DETAILED ACTION
Claims 17-35 (filed 07/12/2022) have been considered in this action.  Claims 17, 24 and 27-32 have been amended.  Claims 19 and 33-34 have been canceled.  Claims 18, 20-23 and 25-26 are presented in the same format as previously presented.  Claim 35 is newly added.

Response to Arguments
Applicant’s arguments, see page 11 paragraph 3, filed 07/12/2022, with respect to objection to the title have been fully considered and are persuasive.  The objection of the title has been withdrawn and the substitute title is accepted. 

Applicant's arguments, see page 11 paragraph 3, filed 07/12/2022, with respect to the substitute specification have been fully considered but they are not persuasive.  A marked-up copy of the substitute specification that shows where matter has been deleted/changed/added has not been provided in accordance with 37 CFR 1.125(b), thus the substitute specification is not accepted.  The examiner recommends filing the substitute specification along with a marked-up copy in accordance with the above rule in a future response.

Applicant's arguments, see page 11 paragraph 4, filed 07/12/2022, with respect to objections to the drawings have been fully considered but they are not persuasive.  As noted in the previous office action, “Automation component” and “Virtual automation component” are two separate and distinct parts of the invention as one relates to a physical device, while the other is a virtual representation of that physical device that exists solely as data.  Because these are separate and distinct parts, they must be given different reference symbols in accordance with 37 CFR 1.84(p).  Applicant’s arguments note that C1 and C2 designate different automation components, but that is not pertinent to the issue of automation components and virtual automation components being different parts with the same reference symbols applied.  The examiner holds the previous objection to the drawings.  

Applicant’s arguments, see page 12 paragraph 1, filed 07/12/2022, with respect to objections to claims 17, 24 and 30-32 have been fully considered and are persuasive.  The objections of claims 17, 24 and 30-32 has been withdrawn. 

Applicant’s arguments, see page 12 paragraph 2, filed 07/12/2022, with respect to rejection of claims 17-28, 31 and 32 under 35 U.S.C. 101 have been fully considered and are persuasive.  The rejection of claims 17-28, 31 and 32 under 35 U.S.C. 101 has been withdrawn. 

Applicant’s arguments, see page 13 paragraph 2, filed 07/12/2022, with respect to rejection of claims 33-34 under 35 U.S.C. 101 have been fully considered and are persuasive.  The rejection of claims 33-34 under 35 U.S.C. 101 has been withdrawn. 

Applicant’s arguments, see page 13 paragraph 3, filed 07/12/2022, with respect to rejection of claim 29 under 35 U.S.C. 112(a) have been fully considered and are persuasive.  The rejection of claim 29 under 35 U.S.C. 112(a) has been withdrawn. 

Applicant’s arguments, see page 14 paragraph 3, filed 07/12/2022, with respect to rejection of claim 19 under 35 U.S.C. 112(d) have been fully considered and are persuasive.  The rejection of claim 19 under 35 U.S.C. 112(d) has been withdrawn. 

Applicant’s arguments, see page 14 paragraph 4, filed 07/12/2022, with respect to rejection of claims 17-20 and 23-29 under 35 U.S.C. 112(b) have been fully considered and are persuasive.  The rejection of claims 17-20 and 23-29 under 35 U.S.C. 112(b) has been withdrawn. 

Applicant’s arguments with respect to rejection of claim(s) 17-34 under 35 U.S.C. 102(a)(1) and 35 U.S.C. 102(a)(2) have been considered but are not found to be convincing.  Applicant has argued that Bush fails to teach the newly amended material relating to “said engineering system aggregating active ports and configured IP addresses of the at least one automation component in the determined automation component description data and optimizing a resultant list of data by identifying communication relations and reducing a complexity of the resultant list”.  See below for a mapping of these features to Bush.

Specification
The substitute specification filed 07/12/2022 has not been entered because it does not conform to 37 CFR 1.125(b) and (c) because: a marked-up copy of the substitute specification has not been supplied (in addition to the clean copy).


Drawings
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(4) because reference character “C1” has been used to designate both “automation component” in figures 1 and 4, and “virtual automation component” or an automation component that exists solely as data as shown in figures 2, 6, 7 and 8.  A physical device (automation component) and a virtual device (virtual automation component) are two distinct concepts and cannot be considered the same thing by a person having ordinary skill in the art.  Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claims 17-18 and 20-32 are rejected under 35 U.S.C. 102(a)(1) and 35 U.S.C. 102(a)(2) as being anticipated by Bush et al. (US 20170214717, hereinafter Bush).

