Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This Office Action is in response to the application 17/239,988 filed on 04/26/2021.
Claims 1-16 have been examined and are pending in this application.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 8-12 are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.
Regarding claim 8, the claim calls for a device; as recited in the body of the claim, the claimed system comprising: “a first/second/third… connector” which may be interpreted simply as software and the claims do not fall under one of the four statutory categories. One of ordinary skill in the art would understand that a connector could be ‘hardware connector,’ which is statutory. However, connector could be a ‘software connector. As the body of the claim does not positively recite any hardware embodiment, the claim is directed to non-statutory subject matter.  The nominal recitation of the machine/device in the preamble with an absence of a hardware element in the body of the claim fails to make the claim statutory under 35 USC 101.  See Am. Med. Sys., Inc v. Biolitec, Inc., 618 F.3d 1354, 1358 (Fed. Cir. 2010).  See also Ex parte Cohen et al., (Appeal No. 2009-011366) for details.  The Examiner respectfully suggests that the claim be further amended to positively recites at least one hardware element within the body of the claim to make the claim statutory subject matter under 35 U.S.C. 101.
Regarding claims 9-12; claims 9-12 are also rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter for the same reason. 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-16 are rejected under 35 U.S.C. 103 as being unpatentable over Hill (US 2019/0089741) and in view of Greenhill (US 2008/0297513).
Regarding claim 1, Hill discloses a method for providing access to data over a tunnel (Hill par. 0058 and 0066. Hill teaches that a specific implementation, the assets include wired or wireless interfaces through which the assets can send and receive data to and from the computer-readable medium. The assets  function to transmit data between sources and destinations that may be in or outside the network. a specific example, VPN tunnels through which the management access system send and receive data are maintained using dedicated networking equipment, such as dedicated routers), the method comprising: 
establishing, by a first connector (Zone egress(1012)), a first tunnel (1014) connection between the first connector and a second connector (1018) (Hill fig. 10 and  par. 0103. Hill teaches that the source is operationally connected to the zone egress 1012 through the one or more switches 1010. The zone egress 1012 is intended to represent a network port. In the example of FIG. 10, the zone egress 1012 is coupled to the ICS CRM 1004 via a secure conduit 1014. The secure conduit 1014 represents, for example, an encrypted tunnel between the security zone 1002 and the security zone 1006. See also par. 0104 and 0109); 
establishing, by a third connector, a second tunnel connection between the third connector and a fourth connector (Hill fig. 10 and  par. 0104 and 0105. Hill teaches that the switch 1016-n is coupled to the security zone 1006 via the secure conduit 1014. (It may be noted the ICS CRM 1004, depending upon the implementation. The zone ingress 1018 is coupled to the ICS CRM 1004 via the secure conduit 1014. The zone ingress 1018 is operationally connected to the destination 1022 through the one or more switches 1020. See also par. 0109); 
obtaining by the first connector, data (Hill par. 0103 and 0117. Hill teaches that The source is operationally connected to the zone egress 1012 through the one or more switches 1010. The zone egress 1012 is intended to represent a network port. In the example of FIG. 10, the zone egress 1012 is coupled to the ICS CRM 1004 via a secure conduit 1014. The CRM 1202 is an ICS CRM that, without more, lacks the ability to provide visibility of which assets are on the ICS network and what conversations are taking place between those assets. One way to capture network data streams through ports of a switch is to utilize a Switched Port Analyzer (SPAN)); and 
propagating the data from the first connector to the third connector through the first tunnel connection and the second tunnel connection (Hill par. 0121 and 0102. Hill teaches that the network orchestration and security platform 1206 builds a filter based upon discovered assets and sends a filtered capture request 1208 to the switch 1204. Using the filter, the switch 1204 captures a data stream for the applicable assets for the applicable physical ports and provides the data stream 1210 to the network orchestration and security platform 1206. ICS having secure conduits between security zones. ICS often involves migrating one part of the system at a time, these systems must be able to share data to control the physical process. See also fig. 10).  
Hill discloses access to data over a tunnel and establishing, by a first connector a first tunnel connection between the first connector and a second connector (Hill par. 0058 and Fig. 10). However, Hill does not explicitly disclose access to historical data over a real-time tunnel.
However, in an analogous field, Greenhill discloses access to historical data over a real-time tunnel (Greenhill par. 0050. Greenhill teaches that a Microsoft protocol for communicating between application processes. OPC is a set of communication protocols used by the process industry, based on OLE communication mechanisms. OPC protocols include: OPC-DA (or OPC Data Access) for real-time access to the values of process variables and OPC-HDA (or OPC Historical Data Access.).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the communication protocol of Hill using the communication protocol taught in Greenhill in order to or real-time access to the values of process variable in the control of Industrial Processes (Greenhill par.0002).  
Regarding claim 2, Hill and Greenhill disclose the method of claim 1, 
Hill further discloses wherein the first connector, the second connector, the third connector and the fourth connector are in a same network (Hill Fig.10).  
