DETAILED ACTION
	This is in response to the application filed on May 1, 2020 where Claims 1 – 20, of which Claims 1 and 13 are in independent form, are presented for examination.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on May 1, 2020 was filed before the mailing date of the current action.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Priority
Receipt is acknowledged of certified copies of papers required by 37 CFR 1.55.
101 Analysis
	Claims 1 and 13 are directed to controlling the configuration of an automation apparatus according to access rights received for an authenticated user.  While the transmitting of data, verifying data, and providing access rights to devices is generally not considered statutory (possibility of organizing human activity), the application of the electronic tag to locally authenticate and control automation devices improvements to a particular technical field of configuring automation devices within large scale systems [See Specification, Para. 0002].  Therefore, the claims integrate the judicial exception into a practical application and satisfies Step 2A, Prong Two of the 2019 Revised 101 Patent Eligibility Guidelines as patent eligible subject matter.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1 – 12 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
1.	Claim 1 recites the limitation "the remote access" in which it is previously not presented.  There is insufficient antecedent basis for this limitation in the claim.  Furthermore, it is unclear what the claimed remote access is identifying as being “remote.”  For example, is it remote to the automation apparatus, the access control apparatus? 
2.	Claims 2 – 12 are rejected based on their dependency on Claim 1 and rejected under the same rationale.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claim 13 is rejected under 35 U.S.C. 102(a)(1) as being anticipated by PGPub. 2010/0186075 (hereinafter “Hohlbaum”).
3.	Regarding Claim 13, Hohlbaum discloses of an access control method for controlling a configuration of an automation apparatus [Figs. 1 and 2], comprising:
reading authentication information from an electronic tag [Fig. 1; Para. 0028; authenticates to access authority server by means of the user credential stored on the mobile memory]; 
transmitting the authentication information to a networked service [Fig. 1; Para. 0028; user credentials transmitted over communication network to access authority server];
receiving access rights from the networked service [Fig. 1; Para. 0029-30; access authority server issues access tickets that are then stored in the mobile memory]; and
controlling the configuration of the automation apparatus according to the access rights [Fig. 2; Para. 0014, 0017, 0030, 0036-37; access tickets are distributed to the respective target devices].
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 – 12 and 14 – 20 are rejected under 35 U.S.C. 103 as being unpatentable over Hohlbaum, in view of PGPub. 2014/0179276 (hereinafter “Kang”), in further vie of PGPub. 2010/0269153 (hereinafter “Kato”).
4.	Regarding Claim 1, Hohlbaum discloses an access control apparatus for controlling a configuration of an automation apparatus [Figs. 1 and 2; Para. 0036, 0038; TD or OWS], comprising:
a user interface configured to interact with a local user [Fig. 2; Para. 0038; HMI of 
OWS];
an internal communication interface configured to communicate with the automation apparatus [Para. 0036; station bus];

a reader configured to read an electronic tag [Para. 0036; USB connection]; and
a processor, coupled with the user interface, the internal communication interface, 
reading authentication information from the electronic tag [Fig. 1; Para. 0033; authenticates to access authority server by means of the user credential stored on the mobile memory];

receiving access rights from the networked service [Fig. 1; Para. 0029-30; access authority server issues access tickets that are then stored in the mobile memory, which are then forwarded to OWS]; and
controlling the configuration of the automation apparatus according to the access rights [Fig. 2; Para. 0014, 0017, 0030, 0036-37; access tickets are distributed to the respective target devices],
wherein the access rights are received from the networked service for a role of a remote user comprising contact information [Para. 0028-30; user ID and user credentials to control automation devices via OWS (remotely)], and 
Holhbaum further discloses the access tickets can be stored in the mobile memory device, such as a smartcard [Para. 0028, 0030].  Holhbaum also discloses that it is assumed that there is a mechanism that allows the user to authenticate to the access authority server and securely communicate with the access authority server [Fig. 1; Para. 0028].  Hohlbaum, however, does not specifically disclose that the access control apparatus comprises an external communication interface configured to communicate with a network, transmitting the authentication information to a networked service, or that a communication session is initiated via the external communication interface for the remote access based on the contact information, and the remote access is terminated as a result of a user interaction via the user interface by the local user.
Kang discloses a system and method for using a second device (e.g., cell phone) to authenticate a first device (e.g., a PC) to access a server [Abstract; Fig. 1 and 6; Para. 0090-91].  Kang further disclose that the second device authenticates and receives information from the server, which is transferred to the first device, via near-field communication [Para. 0098-99], used for authentication and access to the server via an internet connection (PC comprises external communication interface configured to communicate with a network and transmits the authentication information to a networked service, which initiates a communication session via the external communication interface for the remote access based on the contact information) [Fig. 1 and 6; Para. 0106, 0111, 0158-163].  It would have been obvious to one skilled in the art before the effective filing date of the current application to incorporate the teachings of Kang with Hohlbaum since the systems utilize a portable storage device to be in close proximity to provide credentials and/or configuration information for user access to a system.  The combination would enable the Hohlbaum system to incorporate the smartcard within a mobile phone and utilize the same authentication server to authenticate the user at the facility.  The motivation to do so is to improve security by ensuring that authentication credentials are not stored in the OWS by authenticating with the server (obvious to one skilled in the art).  
