DETAILED ACTION
1.	The following communication is in response to the documents filed on 31-December-2020.  Claims 1-20 are pending in the application.  The IDSs received on 31-December-2020, 24-May-2021, 9-June-2021 and 11-August-2021 have been considered.  
	The present application, filed on or after 16-March-2013, is being examined under the first inventor to file provisions of the AIA .

Examiner’s Amendment
2.1	An Examiner's Amendment to the record appears below.  Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 C.F.R. 1.312.  To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the Issue Fee.  This amendment was necessitated to correct a typographical error.

2.2	In the Specification:
[00028]     Line 6	Change “$$classify” to “classify”.

Reasons for Allowance
3.1	The following is an Examiner's Statement of Reasons for the indication of allowable subject matter.  The present application is directed to a non-obvious improvement over the following prior art references:
USP Publication 2021/0392031  -  which provides a local diagnosis system that detects one or more anomaly events associated with a communications network. Each anomaly event defines an anomaly pattern describing a data point in a performance indicator space. Then, the local diagnosis system updates one or more local cluster models to incorporate the one or more anomaly patterns within complexity constraints. Each of the one or more local cluster models corresponds to a different diagnosis label defining a diagnosis. In response to failing, according to one or more pre-defined criteria to incorporate, in the updating, the one or more anomaly 

USP Publication 2014/0107875  -  which describes a method for detecting manipulation of at least one vehicle network of a vehicle, including determining a digital fingerprint of the at least one vehicle network, comparing the digital fingerprint of the at least one vehicle network to reference information, adapting a function of the at least one vehicle network as a function of a result of the comparison, such that operational safety is ensured, and activating a regular control mode if no manipulation of the at least one vehicle network is detected, or activating an operationally safe control mode if manipulation of the at least one vehicle network is detected. A control unit for detecting manipulation of at least one vehicle network of a vehicle carries out control tasks as a function of a result of a comparison of a digital fingerprint of at least one vehicle network to reference information of a control network.

3.2	Claims 1-20 are considered allowable, since when reading the claims in light of the specification, as per MPEP § 2111.01, none of the references of record, either individually or in combination, disclose the specific arrangement of elements in the same combination specified in independent claim 1 for a cyber security system providing security to a railway system, specifically including: 
(Claim 1)  “a data monitoring and processing hub; 
a network of data collection agents configured to monitor communications transmitted between railway infrastructure and/or rolling stock entities and mirror the communications to the
hub; 
wherein the processing hub comprises computer executable instructions executable to:
process the mirrored communications to determine normative patterns of 
communications between the entities; 
use the normative patterns to determine sequences of related communications; 
determine characteristic features of the determined communications sequences;
and use the determined characteristic features to determine whether a given 
communication mirrored to the hub by a data collection agent of the network of data collection agents is anomalous.”

3.3	The invention relates to an autonomous apparatus operable to provide a railroad system with continuous protection of railway operations against cyber-incursion. The apparatus is configured to monitor communication between railway entities, which may be railway infrastructure entities and/or rolling stock entities, to autonomously determine identities of the entities and normative patterns of communications between any combination of two or more of the identified entities.  Normative patterns, optionally referred to as baseline patterns, of communications are communications patterns that are exhibited by the entities when their respective functionalities are not affected by a cyber-incursion, and thus are considered to be free of cyber-infringement.  The invention uses a neural network to cluster communications between railway entities to determine normative communications that are causally related, and identify sequences of normative, causally related communications with events in the railway with which the communications are associated. In this way, the invention uses the normative communications to vet the railroad entities for proper operation in real time, and identify anomalous communications between monitored entities. 

3.4	There are inventions in the field that provide similar functionality and/or have similar features, as the prior art of record shows.  The examiner's search failed to find this combination of features, nor was it obvious in light of the prior art.  It is for these reasons that the claims of the present application are found to be patentable over the prior art.
	Dependent claims 2-20 are deemed allowable as depending either directly or indirectly from allowed independent claim 1. 

Prior Art
4.	The following prior art, discovered in an updated search, was made of record but not relied upon, and is considered pertinent to Applicant’s disclosure, and consists of documents A-E on the attached PTO-892 Notice of References Cited:
	Documents A-E define the general state of the art which is not considered to be of particular relevance.

Response Guidelines
5.1	Any comments considered necessary by applicant MUST be submitted no later than the payment of the Issue Fee and, to avoid processing delays, should preferably accompany the Issue Fee.  Such submissions should clearly be labeled “Comments on Statement of Reasons for Allowance”.

5.2	Any response to the Examiner in regard to this allowance should be 

directed to:	Russell Frejd, telephone number (571) 272-3779, Monday-Friday from 0730 to
1600 ET.  If attempts to reach the examiner by telephone are unsuccessful, 
please contact the examiner’s supervisor(s): Peter Nolan can be reached at
(571) 272-7016, or Thomas Black can be reached at (571) 272-6956.  

mailed to:	Commissioner of Patents and Trademarks
		P.O. Box 1450, Alexandria, VA  22313-1450

faxed to:	(571) 273-8300

	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov.  Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.



/RUSSELL FREJD/	
Primary Examiner  AU 3661