DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Remarks
	In Remarks filed on 8/12/2021, no claims were cancelled; claims 1, 6, 8, 13, 15, and 20 were amended; no new claims were added.
Response to Arguments
Applicant’s arguments in view of amendment of claims have been considered carefully and respectfully but they are moot in view of a new ground of rejection (Pfleger et al. (US 2020/0202008 A1) hereinafter Pfleger.)
Status of Claims
	Claims 1-20 are pending, of which claims 1, 8, and 15 are in independent form.
IDS
	References cited in the IDS filed on 8/12/2021 and 10/5/2021 have been considered by the examiner.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claim(s) 1, 4, 7, 8, 11, 14, 15 is/are rejected under 35 U.S.C. as being unpatentable over Lamb, in view of Pfleger et al. (US 2020/0202008 A1) hereinafter Pfleger.
As to claim 1, Lamb teaches a computer-implemented method, comprising: 	 
upon determining that the conditions detected at the RTU warrant the data protection operation and the forensics procedures, initiating, by the ISF chip, the data protection operation and the forensics procedures (see para. [0138] “At any time the device determines it is no longer in a trusted state it would self-destruct. Self-destruct as described here would be to terminate internal hardware and software such that the device would be unusable. ” ).
Lamb does not explicitly teach but Pfleger teaches the following limitation – monitoring, by an instrumented security function (ISF) chip (see Fig. 3 301, 303, and 305 where programmable logic controllers (PLC) is equivalent of RTU in industrial control systems (ICS) products shown in the Remote Zone of SCADA system in Fig. 3; The examiner considers PLC as equivalent to the RTU in SCADA) communicating with a remote terminal unit (RTU) (see para. [0021] “an industrial personal computer (IPC) is provided with the new monitoring and forensics applications (e.g., a ruggedized PC for collecting PLC and other process information). Alternatively, an existing PLC is modified to execute the new monitoring and forensics applications (e.g., via injectable firmware code installed on the PLC). Additionally, a combination of a new PLC, an industrial PC and/or a modified PLC may be provided with the monitoring and forensics applications.”) in a supervisory control and data acquisition system (SCADA) network (see para. [0030] “In deployment mode 305, an existing PLC device is modified to execute monitoring and forensic applications. For example, a modification is performed on an existing PLC (e.g., low level firmware, operating system and/or software modifications), providing for security applications to be executed by the device. In an implementation, security monitoring and other processes are implemented as injectable firmware or application code installed on the PLC device. PLC data is monitored and recorded by the injectable firmware or application code, and the data may be analyzed for a security event or provided to a software application to evaluate the data for possible threats to the industrial control system.”; Based on para. [0002] the ICS shown in Fig 3 can include SCADA system and PLCs is considered by the examiner as the RTUs.), for conditions detected at the RTU warranting a data protection operation and forensics procedures at the RTU (see para. [0040] and [0044] “[0040] At act 207, an automated PLC security response operation is executed. For example, the automated response is performed in response to a security event detected by the security monitoring application, based on analyzing the data collected by the security monitoring application or based on data collected by the forensics application. ”, “[0044] At act 501, PLC security data and PLC process data is received. For example, the data is received from a PLC monitoring application running on the PLC, running on a separate/neighboring PLC, on an industrial PC, or on another device in communication with the PLC. The PLC security data and PLC process data comprises PLC firmware data, PLC operating system data and PLC application data (e.g., data from different layers of the PLC architecture). Data may be received for a plurality of PLCs networked together in an industrial control system. The data is received for PLCs at idle and while running a live process.”), wherein the ISF chip is a computer chip installed on a custom hard disk apparatus (see para. [0021] “an industrial personal computer (IPC) is provided with the new monitoring and forensics applications (e.g., a ruggedized PC for collecting PLC and other process information). Alternatively, an existing PLC is modified to execute the new monitoring and forensics applications (e.g., via injectable firmware code installed on the PLC). Additionally, a combination of a new PLC, an industrial PC and/or a modified PLC may be provided with the monitoring and forensics applications.”), and wherein the computer chip provides local services for the RTU and secure access in the SCADA network (see para. [0007] “The processor is configured to execute the security monitoring application to collect data indicative of PLC operations and to execute the security forensics application to perform non-intrusive forensic evidence collection”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Lamb and Pfleger before him or her, to modify the scheme of Lamb by including Pfleger’s collection of 
As to claims 8, and 15, claims 8 and 15 include similar limitations as claim 1 and thus are rejected under the same rationale as claim 1.
