DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

      Information Disclosure Statement
The information disclosure statement(s) (IDS) submitted on 12/26/2019 and 04/30/2020 were filed before the mailing date of this office action.  The submissions are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 4, 7-8, and 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over  US-PGPUB No. US 2015/0046697 A1 to Galpin et al (hereinafter Galpin) and further in view of US-PGPUB No. US 2016/0212241 A1 to Johnston et al. (hereinafter Johnston)
Regarding claim 1:
Galpin discloses:	
A communication method for an industrial control system (ICS), the method   comprising the steps of (see ¶10: “Fig. 2 is a block diagram illustrating an action authentication path for the industrial control system”):  
(see ¶35 and ¶19, ¶35: “… data transmitted by the industrial control system 100 can be packetized”
¶19: “… the industrial control system 100 collects data in applications including, but not necessarily limited to, critical infrastructure and/or industrial processes”); 
selectively capturing a critical network packet, the critical network packet being identified based on a predefined list of critical payloads capable of controlling a physical state of the ICS (see ¶28: “… each one of a selection of critical actions must clear the authentication path before being run on the communications/control module 106”); 
Galpin fails to explicitly disclose the following limitation taught by Johnston:
generating a signature from the critical network packet using a signing algorithm (see Johnston ¶34: … the CIP packets may be secured by signature to ensure the data is not altered upon arrival at the serving device, by encryption using public/private key or hashing, by password protection, or some combination thereof ”); and
transmitting a combined network packet comprising the critical network packet and the signature to the address (see Johnston ¶34: “… the client automation device may send the CIP request packets to the serving device over the CIP network (process block 72)”).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to incorporate the functionality of the  method for operating an industrial automation device to packetize the action request message and generate a signature from the packet by using a signing algorithm as disclosed by Johnston, such incorporation would increase system security by hindering an external entity’s ability to inject malicious content onto the 

Regarding claim 2:
The combination of Galpin and Johnston disclose:
A communication method according to claim 1, wherein the critical payloads are generated from system services that deal with data read from sensors or actuators, and data written to actuators or registers of devices in the ICS (see Galpin ¶24: “… each communications/control module 106 or any other industrial element/controller 206 (e.g., I/O module 104, field device 130 such as an actuator or sensor, physical interconnect device, switch, power module 112, or the like) can be at least partially operated according to requests/commands from an action originator 202”).  

Regarding claim 4:
The combination of Galpin and Johnston disclose:
A communication method according to claim 1, further comprising embedding the signature as an additional payload in the combined network packet (see Galpin ¶28: “The communications/control module 106 or any other industrial element/controller 206 being driven by the action originator 202 is configured to receive the signed action request, verify the authenticity of the signed action request, and perform a requested action when the authenticity of the signed action request is verified.”).  

Regarding claim 7:
The combination of Galpin and Johnston disclose:
(see Galpin ¶41: “… the security credentials can include encryption keys, certificates (e.g., public key certificates, digital certificates, identity certificates, security certificates, asymmetric certificates, standard certificates, non-standard certificates)”).  

Regarding claim 8:
The combination of Galpin and Johnston disclose: 						          A communication method for an Industrial Control System (ICS), the method comprising the steps of:  
receiving a combined network packet comprising a critical network packet and a signature (see Galpin ¶28: “… the action originator 202 is configured to receive the signed action request”)
verifying integrity of the critical network packet by authenticating the signature using a verification algorithm (see Galpin ¶28: “… verify the authenticity of the signed action request, …  The communications/control module … further includes a processor 232 that performs/executes the action request … after the signature is verified”).

In addition to the above limitations, claim 8 recites substantially the same limitations as claim 1. Therefore, claim 8 is rejected under the same rationale as claim 1.

Regarding claim 12:
The combination of Galpin and Johnston disclose: 
(see Galpin ¶46: “… a user can attempt to implement an incorrectly designated (e.g., mismarked) element within the industrial control system 100. … the authentication process implemented by the industrial control system 100 can cause the user to be alerted that the element is counterfeit.”).