Regarding claim 3, Hill and Greenhill disclose the method of claim 1, 
Hill further discloses further comprising: configuring a first network to include the first connector; configuring a second network to include the second connector; configuring a third network to include the third connector; configuring a fourth network (418) to include the fourth connector; and separating each of the first network, the second network, the third network, and the fourth network (418) by a respective firewall (Hill par. 0111 and Figs. 10-11. Hill teaches that the security zone egress port can be characterized as connected to a forwarding device at the edge of both the first security zone and a portion of a network outside of the first security zone, such as a router, switch, access point, gateway, repeater, or the like).
Regarding claim 4, Hill and Greenhill disclose the method according to claim 1, 
Hill further discloses wherein the data is (i) real-time data, (ii) historical data, or (iii) a combination of (i) and (ii) (Hill par. 0091. Hill teaches that the Activity Directory asset type will never use the three protocols of the Open Platform Communications classic family: data access (DA), historical data access (HAD), and Alarm and Events (A&E). By contrast, the Batch Server asset type will frequently use these protocols).
Regarding claim 5, Hill and Greenhill disclose the method according to claim 3, 
Hill further discloses further comprising: receiving, by the second network, an inbound connection (Hill par. 0058. Hill teaches that the assets 104 include wired or wireless interfaces through which the assets 104 can send and receive data to and from the computer-readable medium 102. The assets 104 function to transmit data between sources and destinations that may be in or outside the network).
Regarding claim 6, Hill and Greenhill disclose the method according to claim 3, 
Hill further discloses further comprising: making, by the first network, an outbound connection (Hill par. 0058. Hill teaches that the assets 104 include wired or wireless interfaces through which the assets 104 can send and receive data to and from the computer-readable medium 102. The assets 104 function to transmit data between sources and destinations that may be in or outside the network).  
Regarding claim 7, Hill and Greenhill disclose the method according to claim 1, 
Hill further discloses further comprising: initiating, by any one of the (i) first connector, (ii) the second connector, (iii) the third connector or (iv) the fourth connector, a connection; and storing, by the connector initiating the connection, security information (Hill fig. 10 and  par. 0103. Hill teaches that the source is operationally connected to the zone egress 1012 through the one or more switches 1010. The zone egress 1012 is intended to represent a network port. In the example of FIG. 10, the zone egress 1012 is coupled to the ICS CRM 1004 via a secure conduit 1014. The secure conduit 1014 represents, for example, an encrypted tunnel between the security zone 1002 and the security zone 1006. See also par. 0104 and 0109).
Regarding claims 8-12; claims 8-12 are directed to a system associated with the method claimed in claims 1-5 respectively. Claims 8-12 are similar in scope to claims 1-5 and respectively, and are therefore rejected under similar rationale respectively.
Regarding claim 13, Hill discloses a method for providing access to data over a tunnel (Hill par. 0058 and 0066. Hill teaches that a specific implementation, the assets include wired or wireless interfaces through which the assets can send and receive data to and from the computer-readable medium. The assets  function to transmit data between sources and destinations that may be in or outside the network. a specific example, VPN tunnels through which the management access system send and receive data are maintained using dedicated networking equipment, such as dedicated routers), the method comprising: 
establishing, by a first connector (Zone egress(1012)), a first tunnel (1014) connection between the first connector and a second connector (1018) (Hill fig. 10 and  par. 0103. Hill teaches that the source is operationally connected to the zone egress 1012 through the one or more switches 1010. The zone egress 1012 is intended to represent a network port. In the example of FIG. 10, the zone egress 1012 is coupled to the ICS CRM 1004 via a secure conduit 1014. The secure conduit 1014 represents, for example, an encrypted tunnel between the security zone 1002 and the security zone 1006. See also par. 0104 and 0109); 
establishing, by a third connector (1018), a second tunnel connection (1014) from the third connector to the second connector (Hill fig. 10 and  par. 0104 and 0105. Hill teaches that the switch 1016-n is coupled to the security zone 1006 via the secure conduit 1014. The zone ingress 1018 is coupled to the ICS CRM 1004 via the secure conduit 1014. See also par. 0109); 
obtaining by the first connector, data (Hill par. 0103 and 0117. Hill teaches that The source is operationally connected to the zone egress 1012 through the one or more switches 1010. The zone egress 1012 is intended to represent a network port. In the example of FIG. 10, the zone egress 1012 is coupled to the ICS CRM 1004 via a secure conduit 1014. The CRM 1202 is an ICS CRM that, without more, lacks the ability to provide visibility of which assets are on the ICS network and what conversations are taking place between those assets. One way to capture network data streams through ports of a switch is to utilize a Switched Port Analyzer (SPAN)); and 
propagating the data from the first connector to the third connector through the first tunnel connection and the second tunnel connection (Hill par. 0121 and 0102. Hill teaches that the network orchestration and security platform 1206 builds a filter based upon discovered assets and sends a filtered capture request 1208 to the switch 1204. Using the filter, the switch 1204 captures a data stream for the applicable assets for the applicable physical ports and provides the data stream 1210 to the network orchestration and security platform 1206. ICS having secure conduits between security zones. ICS often involves migrating one part of the system at a time, these systems must be able to share data to control the physical process. See also fig. 10).  
