DETAILED ACTION
This office action is in response to applicant’s RCE submission filed on 11/15/2021, which has an effective filing date of 10/12/2016.  Claims 1 and 9 have been amended.  Claims 1-4, 6-22, and 24-27 are pending and are directed towards system, apparatus, method, and computer product for Provision of Secure Communication in a Communication Network Capable of Operating in Real Time.  This is Non-Final action.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
1.	Applicant’s arguments filed 10/19/2021 indicated by RCE submission filed on 11/15/2021 have been fully considered.
A) Applicant’s arguments, with respect to the amended limitations of claims 1 and 9, that Falk and Rayapeta fail to teach “transmitting the first integrity reference value and the second integrity reference value from the at least two interfaces to a test unit for integrity checking; correlating the first integrity reference value with the second integrity reference value, and comparing of same by the test unit without the test unit monitoring the transmitted and/or received 
Claim Rejections - 35 USC § 103
2.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
3.	Claims 1-4, 6-22, and 24-27 are rejected under 35 U.S.C. 103 as being unpatentable over Rose et al. (US Pub. 2009/0307766), hereinafter Rose, filed on Jun. 9, 2008 in view of Rayapeta et al. (US Pub. 2016/0344754), hereinafter Rayapeta, filed on May 22, 2015 and Falk (US Pub. 2013/0132730) filed on Jul. 22, 2011 . 
Regarding claim 1, Rose teaches a method for providing secure communication between at least one first communication partner and at least one second communication partner within a communication network capable of operating in real time (Fig. 1 and para 22, line 1-14 and para 27, line 1-13; wireless 
providing at least two interfaces, each of which are assigned to a communication partner (para 22, line 1-14 and para 41, line 1-18; wireless mobile stations, where each wireless device may communicate via one or more communication links or interfaces);
Rose does not teach wherein the at least two interfaces passively monitor transmitted and/or received messages between the communication partners 
isolating at least one message transmitted and/or received between the communication partners at the respectively associated interface, by means of at least one definable filtering criterion, wherein the at least one isolated message undergoes an integrity check;
Rayapeta teaches wherein the at least two interfaces passively monitor transmitted and/or received messages between the communication partners (para 24, line 1-16 and para 26, line 4-9; robustness agent located at one or more node interfaces analyzes the flow of message traffic into and out of a communication node for characteristics indicative of an attack);
isolating at least one message transmitted and/or received between the communication partners at the respectively associated interface, by means of at 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rose to incorporate the teachings of Rayapeta to provide for quarantine of a message communicated between two nodes of a network and analyze if message may be indicative of an attack by determining characteristics of the message.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Rose and Rayapeta do not teach for the purposes of integrity checking, constituting a first integrity reference value for at least one message transmitted and/or received by the first communication partner, and at least one second message received and/or transmitted by at least the second communication partner;
transmitting the first integrity reference value and the second integrity reference value from the at least two interfaces to a test unit for integrity checking; correlating the first integrity reference value with the second integrity reference value, and comparing of same by the test unit; and
Falk teaches for the purposes of integrity checking, constituting a first integrity reference value for at least one message transmitted and/or received by the first communication partner, and at least one second integrity reference value for at least one message received and/or transmitted by at least the second communication partner (para 38, line 1-14 and para 40, line 1-4; generate integrity check information for control unit SE on the transmitter side and generate integrity check information for the control data on the receiver side);
transmitting the first integrity reference value and the second integrity reference value from the at least two interfaces to a test unit for integrity checking; correlating the first integrity reference value with the second integrity reference value, and comparing of same by the test unit (para 41, line 1-8 and para 42, line 15-35; integrity check verification unit IPVE, as a remote checking 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rose and Rayapeta to incorporate the teachings of Falk to provide integrity check verification unit IPVE, as a remote checking unit, compares the received integrity check information generated on the receiver side with that of the transmitter side.  Doing so would allow for detection of manipulation of the transmitted control data, as recognized by Falk in para 12, line 22-28. 
