DETAILED ACTION
This Office Action is in response to the application filed on 03/15/2020 having claims 1-19 pending. Claims 1-19 are examined and being considered on the merits.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Oath/Declaration
The applicant’s oath/declaration has been reviewed by the examiner and is found to conform to the requirements prescribed in 37 C.F.R. 1.63.

Information Disclosure Statement
There is no information disclosure statement (IDS) included with the application.

Specification
The Specification filed on 03/15/2020 are accepted for examination purpose.

Drawings
The Drawings filed on 03/15/2020 are accepted for examination purpose.

Claim Objections
Claim 7 is objected to because of the following informalities:  Claim 7 recites “… wherein the authenticity indication is forwarded by the industrial control device to the external control system to confirm that the industrial control device has access to the authentication device.”  The claim should recite: “… wherein the authenticity indication is forwarded by the industrial control device to the external control system to confirm that the industrial control device has access to an authentication device.” Appropriate correction is required.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: key storing module and connection module in claim 19.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. 
In the specification paragraph [0053], key storing module is cited as “any kind of memory such as a non-transitory computer readable storage medium.” Paragraph [0045], “a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), a static random access memory (SRAM), a portable compact disc read-only memory (CD ROM), a digital versatile disk (DVD), a memory stick, a floppy disk, … ” Accordingly, the key storing module is interpreted as one of the types of  memory or storage described in paragraph [0045]. 
In the specification paragraph [0072], connection module is cited as “Communication port 102 may be any kind of port as described for communication port 112, and optionally the same kind of port as communication port 112.” Paragraph [0056], “Communication port 112 may be, for example, USB , Ethernet, RS- 232, RS-485, RS-422 or any other port included in industrial control device … may also communicate with industrial control device 110 via a network, for example may include, for example, local area network (LAN), a wireless network such as mobile network, wireless local area network (WLAN) such as Wireless Fidelity (WiFiTM), a wireless personal area network (WPAN) such as BluetoothTM protocol, near-field communication (NFC) and/or any other network.” Accordingly, the connection module is interpreted as a communication port.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 5-11 and 16-19 are rejected under 35 U.S.C. 103 as being unpatentable over Markovic et al. (US 2018/0046592) hereinafter Markovic in view of Hummel et al. (US 11,126,750) hereinafter Hummel.
As per claim 1, Markovic teaches a method for authenticating communication between an industrial control device and an external control system (Markovic, Parag. [0028]; “Switch fabric 104 within the I/O module can be configured to selectively facilitate connectivity (e. g., transfer of information/data) between an external control module (e.g., communications/control module 214) and the one or more field devices 217 via the plurality of communication channels 102.” … Parag. [0063]; “In some embodiments, communications between the control elements/subsystems and/or industrial elements including the sensors and/or actuators and so forth, of the industrial control system 200 includes an authentication process.), comprising: 
storing, by a key storing module, an authentication key (Markovic, Parag. [0078]; “the action authenticator 304 includes a storage medium with a private key stored thereon and a processor configured to sign and/or encrypt the action request generated by the action originator 302 with the private key. The private key is stored in a memory that cannot be accessed via standard operator login.”) [coupled to a matching key of an external control system]; 
calculating, by a processor, an authenticity indication of communication between an industrial control device and the external control system using the authentication key (Markovic, Parag. [0078]; “the action authenticator 304 includes a storage medium with a private key stored thereon and a processor configured to sign and/or encrypt the action request generated by the action originator 302 with the private key.” … Parag. [0081]; “The I/O module 100 or any other industrial element/controller 306 being driven by the action originator 302 is configured to receive the signed action request, verify the authenticity of the signed action request, and perform a requested action when the authenticity of the signed action request is verified.”); 
providing, by a connection module, the authenticity indication to the industrial control device via an input and output (I/O) port of the industrial control device (Markovic, Parag. [0085]; “the action authenticator 304 can initiate the handshake, in which case the authentication sequence implemented by the I/O module 100 or any other industrial element/controller 306 can include: receiving a request datagram from the action authenticator 304, the request datagram including a first nonce, a first device authentication key certificate, and a first identity attribute certificate.” … Parag. [0033]; “The I/O module 100 further includes one or more connection ports (e. g., I-core connection ports) that facilitate interconnectivity with at least one communications/control module 214 via a communications backplane (e. g., switch fabric 202). In some embodiments, the I/O module 100 includes at least one serial communications port 114 and at least one parallel communications port 116.” Examiner submits that Fig. 11 shows the I/O module, which includes one or more connection ports, is part of the industrial element/controller 306 and the authenticator device sends the authenticity indication in the communication to the industrial element/controller through an available I/O connection port.).
However, Markovic does not expressly teach:
an authentication key coupled to a matching key of an external control system;
But, Hummel teaches:
an authentication key coupled to a matching key of an external control system (Hummel, Col. 10, lines 58-63; “The safekeeping device 6 comprises a logic unit 64 that checks, for data records 10 obtained from the delivering device 5, using a public key 51' corresponding to the private key 51 of the delivering device 5, whether they carry a correct signature 15. If this is the case, the data records 10 are stored in the reversible memory 3.”).
Markovic and Hummel are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for providing a method for authenticating communication between an industrial control device and an external control system.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Hummel’s system into Markovic’s system, with a motivation to provide a storage of evidence-relevant data, particularly sensor data from industrial field devices, that is secured against subsequent forgery or suppression by using asymmetric encryption (Hummel, Col. 1, lines 15-18). 

