DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claims 1-20 filed on 12/14/2020 have been reviewed and considered by this office action. 

Information Disclosure Statement
	The information disclosure statement filed on 8/30/2021 has been reviewed and considered by this office action.

Drawings
	The drawings filed on 12/14/2020 have been reviewed and are considered acceptable.

Specification
	The specification filed on 12/14/2020 has been reviewed and is considered acceptable.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


	Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Claim 1 recites, “initiate multi-PLC authentication of a programming application in response to a request by the programming application to download PLC programming to a safety PLC.”, which as analyzed under Step 2A Prong One, is understood as a user mentally providing authentication to allow a PLC to download a program. Thus, if a claimed limitation under its broadest reasonable interpretation, covers performance of the limitation in the mind but for recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. 
	This judicial exception is not integrated into a practical application. The claim recites the additional limitations of, “a safety network in the industrial plant;”,  “a plurality of safety programmable logic controllers (PLCs) coupled to communicate with one another over the safety network, each safety PLC operable to perform one or more safety functions related to equipment in the industrial plant;”, and “wherein each safety PLC is operable to initiate multi-PLC authentication…”, which analyzed under Step 2A Prong Two, is understood as generally linking the use of the judicial exception to a particular technological environment or field of use (MPEP 2106.05) and wherein the limitations of a “programmable logic controller” is understood as merely applying the judicial exception utilizing generic computer components. 
	The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception because as analyzed under Step 2B, the additional elements amount to merely detecting potential malicious software using blockchain technology in an industrial setting using generic computer components. As analyzed under Berkheimer, detecting and authenticating malicious components in a PLC controlled industrial setting using blockchain based technology is considered well-understood, routine, and conventional as discussed in the paper titled, “Blockchain-Based Security Layer for Identification and Isolation of Malicious Things in IoT: A Conceptual Design” (Oct. 2018). 

	Claims 7 and 14 are substantially similar to claim 1 and are rejected under 35 U.S.C. 101 utilizing the same rationale as discussed above.

	Dependent claim 4 recites the limitation of, “wherein each safety PLC is further operable to verify the response to the authentication challenge from the programming application” and dependent claim 6 recites the limitation of, “The safety system of claim 5, wherein each safety PLC is further operable to select the PoW from a list of predefined PoWs for the programming application stored in each safety PLC.”, which analyzed under Step 2A Prong One, provide further limitations that can be performed using the human mind which falls under the “Mental Processes” grouping of abstract ideas. Claim 5 recites the limitation of, “The safety system of claim 1, wherein the authentication challenge takes the form of a proof-of-work (PoW) that is related to a functionality of the programming application.”, which analyzed under Step 2A Prong One, is understood as a computation performed by a processor (see paragraph [0038] of the filed specification) which falls under the “Mathematical Formulas” of abstract ideas.
	This judicial exception is not integrated into practical application. Dependent claim 3 recites the additional limitation of, “The safety system of claim 2, wherein the minimum number of safety PLCs is a majority of the safety PLCs coupled to communicate over the safety network.”, which analyzed under Step 2A Prong Two, is understood as generally linking the use of the judicial exception to a particular technological environment or field of use. Further, claims 4 and 9 recite the additional limitations of, “provide a verification result to the other safety PLCs coupled to communicate over the safety network.”, and “The safety PLC of claim 8, wherein the safety PLC is a master safety PLC and the computer-readable instructions further cause the processor to tally the verification results received from the other safety PLCs and issue an accept command over the safety network if a minimum number of safety PLCs has communicated over the safety network that the response from the programming application is acceptable.”, which analyzed under Step 2A Prong Two, is understood as adding insignificant extra-solution activity to the judicial exception in the form of data gathering. 
	The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because as analyzed under Step 2B, the additional elements amount to merely gathering and sending data in the PLC industrial field. As analyzed under Berkheimer, merely gathering and sending data over a network in a PLC controlled environment has been determined to be well-understood, routine, and conventional by the courts (see MPEP 2106.05 sending/receiving data over a network). 

	Claims 10-13 and 17-20 are substantially similar to claims 3-6 and claim 16 is substantially similar to claim 9 and are rejected under 35 U.S.C. 101 utilizing the rationale presented above.

Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 5, 7, 12, 14, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Biernat et al. (US PGPUB 20190340269) in view of Lee (Blockchain-based secure firmware update for embedded devices in an Internet of Things environment).

