DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file previsions of the AIA .
This notice of allowance is in response to applicant’s amendments filed on 05/03/2022, examiner initiated interview conducted on 06/07/2022 and examiner’s amendments proposed on 06/07/2022.
The text of those sections of Title 35 U.S. Code not included in this section can be found in the prior office action. The prior office actions are incorporated herein by reference. In particular, the observations with respect to claim language, and response to previously presented arguments.
Claim 1, 7, 34 and 35 are amended. No claim is added. Claim 9, 29 and 36 are cancelled. Claim 1-8, 10-28, 30-35 are pending.

EXAMINER’S AMENDMENTS
AN EXAMINER’S AMENDMENT TO THE RECORD APPEARS BELOW. SHOULD THE CHANGES AND/OR ADDITIONS BE UNACCEPTABLE TO APPLICANT, AN AMENDMENT MAY BE FILED AS PROVIDED BY 37 CFR 1.312. TO ENSURE CONSIDERATION OF SUCH AN AMENDMENT, IT MUST BE SUBMITTED NO LATER THAN THE PAYMENT OF THE ISSUE FEE. AUTHORIZATION FOR THIS EXAMINER’S AMENDMENT WAS GIVEN IN A TELEPHONE INTERVIEW AND VIA EMAIL WITH THE APPLICANT’S REPRESENTATIVE, ATTORNEY JESSICA BABAD, REG #54636. PLEASE ENTER THE FOLLOWING CLAIM AMENDMENTS: PLEASE REPLACE CLAIMS 1-36 WITH THE FOLLOWING:
1.  (Currently amended) A system to protect an electric vehicle charging infrastructure, comprising:
an electric vehicle charging site to receive alternating current power from a power grid and provide direct current power to electric vehicles, including:
a plurality of monitoring nodes each generating a series of current monitoring node values over time that represent a current operation of the electric vehicle charging infrastructure,
a supply equipment communication controller to receive an access request from an access requestor associated with an electric vehicle, the access request being associated with a platform certificate and a software identifier, wherein the platform certificate provides a hardware identity associated with an electric vehicle communication controller, 
a secondary actor policy decision point server to:
evaluate the access requestor’s identity based on the platform certificate and respond with an action message allowing high-level communication with the access requestor to proceed, wherein an output of the evaluation is stored in a secure, distributed transaction ledger, and
receive a classification result of normal, attacked or fault for each node in the series of monitoring node values based on a decision boundary for a multi-class classifier model calculated with a set of normal feature vectors, a set of attacked feature vectors and a set of fault feature vectors;
fuse the output of the evaluation and the classification to a final decision, including allowing or refusing an electrical or communication connection; 
wherein the final decision and information associated with at least one of the current monitoring node values and the access request is stored in the secure, distributed transaction ledger.

2.  (Original) The system of claim 1, wherein the secure, distributed transaction ledger is associated with an attestation blockchain.

3.  (Original) The system of claim 1, wherein the current monitoring node values are associated with at least one of: (i) voltage, (ii) current, (iii) a charging rate limit, (iv) a duty ratio, (v) a transformer temperature, (vi) a load, (vii) a visit date, (viii) a driver preference, (ix) a radio frequency identifier tag, (x) a demand response command, (xi) weather data, (xii) pricing data, and (xiii) a firewall log file.

4.  (Original) The system of claim 1, wherein the access request is further associated with at least one of: (i) a trusted platform module, (ii) a hardware root of trust, (iii) platform configuration registers, (iv) a trusted connection network, (v) a policy enforcement point, and (vi) an electric vehicle power standard.

5.  (Original) The system of claim 1, wherein bi-directional authentication of the electric vehicle and the electric vehicle charging site is performed.

6.  (Original) The system of claim 1, wherein the electric vehicle charging site is associated with extreme fast charging.

7.  (Currently amended) The system of claim 1, further comprising:
a node classifier computer, coupled to the plurality of monitoring nodes, to:
(i) receive the series of current monitoring node values and generate a set of current feature vectors,
(ii) access at least one multi-class classifier model having at least one decision boundary, and
(iii) execute the at least one multi-class classifier model and transmit [[a]] the classification result based on the set of current feature vectors and the at least one decision boundary

8.  (Original) The system of claim 7, wherein decision fusion resides in the secondary actor policy decision point.

9.  (Canceled) 

10.  (Original) The system of claim 7, wherein decision fusion resides in a Charging Station Energy Management System (“EMS-Si”).

11.  (Original) The system of claim 10, wherein the output of the secondary actor policy decision point is transmitted to the EMS-Si, and the classification result and a detection feature or decision from malware propagation containment module, stability monitoring and assurance module, and the output of a platform identity evaluation in the secondary actor policy decision point are fused to a final decision, including allowing or refusing an electrical or communication connection.

12.  (Original) The system of claim 7, wherein decision fusion resides in a Centralized Distribution Substation Energy Management System (“EMS-DS”) or a Centralized Multiple Charging Stations Energy Management System (“EMS-CO”).