	Rose teaches the test unit without the test unit monitoring the transmitted and/or received messages between the communication partners (para 22, line -14 and para 24, line 1-13; wireless communications includes one or more wireless mobile stations connected to a network, where the received data packets are processed in a first processing mode 320 and are forwarded to an application module 270 (step 330) before checking the integrity of the data packets using the respective message integrity codes (step 340));
Rose and Rayapeta do not teach generating a warning and/or alarm signal by the test unit, or the referral of the warning and/or alarm signal originating from the test unit to an authority responsible for the deployment of 
Falk teaches generating a warning and/or alarm signal by the test unit, or the referral of the warning and/or alarm signal originating from the test unit to an authority responsible for the deployment of corresponding counter-measures, in the event that the correlated integrity reference values deviate from each other (para 42, line 19-48; the integrity check verifying unit IPVE generates an alarm signal and transmits the alarm signal to an operating person as well as initiating an operationally secure state for the network if the integrity check information of the receiver side deviates from the integrity check information of the transmitter side).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rose and Rayapeta to incorporate the teachings of Falk to provide the integrity check verifying unit IPVE generates an alarm signal and transmits the alarm signal to an operating person as well as initiating an operationally secure state for the network if the integrity check information of the receiver side deviates from the integrity check information of the transmitter side.  Doing so would allow for 
Regarding claim 2, Rose, Rayapeta, and Falk teach method of claim 1.
Rose and Rayapeta do not teach wherein, for communication between the communication partners, a communication protocol below level 3, also described as the network layer in the OSI reference model applied in communication technology, is employed.
	Falk teaches wherein, for communication between the communication partners, a communication protocol below level 3, also described as the network layer in the OSI reference model applied in communication technology, is employed (para 23, line 1-4 and para 36, line 1-13; data are transmitted between control units SEs where each control unit SE is connected to a gateway via a bus 5-1 in an Ethernet transmission network).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rose and Rayapeta to incorporate the teachings of Falk to provide data are transmitted between control units SEs where each control unit SE is connected to a gateway via a bus 5-1 in an Ethernet transmission network.  Doing so would allow for 
Regarding claim 3, Rose, Rayapeta, and Falk teach method of claim 1.
	Rose does not teach wherein, for communication between the communication partners, a fieldbus communication protocol is employed.
Rayapeta teaches wherein, for communication between the communication partners, a fieldbus communication protocol is employed (para 36, line 1-4 and line 25-29; communication between various nodes on the network uses fieldbus protocol).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rose to incorporate the teachings of Rayapeta to provide for communication between various nodes on the network using fieldbus protocol.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Regarding claim 4, Rose, Rayapeta, and Falk teach method of claim 1.

Rayapeta teaches wherein the at least one filtering criterion relates to the message type, a sender and/or receiver, a random message filtering function, a bandwidth and/or network load and/or a filterable message content, and/or any combination thereof (para 24, line 12-33; analyze if message may be indicative of an attack by determining characteristics of the message, such as a message type or a certain sender or receiver).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rose to incorporate the teachings of Rayapeta to provide for analyzing if message may be indicative of an attack by determining characteristics of the message, such as a message type or a certain sender or receiver.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Regarding claim 6, Rose, Rayapeta, and Falk teach method of claim 1.
Rose does not teach an isolated sent/received message
Rayapeta teaches an isolated sent/received message (para 24, line 5-11 and line 23-30; quarantined message into or out of a communication node)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rose to incorporate the teachings of Rayapeta to provide for quarantine of a message into or out of a communication node.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Rose and Rayapeta do not teach wherein, as an integrity reference value, a hash value of an sent/received message and/or elements thereof, and/or an accumulation of a plurality of filtered messages and/or elements thereof is employed.
Falk teaches wherein, as an integrity reference value, a hash value of an sent/received message and/or elements thereof, and/or an accumulation of a plurality of filtered messages and/or elements thereof is employed (para 43, line 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rose and Rayapeta to incorporate the teachings of Falk to provide integrity check information is formed by a hash value of at least part of the control data packet or a particular number of control data packets.  Doing so would allow for detection of manipulation of the transmitted control data, as recognized by Falk in para 12, line 22-28.
Regarding claim 7, Rose, Rayapeta, and Falk teach method of claim 1.
Rose and Rayapeta do not teach the at least one first integrity reference value from a definable time window is compared with at least the second correlating integrity reference value from the same time window.
