DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

2.	Claims 1-20 have been examined and rejected.


Claim Rejections - 35 USC § 103
3.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


4.	Claims 1-5, 7-13 and 15-20 are rejected under AIA  35 U.S.C. 103 as being unpatentable over Costante (WIPO Pub WO 2019/172762) in view of CIANFROCCA (U.S. PGPub 2019/0028434)
As per claims 1, 9 and 17
Costante teaches a method (Costante, see para page 10, lines 18-27, page 27 lines 1-15, Costante teaches a method for an Industrial Control Systems application, attribute extraction from network, attribute-based policies are used to express domain-specific security constraints in industrial control system, where only Engineering Workstations can change the logic of Programmable Logic Controller (PLC), while 
2identifying, by a device in a network, a packet sent via the network towards an 3endpoint as being a control packet for the endpoint (Costante, see page 5 line 17, 31 and 32,  page 12, lines 26-31, as shown in fig. 4 step B, and fig. 6 parser extracts protocol fields and their corresponding values from the data stream that include MODBUS/Transmission Control Protocol (MODBUS/TCP), MODBUS/Remote Terminal Unit (MODBUS/RTU), Building Automation and Control Network (BACnet), link attributes values are derived from data protocol fields at any layer of the protocol with attributes: protocol, source port, destination port, function code, message type, with extraction of function code, message type the method identify whether the link represents a request for data, a command, a reprogramming action as being part of a control packet and the specific function of the control packet, as show in fig. 5 Message type, network link L1 from host H1 to host H2 is observed, network traffic is parsed and the following protocol fields are extracted from the network message: protocol name=Modbus, source IP=10.1.1.1, destination IP=10.1.1.2, source port=502, destination port=502, function code=16 );  
4extracting, by the device, one or more control parameter values from the control 5packet (Costante, see page 13, lines 18-21, 32-33,  page 14 lines 9-1, attribute values are extracted from the protocol field such as H1={IP=10.1.1.1, role=master} relying on 
6comparing, by the device, the one or more control parameter values to a policy 7associated with the endpoint (Costante, see page 21, lines 18-27, page 22 lines 1-15, as shown in fig. 4 step c-e the detecting, on the basis of the attributes derived from the monitored data traffic, if the monitored data traffic complies to the consistency rule, by attribute-based policy detection and compression to enforcement of policies based on explicit and in implicit hosts and link attributes, Attribute-based policy P for a given a set of host-(A.sub.H), link-(A.sub.L) and context-related (A.sub.C) attributes A=A.sub.H∪A.sub.L∪A.sub.C=<a.sub.1=v.sub.a1, a.sub.2=v.sub.a2, . . . , a.sub.n=v.sub.an> where a.sub.i∈A has value va.sub.i∈V.sub.i with i∈[1,n], P=<if <ATTRIBUTE OP VALUE [{LOGICOP ATTRIBUTE OP VALUE}]> then ACTION [{, OBLIGATION}]> where: ATTRIBUTE can be any host-, link- or context-based attribute a.sub.i∈A; OP can be any comparison operation, so the extracted host and link attributes are compare in the policy to determine action to be taken);

In a similar field of endeavor CIANFROCCA teaches and 8initiating, by the device, a corrective measure, based on a determination that the 9one or more control parameter values violate the policy associated with the endpoint (CIANFROCCA, see para 0078, 0140, 0148 a SCADA firewall does behavior filtration by allowing a policy-writer to selectively permit behaviors on the basis of session metadata, “writes” may never be performed against the robot, “Reads” may be performed only by authorized users, or from specific network segments, or at certain times of day, implementer of the policy language define action taken when a violation occurs at 203 as the desired behavior or operation constrain is not satisfied, a DENY is issued to prevent a transaction from taking place by blocking a network communication or by directly controlling a machine or a MODIFY is issued to change one or more of the parameters or data elements in the transaction before passing it on in the network or to the control system of a machine and SET is issued add a data item to the retained state of the policy enforcement device, which can be referenced in the future processing of the, the policy-execution engine admit of different possibilities to effectuate policy violation, in the “in-line” case, the policy-execution engine can selectively block or modify transactions in real time, effectuating a policy of denying or modifying particular operations that may violate local safety or security rules compiled policy object).
ostante with the teaching of CIANFROCCA, as doing so would provide an efficient method for modifying a deteted transaction in a network traffic to a industrial machine based on the determination using a stored machine profile defining an association between the language of the stored policy object and at least one control signal or instruction for the at least one industrial machine does not satisfy  desired behavior or  operational constraint related to the industrial machine (CIANFROCCA see para 0016).
1 	As per claims 2, 10 and 18
Costante in view of CIANFROCCA teaches the method as in claim 1, wherein initiating the corrective measure comprises: 2blocking, by the device, the packet from being delivered to the endpoint (CIANFROCCA, see para 0078, 0140, 0148 a SCADA firewall as implementer of the policy language define action taken when a violation occurs at 203 as the desired behavior or operation constrain is not satisfied, a DENY is issued to prevent a transaction from taking place by blocking a network communication or by directly controlling a machine, in the “in-line” case, the policy-execution engine can selectively block or modify transactions in real time, effectuating a policy of denying particular operations that may violate local safety or security rules compiled policy object).
It would have been obvious to one of ordinary skill in the art to before the effective filling date of the claimed invention to combine the teaching of Costante with 
1 
As per claims 3, 9 and 19
Costante in view of CIANFROCCA teaches the method as in claim 1, wherein the endpoint controls an actuator, and wherein the 2one or more control parameter values affect how the actuator operates (CIANFROCCA see para 0037, dispositions would be to permit or deny a requested control signal dispatched to a machine through a network to move an actuator arm, a property arising from the nature of the controls, which may refer to any dynamically observable property).
It would have been obvious to one of ordinary skill in the art to before the effective filling date of the claimed invention to combine the teaching of Costante with the teaching of CIANFROCCA, and the motivation to combine the teachings will be the same a stated above for the motivation with relation to claims 1, 9 and 17;

