attacks or threats. )
reconfiguring each of the communication interfaces, and replacing currently set safety functions by the at least one selected, shared safety function; and (Brandt, [0060] In another aspect, the configuration data can be sent or deployed to devices via the schema 500 and loaded to cause automatic configurations. At 524, an applications procedure element can be provided having associated procedure data. Such data can include the types of security applications to load, any security adjustments or settings relating to the applications, application status information to verify, and procedures for correctly operating respective security applications to mitigate potential attacks or the security analyzer can generate a load-based policy based on a relatively low amount of desired network traffic. Other policies may be related to the type of requests (e.g., all requests to write data to the PLC are to be denied, outside devices cannot update analog module configuration data, communications module to provide status data only, etc.). In general, substantially any policy that defines, regulates, and/or limits network activities in view of security considerations can be employed with the disclosed subject matter.)
Brandt does not teach when no shared safety function is present, reconfiguring.
However Jin teaches when no shared safety function is present, reconfiguring each of the communication interfaces so that no safety function is activated (Jin, [0049] Accordingly, in an environment where character input is not performed, wireless LAN association of a wireless LAN terminal with APs in which security has been set is prevented because security key input is impossible.)  (EN: preventing association to an environment without a key satisfies the limitation no safety function is present)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Jin’s network safety functions with Brandt’s network safety functions because doing so improves network setup (Jin, [0018] According to an aspect of the present invention, there is provided a wireless LAN setting method comprising: scanning associable wireless LAN devices so as to search for information about wireless LAN devices that support wireless security setup; and providing user interface information associated with wireless LAN setup of the wireless LAN devices according to found information about the wireless LAN devices that support the wireless security setup.)

Regarding claim 12, Brandt and Jin teach
the method as claimed in claim 11, further comprising: 
evaluating the communication network; (Brandt, [0012] One function of the network validation tools is to perform vulnerability scanning and auditing on the networks. )
when the evaluation is negative and at least one activatable safety function is present,
displaying the at least one shared safety function and selecting at least one displayed, shared safety function; and (Brandt, [0053] The GUI 330 includes a display 334 having one or more display … to facilitate operations with the security analysis tool 300. [0059] As can be appreciated, a plurality of such recommendations can be provided. In one or more embodiments, each recommendation can include an indication of a relative implementation cost associated therewith
[0060] At 520, configuration data can be provided. This type of data can include settings or parameters for adapting network components with suitable security measures (e.g., communications module word three should be set to value 03AA Hex for extended security checking, set dip switch two on gateway to cause authentication and authorization procedures with outside network devices, install virus detection software on network server . . . ). In another aspect, the configuration data can be sent or deployed to devices via the schema 500 and loaded to cause automatic configurations. At 524, an applications procedure element can be provided having associated procedure data. Such data can include the types of security applications to load, any security adjustments or settings relating to the applications, application status information to verify, and procedures for correctly operating respective security applications to mitigate potential attacks or threats. )
reconfiguring each of the communication interfaces, wherein currently set safety functions are replaced by the at least one selected, shared safety function; and (Brandt, [0060] In another aspect, the configuration data can be sent or deployed to devices via the schema 500 and loaded to cause automatic configurations. At 524, an applications procedure element can be provided having associated procedure data. Such data can include the types of security applications to load, any security adjustments or settings relating to the applications, application status information to verify, and 
when the evaluation is negative and no shared safety function is present, (Jin, [0056] FIG. 6 is a flowchart of a method of making a list of wireless LAN networks which have not enabled a security protocol, according to an embodiment of the present invention.)
reconfiguring each of the communication interfaces so that no safety function is activated (Jin, [0049] Accordingly, in an environment where character input is not performed, wireless LAN association of a wireless LAN terminal with APs in which security has been set is prevented because security key input is impossible.)  (EN: preventing association to an environment without a key satisfies the limitation no safety function is present)

Regarding claim 13, Brandt and Jin teach
the method as claimed in claim 11, further comprising: 
modeling and visualizing a flow of information of the mutually communicating software applications, wherein the pertinent communication interfaces and their activatable safety functions are illustrated (Brandt, [0059] In another aspect, the topology data 514 can be in the form of symbols or codes that are employed to construct topology or network maps/displays via a visual or other type application.)