Kang additionally discloses that when the second device is moved outside the near-field communication range, the first device is disconnected from the server (the remote access is terminated as a result of a user interaction 
Kato discloses a system and method for authenticating a user accessing a local terminal utilizes a mobile authentication device [Abstract; Fig. 9].  Kato further disclosed that when the terminal can detect a user’s input to end the service via the user interface, the remote access is terminated (remote access is terminated as a result of a user interaction via the user interface by the local user) [Fig. 9; Para. 0073].  It would have been obvious to one skilled in the art before the effective filing date of the current application to incorporate the teachings of Kato with Hohlbaum and Kang since the systems utilize a portable storage device to be in close proximity to provide credentials and/or configuration information for user access to a system.  The motivation to do so is to execute user requests to end the session to enhance the user experience (obvious to one skilled in the art).
5.	Regarding Claim 2, Hohlbaum, in view of Kang and Kato, discloses all the limitations of Claim 1.  Hohlbaum further discloses that the access rights are received from the networked service for a role of a user [Para. 0030].
6.	Regarding Claims 3 and 14, Hohlbaum, in view of Kang and Kato, discloses all the limitations of Claims 1 and 2.  Hohlbaum further discloses that the access rights comprise a definition for a period during which the configuration of the automation apparatus according to the access rights is allowable [Para. 0030; e.g., 1 week].
7.	Regarding Claims 4 and 15, Hohlbaum, in view of Kang and Kato, discloses all the limitations of Claims 1 and 3.  Hohlbaum further discloses that the access rights are received from the networked service for a role of the local user [Para. 0030; tickets assign rights to specific users], the configuration of the automation apparatus is controlled according to the access rights during a local access by the local user, and the local access is performed using the user interface, and/or via the external communication interface, and/or via the reader [Fig. 2; Para. 0036-38; local access of facility by user].
8.	Regarding Claims 5 and 16, Hohlbaum, in view of Kang and Kato, discloses all the limitations of Claims 1 and 4.  Kang further discloses the access rights are received from the networked service for the role of the remote user [Fig. 6; Para. 0162-163], the configuration of the automation apparatus is controlled according to the access rights during a remote access by the remote user, and the remote access is performed via the external communication interface [Fig. 11C; Para. 0204-206].
9.	Regarding Claims 6 and 17, Hohlbaum, in view of Kang and Kato, discloses all the limitations of Claims 1 and 5.  Hohlbaum further discloses that changes made during the configuration of the automation apparatus are rejected as a result of a user interaction via the user interface by the local user [Para. 0030; e.g., 1 week; access tickets can be generated to expire after a certain time].
10.	Regarding Claims 7 and 18, Hohlbaum, in view of Kang and Kato, discloses all the limitations of Claims 1 and 6.  The combination of Hohlbaum and Kang further discloses that the authentication read from the electronic tag is encrypted and/or signed [Hohlbaum; Para. 0015, 0031], and the encrypted and/or signed authentication information is transmitted to the networked service for a verification [Kang; Fig. 6, Para. 0162].
11.	Regarding Claims 8 and 19, Hohlbaum, in view of Kang and Kato, discloses all the limitations of Claims 1 and 7.  Hohlbaum further discloses that the access rights received from the networked service are encrypted and/or signed [Para. 0015, 0035; tickets are signed by access authority server].
12.	Regarding Claims 9 and 20, Hohlbaum, in view of Kang and Kato, discloses all the limitations of Claims 1 and 8.  Hohlbaum further that controlling the configuration of the automation apparatus according to the access rights comprises one or more of the following: a software update for the automation apparatus, a firmware update for the automation apparatus, a manipulation of one or more operation parameters for the automation apparatus [Para. 0030; manipulating one or more operation parameters].
13.	Regarding Claim 10, Hohlbaum, in view of Kang and Kato, discloses all the limitations of Claim 1.  Kang further discloses that the reader is configured to read the electronic tag using one or more of the following: near-field communication (NFC) technology, Bluetooth technology, radio-frequency identification (RFID) technology [Para. 0018].
14.	Regarding Claim 11, Hohlbaum, in view of Kang and Kato, discloses all the limitations of Claim 1.  Hohlbaum further discloses that the internal communication interface is configured to communicate with the automation apparatus using one or more of the following: a bus interface, a software interface, a wired communication interface, a wireless communication interface, a short-range wireless transceiver [Para. 0036; station bus].
15.	Regarding Claim 12, Hohlbaum, in view of Kang and Kato, discloses all the limitations of Claim 1.  Kang further discloses that the external communication interface is configured to communicate with the network using one or more of the following: a wireless local area network (WLAN), a low power wide area network (LPWAN), a narrowband Internet of things (NB-loT), a cellular radio network, a wired network [Para. 0081].
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. PGPub. 2015/0074749 – system and method for managing remote access to an industrial asset; U.S. Patent 10,219,154 – system and method for utilizing a mobile device to transfer access credentials to another device.
Contacts
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Tae K. Kim, whose telephone number is (571) 270-1979.  The examiner can normally be reached on Monday - Friday (10:00 AM - 6:30 PM EST).
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jorge Ortiz-Criado, can be reached on (571) 272-7624.  The fax phone number for submitting all Official communications is (703) 872-9306.  The fax phone number for submitting informal communications such as drafts, proposed amendments, etc., may be faxed directly to the examiner at (571) 270-2979.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov.  Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free).
/TAE K KIM/Primary Examiner, Art Unit 2496