	Regarding Claims 1, 5, and 14; Biernat teaches; A safety system for an industrial plant, comprising: (Biernat; at least Abstract; disclose blockchain enabled industrial devices which create a decentralized, tamper-proof control system)
a safety network in the industrial plant; (Biernat; at least paragraph [0048]; disclose wherein a plurality of industrial devices are networked together and form a blockchain network in which consensus-based techniques are employed to prevent tampering with devices thus forming a safety network)
a plurality of safety programmable logic controllers (PLCs) coupled to communicate with one another over the safety network, each safety PLC operable to perform one or more safety functions related to equipment in the industrial plant; (Biernat; at least paragraphs [0048] and [0163]; disclose a plurality of PLC devices networked together utilizing blockchain technology for creating a safety/secure network and wherein the PLCs are capable of performing controlling, monitoring, actuating, etc. industrial devices)
wherein each safety PLC is operable to initiate multi-PLC authentication of a programming application in response to a request by the programming application to download PLC programming to a safety PLC. (Biernat; at least paragraphs [0079]-[0080]; disclose wherein each industrial device (i.e. PLC device) sends out a message of, for example, a control action performed by the device to the other networked industrial devices to validate authenticity of the action, wherein each device contains a proof engine component (1104) for utilizing a consensus based validation technique to verify the authenticity of the control action). 
Biernat appears silent on; wherein each safety PLC is operable to initiate multi-PLC authentication of a programming application in response to a request by the programming application to download PLC programming to a safety PLC.
However, Lee teaches; wherein each safety PLC is operable to initiate multi-PLC authentication of a programming application in response to a request by the programming application to download PLC programming to a safety PLC. (Lee; Figs. 1 and ; pages 1157-1158; disclose an internet of things blockchain-enabled environment in which a plurality of nodes (i.e. PLC devices of Biernat) are connected via a network and wherein a request from one of the nodes is made to update it’s firmware (i.e. request program download) and wherein a proof-of-work amongst its peers is performed to validate the need for the firmware update, and if a consensus agreement is reached, downloading the requested firmware update to the requesting node (i.e. PLC device of Biernat). 
Biernat and Lee are analogous art because they are from the same field of endeavor or similar problem solving area, of blockchain-enabled safety and control systems.
It would have been obvious to one of ordinary ski in the art before the effective filling date of the disclosed invention to have incorporated the known method of selecting performing a validation prior to installing software to a requesting device as taught by Lee with the known system of a blockchain-enabled process control system as taught by Biernat to yield the known results of protecting PLC’s from malicious attacks. One would be motivated to combine the cited references in order to provide a method for protecting a device from attacks targeting software updates such as firmware updates as taught by Lee (Abstract).

Regarding Claims 5, 12, and 19; the combination of Biernat and Lee further teach; The safety system of claim 1, wherein the authentication challenge takes the form of a proof-of-work (PoW) that is related to a functionality of the programming application. (Lee; at least Fig. 2; pages 1157-1158; disclose wherein the update challenge is in the form of a proof-of-work related to the functionality of the firmware update being requested for the specific device). 

Claims 2-4, 6, 8-11, 13, 15-18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Biernat et al. (US PGPUB 20190340269) in view of Lee (Blockchain-based secure firmware update for embedded devices in an Internet of Things environment) in further view of Formby et al. (US PGPUB 20190297095).

