DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the Amendment filed on 11/04/2021.
In the instant Amendment, claim 1 is independent claim.  Claims 1-4 and 6-11 have been examined and are pending.  This Action is made FINAL.

Response to Arguments
The objection to the drawing is withdrawn as the drawing has been amended.
Applicants’ arguments in the instant Amendment, filed on 11/04/2021, with respect to limitations listed below, have been fully considered but they are not persuasive.
Applicant’s arguments: “Clark fails to disclose generating an authorization file based on installation-specific information concerning equipment vendors, operators and locations of respective industrial installation.” 
The Examiner disagrees with the Applicants. The Examiner respectfully submits that Clark discloses generating an authorization file based on installation- specific information concerning equipment vendors, operators and locations of respective installations (Clark: ¶0026 when new firmware is generated for a module 60, the firmware vendor also generates a certificate 100 associated with the firmware, as shown in step 150; ¶0025 the certificate 100 may include [...] fields identifying a version 101 of the firmware [operator], [...] module information 110 [location], a SD card identifier 120 [equipment vendor]; ¶0026 at least one of the fields in the certificate 100 is an identifier of the module 60 on which the firmware is to be loaded. This field may be, for example, the subject field 110 shown in FIG. 3). More specifically, Clark discloses at least one of the fields in the certificate 100 is an identifier of the module 60 on which the firmware is to be loaded [location]. This field may be, for example, the subject field 110 shown in FIG. 3 [¶0026] and it may be desirable to generate firmware for a specific instance of a module 60. For example, a customer may have ordered a module 60 for which a serial number has been assigned [...] the module serial number field 122 may include the serial number for the module 60 such that the firmware may only be installed on the particular module 60 [¶0028]. Therefore as the metes and bounds of the limitation of been met as noted above; the examiner finds this argument not persuasive.

Applicant’s argument:  “none of the references cited by the Examiner, either solely or in combination with one another, teach, suggest or motivate one skilled in the art to applicant’s invention.”
The Examiner disagrees with the Applicants. The Examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  In this case, Clark teaches a method and apparatus to securely distribute embedded firmware to a module in an industrial control system and Bugrov discloses systems and methods for 
The Examiner respectfully suggests that the claims be further amended and details in the specification be incorporated to distinguish the claimed invention over prior art of record.  Should the Applicant desire an interview to further clarify the claim interpretation/rejections, please contact the Examiner at (571) 270-7857 to schedule an interview.   
A substantially similar rejection to the previous non-final rejection follows below.


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention; or
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claim 1-2, 6-8 and 10-11 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Clark et al. (“Clark,” US 2015/0149783) published on May 28, 2015.

Regarding claim 1: Clark discloses a method for carrying out data transfer processes in industrial installations, comprising:
generating an authorization file based on installation- specific information concerning equipment vendors, operators and locations of respective installations (Clark: ¶0026 when new firmware is generated for a module 60, the firmware vendor also generates a certificate 100 associated with the firmware, as shown in step 150; ¶0025 the certificate 100 may include [...] fields identifying a version 101 of the firmware [operator], [...] module information 110 [location], a SD card identifier 120 [equipment vendor]; ¶0026 at least one of the fields in the certificate 100 is an identifier of the module 60 on which the firmware is to be loaded. This field may be, for example, the subject field 110 shown in FIG. 3);
obtaining data to be transferred (Clark: ¶0025 newer revisions of the same firmware and/or different firmware may be loaded into the module 60); and
adding the authorization file to the data to be transferred (Clark: ¶0029 with reference to step 154 of FIG. 4, after the firmware file and corresponding certificate 100 have been generated and/or encrypted, the firmware file and certificate 100 are stored on the removable medium corresponding to the identifier in the SD card ID field 120 included in the certificate).
 


Regarding claim 2: Clark discloses the method according to claim 1.
Clark: ¶0008 a security certificate corresponding to the firmware is generated).

