Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
EXAMINER'S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in an interview with Justin K. Flanagan on 01/06/2022.

The application has been amended as follows: 

1.	(Proposed amendment) An access control system to restrict access to an intelligent electronic device (IED) in a power delivery system, comprising: 
a token generating server to: 
provide an engineer token to be associated with a configuration package for an IED to: 
validate and
 identify a device type for which the configuration package is intended, and 
provide a technician token that is different from the engineer token to a technician to validate that the technician is authorized to install the configuration package on the IED,
wherein the technician token comprises at least one of a cryptographic key, an asymmetric token, a symmetric token, and a digital signature;
	a communications network to transmit token-authenticating information from the token generating server to the IED; and

(1) authenticate the technician token in response to an installation request using the token-authenticating information from the token generating server, 
(2) authenticate the engineer token associated with the configuration package using the token-authenticating information from the token generating server, including authenticating that the configuration package is intended for the device type of the IED,
(3) reject installation of the configuration package upon failure to authenticate one or both of the engineer token and the technician token, and 
(4) log access and authentication results.

2.	(Original) The system of claim 1, wherein the authorization subsystem of the IED is further configured to log installation requests, authentication of engineer tokens, and rejections.

3.	(Original) The system of claim 1, wherein the technician token identifies software and hardware for which the configuration package is intended, and wherein the authorization subsystem of the IED is further configured to authenticate that the configuration package is intended for the software and hardware of the IED.

4.	(Original) The system of claim 1, further comprising an engineering system to be used by an engineer to:
request the engineer token from the token generating server, and
provide token-authenticating information to the IED for subsequent authentication of the configuration package prior to installation thereof.

5.	(Original) The system of claim 1, further comprising a technician system to be used by a technician to:

provide the token-authenticating information to the IED for subsequent authentication of the technician prior to installation of the configuration package.

6.	(Original) The system of claim 5, wherein the technician system communicates with the IED via the communications network.

7.	(Original) The system of claim 5, further comprising a remote technician system through which the technician provides the technician token and the configuration package to the IED independent of the communications network.

8.	(Original) The system of claim 1, wherein the token generating server is configured to sign the configuration package annotated with the engineer token, and wherein the authorization subsystem is further configured to authenticate that the configuration package is unchanged.

9.	(Proposed amendment) The system of claim 1, the using at least one of a unique identifier of the IED[[,]] and a firmware version of the IED.

10.	(Original) The system of claim 1, wherein the engineer token uniquely identifies the IED for which the configuration package is intended, and wherein the authorization subsystem is further configured to authenticate that the configuration package is intended for the IED.

11.	(Original) The system of claim 1, wherein the engineer token identifies a time window for installation of the configuration package, and wherein the authorization subsystem is further configured to prevent installation of the configuration package outside of the time window. 


12. 	(Proposed amendment) An intelligent electronic device (IED), comprising: 
an input port to receive a request from a technician to install a configuration package;
an authorization subsystem to:
(1) authenticate a technician token provided by the technician to validate that the technician is authorized to install the configuration package, [[and]]
(2) authenticate an engineer token that is different than the technician token, wherein the engineer token comprises a hash of the configuration package that can be used to validate that the configuration package was developed by an authorized entity, wherein the engineer token identifies a device type for which the configuration package is intended,
(3) authenticate that the configuration package is intended for the IED based on the device type identified in the engineer token; and
a configuration subsystem to allow installation of the configuration package by the technician upon authentication of both the technician token and the engineer token.

13.	(Original) The system of claim 12, wherein the engineer token is annotated and signed along with the configuration package, and wherein the authorization system uses token-authenticating information received by a token generating system to further authenticate the engineer token and the configuration package.

14.	(Original) The system of claim 12, wherein the authorization system uses token-authenticating information received by a token generating system to authenticate the technician token provided by the technician. 

15.	(Original) The system of claim 12, wherein at least one of the technician token and the engineer token comprises an asymmetrical token, and wherein the authorization system uses token-authenticating information for authentication that is non-reverse-engineerable.

16.	(Canceled) 

17.	(Original) The system of claim 12, wherein the engineer token further identifies a device type for which the configuration package is intended, and wherein the authorization subsystem is further configured to authenticate that the configuration package is intended for at least one of a device type of the IED, a unique identifier of the IED, and a firmware version of the IED.

18.	(Original) The system of claim 12, wherein the engineer token identifies software and hardware for which the configuration package is intended, and wherein the authorization subsystem is further configured to authenticate that the configuration package is intended for the software and hardware of the IED.

19.	(Original) The system of claim 12, wherein the engineer token identifies a time window for installation of the configuration package, and wherein the authorization subsystem is further configured to prevent installation of the configuration package outside of the time window. 


20.	(Proposed amendments) A method for intelligent electronic device (IED) access control, comprising:
generating an engineer token that includes a hash of a configuration package to be used to validate that: 
(1) the configuration package was developed by an authorized entity, and
the configuration package is intended for the device type of the IED; 
generating a technician token that is different than the engineer token, wherein the technician token facilitates validation that a technician is authorized to install the configuration package on the IED;
providing token-authenticating information to the IED to enable the IED to subsequently authenticate each of the engineer token and the technician token; 
receiving a request by the technician to install the configuration package;
receiving the technician token from the technician;
authenticating the technician token to validate that the technician is authorized to install the configuration package;
receiving the configuration package for installation on the IED, wherein the configuration package is signed by the authorized entity;
authenticating the engineer token to validate the configuration package and the device type of the IED; and 
modifying at least one setting of the IED as dictated within the configuration package in response to authentication of both the technician token and the engineer token. 

21.	(Original) The method of claim 20, wherein the engineer token identifies a time window for installation of the configuration package, and wherein the method further comprises authenticating that a technician’s request to modify at least one setting of the IED is within the specified time window.

22.	(Original) The method of claim 20, wherein the engineer token is appended to and signed along with the configuration package, and wherein the method further comprises using asymmetrical token-authenticating information to authenticate the engineer token and validate that the configuration package is unmodified.

23.	(Original) The method of claim 21, further comprising logging at least one of the engineer token and the technician token. 



Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: The prior art of record (in particular, Kockerill et al. US Pub. No.: 2018/0359244 A1 (hereinafter Kockerill) does not disclose, with respect to independent claims 1, 12 and 20, an authorization subsystem of the IED to: (1) authenticate the technician token in response to an installation request using the token-authenticating information from the token generating server, (2) authenticate the engineer token associated with the configuration package using the token-authenticating information from the token generating server, including authenticating that the configuration package is intended for the device type of the IED, (3) reject installation of the configuration package upon failure to authenticate one or both of the engineer token and the technician token, and (4) log access and authentication results. Rather, Kockerill discloses use of device risk evaluation to manage access to service.  Accordingly, claims 1-15 and 17-23 are allowed. .
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NEGA WOLDEMARIAM whose telephone number is (571)270-7478. The examiner can normally be reached Monday to Friday, 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 5712726798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/NEGA WOLDEMARIAM/Examiner, Art Unit 2433          

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433