As per claim 2, the combination of Markovic and Hummel teaches the method of claim 1. Markovic further teaches wherein the connection module is physically and electronically connected to the I/O port (Markovic, Parag. [0050]; “Each I/O module 100 can include one or more ports 222 furnishing a physical connection to hardware and circuitry included with the I/O module 100, such as a Printed Circuit Board (PCB) 224, and so forth.”).

As per claim 5, the combination of Markovic and Hummel teaches the method of claim 1. Hummel teaches wherein the authentication key is a private key that is coupled to a matching public key that is stored in a memory of the external control system (Col. 10, lines 58-63; “The safekeeping device 6 (i.e. external control device) comprises a logic unit 64 that checks, for data records 10 obtained from the delivering device 5 (i.e. control device), using a public key 51' corresponding to the private key 51 of the delivering device 5, whether they carry a correct signature 15. If this is the case, the data records 10 are stored in the reversible memory 3.”).

As per claim 6, the combination of Markovic and Hummel teaches the method of claim 1, Hummel teaches wherein the authentication key is a public key that is coupled to a matching private key that is stored in a memory of the external control system (Hummel, Col. 10, lines 58-63; “The safekeeping device 6 (i.e. external control device) comprises a logic unit 64 that checks, for data records 10 obtained from the delivering device 5 (i.e. control device), using a public key 51' corresponding to the private key 51 of the delivering device 5, whether they carry a correct signature 15. If this is the case, the data records 10 are stored in the reversible memory 3.”  Examiner submits that in an asymmetric encryption scheme, public and private key are matching key pair).
it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Hummel to have the matching private key stored in the external control device of Hummel.  Such modification is made without deviating from the concept of the presented teaching since it is simple substitution of one known element for another to obtain predictable results based on the KSR rationale.

As per claim 7, the combination of Markovic and Hummel teaches the method of claim 1. Markovic teaches for authenticating an industrial control device to an external control system, further comprising, before the calculating:
receiving a request signal comprising a request message received by the industrial control device from the external control system (Markovic; Parag. [0089]; “To initiate the authentication sequence, the first I/O module 100A (i.e. external control system) is configured to transmit a request datagram 502 to the second I/O module 100B (i.e. control device). In implementations, the request datagram 502 includes a first plain text nonce (NonceA), a first device authentication key certificate (CertDAKA) containing a first device authentication key (DAKA), and a first identity attribute certificate (IACA).”).
In addition, Hummel teaches:
wherein the authenticity indication is forwarded by the industrial control device to the external control system to confirm that the industrial control device has access to the authentication device (Hummel, Col. 10, lines 31-42; “The sensors 54 and 57 deliver payload data 12 to the logic 58 of the delivering device 5. In the logic unit 58, the payload data 12 is combined with predecessor hash values invention 53, 53' obtained over the first interface 53 and the bidirectional communications link 56 from the safekeeping device 6, and current hash values 11 are formed. The current hash values 11, which are not shown again in FIG. 2, are combined into data records 10 together with the payload data 12, the predecessor hash values 13', 13, and the signature 15 that is also not shown again in FIG. 2. The data records 10 are sent to the safekeeping device over the first interface 53 and the bidirectional communications link 56.”).

As per claim 8, the combination of Markovic and Hummel teaches the method of claim 7. Markovic teaches wherein the request signal is received from the industrial control device via the I/O port (Markovic, Parag. [0091]; “Responsive to a valid request datagram 502, the second I/O module 100B (i.e. control device) is configured to transmit a response datagram 504 to the first I/O module 100A (i.e. external control system).”).