Falk teaches the at least one first integrity reference value from a definable time window is compared with at least the second correlating integrity reference value from the same time window (para 41, line 1-8 and para 52, line 1-6 and para 53, line 1-5; integrity check verification unit IPVE compares the integrity check information, containing a timestamp with value range within a particular timespan, generated on the receiver side with that of the transmitter side).

Regarding claim 8, Rose, Rayapeta, and Falk teach method of claim 1.
Rose and Rayapeta do not teach the communication between the communication partners and the communication between the respective interface and the test unit are executed in mutually independent channels.
Falk teaches the communication between the communication partners and the communication between the respective interface and the test unit are executed in mutually independent channels (para 39, line 1-16; transmitting control data and integrity check information from transmitter side to receiver side occurs over different networks or over different virtual local networks VLAN).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rose 
Regarding claim 9, Rose teaches a device for integrity checking, which is suitable for the provision of secure communication between at least two communication partners within a communication network capable of operating in real time (Fig. 1 and para 22, line 1-14 and para 27, line 1-13; wireless communications includes one or more wireless mobile stations connected to a network and maintain real-time data integrity and security), the device comprising: 
at least one processor configured to (para 35, line 1-15; processor of dedicated hardware 220 receiving the packet):
Rose does not teach at least one isolated message 
Rayapeta teaches at least one isolated message (para 24, line 23-30; quarantine the message on the network communication)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rose to 
Rose and Rayapeta do not teach receive a formed first integrity reference value for at least one message from a first interface; receive at least one formed second integrity reference value for at least one message from a second interface;
 correlate the first integrity reference value with the at least one second integrity reference value, and for comparing same,
Falk teaches receive a formed first integrity reference value for at least one message from a first interface; receive at least one formed second integrity reference value for at least one message from a second interface (para 41, line 1-8 and para 42, line 15-35; integrity check verification unit IPVE, as a remote checking unit, compares the received integrity check information generated on the receiver side with that of the transmitter side);

PCT/EP2017/072801- 18 - 2016P19473WOUS It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rose and Rayapeta to incorporate the teachings of Falk to provide integrity check verification unit IPVE, as a remote checking unit, compares the received integrity check information generated on the receiver side with that of the transmitter side.  Doing so would allow for detection of manipulation of the transmitted control data, as recognized by Falk in para 12, line 22-28.
Rose teaches without monitoring transmitted and/or received messages between the at least two communication partners (para 22, line -14 and para 24, line 1-13; wireless communications includes one or more wireless mobile stations connected to a network, where the received data packets are processed in a first processing mode 320 and are forwarded to an application module 270 (step 330) before checking the integrity of the data packets using the respective message integrity codes (step 340)); and 

Falk teaches emit a warning and/or alarm signal, which is delivered to an authority responsible for the deployment of corresponding counter-measures, in the event that the correlated integrity reference values deviate from each other (para 42, line 19-48; the integrity check verifying unit IPVE generates an alarm signal and transmits the alarm signal to an operating person as well as initiating an operationally secure state for the network if the integrity check information of the receiver side deviates from the integrity check information of the transmitter side);
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rose and Rayapeta to incorporate the teachings of Falk to provide the integrity check verifying unit IPVE generates an alarm signal and transmits the alarm signal to an operating person as well as initiating an operationally secure state for the network if the integrity check information of the receiver side deviates from the integrity check information of the transmitter side.  Doing so would allow for 
Rose does not teach wherein the transmitted and/or received messages between the communication partners are passively monitored.
Rayapeta teaches wherein the transmitted and/or received messages between the communication partners are passively monitored (para 24, line 1-16 and para 26, line 4-9; robustness agent located at one or more node interfaces analyzes the flow of message traffic into and out of a communication node for characteristics indicative of an attack).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rose to incorporate the teachings of Rayapeta to provide for robustness agent on node interface analyzing the flow of message traffic into and out of a communication node for characteristics indicative of an attack.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Regarding claim 10, Rose, Rayapeta, and Falk teach device of claim 9.
the isolated message
Rayapeta teaches the isolated message (para 24, line 23-30; quarantine the message on the network communication)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rose to incorporate the teachings of Rayapeta to provide for quarantine of a message communicated between two nodes of a network.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Rose and Rayapeta do not teach correlation involves an association of the first integrity value with the at least second integrity value, with respect to the same message which is transmitted between the communication partners.