Hill discloses access to data over a tunnel and establishing, by a first connector a first tunnel connection between the first connector and a second connector (Hill par. 0058 and Fig. 10). However, Hill does not explicitly disclose access to historical data over a real-time tunnel.
However, in an analogous field, Greenhill discloses access to historical data over a real-time tunnel (Greenhill par. 0050. Greenhill teaches that a Microsoft protocol for communicating between application processes. OPC is a set of communication protocols used by the process industry, based on OLE communication mechanisms. OPC protocols include: OPC-DA (or OPC Data Access) for real-time access to the values of process variables and OPC-HDA (or OPC Historical Data Access.).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the communication protocol of Hill using the communication protocol taught in Greenhill in order to or real-time access to the values of process variable in the control of Industrial Processes (Greenhill par.0002).  
Regarding claim 14, Hill and Greenhill disclose the method according to claim 13, 
Hill further discloses further comprising: retrieving, by the first connector, historical data from a first historian; and transmitting, by the first connector, the historical data over the first tunnel connection to the second connector (Hill par. 0091, 0103 and 0117. Hill teaches that The source is operationally connected to the zone egress 1012 through the one or more switches 1010. The zone egress 1012 is intended to represent a network port. In the example of FIG. 10, the zone egress 1012 is coupled to the ICS CRM 1004 via a secure conduit 1014. The CRM 1202 is an ICS CRM that, without more, lacks the ability to provide visibility of which assets are on the ICS network and what conversations are taking place between those assets. One way to capture network data streams through ports of a switch is to utilize a Switched Port Analyzer (SPAN). Activity Directory asset type will never use the three protocols of the Open Platform Communications classic family: data access (DA), historical data access (HAD), and Alarm and Events (A&E). By contrast, the Batch Server asset type will frequently use these protocols).
Regarding claim 15, Hill and Greenhill disclose the method according to claim 13, 
Hill further discloses further comprising: receiving, by the second connector, (i) real time data, (ii) historical data, or (iii) a combination of (i) and (ii) via a tunnel connection; propagating, by the second connector, historical data to a second historian; retrieving, by the second connector the historical data from the second historian; and transmitting, by the second connector, via the second tunnel connection (i) the real-time data, (ii) the historical data, or (iii) a combination of (i) and (ii) (Hill par. 0091, 0139 and fig 19. Hill teaches that Activity Directory asset type will never use the three protocols of the Open Platform Communications classic family: data access (DA), historical data access (HAD), and Alarm and Events (A&E). By contrast, the Batch Server asset type will frequently use these protocols. a system for generating security zones for industrial control system networked assets based upon conversation characteristics and patterns. The diagram 1900 includes a network orchestration and security platform 1902, a logical group 1904, a logical group 1906, a logical group 1908, and a logical group 1910. For illustrative purposes, the logical groups have been populated with components, such as, in logical group 1904, a switch 1912, an engineering workstation 1914, a historian 1916, and a SCADA server 1918; in logical group 1906, a switch 1920, a PLC 1922, an RTU 1924, an IED 1926, and an HMI 1928; in logical group 1908, a switch 1932, a SCADA client 1934, a SCADA server 1936, and a SCADA client 1938; in logical group 1910, a switch 1940, a PLC 1942, a PLC 1944, a VFD 1946, and an HMI 1948).
Regarding claim 16, Hill and Greenhill disclose the method according to claim 13, 
Hill further discloses further comprising: establishing, by the third connector a second tunnel connection with the second connector; receiving, by the third connector (i) real-time data, (ii) historical data, or (iii) a combination of (i) and (ii); and sending, by the third connector historical data to a third historian (Hill par. 0091, 0139 and fig 19. Hill teaches that Activity Directory asset type will never use the three protocols of the Open Platform Communications classic family: data access (DA), historical data access (HAD), and Alarm and Events (A&E). By contrast, the Batch Server asset type will frequently use these protocols. a system for generating security zones for industrial control system networked assets based upon conversation characteristics and patterns. The diagram 1900 includes a network orchestration and security platform 1902, a logical group 1904, a logical group 1906, a logical group 1908, and a logical group 1910. For illustrative purposes, the logical groups have been populated with components, such as, in logical group 1904, a switch 1912, an engineering workstation 1914, a historian 1916, and a SCADA server 1918; in logical group 1906, a switch 1920, a PLC 1922, an RTU 1924, an IED 1926, and an HMI 1928; in logical group 1908, a switch 1932, a SCADA client 1934, a SCADA server 1936, and a SCADA client 1938; in logical group 1910, a switch 1940, a PLC 1942, a PLC 1944, a VFD 1946, and an HMI 1948).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANCHIT K SARKER whose telephone number is (571)270-7907. The examiner can normally be reached M-F 8:30 AM-5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, FARID HOMAYOUNMEHR can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SANCHIT K SARKER/Primary Examiner, Art Unit 2495