As per claim 9, the combination of Markovic and Hummel teaches the method of claim 7. Markovic teaches wherein the request signal is received directly from the external control system (Markovic, Parag. [0081], “The I/O module 100 or any other industrial element/controller 306 being driven by the action originator 302 is configured to receive the signed action request, verify the authenticity of the signed action request, and perform a requested action when the authenticity of the signed action request is verified.”).

As per claim 10, the combination of Markovic and Hummel teaches the method of claim 7.  Markovic teaches wherein the request message includes a random sequence and the calculating includes signing the random sequence using a private key (Markovic, Parag. [0091]; “Responsive to a valid request datagram 502, the second I/O module 100B is configured to transmit a response datagram 504 to the first I/O module 100A. In implementations, the response datagram 504 includes a second plain text nonce (NonceB), a first signature associated with the first and second nonces (SigB Nonce A Non ceB]) , a second device authentication key certificate (cert DAKB) containing a second device authentication key (DAKB) , and a second identity attribute certificate (IACB). In some embodiments, the second I/O module 100B is configured to generate the second nonce (NonceB) with a TRNG, concatenate or otherwise combine the first nonce (NonceA) and the second nonce (NonceB), and sign the concatenated/combined nonces with a private key (e. g., DAK) that is locally stored by the second I/O module 100B.”).

As per claim 11, the combination of Markovic and Hummel teaches the method of claim 7. Markovic teaches wherein the request message includes a sequence encrypted using a public key (Markovic, Parag. [0090]; “The second I/O module 100B is configured to validate the request datagram by verifying the first device authentication key certificate (CertDAKA) and the first identity attribute certificate (IACA) with public keys that are generated by a device lifecycle management system (DLM) or derived utilizing crypto library functions . In this regard ,the public keys may be stored in SRAM or another local memory of the I/O module 100 and used with crypto library functions to verify or cryptographically sign exchanged data, such as the nonces exchanged between the I/O modules 100.”), and 
In addition, Hummel teaches:
the calculating includes decrypting the sequence using a matching private key (Hummel, Col. 10, lines 58-63; “The safekeeping device 6 comprises a logic unit 64 that checks, for data records 10 obtained from the delivering device 5, using a public key 51' corresponding to the private key 51 of the delivering device 5, whether they carry a correct signature 15. If this is the case, the data records 10 are stored in the reversible memory 3.” Examiner submits that in an asymmetric encryption scheme, when a public key is used to encrypt the data, nonce, etc. (random sequence), a matching key (i.e., private key) will be used for decrypting the data.).

As per Claim 16, the combination of Markovic and Hummel teaches the method of claim 1. Markovic teaches wherein the connection module is transmitting electromagnetic signals that are received by the input and output (I/O) port, and receives electromagnetic signals transmitted by the input and output (I/O) port (Markovic, Parag. [0034]; “In embodiments, one or more ports (e.g., serial communication port 114, parallel communication port 116, power backplane input 112, and/or input jack 118) of the I/O module comprise or are coupled with electromagnetic connectors 207 of connector assemblies 208.” … Parag. [0035]; “Each electromagnetic connector 207 is configured to mate with another electromagnetic connector 207 of a connector assembly 208 for transmitting power and/or communications signals between components that are connected via the electromagnetic connectors 207.”).

As per claim 17, the combination of Markovic and Hummel teaches the method of claim 16. Markovic teaches wherein at least one of the connection module and the input and output (I/O) port is transmitting electromagnetic signals via an electromagnetic transmitter (Markovic, Parag. [0034]; “In embodiments, one or more ports (e.g., serial communication port 114, parallel communication port 116, power backplane input 112, and/or input jack 118) of the I/O module comprise or are coupled with electromagnetic connectors 207 of connector assemblies 208.” … Parag. [0035]; “Each electromagnetic connector 207 is configured to mate with another electromagnetic connector 207 of a connector assembly 208 for transmitting power and/or communications signals between components that are connected via the electromagnetic connectors 207.”).

As per Claim 18, the combination of Markovic and Hummel teaches the method of claim 16. Markovic teaches wherein the at least one of the connection module and the input and output (I/O) port receiving electromagnetic signals via an electromagnetic receiver (Markovic, Parag. [0034]; “In embodiments, one or more ports (e.g., serial communication port 114, parallel communication port 116, power backplane input 112, and/or input jack 118) of the I/O module comprise or are coupled with electromagnetic connectors 207 of connector assemblies 208.” … Parag. [0035]; “Each electromagnetic connector 207 is configured to mate with another electromagnetic connector 207 of a connector assembly 208 for transmitting power and/or communications signals between components that are connected via the electromagnetic connectors 207.”).