Falk teaches correlation involves an association of the first integrity value with the at least second integrity value, with respect to the same message which is transmitted between the communication partners (para 41, line 1-8; integrity check verification unit IPVE compares the integrity check information generated on the receiver side with that of the transmitter side).

Regarding claim 11, Rose, Rayapeta, and Falk teach device of claim 9.
Rose and Rayapeta do not teach the at least one first integrity reference value from a definable time window is compared with at least the second correlating integrity reference value from the same time window.
Falk teaches the at least one first integrity reference value from a definable time window is compared with at least the second correlating integrity reference value from the same time window (para 41, line 1-8 and para 52, line 1-6 and para 53, line 1-5; integrity check verification unit IPVE compares the integrity check information, containing a timestamp with value range within a particular timespan, generated on the receiver side with that of the transmitter side).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rose 
Regarding claim 12, Rose, Rayapeta, and Falk teach device of claim 9.
Rose does not teach the device comprises at least one unit for synchronizing the isolation of at least one transmitted and/or received message between the communication partners, with reference to at least one definable filtering criterion.
Rayapeta teaches the device comprises at least one unit for synchronizing the isolation of at least one transmitted and/or received message between the communication partners, with reference to at least one definable filtering criterion (para 24, line 1-29 and para 27, line 1-6; quarantine a message communicated between two nodes, with an interface at each node, of a network and analyze if message may be indicative of an attack by determining characteristics of the message, such as a message type or a certain sender or receiver); 

Regarding claim 13, Rose, Rayapeta, and Falk teach device of claim 9.
Rose and Rayapeta do not teach wherein, for communication between the communication partners, a communication protocol below level 3, also described as the network layer in the OSI reference model applied in communication technology, is employed.
	Falk teaches wherein, for communication between the communication partners, a communication protocol below level 3, also described as the network layer in the OSI reference model applied in communication technology, is employed (para 23, line 1-4 and para 36, line 1-13; data are transmitted between 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rose and Rayapeta to incorporate the teachings of Falk to provide data are transmitted between control units SEs where each control unit SE is connected to a gateway via a bus 5-1 in an Ethernet transmission network.  Doing so would allow for detection of manipulation of the transmitted control data, as recognized by Falk in para 12, line 22-28.
Regarding claim 14, Rose, Rayapeta, and Falk teach device of claim 9.
Rose does not teach wherein, for communication between the communication partners, a fieldbus communication protocol is employable.
Rayapeta teaches wherein, for communication between the communication partners, a fieldbus communication protocol is employable (para 36, line 1-4 and line 25-29; communication between various nodes on the network uses fieldbus protocol).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rose to incorporate the teachings of Rayapeta to provide for communication between 
Regarding claim 15, Rose, Rayapeta, and Falk teach device of claim 9.
Rose does not teach the at least one definable filtering criterion relates to a message type, a sender and/or receiver, a random message filtering function, a bandwidth and/or network load and/or a filterable message content, and/or any combination thereof.
Rayapeta teaches the at least one definable filtering criterion relates to a message type, a sender and/or receiver, a random message filtering function, a bandwidth and/or network load and/or a filterable message content, and/or any combination thereof (para 24, line 12-33; analyze if message may be indicative of an attack by determining characteristics of the message, such as a message type or a certain sender or receiver).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rose to incorporate the teachings of Rayapeta to provide for analyzing if message may be 
Regarding claim 16, Rose, Rayapeta, and Falk teach device of claim 9.
Rose does not teach an isolated sent/received message
Rayapeta teaches an isolated sent/received message (para 24, line 5-11 and line 23-30; quarantined message into or out of a communication node)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rose to incorporate the teachings of Rayapeta to provide for quarantine of a message into or out of a communication node.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
sent/received message and/or elements thereof, and/or an accumulation of a plurality of filtered messages and/or elements thereof is employed.