Regarding claim 13:
The combination of Galpin and Johnston disclose:
A communication method for an industrial control system (ICS), the method comprising the steps of: 
verifying integrity of the critical network packet by authenticating the signature using a verification algorithm (see Galpin ¶28: “… verify the authenticity of the signed action request, …  The communications/control module … further includes a processor 232 that performs/executes the action request … after the signature is verified”).

In addition to the above limitations, claim 13 recites substantially the same limitations as claim 1. Therefore, claim 13 is rejected under the same rationale as claim 1.				

Claims 3 is rejected under 35 U.S.C. 103 as being unpatentable over Galpin and Johnston as applied to claim 1 above, and further in view of US-PGPUB No. US 2006/0268936 A1 to Hong et al (hereinafter Hong)
Regarding claim 3:

but fail to explicitly disclose the following limitation taught by Hong: 
wherein the system services comprise Read Data (see ¶89: “… it reads the data frames from the corresponding cells of the DPRAM 130 …”), Write Data (see ¶86: “The DPRAM transmit driver 434 writes the data frames received from the framer 433 in the DPRAM 130”), and Read Tag Fragmented Data (see ¶61: “… a receiving unit 440 for reading the fragmented data packets …”).  

It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Galpin and Johnston to incorporate the services of the communication method to read data, write data and read fragmented data as disclosed by Hong. The availability of such services would allow the transmission of messages larger than the allowed data limit by dividing the message into multiple packets and putting them in segmented or fragmented frames within the data limit. Reassembling and reading of fragmented data, and reading and writing of the segmented data would be possible with such service. 

Claims 5, 10 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Galpin and Johnston as applied to claim 1 above, and further in view of CN 103581173 A to Ding et al (hereinafter Ding) 

Regarding claim 5:
The combination of Galpin and Johnston disclose the communication method of claim 8, but fail to explicitly disclose the following limitation taught by Ding: 
(see ¶33: “… the message comprises data information, digital signature, timestamp information and key information.”).  

It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Galpin and Johnston to incorporate the functionality of the method to timestamp the message being transmitted as disclosed by Ding, such modification would allow the receiving device to know the order in which the packets were sent to reassemble the message.  The authenticity of the message would also be verified by comparing the timestamp through key information.  

Regarding claim 10:
The combination of Galpin and Johnston disclose the communication method of claim 8, but fail to explicitly disclose the following limitation taught by Ding:
wherein the signing algorithm is a symmetric signature algorithm, the communication method further comprises authenticating the signature by generating a verification signature from the critical network packet using the verification algorithm, and comparing the verification signature to the signature received for a match(see the following paragraphs: ¶86: “… generating the digital signature after the digital signature is appended after the data information according to a symmetric AES key stored by itself, to encrypt the data information and the digital signature”, 
¶95: “… decrypting the data information after encryption and the digital signature information using the symmetric AES key according to whether to decrypt successfully further verifies the identity of the sending end”, 
¶96: “… when the verification through the exchange device may also decrypt the digital signature according to a public key stored by itself to obtain the corresponding hash value, and performing Hash operation to the data information, determining the hash value of the digital information; decrypting the hash value and hash value obtained by the digital information after comparing, judging whether the hash value and the decrypted digital information obtained after the hash value is the same”).  

It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Galpin and Johnston to incorporate the functionality of the method which generates, verifies and compares digital signatures by using encryption/decryption algorithms as disclosed by Ding, such modification would provide a layer of data protection by verifying the authenticity of the data by comparing the verification signature to the signature received for a match. 