 11	As per claims 4, 10 and 20
Costante in view of CIANFROCCA teaches the method as in claim 3, wherein the endpoint comprises a programmable logic 2controller (PLC) or variable-frequency drive (VFD) connected to the actuator (Costante, see para page 10, lines 18-27, page 27 lines 1-15, Costante teaches a method for an Industrial Control Systems application, attribute extraction from network, attribute-based policies are used to express domain-
111 	
As per claims 5, 13 and 20
Costante in view of CIANFROCCA teaches the method as in claim 1, wherein identifying the packet sent via the network towards 2 the endpoint as being a control packet for the endpoint comprises: 0141440.U   CPOL 1026288-US.023identifying the packet as using an automation protocol(Costante, see page 5 line 17, 31 and 32,  page 12, lines 26-31, as shown in fig. 4 step B, and fig. 6 parser extracts protocol fields and their corresponding values from the data stream that include MODBUS/Transmission Control Protocol (MODBUS/TCP), MODBUS/Remote Terminal Unit (MODBUS/RTU), Building Automation and Control Network (BACnet)).

As per claims 17 and 15
Costante in view of CIANFROCCA teaches the method as in claim 1, wherein the device comprises a network firewall(CIANFROCCA, see para 0078, 0140, 0148 a SCADA firewall does behavior filtration by allowing a policy-writer to selectively permit behaviors on the basis of session metadata, “writes” may never be performed against the robot, “Reads” may be performed only by authorized users, or from specific network 
It would have been obvious to one of ordinary skill in the art to before the effective filling date of the claimed invention to combine the teaching of Costante with the teaching of CIANFROCCA, and the motivation to combine the teachings will be the same a stated above for the motivation with relation to claims 1 and 9;

1 As per claims 18 and 16
Costante in view of CIANFROCCA teaches the method as in claim 1, wherein the one or more control parameter values affect 2powering of a circuit (CIANFOCCA, see para 0037, 0096 dispositions would be to permit or deny a requested control signal dispatched to a machine through a network to supply more or less power to an electrical grid, controls may be defined to any degree of abstraction such total reactive power delivered by an electrical grid).
It would have been obvious to one of ordinary skill in the art to before the effective filling date of the claimed invention to combine the teaching of Costante with the teaching of CIANFROCCA, and the motivation to combine the teachings will be the same a stated above for the motivation with relation to claims 1 and 9;

5.	Claims 6 and 14 are rejected under AIA  35 U.S.C. 103 as being unpatentable over COSTANTE (WIPO Pub WO 2019/172762) in view of CIANFROCCA (U.S. PGPub 2019/0028434) in view of Yang ET. al. (U.S. PGPub 2017/0295071).

Costante in view of CIANFROCCA teaches the method as in claim 1, yet fails to further comprising:  2assigning one or more component tags and one or more activity tags to the 3endpoint, wherein the policy associated with the endpoint is based on the one or more 4component tags and on the one or more activity tags.
In a similar field of endeavor Yang teaches further comprising:  2assigning one or more component tags and one or more activity tags to the 3endpoint, wherein the policy associated with the endpoint is based on the one or more 4component tags and on the one or more activity tags (Yang, see para 0044-0048,    complete set of Tag Configurations where a Tag represents an I/O value produced/consumed by industrial machines and device capability mappings which can be exported as part of the Tag Configuration, two controllers must be on separate VLANs if there is no overlap between I/O modules owned by each controller and Tags consumed by each controller,  a controller consumes a Base Tag produced by an I/O device as the one and only owner, they must be on the same VLAN, if a controller consumes a Base Tag produced by an I/O device as one of the owners, and the I/O value is not buffered, they must on the same VLAN, if a controller consumes a Base Tag produced by an I/O device as one of the owners, but the I/O value is buffered, they can be on the same or different VLAN,  Firewall must be created for each controller with a policy that only allows the data flow between the controller and associated I/O devices ).



Conclusion
6.	The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure. This includes:
U.S. PGPub 2019/0349426 which teaches a method for policy driven automation for IoT network;
U.S. PGPub 2019/0220760 which describes an automatic deployment of cognitive policy for automation network;
U.S. PGPub 2019/0306011 which describes a network firewall for implementing reasoning engine and monitoring alerts.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to examiner Sanjoy Roy, whose telephone number is 571- 270-0675.   The examiner can normally be reached on Mon-Fri, 8am.-5pm. (EST).
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas Taylor can be reached on 571-272-3889.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


/SANJOY ROY/
Examiner, Art Unit 2457


/NICHOLAS R TAYLOR/Supervisory Patent Examiner, Art Unit 2443