Falk teaches wherein, as an integrity reference value, a hash value of an sent/received message and/or elements thereof, and/or an accumulation of a plurality of filtered messages and/or elements thereof is employed (para 43, line 1-8; integrity check information is formed by a hash value of at least part of the control data packet or a particular number of control data packets).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rose and Rayapeta to incorporate the teachings of Falk to provide integrity check information is formed by a hash value of at least part of the control data packet or a particular number of control data packets.  Doing so would allow for detection of manipulation of the transmitted control data, as recognized by Falk in para 12, line 22-28.
Regarding claim 17, Rose, Rayapeta, and Falk teach device of claim 9.
Rose and Rayapeta do not teach at least one channel for communication between the communication partners and at least one channel for the reception 
Falk teaches at least one channel for communication between the communication partners and at least one channel for the reception of the at least one first and/or the at least second integrity value are mutually independent (para 39, line 1-16; transmitting control data and integrity check information from transmitter side to receiver side occurs over different networks or over different virtual local networks VLAN).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rose and Rayapeta to incorporate the teachings of Falk to provide transmitting control data and integrity check information from transmitter side to receiver side occurs over different networks or over different virtual local networks VLAN.  Doing so would allow for detection of manipulation of the transmitted control data, as recognized by Falk in para 12, line 22-28.
Regarding claim 18, Rose, Rayapeta, and Falk teach device of claim 9.
Rose does not teach wherein, for integrity checking, plausibility data, specifically projection data and/or configuration data and/or physical properties 
Rayapeta teaches wherein, for integrity checking, plausibility data, specifically projection data and/or configuration data and/or physical properties of the communication partners, data derived from a simulation and/or digital twinning data can be incorporated (para 53, line 1-28; analyze messages into and out of the nodes of the network for expected behavior using various traffic pattern statistics generated at any particular node which reflects the configuration of the network).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rose to incorporate the teachings of Rayapeta to provide for analyze messages for expected behavior using various traffic pattern statistics generated at any particular node which reflects the configuration of the network.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Regarding claim 19, Rose teaches a communication system for providing secure communication between at least two communication partners within a communication network capable of operating in real time, comprising at least two interfaces which are assigned to the communication partners, each having at least one unit for the constitution of an integrity reference value for a sent and/or received message (Fig. 1 and para 22, line 1-14 and para 27, line 1-13 and para 41, line 1-18; wireless communications includes one or more wireless mobile stations, where each wireless device may communicate via one or more communication links or interfaces, connected to a network and maintains real-time data integrity and security), and 
Rose does not teach perform the passive monitoring
Rayapeta teaches perform the passive monitoring (para 24, line 1-16 and para 26, line 4-9; robustness agent located at one or more node interfaces analyzes the flow of message traffic into and out of a communication node for characteristics indicative of an attack)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rose to incorporate the teachings of Rayapeta to provide for node interface analyzing the flow of message traffic into and out of a communication node for characteristics 
for the transmission of the integrity reference value to at least one integrity reference value checking device as claimed in claim 9 (see rejection in claim 9).
Regarding claim 20, Rose, Rayapeta, and Falk teach system of claim 19.
Rose does not teach a unit for the isolation of at least one transmitted and/or received message between the communication partners on the basis of least one definable filtering criterion is further assigned to each interface, 
Rayapeta teaches a unit for the isolation of at least one transmitted and/or received message between the communication partners on the basis of least one definable filtering criterion is further assigned to each interface (para 24, line 1-29 and para 27, line 1-6; quarantine a message communicated between two nodes, with an interface at each node, of a network and analyze if message may be indicative of an attack by determining characteristics of the message, such as a message type or a certain sender or receiver), 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rose to 
Rose, Rayapeta, and Falk teaches wherein the at least one filtering criterion is synchronizable by means of the least one integrity reference value checking device (see rejection for claim 19).
Regarding claim 21, Rose, Rayapeta, and Falk teach system of claim 19.
Rose and Rayapeta do not teach the interface which is assigned to the message-receiving communication partner and/or which is assigned to the message-transmitting communication partner can moreover comprise a unit for the reception of an integrity value comparison result.
