DETAILED ACTION

Examiner’s Amendment
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

	Authorization for this Examiner’s Amendment was given in a telephone interview with Reed Risenmay (Reg. No. 75,395) on 6/8/2022.
This application has been amended as follows:
IN THE CLAIMS
Cancel claim(s) 16.
Replace the following claims listed as follows.

1. (Currently Amended) An access control device to provide a secure access control mechanism for a system upon the system being accessed remotely, the access control device comprising:
a front-end firewall configured to provide a first network port, the first network port configured to connect a computer to remotely access the system;
a bastion host of the access control device, the bastion host connected to the front-end firewall to provide information about resources remotely accessible by the computer and to permit the resources to be remotely accessible by the computer; and
a back-end firewall connected to the bastion host and configured to provide a second network port, the second network port configured to connect to the system, wherein
the back-end firewall is further configured to 
determine, through the second network port, remotely accessible resources in the system and 
determine resources remotely accessible by the computer, from among the remotely accessible resources in the system, according to remote access control policies, 
the bastion host is configured to provide the computer with information provided by the back-end firewall, about the resources remotely accessible by the computer through the first network port of the front-end firewall, to permit the resources to be remotely accessible by the computer, and 
the back-end firewall is further configured to 
receive industrial protocol messages, the industrial protocol messages transferred in the system, and 
obtain information about the remotely accessible resources in the system from the industrial protocol messages according to different industrial protocols, the information about the remotely accessible resources in the system including a hardware version, wherein the back-end firewall is further configured to at least monitor the industrial protocol messages periodically broadcast by the remotely accessible resources to obtain the hardware version of the respective remotely accessible resources.
 
8. (Currently Amended) An access control method for providing a secure access control mechanism for a system when the system is accessed remotely, the access control method comprising:
determining, by a back-end firewall of an access control device, remotely accessible resources in the system, the access control device connected between the system and a computer configured to remotely access the system;
determining, by the back-end firewall of the access control device, resources remotely accessible by the computer, from among the remotely accessible resources in the system, according to remote access control policies, wherein the determining the resources remotely accessible by the computer includes
receiving, by the back-end firewall, industrial protocol messages, the industrial protocol messages transferred in the system, and 
obtaining, by the back-end firewall, information about the remotely accessible resources in the system from the industrial protocol messages according to different industrial protocols, the information about the remotely accessible resources in the system including a hardware version, wherein the back-end firewall monitors the industrial protocol messages periodically broadcast by the remotely accessible resources to obtain the hardware version of the respective remotely accessible resources; and
providing, for the computer by a bastion host of the access control device through a first network port of a front-end firewall, information about the resources remotely accessible by the computer, to permit the resources to be remotely accessible by the computer, wherein
the bastion host is connected with the front-end firewall and the back-end firewall is connected with the bastion host and the system through a second network port.
 
15. (Currently Amended) An access control device connected between a system and a computer configured to remotely access the system, the access control device comprising:
at least one storage storing computer readable code, and
at least one processor configured to execute the computer readable code to perform 
determining, by a back-end firewall of the access control device, remotely accessible resources in the system,
determining, by the back-end firewall, resources remotely accessible by the computer, from among the remotely accessible resources in the system, according to remote access control policies, wherein the determining the resources remotely accessible by the computer includes
receiving, by the back-end firewall, industrial protocol messages, the industrial protocol messages transferred in the system, and 
obtaining, by the back-end firewall, information about the remotely accessible resources in the system from the industrial protocol messages according to different industrial protocols, the information about the remotely accessible resources in the system including a hardware version, wherein the back-end firewall monitors the industrial protocol messages periodically broadcast by the remotely accessible resources to obtain the hardware version of the respective remotely accessible resources, and
providing, for the computer by a bastion host of the access control device through a first network port of a front-end firewall, information about the resources remotely accessible by the computer, to permit the resources to be remotely accessible by the computer through a second network port.
 
16. (Cancelled) 
 
17. (Currently Amended) A non-transitory computer readable medium, storing computer readable instructions that, when executed at a hardware processor of an access control device, cause the access control device to perform an access control method to provide a secure access control mechanism for a system when the system is remotely accessed, the access control method comprising:
determining, by a back-end firewall of the access control device, remotely accessible resources in the system, wherein the access control device is connected between the system and a computer configured to remotely access the system;
determining, by a back-end firewall, resources remotely accessible by the computer, from among the remotely accessible resources in the system, according to remote access control policies, wherein the determining the resources remotely accessible by the computer includes
receiving, by a back-end firewall, industrial protocol messages, the industrial protocol messages transferred in the system, and 
obtaining, by a back-end firewall, information about the remotely accessible resources in the system from the industrial protocol messages according to different industrial protocols, the information about the remotely accessible resources in the system including a hardware version, wherein the back-end firewall is configured to at least monitor the industrial protocol messages periodically broadcast by the remotely accessible resources to obtain the hardware version of the respective remotely accessible resources; and
providing, for the computer by a bastion host of the access control device through a first network port of a front-end firewall, information about the resources remotely accessible by the computer, to permit the resources to be remotely accessible by the computer, wherein
the bastion host is connected with the front-end firewall and the back-end firewall is connected with the bastion host and the system through a second network port.
 

Allow Subject Matter

Claims 1 – 15 and 17 – 23 are allowed.
The following is an examiner’s statement of reasons for allowance:
The above mentioned claims are allowable over prior arts because the CPA (Cited Prior Art) of record fails to teach or render obvious the claimed limitations in combination with the specific added limitations recited in each of the independent claims 1, 8, 15 & 17 (& associated dependent claims).
This communication warrants No Examiner's Reason for Allowance, applicant's reply make evident the reasons for allowance, satisfying the “record as a whole” proviso of the rule 37 CFR 1.104(e).  Specifically, applicant’s claim amendments and arguments filed on 5/31/2022 and Examiner’s Amendment are persuasive, as such the reasons for allowance are in all probability evident from the record and no statement is deemed necessary (see MPEP 1302.14).
Any comments Applicants considers necessary must be submitted no later than the payment of the Issue Fee and to avoid processing delays, should preferable accompany the Issue Fees.  Such submission should be clearly labeled “Comments on Statement of Reasons for Allowance”.  In event of any post-allowance papers (e.g. IDS, 312 amendment, petition, etc.), Applicant is exhorted to mail papers to the Production Control branch in Publications or faxed to post-allowance papers correspondence branch at (703) 308-5864 to expedite issuing process or call PUB's Customer Service if any questions at (703) 305-8497.


Any inquiry concerning this communication or earlier communications from the examiner should be directed to LONGBIT CHAI whose telephone number is (571)272-3788.  The examiner can normally be reached on Monday - Friday 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D. Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

           /LONGBIT CHAI/Primary Examiner, Art Unit 2431                                                                                                                                                                                                                 (No. #2294 - 2022)