Regarding Claims 2, 8, and 15; the combination of Biernat and Lee teach; The safety system of claim 1, wherein each safety PLC is operable to initiate multi-PLC authentication by: (Biernat; at least paragraphs [0079]-[0080]; disclose multi-PLC authentication between PLC devices)
issuing an authentication challenge to the programming application; (Lee; at least Fig. 2; pages 1157-1158; disclose issuing a proof-of-work challenge for programming a node (i.e. PLC device of Biernat) with a firmware update)
providing the authentication challenge and the response from the programming application to other safety PLCs coupled to communicate over the safety network for verification; (Biernat; at least paragraphs [0079]-[0080]; disclose providing an authentication challenge (i.e. request to download firmware of Lee) to other PLC devices coupled via a network for validation)
receiving verification results from the other safety PLCs coupled to communicate over the safety network; (Biernat; at least paragraph [0080]; disclose wherein each of the PLC devices communicate over the network the validation results performed by each individual PLC)
and allowing the programming application to download the PLC programming to the safety PLC if a minimum number of safety PLCs coupled to communicate over the safety network has verified that the response from the programming application is acceptable. (Biernat; at least paragraph [0080]; disclose wherein a minimum number of PLC devices are required for validation, and wherein Lee teaches that if the required number of devices engaged in the proof-of-work request validate authentication, allowing a device to download a firmware update).
Biernat and Lee appear silent on; receiving a response to the authentication challenge from the programming application; 
providing the authentication challenge and the response from the programming application to other safety PLCs coupled to communicate over the safety network for verification;
However, Formby teaches; receiving a response to the authentication challenge from the programming application; (Formby; at least paragraphs [0008]-[0014]; disclose issuing a proof-of-work authentication challenge to a PLC program to authenticate whether a detected signature of the program deviates from an expected signature)
providing the authentication challenge and the response from the programming application to other safety PLCs coupled to communicate over the safety network for verification; (Formby; at least paragraph [0014]; disclose outputting the response of the programming application and authentication challenge).
Biernat, Lee, and Formby are analogous art because they are from the same field of endeavor or similar problem solving area, of blockchain-enabled safety and control systems.
It would have been obvious to one of ordinary ski in the art before the effective filling date of the disclosed invention to have incorporated the known method of receiving/providing an authentication response of a program as taught by Formby with the known system of a blockchain-enabled process control system as taught by Biernat and Lee to yield the known results of protecting PLC’s from malicious attacks. One would be motivated to combine the cited references in order to provide a method for improved security and detection in PLC devices as taught by Formby (paragraph [0007]).

Regarding Claims 3, 10, and 17; the combination of Biernat, Lee, and Formby further teach; The safety system of claim 2, wherein the minimum number of safety PLCs is a majority of the safety PLCs coupled to communicate over the safety network. (Biernat; at least paragraph [0080]; disclose wherein a minimum number of PLCs are required for authentication and wherein a consensus (wherein consensus is interpreted as being a majority since all requested devices must agree) is when authenticating actions).

Regarding Claims 4, 11, and 18; the combination of Biernat, Lee, and Formby further teach; The safety system of claim 2, wherein each safety PLC is further operable to verify the response to the authentication challenge from the programming application and provide a verification result to the other safety PLCs coupled to communicate over the safety network. (Biernat; at least paragraph [0080]; disclose wherein each PLC device provides it’s response to the validation of the authentication challenge to all other connected PLC devices).

Regarding Claims 6, 13, and 20; the combination of Biernat, Lee, and Formby further teach; The safety system of claim 5, wherein each safety PLC is further operable to select the PoW from a list of predefined PoWs for the programming application stored in each safety PLC. (Formby; at least paragraphs [0082]-[0085]; disclose wherein a list of four proof-of-work PLC program signatures are created and wherein the system would select the appropriate proof-of-work evaluation based on the selected program running on the PLC).

Regarding Claims 9 and 16; the combination of Biernat, Lee, and Formby further teach; The safety PLC of claim 8, wherein the safety PLC is a master safety PLC and the computer-readable instructions further cause the processor to tally the verification results received from the other safety PLCs and issue an accept command over the safety network if a minimum number of safety PLCs has communicated over the safety network that the response from the programming application is acceptable. (Lee; at least pages 1157-1158; disclose wherein the node device can be a verifier node (i.e. master node) which initiates a proof-of-work authentication and requires a minimum of six confirmations of authentication for determining whether a programming application is acceptable for download with a requesting node).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 

Smith et al. (US PGPUB 20180285217): disclose a distributed control system for utilizing a distributed ledger for authenticating updates to network connected components.

Chen et al. (US PGPUB 20180212970): disclose a system and method for monitoring an Internet-of-Things environment and in particular, using blockchain distributed ledger for authenticating and accepting new network devices wherein the system is capable of detecting potential malicious devices and preventing those from accessing the network.

Nainar et al. (US PGPUB 20170302663): disclose a blockchain based IoT devices in which performance validations are performed for each node and stored in a distributed ledger.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER W CARTER whose telephone number is (469)295-9262. The examiner can normally be reached 9-6:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rocio Del Mar Perez-Velez can be reached on 571-270-5935. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/C.W.C./               Examiner, Art Unit 2117                                                                                                                                                                                         
/ROCIO DEL MAR PEREZ-VELEZ/               Supervisory Patent Examiner, Art Unit 2117