13.  (Original) The system of claim 12, wherein the output of the secondary actor policy decision point is transmitted to a Charging Station Energy Management System (“EMS-Si”), and the classification result and the detection feature or decision from malware propagation containment module, stability monitoring and assurance module, and the output of platform identity evaluation in the secondary actor policy decision point are fused to a final decision, including allowing or refusing an electrical or communication connection.

14.  (Original) The system of claim 7, wherein decision fusion resides in in both a Centralized Distribution Substation Energy Management System (“EMS-DS”) and a Charging Station Energy Management System (“EMS-Si”).

15.  (Original) The system of claim 14, wherein the EMS-Si aggregates information within the charging site to make a cyber protection decision; and the EMS-DS aggregates both the decision output and the device information from each EMS-Si to address a covert attack and coordinated attacks on multiple stations.

16.  (Original) The system of claim 7, wherein decision fusion is within at least one of: (i) a raw data level, (ii) a feature level, and (iii) a decision level.

17.  (Original) The system of claim 7, wherein at least one monitoring node is associated with at least one of: (i) a sensor node, (ii) a critical sensor node, (iii) an actuator node, (iv) a controller node, and (v) a key software node.

18.  (Original) The system of claim 7, wherein the classification result further includes, in the case of a monitoring node status indicating a fault, a failure mode.

19.  (Original) The system of claim 7, wherein the set of current feature vectors includes at least one of: (i) a local feature vector associated with a particular monitoring node, and (ii) a global feature vector associated with a plurality of monitoring nodes.

20.  (Original) The system of claim 7, wherein the set of current feature vectors are associated with at least one of: (i) principal components, (ii) statistical features, (iii) deep learning features, (iv) frequency domain features, (v) time series analysis features, (vi) logical features, (vii) geographic or position based locations, and (viii) interaction features.

21.  (Original) The system of claim 7, wherein the multi-class classifier model is associated with at least one of: (i) an actuator attack, (ii) a controller attack, (iii) a monitoring node attack, (iv) a plant state attack, (v) spoofing, (vi) financial damage, (vii) unit availability, (viii) a unit trip, (ix) a loss of unit life, and (x) asset damage requiring at least one new part.

22.  (Original) The system of claim 7, wherein information from each of the plurality of monitoring nodes is normalized and an output is expressed as a weighted linear combination of basis functions.

23.  (Original) The system of claim 7, wherein the at least one decision boundary is associated with at least one of: (i) a line, (ii) a hyperplane, and (iii) a non-linear boundary.

24.  (Original) The system of claim 7, wherein said executing includes:
determining, by a global binary classifier, whether the electric vehicle charging infrastructure is normal or abnormal;
when the electric vehicle charging infrastructure is abnormal, determining, by a 3-class classifier for each monitoring node, whether the node is normal, attacked, or faulty; and
when a node is faulty, determining, by a multi-class classifier for each monitoring node, a failure mode for the monitoring node.

25.  (Original) The system of claim 7, wherein said executing includes
determining, by a global binary classifier, whether the electric vehicle charging infrastructure is normal or abnormal; and
when the electric vehicle charging infrastructure is abnormal, determining, by a multi-class classifier for each monitoring node, whether the node is normal, attacked, or one of a pre-determined number of failure modes.

26.  (Original) The system of claim 7, wherein said executing includes
determining, by a 3-class classifier for each monitoring node, whether the node is normal, attacked, or faulty; and
when a node is faulty, determining, by a multi-class classifier for each monitoring node, a failure mode for the monitoring node.

27.  (Original) The system of claim 7, wherein said executing includes
determining, by a multi-class classifier for each monitoring node, whether the node is normal, attacked, or faulty, or one of a pre-determined number of failure modes.

28. (Original)  The system of claim 7, wherein said executing includes
determining, by global multi-class classifier, whether each monitoring node is normal or abnormal;
when a monitoring node is abnormal, determining, by a binary classifier for each monitoring node, whether the node is attacked or faulty; and
when a node is faulty, determining, by a multi-class classifier for each monitoring node, a failure mode for the monitoring node.

29.  (Canceled) 

30.  (Original) The system of claim 7, further comprising:
a normal space data source storing, for each of the plurality of monitoring nodes, a series of normal monitoring node values over time that represent normal operation of the electric vehicle charging infrastructure;
an attacked space data source storing, for each of the plurality of monitoring nodes, a series of attacked monitoring node values over time that represent attacked operation of the electric vehicle charging infrastructure;
a faulty space data source storing, for each of the plurality of monitoring nodes, a series of faulty monitoring node values over time that represent faulty operation of the electric vehicle charging infrastructure; and
a multi-class classifier model creation computer, coupled to the normal space data source, the attacked space data source, and the fault space data source, to:
(i) receive the series of normal monitoring node values and generate a set of normal feature vectors,
(ii) receive the series of attacked monitoring node values and generate a set of attacked feature vectors,
(iii) receive the series of faulty monitoring node values and generate a set of faulty feature vectors, and
(iv) automatically calculate and output the at least one decision boundary for the multi-class classifier model based on the set of normal feature vectors, the set of attacked feature vectors, and the set of faulty feature vectors.