As per Claim 19, it is an apparatus claim that recites similar limitations as claim 1.  Therefore, it is rejected using the same rationale applied to claim 1.  In addition, Markovic teaches an authentication device (Markovic, Parag. [0078]; “The action authenticator 304 can either be on-site with the action originator 302 (e. g., directly connected device lifecycle management system (“DLM”) 322 or secured workstation 326) or remotely located (e. g., DLM 322 connected via the network 318).”).

Claims 3 and 4 are rejected under 35 U.S.C. 103 as being unpatentable over Markovic et al. (US 2018/0046592) hereinafter Markovic in view of Hummel et al. (US 11,126,750) hereinafter Hummel, as applied to claim 1 above, and in further view of Bowness (US 2020/0228338).
As per claim 3, the combination of Markovic and Hummel teaches the method of claim 1. 
The combination of Markovic and Hummel does not expressly teaches wherein the authentication indication is a one-time password (OTP). 
However, Bowness teaches wherein the authentication indication is a one-time password (OTP) (Bowness, Parag. [0011]; “FIG. 1 shows authentication system 100 implementing cryptographic device administration functionality utilizing event-based OTPs in an illustrative embodiment. The authentication system 100 comprises a cryptographic device 102 that communicates with an administrative entity device 104 over a network 105. Also coupled to the network 105 is a set of authentication servers 106 each of which controls access to one or more protected resources 107.” … Parag. [0020]; “The cryptographic device 102 in the present embodiment comprises device functional modules 108 that will vary depending upon the type of device. For example, if the cryptographic device 102 comprises a hardware authentication token or a software authentication token, the device functional modules 108 are illustratively configured to generate OTPs for submission to the authentication servers 106 as part of an authentication process for obtaining access to one or more of the protected resources 107.”).
Markovic, Hummel and Bowness are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for providing a method for authenticating communication between an industrial control device and an external control system.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Bowness system into Markovic-Hummel system, with a motivation to provide a cryptographic device configured to receive an event-based OTP for a given administrative access attempt, to compare the received event-based OTP to an expected event-based OTP determined as a function of a current value of the event counter, and to grant or deny the given administrative access attempt based at least in part on a result of the comparing (Bowness, Parag. [0004]).

As per claim 4, the combination of Markovic, Hummel and Bowness teaches the method of claim 3. Bowness teaches wherein the calculating includes continuously creating the OTP (Bowness, Parag. [0023]; “The administrative entity device 104 further comprises an event-based OTP generator 114 for generating event-based OTPs.” … Parag. [0029]; “The administrative entity device 104 can therefore implement multiple event counters and multiple administrative seed values, with one of the event counters and one of the seed values being used to generate event - based OTPs for obtaining administrative access to a corresponding one of the multiple cryptographic devices.” … Parag. [0050-0051]; “In a typical time-synchronous token, the displayed passcodes are based on a secret value and the time of day. An authentication server with access to the secret value and a time of day clock can determine that a given presented passcode is valid. One particular example of a time-synchronous authentication token is the RSA SecurID® user authentication token …  Accordingly, the tokencode output of the authentication token in this case is updated approximately once every minute. These update time periods are also referred as  “epochs ”.”).

