DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 2, 5, 12 & 15 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

Claim 1 recites the step of querying an ICS computing component hash information database based on the hash query to generate one or more ICS computing component information items. Claim 2 further recites the step of querying the ICS computing component threat intelligence database with the hash query… generating one or more threat indicators representing the one or more security threats in the ICS system as the one or more ICS computing component information items. 
It is unclear whether an ICS computing component hash information database of claim 1 or an ICS computing component threat intelligence database of claim 2 is searched to generate one or more ICS computing component information items.
It is unclear whether a vulnerability analysis is generated based on one or more ICS computing component information items of claim 1, or one or more security threats in the ICS system as the one or more ICS computing component information items of claim 2.
For at least the reasons as noted, the features of claim 2 are optional features. 

Regarding claim 5, 
1.	It is unclear whether a vulnerability analysis is generated based on one or more ICS computing component information items of claim 1, or one or more predictive indicators of claim 5;
2.	There is insufficient antecedent basis for limitation the one or more components in the claim.

Claim 12 includes features analogous to claim 2. Claim 12 is rejected for at least the same reasons as noted with regard to claim 2.

Claim 15 includes features analogous to claim 5. Claim 15 is rejected for at least the same reasons as noted with regard to claim 5.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-6, 8, 10-16, 18 & 20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by JONES et al. [US 2018/0063181 A1], hereinafter referred to as JONES.

Regarding claims 1 & 11, JONES teaches an apparatus comprising 
at least a processor, e.g., processor 706 (JONES, ¶ 0140), and 
a memory associated with the processor having computer coded instructions therein, with the computer coded instructions configured to, when executed by the processor, cause the apparatus to, e.g., memory 714 (JONES, ¶ 0142) perform a method for detecting vulnerability in an industrial control system. The method as taught in JONES reads on claims 1 & 11 as shown below.

CLAIMS 1 & 11
A method for detecting vulnerability in an industrial control system, comprising:
receiving a hash query from a secure media exchange node, 
wherein the hash query comprises a file hash


generated at the secure media exchange node based at least in part on one or more industrial control files received at the secure media exchange node and 
associated with at least one of one or more ICS computing components in an industrial control system (ICS); 


querying an ICS computing component hash information database based on the hash query to generate one or more ICS computing component information items associated with at least one of the one or more ICS computing components by comparing the hash query with one or more hashes stored in the ICS computing component hash information database; 
generating a vulnerability analysis regarding the industrial control system based on the one or more ICS computing component information items; and 

outputting the vulnerability analysis to a secure media exchange vulnerability portal associated with the secure media exchange node.

JONES et al.
A method for detecting vulnerability in an industrial control system, comprising:
a comparison request is received from threat analysis system (JONES, ¶ 0101),
wherein the comparison request comprises a file’s hash value of a file (JONES, ¶ 0101) 
wherein the file’s hash value is generated at the threat analysis system based on a file received at the threat analysis system (JONES, ¶ 0101) and 
wherein the file’s hash value is associated with an enterprise computer system (JONES, ¶¶ 0097[Wingdings font/0xE0]0098) in an enterprise management system (JONES, ¶ 0027); 
the file’s hash value is compared with hash signatures in a database of known threat indicators (JONES, ¶ 0101) to generate a file identifier, a computing system identifier, a type of threat indicator, and a threat identifier associated with the enterprise computer system (JONES, ¶ 0102); 

a threat report regarding the enterprise management system based on the file identifier, computing system identifier, type of threat indicator, threat identifier is generated (JONES, ¶ 0102); and 
the threat report is outputted to an analyst (JONES, ¶ 0089), wherein an interface (i.e., a secure media exchange vulnerability portal) is used for rendering the threat report (JONES, ¶ 0030), wherein the interface is associated with the threat analysis system (JONES, ¶ 0030).


	
Regarding claims 2 & 12, the features as recited are optional features as indicated in the 35 USC 112 section. Therefore, whether JONES discloses the features of claim 2, JONES teaching still reads on the claimed invention.