Regarding claim 6: Clark discloses the method according to claim 1.
Clark further discloses components of the industrial installation rendering or receiving data being controlled by an additional component validating authorizations for data transfer based on the authorization file (Clark: ¶0025 with reference to Fig, 3, the certificate 100 may include [...] validity criteria 108; ¶0027 the validity field 108 may include an initial date and a final date on which the firmware is valid. These dates may be utilized by the module 60 such that the firmware is only executable between these dates).

Regarding claim 7: Clark discloses the method according to claim 1.
Clark further discloses storing the data to be transferred on a data storage device and approving usage of the data in the installation (Clark: ¶0029 the firmware file and certificate 100 are stored on the removable medium corresponding to the identifier in the SD card ID field 120 included in the certificate; ¶0009 permit the module to load the firmware file to the module when [...] the copy of the second identifier in the certificate matches the second identifier on the removable storage medium).

Regarding claim 8: Clark discloses the method according to claim 1.
Clark further discloses storing the data to be transferred on a data storage device and complementing the data with validation and/or manipulation information (Clark: ¶0026 another of the fields includes an identifier corresponding to the removable storage medium 74 on which the firmware is to be stored; ¶0027 it may be desirable to generate firmware that has a limited duration of time during which the firmware may be executed. For example, a demo version of firmware may be provided to a customer to try a new feature of the firmware).

Regarding claim 10: Clark discloses the method according to claim 8.
Clark further discloses the data storage device gets used up entirely beyond the data to be transferred (Clark: ¶0029 the firmware file and certificate 100 are stored on the removable medium).

Regarding claim 11: Clark discloses the method according to claim 1.
Clark further discloses encoding the data to be transferred (Clark: ¶0029 the firmware file and corresponding certificate 100 have been generated and/ or encrypted).


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person.


This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the 

Claims 3-4 are rejected under 35 U.S.C. 103 as being unpatentable over Clark et al. (“Clark,” US 2015/0149783) published on May 28, 2015, in view of Bugrov et al. (US “Bugrov,” US 2016/0112406), published on April 21, 2016.

Regarding claim 3: Clark discloses the method according to claim 1.
Clark does not explicitly disclose generating the certificate based on a standard.
However Bugrov discloses generating the certificate based on a standard (Bugrov: ¶0038 the industrial control system 200 [...] relies on a public key infrastructure (PKI) [...] in a PKI, a certificate issuer-such as certificate issuer 208 in FIG. 2-issues the digital certificate 206).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Bugrov with the system and method of Clark to include generating the certificate based on a standard to provide user with a means for providing security protocols that are suitable to establish connection between devices in an industrial network (Bugrov: ¶0045).

Regarding claim 4: Clark discloses the method according to claim 1.

However Bugrov discloses generating the certificate based on a X.509 standard specifications (Bugrov: ¶0025 certificate 802 is an X.509 certificate based on RFC-2459).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Bugrov with the system and method of Clark to include generating the certificate based on a X.509 standard specifications to provide user with a means for providing security protocols that are suitable to establish connection between devices in an industrial network (Bugrov: ¶0045).

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Clark et al. (“Clark,” US 2015/0149783) published on May 28, 2015, in view of Etchegoyen et al. (US “Etchegoyen,” US 2012/0204033), published on August 9, 2012.

Regarding claim 9: Clark discloses the method according to claim 1.
Clark does not explicitly disclose blocking a transfer of data to a data storage device.
However Etchegoyen discloses blocking a transfer of data to a data storage device (Etchegoyen: ¶0048 many device drivers are cryptographically signed by the manufacturer/supplier of the driven peripheral device. Such is intended to prevent tampering with the device driver as such tampering can enable injection of malicious behavior).
Etchegoyen: ¶0048).


Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Fahimeh Mohammadi whose telephone number is (571)270-7857. The examiner can normally be reached Monday - Friday 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 5712705002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FAHIMEH MOHAMMADI/ Examiner, Art Unit 2439   



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439