Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Detailed Action
This office action is in response to the listing of claims filed on November 1, 2019. Claims 1-20 are currently pending.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 7-16, and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Yoo (US PGPub No: 2011/0314547) in view of Imai et al (US Patent No: 6,175,874), hereafter referred to as Yoo and Imai, respectively.

With regards to claims 1 and 8, Yoo teaches through Imai, a method, comprising: receiving, by a device, a hash table that includes lists of protocol detectors, wherein the hash table is generated based on historical process data identifying potential process variables associated with an industrial control system used to control an industrial process (Yoo teaches the hash matcher table being generated using the rule pattern stored in the rule pattern database; see paragraph 146, Yoo. Hash values for IP addresses included in the rule patterns are obtained using a hash function and the hash matcher table is configured based on the hash values; see paragraph 146, Yoo); 

receiving, by the device, a packet identifying one or more process variables associated with the industrial control system (see Imai below); 

extracting, by the device and from the packet, packet data identifying a source address, a destination address, a port, and a transport protocol associated with the packet (Yoo teaches matches are performed using packet data such as source IP address, destination IP address, port information, and the type of protocol; see paragraphs 49, 139-140, Yoo); 

comparing, by the device, the packet data with data in the hash table to identify a set of lists of protocol detectors from the lists of protocol detectors included in the hash table (Yoo teaches matching packet data (including protocol data) with a matcher table; see paragraph 49, Yoo); 

processing, by the device, the packet data, with the set of lists of protocol detectors, to determine one of a matching protocol, no matching protocol, or a potential matching protocol for the packet; and performing, by the device, one or more actions based on determining the one of the matching protocol, no matching protocol, or the potential matching protocol for the packet (Yoo teaches protocol matching can be marked as being matched or not matched; see paragraphs 172 and 184 , Yoo. Yoo also teaches how a light matching can occur when part of the packet data is matched to part of the virus pattern (i.e. potential matching protocol); see paragraph 62, Yoo. Based on matching information, packets can be checked for viruses and sent on or not; see Figure 16 and paragraphs 86-89, Yoo).  

While Yoo teaches protocol matching packets, Yoo does not explicitly cite that the packets identify one/more process variables associated with an industrial control system. In the same field of endeavor Imai also teaches a network that can pattern match packets; see column 3, lines 50-52, Imai. The matched pattern relating to the packet is used to select processing nodes based on information stored in the distribution control table (i.e. process variables associated with an industrial control system); see column 3, lines 45-48, Imai. Packet information used for matching can include protocol type; see column 3, lines 63-66, Imai. By matching packets, packets can be directed to non-failed nodes and disruptions can be avoided. Therefore it would have been obvious to one skilled in the art, before the effective filing date, to have combined the teachings of Imai with those of Yoo to avoid network disruptions; see column 8, lines 54-62, Imai.


With regards to claim 2, Yoo teaches through Imai, the method wherein performing the one or more actions comprises: associating the matching protocol with the packet when the matching protocol is determined for the packet; and providing the packet and data identifying the matching protocol to a sensor control system (Yoo then explains how the anti-virus inspector is notified of the result of the scanning operation; see paragraph 122, Yoo).  

With regards to claims 3 and 16, Yoo teaches through Imai, the method wherein performing the one or more actions comprises: providing the packet to a sensor control system for further analysis when no matching protocol is determined for the packet (Yoo explains assessing if scanning is necessary and supports multiple scans; see paragraphs 94-98 and 217-218, Yoo). 

With regards to claim 4, Yoo teaches through Imai, the method wherein performing the one or more actions comprises: receiving a next packet associated with the packet and after receipt of the packet when the potential matching protocol is determined for the packet; and processing the next packet to attempt to determine another matching protocol for the next packet (Yoo teaches performing an exact matching after light matching is successful; see paragraph 141, Yoo).  

With regards to claim 7, Yoo teaches through Imai, the method wherein comparing the packet data with the data in the hash table to identify the set of lists of protocol detectors comprises: identifying a first list of protocol detectors, of the set of lists of protocol detectors, based on the destination address associated with the packet; identifying a second list of protocol detectors, of the set of lists of protocol detectors, based on the source address associated with the packet; and identifying a third list of protocol detectors, of the set of lists of protocol detectors, that include a dummy port value (Yoo teaches matches are performed using packet data such as source IP address, destination IP address, port information, and the type of protocol; see paragraphs 49, 139-140, Yoo. Yoo further teaches protocol matching can be marked as being matched or not matched; see paragraphs 172 and 184 , Yoo. Yoo also teaches how a light matching can occur when part of the packet data is matched to part of the virus pattern (i.e. potential matching protocol); see paragraph 62, Yoo.).  

With regards to claim 9, Yoo teaches through Imai, the device wherein the one or more processors, when processing the packet data, with the set of lists of protocol detectors, to determine the one of the matching protocol, no matching protocol, or the potential matching protocol for the packet, are configured to: traverse the set of lists of protocol detectors in order of increasing complexity to determine the one of the matching protocol, no matching protocol, or the potential matching protocol for the packet (Yoo teaches performing an exact matching after light matching is successful; see paragraph 141, Yoo).  

With regards to claim 10, Yoo teaches through Imai, the device wherein the packet includes protocol information (Yoo teaches packet data includes protocol information; see paragraphs 49, 139, and 169, Yoo).  