Regarding claim 11:
The combination of Galpin and Johnston disclose the communication method of claim 8, but fail to explicitly disclose the following limitation taught by Ding:
wherein the signing algorithm is an asymmetric signature algorithm, the communication method further comprises authenticating the signature by generating an output 554517-v1/4373-151005Atty. Docket: SP102004USZ/DP (4373-15100)Patent associated with the critical network packet from the signature received using the verification algorithm, and comparing the output to the critical network packet for a match (see the following paragraphs: 
¶86: “… using the private key stored by itself to the asymmetric encrypted AES key and the data information and the digital signature is encrypted, and the encrypted information is sent to the switching device”, 
¶87: “The switching device public key stored by itself to decrypt the received data encrypted to obtain the asymmetric AES key, and the encrypted data information and its digital signature.”, ¶89: “… obtain the corresponding Hash value, and performing Hash operation to the data information, the hash of the data information.”, 
¶90: “… judging whether the hash value and the decrypted data information after the obtained hash value is the same, when the judging result is yes, executing step S306, or else, determining the data information is not safe, the message is discarded”).  

It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Galpin and Johnston to incorporate the functionality of the method which uses the asymmetric signature algorithm to encrypt the digital signature as disclosed by Ding, such modification would verify the authenticity of the critical network packet by generating an output from the signature received and comparing it for a match with the received data information..  

Claims 6 and 9 are rejected under 35 U.S.C. 103 as being unpatentable over Galpin and Johnston as applied to claim 1 above, and further in view of EP 1729237 A1 to Miyazawa
Regarding claim 6:
The combination of Galpin and Johnston disclose the communication method of claim 1, but fail to explicitly disclose the following limitation taught by Miyazawa:
(see ¶10: “… there is provided a network communication system that selects an encryption method which is used in a communication between a data transmitting device and a data receiving device in accordance with a processing speed of encryption/decryption …  an encryption processing speed representing a speed of encryption/decryption of communication data … “, and 
¶18: “… by selecting the encryption method which has a higher encryption processing speed than the communication speed between the data transmitting communication device and the data receiving communication device, it can be avoided that a bottleneck due to workload of encryption and decryption slows down the communication speed, and the processing time can be shortened”).  

It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Galpin and Johnston to incorporate the functionality of the network communication system that has a higher encryption/decryption speed than data receiving(capturing)/transmitting speed as disclosed by Miyazawa, such modification would provide increased communication speed. 
 
Regarding claim 9:
The combination of Galpin and Johnston disclose the communications method of claim 8, but both fail to explicitly disclose the following limitation taught by Miyazawa:                      wherein verifying the integrity of the critical network packet is performed at a verification rate at least equal to a receiving rate at which the combined network packet is being received  
(see ¶10: “… there is provided a network communication system that selects an encryption method which is used in a communication between a data transmitting device and a data receiving device in accordance with a processing speed of encryption/decryption …  an encryption processing speed representing a speed of encryption/decryption of communication data … “, and 
¶18: “… by selecting the encryption method which has a higher encryption processing speed than the communication speed between the data transmitting communication device and the data receiving communication device, it can be avoided that a bottleneck due to workload of encryption and decryption slows down the communication speed, and the processing time can be shortened”). 

It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Galpin and Johnston to incorporate the functionality of the network communication system that has a higher encryption/decryption speed than data receiving(capturing)/transmitting speed as disclosed by Miyazawa, such modification would provide increased communication speed.  

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 

Choyi et al.  (US-PGPUB No. 2016/0277391 A1)- disclosed mechanisms to perform End-to-End authentication between entities having diverse capabilities (e.g., differing processing power, memory size, etc.) and with 
Rowett et al. (US-PGPUB No. 2005/0216770 A1)- disclosed An Intrusion Detection System (IDS) can be embedded in different network processing devices distributed throughout a network. 
Radhakrishnan et al. (US-PGPUB No. 2010/0217971 A1)- disclosed embodiments associated with aggregation of cryptography engines
Miyamoto (US-PGPUB 2003/0235307 A1)- disclosed a method of ensuring secure message exchange between a sender and a receiver over an insecure telecommunication line, and more particularly to an encryption program for protecting a message from tampering by encrypting the message with an encryption algorithm

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Matthias Habtegeorgis whose telephone number is (571)272-1916. The examiner can normally be reached on 8:00am - 4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Ashok B Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/M.H./Examiner, Art Unit 2491                                                                                                                                                                                                        

/ALEXANDER LAGOR/Primary Examiner, Art Unit 2491