Regarding claims 2 & 12, JONES further teaches that the ICS computing component hash information database comprises an ICS computing component threat intelligence database configured to store at least one or more security threat hashes representing one or more security threats associated with one or more industrial control files (JONES, ¶ 0028), and wherein the method further comprises: querying the ICS computing component threat intelligence database with the hash query; and upon determining that the file hash in the hash query matches at least one of the one or more security threat hashes, generating one or more threat indicators representing the one or more security threats in the ICS system as the one or more ICS computing component information items (JONES, ¶¶ 0045 & 0106).

Regarding claims 3 & 13, JONES further teaches that the one or more security threats are each associated with one of the one or more ICS computing components (JONES, ¶¶ 0097[Wingdings font/0xE0]0098).

Regarding claims 4 & 14, JONES further teaches that the one or more security threats are one or more of: one or more known security vulnerabilities, one or more viruses, or one or more trojans (JONES, ¶ 0106).

Regarding claims 5 & 15, JONES further teaches that the ICS computing component hash information database comprises an ICS computing component vulnerability prediction database configured to store one or more hashes associated with one or more industrial control files (JONES, ¶ 0028), and wherein the method further comprises: querying the ICS computing components vulnerability prediction database with the hash query; receiving one or more predictive indicators, wherein each of the one or more predictive indicators are associated with at least one of the one or more components; and generating the vulnerability analysis based on the one or more predictive indicators (JONES, ¶¶ 0042, 0045 & 0106).

Regarding claims 6 & 16, JONES further teaches that the one or more predictive indicators include one or more of: a version number associated with at least one of the one or more industrial control files, an updated timestamp associated with at least one of the one or more industrial control files, or an outdated file flag representing that one or more files associated with at least one of the one or more industrial control files is not in the one or more industrial control files (JONES, ¶ 0042).

Regarding claims 8 & 18, JONES further teaches that the secure media exchange vulnerability portal is associated with the ICS computing component hash information database (JONES, FIG. 1 & ¶ 0030).

Regarding claims 10 & 20, JONES further teaches the step of querying the ICS computing component hash information database based on the hash query to identify at least one component of the one or more ICS computing components (JONES, ¶¶ 0101[Wingdings font/0xE0]0102); and storing the identified component in an ICS computing components model associated with the ICS, e.g., the identified computing system is stored as a computing system identifier associated with the enterprise management system (JONES, ¶ 0102).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 7 & 17 are rejected under 35 U.S.C. 103 as being unpatentable over JONES et al. [US 2018/0063181 A1], hereinafter referred to as JONES, in view of JANG et al. [US 2018/0046928 A1], hereinafter referred to as JANG.

Regarding claims 7 & 17, JONES does not explicitly teach that the secure media exchange vulnerability portal is a web-based portal installed on the secure media exchange node.
JANG teaches that a web-based portal installed on the secure media exchange node (JANG, ¶ 0040).
Obviously, a web-based portal as taught in JANG could be used for an interface.
It would have been obvious for one of ordinary skill in the art at the time the invention was filed to incorporate the teaching in JANG into JONES in order to manage the threat report.

Claims 9 & 19 are rejected under 35 U.S.C. 103 as being unpatentable over JONES et al. [US 2018/0063181 A1], hereinafter referred to as JONES, in view of HUDIS et al. [US 8,413,247 B2], hereinafter referred to as HUDIS.

Regarding claims 9 & 19, JONES does not explicitly teach that the one or more ICS computing components do not have access to the world wide web while the ICS is in operation.
HUDIS teaches that the one or more ICS computing components do not have access to the world wide web while the ICS is in operation (HUDIS, FIG. 9, Col. 14-Lines 3[Wingdings font/0xE0]15).
It would have been obvious for one of ordinary skill in the art at the time the invention was filed to incorporate the teaching in HUDIS into JONES in order to manage the enterprise computer system.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HUNG Q. PHAM whose telephone number is (571)272-4040. The examiner can normally be reached Monday-Friday 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Mariela D. Reyes can be reached on 571-270-1006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

HUNG Q. PHAM
Primary Examiner
Art Unit 2159


/HUNG Q PHAM/Primary Examiner, Art Unit 2159                                                                                                                                                                                            April 7, 2022