With regards to claims 11 and 18, Yoo teaches through Imai, the device wherein the one or more processors, when processing the packet data, with the set of lists of protocol detectors, to determine the one of the matching protocol, no matching protocol, or the potential matching protocol for the packet, are configured to: determine the matching protocol or no matching protocol for the packet; and cease the processing of the packet data, with the set of lists of protocol detectors, as soon as the matching protocol or no matching protocol is determined for the packet (Yoo teaches protocol matching can be marked as being matched or not matched; see paragraphs 172 and 184 , Yoo. Yoo also teaches how a light matching can occur when part of the packet data is matched to part of the virus pattern (i.e. potential matching protocol); see paragraph 62, Yoo. Based on matching information, packets can be checked for viruses and sent on or not (i.e. cease); see Figure 16 and paragraphs 86-89, Yoo).  

With regards to claims 12 and 19, Yoo teaches through Imai, the device wherein the one or more processors, when performing the one or more actions, are configured to: update the hash table based on determining the one of the matching protocol, no matching protocol, or the potential matching protocol for the packet (Yoo teaches protocol matching can be marked as being matched or not matched; see paragraphs 172 and 184 , Yoo. Yoo also teaches how a light matching can occur when part of the packet data is matched to part of the virus pattern (i.e. potential matching protocol); see paragraph 62, Yoo. Such information is updated in the table. Based on matching information, packets can be checked for viruses and sent on or not; see Figure 16 and paragraphs 86-89, Yoo).  

With regards to claim 13, Yoo teaches through Imai, the device wherein the one or more processors, when performing the one or more actions, are configured to: provide the packet to a sensor control system for further analysis when no matching protocol is determined for the packet; and receive, from the sensor control system, an identified protocol for the packet based on the further analysis (Yoo teaches performing additional matching if sub-matching is not successful; see paragraph 152, Yoo).  

With regards to claim 14, Yoo teaches through Imai, the device wherein the one or more processors, when performing the one or more actions, are further configured to: update the hash table based on the identified protocol for the packet (Yoo teaches updating the database; see paragraph 149, Yoo).  

With regards to claim - 34 -PATENTDocket No. 2019054515, Yoo teaches through Imai, a non-transitory computer-readable medium storing instructions, the instructions comprising: one or more instructions that, when executed by one or more processors, cause the one or more processors to: receive a hash table that includes lists of protocol detectors, wherein the hash table is generated based on historical process data identifying potential process variables associated with an industrial control system used to control an industrial process; store the hash table (Yoo teaches the hash matcher table being generated using the rule pattern stored in the rule pattern database; see paragraph 146, Yoo. Hash values for IP addresses included in the rule patterns are obtained using a hash function and the hash matcher table is configured based on the hash values; see paragraph 146, Yoo); 

receive a packet identifying one or more process variables associated with the industrial control system (see Imai below); 

extract, from the packet, packet data identifying a source address, a destination address, a port, and a transport protocol associated with the packet (Yoo teaches matches are performed using packet data such as source IP address, destination IP address, port information, and the type of protocol; see paragraphs 49, 139-140, Yoo); 

compare the packet data with data in the hash table to identify a set of lists of protocol detectors from the lists of protocol detectors included in the hash table (Yoo teaches matching packet data (including protocol data) with a matcher table; see paragraph 49, Yoo); 

process the packet data, with the set of lists of protocol detectors, to determine one of a matching protocol, no matching protocol, or a potential matching protocol for the packet; associate the matching protocol with the packet when the matching protocol is determined for the packet; and provide the packet and data identifying the matching protocol to a sensor control system (Yoo teaches protocol matching can be marked as being matched or not matched; see paragraphs 172 and 184 , Yoo. Yoo also teaches how a light matching can occur when part of the packet data is matched to part of the virus pattern (i.e. potential matching protocol); see paragraph 62, Yoo. Based on matching information, packets can be checked for viruses and sent on or not; see Figure 16 and paragraphs 86-89, Yoo.  Yoo then explains how the anti-virus inspector is notified of the result of the scanning operation (i.e. provide the packet and data identifying the matching protocol to a sensor control system); see paragraph 122, Yoo).  

While Yoo teaches protocol matching packets, Yoo does not explicitly cite that the packets identify one/more process variables associated with an industrial control system. In the same field of endeavor Imai also teaches a network that can pattern match packets; see column 3, lines 50-52, Imai. The matched pattern relating to the packet is used to select processing nodes based on information stored in the distribution control table (i.e. process variables associated with an industrial control system); see column 3, lines 45-48, Imai. Packet information used for matching can include protocol type; see column 3, lines 63-66, Imai. By matching packets, packets can be directed to non-failed nodes and disruptions can be avoided. Therefore it would have been obvious to one skilled in the art, before the effective filing date, to have combined the teachings of Imai with those of Yoo to avoid network disruptions; see column 8, lines 54-62, Imai.


With regards to claim 20, Yoo teaches through Imai, the non-transitory computer-readable medium wherein the instructions further comprise: one or more instructions that, when executed by the one or more processors, cause the one or more processors to: provide the packet to a sensor control system for further analysis when no matching protocol is determined for the packet; receive, from the sensor control system, an identified protocol for the packet based on the further analysis; and update the hash table based on the identified protocol for the packet (Yoo teaches performing additional matching if sub-matching is not successful; see paragraph 152, Yoo. Yoo further teaches updating the database; see paragraph 149, Yoo). 


Allowable Subject Matter
Claims 5, 6, and 17 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Examiner’s Remarks
In an attempt to provide compact prosecution, the examiner made a number of attempts to contact all three of the agent and attorneys of record to discuss possible claim amendments. The examiner left at least one voicemail with each phone number listed on record but was unable to speak to anyone regarding the possible claim amendments. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AZIZUL Q CHOUDHURY whose telephone number is (571)272-3909. The examiner can normally be reached M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, EMMANUEL MOISE can be reached on (571) 272-3865. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/AZIZUL CHOUDHURY/Primary Examiner, Art Unit 2455