As to claims 4, 11, 18, in view of claims 1, 8, and 15, Lamb teaches wherein initiating the data protection operation and the forensics procedures includes: initiating a data self-destruct of the RTU data by the ISF chip; engaging an emergency power supply; and activating a homing beacon and localization services (see para. [0138]).
As to claim 7, 14, in view of claim 1, and 8, respectively, Lamb teaches wherein monitoring for the conditions detected at the RTU warranting the data protection operation and the forensics procedures at the RTU includes: verifying normality of the RTU by analyzing inputs received from occupancy sensors and radio frequency identification (RFID) instruments of the RTU; and verifying inputs received from a network access controller (NAC) in the SCADA network (see para. [0098]).
Claim(s) 2, 3, 9, 10, 16, 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lamb, in view of Pfleger, and further in view of Agarwal (WO 2018/207123 A1).
As to claim 2, in view of claim 1, the combination of Lamb and Pfleger does not explicitly teach but Agarwal teaches periodically replicating RTU data of the RTU to preserve the RTU data for use in a recovery of the RTU data; determining, at a time after completion the data protection operation and the forensics procedures, a presence of normal conditions at the RTU; and upon determining the presence of normal conditions at the RTU, recovering the RTU data (see p.11, lines 20-24).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Lamb, Pfleger and Agarwal before him or her, to modify the scheme of Lamb and Pfleger by including Agarwal. The suggestion/motivation for doing so would have been to take advantage of the anti-theft mechanism allocated with a cloud space such that when connected to internet services, periodically important data would be backed up remotely for later recovery retrieval.
Claims 9 and 16 include similar limitations as claim 2 and thus are rejected under the same rationale as claim 2.
As to claim 3, in view of claim 2, Agarwal teaches wherein periodically replicating the RTU data includes one or more of: replicating the RTU data to an encrypted storage device in the RTU; replicating the RTU data to an encrypted storage device in a see p. 12, lines 22-24). 
Claims 10 and 17 include similar limitations as claim 3 and thus are rejected under the same rationale as claim 3.
Claim(s) 5, 6, 12, 13, 19, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lamb, in view of Pfleger, and further in view of Koren (US 2004/0188710 A1).
As to claims 5, 12, 19, in view of claims 4, 11, 18, respectively, the combination of Lamb and Pfleger does not explicitly teach but Koren teaches wherein initiating a data self-destruct of the RTU data by the ISF chip includes using a rapid erase file system (REFS) to quickly erase different types of information in a prioritized order, wherein each different type of information is ranked by a priority corresponding to criticality level of the different type of information (see para. [0053]-[0057]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Lamb, Pfleger and Koren before him or her, to modify the scheme of Lamb and Pfleger by including Koren. The suggestion/motivation for doing so would have been to efficiently sanitize a memory media in response to a single external stimulus or in response to a predetermined physical or logical condition at a finger garrulity than at the block level.
As to claims 6, 13, 20, in view of claims 5, 12, 19, respectively, Koren teaches storing critical RTU data, including RTU configuration data, in adjacent clusters on the custom hard disk apparatus to decrease erasing times (see para. [0053]-[0057]).





Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HEE K SONG whose telephone number is (571)270-3260. The examiner can normally be reached on M-F 9:00 am – 5:00 pm. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867 .  The fax phone number for the organization where this application or proceeding is assigned is 571-273-7291.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/HEE K SONG/Examiner, Art Unit 2497