31.  (Original) The system of claim 30, wherein at least one of the series of normal monitoring node values, the series of attacked monitoring node values, and the series of faulty monitoring node values are associated with a high-fidelity equipment model.

32.  (Original) The system of claim 30, wherein at least one decision boundary exists in a multi-dimensional space and is associated with at least one of: (i) a dynamic model, (ii) design of experiment data, (iii) machine learning techniques, (iv) a support vector machine, (v) a full factorial process, (vi) Taguchi screening, (vii) a central composite methodology, (viii) a Box-Behnken methodology, (ix) real-world operating conditions, (x) a full-factorial design, (xi) a screening design, and (xii) a central composite design.

33.  (Previously presented) The system of claim 30, wherein at least one of the normal, attacked, and faulty monitoring node values are obtained by running design of experiments on the electric vehicle charging infrastructure.

34.  (Currently amended) A computerized method to protect an electric vehicle charging infrastructure, comprising:
receiving, from a normal space data source for each of a plurality of monitoring nodes, a series of normal monitoring node values over time that represent normal operation of the electric vehicle charging infrastructure;
receiving, from an attacked space data source for each of the plurality of monitoring nodes, a series of attacked monitoring node values over time that represent attacked operation of the electric vehicle charging infrastructure;
receiving, from a fault space data source for each of the plurality of monitoring nodes, a series of fault monitoring node values over time that represent fault operation of the electric vehicle charging infrastructure; and
automatically calculating and outputting, by a multi-class classifier model creation computer, a decision boundary for a multi-class classifier model based on the set of normal feature vectors, the set of attacked feature vectors, and the set of fault feature vectors;
receiving, from the plurality of monitoring nodes, a series of current monitoring node values over time that represent a current operation of the electrical vehicle charging infrastructure;
receiving a classification result of normal, attacked or fault for each node in the series of current monitoring node values based on the decision boundary; and
fusing the classification result and an evaluation of an access requestor’s identity to a final decision, including allowing or refusing an electrical or communication connection, wherein the final decision is stored in a secure, distributed transaction ledger.

35.  (Currently amended) The method of claim 34, further comprising, prior to receiving the classification result:

generating, by a node classifier computer, a set of current feature vectors;
accessing at least one multi-class classifier model having the at least one decision boundary; and
executing the at least one multi-class classifier model and transmitting [[a]] the classification result based on the set of current feature vectors and the at least one decision boundary, wherein the classification result indicates whether a monitoring node status is normal, attacked, or fault.  

36. (Canceled) 


ALLOWABLE SUBJECT MATTER
Claims 1-8, 10-28, 30-35 are allowed in light of applicant’s amendments, examiner’s amendments and prior art(s) of record. 

EXAMINER’S STATEMENT OF REASONS FOR ALLOWANCE
Following is an examiner’s statement of reasons for the allowance:
Independent claim 1 recites, inter-alia, “receive a classification result of normal, attacked or fault for each node in the series of monitoring node values based on a decision boundary for a multi-class classifier model calculated with a set of normal feature vectors, a set of attacked feature vectors and a set of fault feature vectors; fuse the output of the evaluation and the classification to a final decision, including allowing or refusing an electrical or communication connection”. Although Bushey (US20170359366) teaches classifying monitoring node based on the decision boundary (normal or abnormal state); Para. 0022), Evans teaches classifying monitoring nodes with multiple decision boundaries (Para. 0058), none of the prior arts of on the record, either taken by itself or in any combination, would anticipate or made obvious the above limitation combined with other limitations recited in claim 1 at or before the time it was filed.
Examiner performed updated search and did not find any related prior art. Therefore the additional search does not yield other specific references that reasonably, either singularly or in combination with cited references, would result a proper rejection that would have anticipated or made obvious the combination of all the steps disclosed in the independent claims 1 with proper motivation at or before the time it was effectively filed. 
Independent claim 34 although is different, further recites similar limitations to those found in claim 1. Therefore, claim 34 is considered to be allowable for the same reason as discussed above.
Dependent claims 2-8, 10-28, 30-33 and 35 depend upon one of the above-mentioned allowed claims and are therefore allowed by virtue of their dependencies.
Any comments considered necessary by applicant must be submitted no later than payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.''

CONCLUSION
Prior arts made of record, not relied upon: See PTO-892.	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LIN CHANG whose telephone number is (571)272-9998.  The examiner can normally be reached on Monday-Thursday 9AM-6PM EST Friday: Variable.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, to Taghi T. Arani can be reached on (571) 272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/L.C./Examiner, Art Unit 2438                                                                                                                                                                                                        /TAGHI T ARANI/Supervisory Patent Examiner, Art Unit 2438