DETAILED ACTION

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Status of the application

This Office Action is in response to Applicant's Application filed on 03/11/2020. Claims 1-20 are pending for this examination.

Information Disclosure Statement

The information disclosure statements (IDS’s) submitted on 03/11/2020 and 10/27/2021 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements have been considered by the examiner.

Allowance
Claims 1-20 are allowed.

Allowable Subject Matter

The following is an examiner’s statement of reason for allowance: 

The closest prior art of record, DeWitte et al. (hereinafter DeWitte, Pub. No.: US 2018/0096153), Borohovski et al. (hereinafter Borohovski) and Nunes et al.  (hereinafter Nunes, “Darknet and Deepnet Mining for Proactive Cybersecurity Threat Intelligence”, 2016, IEEE), taken either singly and/or in combination with other cited prior arts, do not teach or render obvious the invention as recited in the independent claims. More specifically, when taken in the context of the claim as a whole, the prior arts do not teach the limitations of: 

Claim 1: 
... “a security service application configured to:
retrieve, from the security database, one or more potential software vulnerabilities related to a hardware/software configuration of the automation system;

identify one or more policies related to the potential vulnerabilities wherein each
policy describes a potential vulnerability and action to be performed in response to detection of the potential vulnerabilities;

apply the policies to the hardware/software configuration and software code
corresponding to an automation application to identify one or more actual vulnerabilities;” ... ....


Claim 12: 
... “receiving, from an IDE, a description of a hardware/software configuration of the automation system and software code corresponding to an automation application;

retrieving, from a security database, one or more potential software vulnerabilities related to the hardware/software configuration;

identifying one or more policies related to the potential vulnerabilities, wherein each policy describes a potential vulnerability and one or more actions that may be performed to mitigate the potential vulnerabilities;

applying the policies to the hardware/software configuration and the software code to identify one or more actual vulnerabilities;”.. ... . 


Claim 18:
….”a first graphical user interface (GUI) component allowing specification of a
hardware/software configuration of an automation system, and
a second GUI component allowing entry of software code corresponding to an
automation application;

a client application integrated with the IDE and configured to:

transfer, to a remote security service application, the hardware/software
configuration and the software code,

receive, from the remote security service application, an identification of one or
more vulnerabilities present in the software code,”….

DeWitte teaches industrial control system and collection of vulnerability data from internal and external sources. DeWitte does not mention an internet crawler system for collecting vulnerability data. Borohovski teaches collection of vulnerability data of web sites. Borohovski does not mention collection of data of industrial control systems. Nunes teaches collection of vulnerabilities of social platforms. Nunes does not teach vulnerabilities of industrial control system. None of the prior arts teach the claim limitations as mentioned above. 

As prior arts of record do not teach and/or suggest these claimed limitations, the independent claims 1, 12 and 18 are allowed because they include the above limitations. The remaining pending claims are allowed because they are dependent on an allowed claim.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance."

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HOSSAIN M MORSHED whose telephone number is (571)272-3335.  The examiner can normally be reached on 12:00PM-9:00PM Eastern. The fax number and the email address for the examiner is (571)273-3335 and hossain.morshed@uspto.gov. Please note that an applicant can send email messages to the examiner but the examiner cannot send email messages to the applicant without written authorization from the applicant. An applicant can authorize the examiner for email communication by mentioning the following in an email, “According to MPEP 502.03, recognizing that Internet communications are not secure, I hereby authorize the examiner to communicate with me concerning any subject matter of this application by electronic mail. I understand that a copy of these communications will be made of record in the application file.”

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Wei Zhen can be reached on 571-272-3708.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/HOSSAIN M MORSHED/Primary Examiner, Art Unit 2191                                                                                                                                                                                                        June 13, 2022