Claims 12-13 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Markovic et al. (US 2018/0046592) hereinafter Markovic in view of Hummel et al. (US 11,126,750) hereinafter Hummel, as applied to claim 1 above, and in further view of Shulz (US 2008/0077976).
As per claim 12, the combination of Markovic and Hummel teaches the method of claim 1, for authenticating an external control system to an industrial control device, further comprising, before the calculating:
However, the combination of Markovic and Hummel does not expressly teaches:
receiving a request signal comprising a passkey received from the external control system; 
wherein the calculating includes verifying authenticity of the passkey.
But, Shulz teaches: 
receiving a request signal comprising a passkey received from the external control system (Shulz, Parag. [0037]; “Proceeding from 530 of FIG. 5, Alice sends a Nonce to Bob at 610. Thus, Alice transmits her Nonce sequence: RSA[NonceALICE, KBOB] & NAMEALICE & DSIGNALICE. At 620, Bob validates Alice and sends a Nonce. In this case, Bob validates the digital signature of Alice's message, its data integrity, and that the NAME matches that in Alice's certificate.” Examiner submits that for examination purposes the passkey is considered as a signature.);
wherein the calculating includes verifying authenticity of the passkey (Shulz, Parag. [0035]; “In general, exchange of an industrial authentication protocol occurs between one or more entities such as between an Entity1 and an Entity2. In the following examples illustrated in FIGS. 4-6, Entity 1 is also referred to as “Alice” and Entity2 is also referred to as “Bob,” where the name Alice refers to a device or application associated with Entity1 and the name “Bob” refers to a device or application associated with Entity2. Thus, the process 400 depicts a generic exchange between Alice and Bob where authentication protocol exchanges are signed and the recipient validates the signature as well as the data integrity of each transmission. The protocol provides a mutual authentication of the parties as follows: At 410, Alice and Bob exchange and validate each other's certificate; at 420, Alice and Bob exchange and validate each other's encrypted nonces; and if the steps of the authentication protocol are sequentially validated, a session is established at 430.”).
Markovic, Hummel and Shulz are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for providing a method for authenticating communication between an industrial control device and an external control system.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Shulz’s system into Markovic-Hummel system, with a motivation to provide a light-weight industrial protocol to enable authentication between industrial control components and/or users of the components to mitigate network protocol attacks, and to facilitate system performance of the components (Shulz, Parag. [0009]).

As per claim 13, the combination of Markovic, Hummel and Shulz teaches the method of claim 12. Markovic teaches further comprising:
when the authenticity is not verified, sending instruction to stop at least one action of the industrial control device (Markovic, Parag. [0090]; “When the first I/O module 100A fails to validate the response datagram, the first I/O module 100A may generate an error message, partially or completely disable the second I/O module 100B, and/or discontinue or restrict communications to/from the second I/O module 100B.”).

As per Claim 15, the combination of Markovic, Hummel and Shulz teaches the method of claim 12, Hummel teaches wherein the passkey is generated by the external control system using a private key and the calculating is done using a matching public key  (Hummel, Col. 4, lines 35-38; “Herein, the signature created by the delivering device ensures that the payload data may be manipulated neither during the transmission to the safekeeping device or on the safekeeping device itself without being noticed.” … Col. 8, lines 62-64; “The logic unit is further configured to form a signature of the current hash value using the private cryptographic key.” Examiner submits that for examination purposes the passkey is considered as a signature.).

Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Markovic et al. (US 2018/0046592) hereinafter Markovic in view of Hummel et al. (US 11,126,750) hereinafter Hummel, and in further view of Shulz (US 2008/0077976) as applied to claim 12 above, and further in view of Juels et al. (US 9,270,655) hereinafter Juels.
As per Claim 14, the combination of Markovic, Hummel and Shulz teaches the method of claim 12.
However, the combination of Markovic, Hummel and Shulz does not expressly teaches:
… wherein the passkey is a one-time password (OTP) generated by external control system and the calculating includes generating a matching OTP.
But, Juels teaches: 
… wherein the passkey is a one-time password (OTP) generated by external control system and the calculating includes generating a matching OTP (Juels, Col. 11, lines 43-50; “This passcode then serves as a signature of this data and, when received by the server 150, this passcode can be used to verify the validity of the corresponding data transaction that took place at the high-level application. In particular, the high level application provides the server 150 with the data that is to be verified, and this data transaction is accepted only if the locally produced passcode on this provided data matches the passcode that was received by the token 130.” Examiner submits that for examination purposes the passcode corresponds to the OTP and the signature corresponds to the passkey.).
Markovic, Hummel, Shulz and Juels are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for providing a method for authenticating communication between an industrial control device and an external control system.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Juels system into Markovic-Hummel-Shulz system, with a motivation to provide one-time authentication tokens with improved resilience to attacks that attempt to obtain the secret seed of one or more tokens (Juels, Col. 3, lines 61-63).


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Bose, A. et al.; US 10,375,058: relates to a method, a computer program and a system for registering an intelligent electronic device with a certification authority.
Rooyakkers, A., et al.; US 2016/0224048: relates to controllers, systems, and techniques for preventing unauthorized action requests from being processed in an industrial control system.
Varadarajan, R.; US 2011/0113245: relates to a method and system for generating a one-time passcode (OTP) configured for use as a personal identification number (PIN) for a user account from a user device.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALEX D CARRASQUILLO whose telephone number is (571)270-5045. The examiner can normally be reached Monday - Friday 9:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/A.D.C./Examiner, Art Unit 2498            

/YIN CHEN SHAW/Supervisory Patent Examiner, Art Unit 2498