Regarding claim 15, Brandt and Jin teach
the method as claimed in claim 13, wherein the selecting of at least one shared safety function occurs via the visualizing of the flow of information (Brandt, At 514, a topologies element can be provided. This can include information on how to interconnect various devices and networks to achieve desired or recommended security goals (e.g., PLC connects to router, router connects to factory 

Regarding claim 16, Brandt and Jin teach
executing the method after an addition or removal of a software application (Brandt, [0067] The validation tools described herein can also be adapted to automatically correct security problems (e.g., automatically adjust security parameters on network devices or automation equipment to conform to a recommended security standard, install new security components, remove suspicious components, and so forth). )

Regarding claim 17, Brandt and Jin teach
the method as claimed in claim 11, further comprising: executing the method after each updating of any one of the software applications (Brandt, [0067] The validation tools described herein can also be adapted to automatically correct security problems (e.g., automatically adjust security parameters on network devices or automation equipment to conform to a recommended security standard, install new security components, remove suspicious components, and so forth).)



Regarding claim 19, Brandt and Jin teach
the communication network as claimed in claim 18, wherein the communication network is a wireless network (Brandt, [0120] Embodiments, systems, and components described herein, as well as industrial control systems and industrial automation environments in which various aspects set forth in the subject specification can be carried out, can include computer or network components such as servers, clients, programmable logic controllers (PLCs), communications modules, mobile computers, wireless components, control components and so forth which are capable of interacting across a network.)

Regarding claim 21, Brandt and Jin teach 
the communication network as claimed in claim 18, wherein the communication network is a wired network based on a fieldbus protocol of automation technology (Brandt, [0050] Referring now to FIG. 2, a system 200 illustrates various automation security tools in accordance with an aspect of the disclosed subject matter. One or more automation assets 220 communicate and cooperate with various network devices 224 across a network 230. … The network 230 includes public networks such as the Internet, Intranets, and automation networks such as Control and Information Protocol (CIP) networks, including DeviceNet and ControlNet. Other networks 230 include Ethernet, DH/DH+, Remote I/O, Fieldbus, Modbus, Profibus, wireless networks, serial protocols, and so forth.)

Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Brandt (2016/0330222) in view of Jin (2009/0271709) in view of Zhao (2013/0179554).

Regarding claim 14, Brandt and Jin teach
safety functions settable in each of the communication interfaces (Jin, [0045]. The wireless LAN control unit 340 generates a network information management table in which the attribute information about the APs are written. The network information management table includes information that indicates the existence or non-existence of SSIDs, security keys, and WPSs of APs)
Brandt does not teach
graying out the activatable safety functions in the visualization that do not belong to the shared safety functions settable in each of the communication interfaces. 
However Zhao teaches graying out the activatable … functions in the visualization that do not belong (Zhao, [0061] When the electronic device is used by a user, the processor may detect according to a selection of the user or automatically whether an installed application is capable of running in the current network state or memory state, and display the application which can not run with a gray or transparent icon.)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Zhao’s teaching of display applications not capable of running with Brandt’s network validation tool because doing so improves user experience (Zhao, [0004] There is such a situation at present: when the network is unavailable, the display of the applications depending on the network has no difference with that of other usable applications, and a user, who is not aware of the state of the network, would try out the applications before finding out that the network is unavailable, leading to a poor experience for the user.)



Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Haija (2015/021507) discloses methods to secure industrial sensors.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRUCE S ASHLEY whose telephone number is (571)270-0315. The examiner can normally be reached 9-5 PDT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jay Kim can be reached on 571-272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/BRUCE S ASHLEY/Examiner, Art Unit 2494                                                                                                                                                                                                        

/ROBERT B LEUNG/Primary Examiner, Art Unit 2494                                                                                                                                                                                                        11-03-2021


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 Specification page 4, lines 5-11 “In such case, the method works on the basic principle that either the same safety functions are activated on all communication interfaces or on no communication interface is a safety function activated. This is especially advantageous when safety functions based on safety- and/or functional characteristics of the protection goal, integrity, are activated, safety functions which purposely manipulate the transmitted information, for example, by adding a checksum or by output escaping of critical reference characters, for example, the TAG of a field device, which is exchanged between the software applications.”
        2 The protection goal, integrity, describes the prevention of an unauthorized modification of information. The information is not allowed to be changed and all changes must be traceable. This can be implemented technically, for example, by checksums, which can be transmitted with information and with which it can be detected, whether the information was changed.