Falk teaches the interface which is assigned to the message-receiving communication partner and/or which is assigned to the message-transmitting communication partner can moreover comprise a unit for the reception of an integrity value comparison result (para 41, line 1-8; integrity check verification 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rose and Rayapeta to incorporate the teachings of Falk to provide integrity check verification unit IPVE compares the integrity check information generated on the receiver side with that of the transmitter side.  Doing so would allow for detection of manipulation of the transmitted control data, as recognized by Falk in para 12, line 22-28. 
Rose, Rayapeta, and Falk teaches a unit for the reception of an integrity value comparison result from the least one integrity reference value checking device (see rejection for claim 19).
Regarding claim 22, Rose, Rayapeta, and Falk teach system of claim 21.
Rose and Rayapeta do not teach the interface further comprises an output unit for the delivery of a warning and/or alarm signal to an authority for the initiation of corresponding counter-measures, depending upon the integrity value comparison result.
Falk teaches the interface further comprises an output unit for the delivery of a warning and/or alarm signal to an authority for the initiation of 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rose and Rayapeta to incorporate the teachings of Falk to provide the integrity check verifying unit IPVE generates an alarm signal and transmits the alarm signal to an operating person as well as initiating an operationally secure state for the network if the integrity check information of the receiver side deviates from the integrity check information of the transmitter side.  Doing so would allow for detection of manipulation of the transmitted control data, as recognized by Falk in para 12, line 22-28.
Regarding claim 24, Rose, Rayapeta, and Falk teach system of claim 19.
Rose and Rayapeta do not teach wherein, for communication between the communication partners, a communication protocol below level 3, also described 
	Falk teaches wherein, for communication between the communication partners, a communication protocol below level 3, also described as the network layer in the OSI reference model applied in communication technology, is employable (para 23, line 1-4 and para 36, line 1-13; data are transmitted between control units SEs where each control unit SE is connected to a gateway via a bus 5-1 in an Ethernet transmission network).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rose and Rayapeta to incorporate the teachings of Falk to provide data are transmitted between control units SEs where each control unit SE is connected to a gateway via a bus 5-1 in an Ethernet transmission network.  Doing so would allow for detection of manipulation of the transmitted control data, as recognized by Falk in para 12, line 22-28.
Regarding claim 25, Rose, Rayapeta, and Falk teach system of claim 19.
	Rose does not teach wherein, for communication between the communication partners, a fieldbus communication protocol is employable.

It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rose to incorporate the teachings of Rayapeta to provide for communication between various nodes on the network using fieldbus protocol.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Regarding claim 26, Rose, Rayapeta, and Falk teach system of claim 19.
Rose and Rayapeta do not teach the communication between the communication partners and the communication between the respective interface and the device for integrity checking can be executed in mutually independent channels.
Falk teaches the communication between the communication partners and the communication between the respective interface and the device for integrity 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rose and Rayapeta to incorporate the teachings of Falk to provide transmitting control data and integrity check information from transmitter side to receiver side occurs over different networks or over different virtual local networks VLAN.  Doing so would allow for detection of manipulation of the transmitted control data, as recognized by Falk in para 12, line 22-28.
Regarding claim 27, Rose teaches a computer program product comprising a computer readable hardware storage device having computer readable program code stored therein, said program code executable by a processor of a computer system to implement a method, at least one computer program (para 47, line 1-15; memory storing software executed by a processor), 
Rose, Rayapeta, and Falk teaches having means for the execution of the method as claimed in claim 1 (see rejection for claim 1).
Conclusion
4.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
	The following are the related patents and applications: Jethanandani et al. (US Pub. 2015/0295909) discloses performance monitoring and live connectivity checks in a point-to-point network such as illustrated in FIG. 1, where there are two MEP nodes at the endpoints as contemplated by the integrity check optimization systems; Moon et al. (US Pub. 2017/0317889) discloses performing an integrity verification based on a distributed delegator and verifying an integrity of a plurality of individual devices based on a network; Sun et al. (US Pub. 2017/0086222) discloses select integrity check information that identified wireless channels and transmit the integrity check information for determination of the identified subset of channels.
5.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to NHAN H NGUYEN whose telephone number is (571)272-6443.  The examiner can normally be reached on Monday-Friday 8:30am - 4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.








/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492