In regards to Claim 17, Bush teaches “A method for providing automation component configurations for at least one automation component of an industrial automation project, the method comprising: determining automation component description data comprising at least one functionality parameter for configuring functionality of the at least one automation component and determining at least one security parameter for configuring security functions of the at least one automation component;” ([0004]  a system for configuring security in an industrial environment is provided, comprising an interface component configured to receive zone configuration input that assigns respective industrial assets to selected security zones; an instruction translation component configured to generate one or more security configuration instructions directed to one or more of the industrial assets based on the zone configuration input, wherein the one or more security configuration instructions are configured to set respective asset-level security settings on the one or more of the industrial assets; [0053] The model-based security configuration system described herein allows a user to easily create a security model for their collection of networked industrial assets, which is then used by the system to generate device-specific security configuration instructions and set device security parameters for individual devices on the network [0054]  the security configuration system 202 described herein provides an intuitive interface with which the user can define these various trust relationships between their various industrial assets, and generates a suitable set of security configuration instructions for deployment to the user's industrial assets based on these defined trust relationships, thereby abstracting and simplifying the process of configuring the security parameters for each individual device; [0075] The system can also allow the user to set other security attributes for a defined zone (e.g., allowed cipher suites, verify expirations, or other such security attributes). The system can also allow the user to set a number of attributes for the zone that are not specifically security related (e.g., disable HTTP, etc.).[0076] In addition to zone-level attributes, the system also allows the user to set a number of asset-level attributes. These attributes are applied to specific industrial assets and devices. In some scenarios, some or all of these asset-level attributes may be read automatically by the configuration system as part of a device auto-discovery routine (implemented by the device discovery component 210). These manually provided or automatically discovered asset-level attributes are encoded in the model 216 together with the zone-level attributes. Asset-level attributes may include, for example, an asset type attribute used to classify the device and to render the device's capabilities in the model 216, port attributes that specify one or more mechanisms by which the asset communicates with other assets (e.g., specifying that the asset is to communicate via its Ethernet port, and setting an IP address for the device), or other such attributes) “determining, by an engineering system, based on the industrial automation project, a functionality parameter setting for the at least one functionality parameter and a security parameter setting for the at least one security parameter” (Fig. 2 and 14 and [0050] Instruction translation component 206 can be configured to read device, zone, and conduit information provided by the user (or automatically detected by the configuration system 202) and generate a set of security configuration instructions that, when implemented on respective industrial and/or networking devices, enforce the plant-wide security strategy defined by the user-provided device, zone, and conduit information. The instruction translation component 206 can generate these instructions based on a stored model 216 that describes the inventory of industrial and networking devices that make up the user's plant environment, as well as the networked connectivity between the devices. This model 216 includes vendor and model information for the various devices, allowing instruction translation component 206 to generate appropriate vendor- and model-specific security configuration instructions that will implement the user's desired security policies. Instruction translation component 206 can also generate these instructions based on defined business rules 218 that determine how security configuration conflicts are to be resolved for a given scenario; [0107] Once the security model has been completed and has been determined to comprise only enforceable security policies (NO at step 1414), the methodology proceeds to step 1416, where the system generates a set of device-level security instructions for implementation on one or more of the industrial assets. These security configuration instructions are generated based on an analysis of the security model, which in turn is generated based on the configuration input provided by the user. In one or more embodiments, the system that generated the interface at step 1402 maintains a translation engine capable of converting the security policy configuration information provided in previous steps into device- and vendor-specific security configuration instructions that, when executed on the individual target assets, will implement the plant-wide security strategy defined in previous steps) “said engineering system aggregating active ports and configured IP addresses of the at least one automation component in the determined automation component description data and optimizing a resultant list of data by identifying communication relations and reducing a complexity of the resultant list;” (Fig. 7A, 8A show list of data with identified communication relations in the form of assigned zone and [0056] the device discovery component 210 can access device identification information present on a networked device (if the device supports auto-discovery) and update the model 216 to include the discovered device. In some embodiments, the device discovery component 210 can also retrieve any current device configuration information on the device (e.g., network address, pre-existing security parameters, etc.) that may be required by the system in order to generate security configuration instructions for the device or for other devices that will be communicating with the device; [0074] Selecting IP Block security for a zone specifies that the selected zone contains industrial assets identified by individual IP addresses or a range of IP addresses. This type of security may be mixed with either CIP Security with Certificate or CIP Security with PSK in the same security zone. [0076] These manually provided or automatically discovered asset-level attributes are encoded in the model 216 together with the zone-level attributes. Asset-level attributes may include, for example, an asset type attribute used to classify the device and to render the device's capabilities in the model 216, port attributes that specify one or more mechanisms by which the asset communicates with other assets (e.g., specifying that the asset is to communicate via its Ethernet port, and setting an IP address for the device), or other such attributes; [0085] FIGS. 7A and 7B depict a security policy comprising two security zones and an asset-to-asset conduit, in which all assets comprise devices that support CIP security. FIG. 7A is a table illustrating configuration input provided to the security configuration system 202 by a user in order to implement the security policy. As noted above, this configuration input can be received via interaction with one or more user interface displays generated by the graphical interface component 204, where the interface displays can conform to any suitable format in accordance with various embodiments. In one or more embodiments, the graphical interface component 204 may display one or more tables similar in format to those depicted in FIG. 7A; [0092] FIGS. 8A and 8B illustrate another example security strategy that can be implemented by security configuration system 202. FIG. 8A is a table illustrating example user configuration input that can be provided to (or, in some cases, automatically discovered by) security configuration system 202, and FIG. 8B is a diagram representing the security policy. In this example, devices D2-D3 all support CIP security and are assigned to the same zone (Zone 1); wherein the optimizing the resultant list of identified communication relations is showing which devices are in the specific security zone assigned, and in accordance with Fig. 7A and 8A, the complexity is reduced because only those devices which are in the zone are included in each area of the display, while other devices not in the zone are not included, thus reducing complexity because a list of all devices intermixed by zone is considered complex while a list of only those in a zone is simplified) “creating at least one automation component configuration comprising the determined functionality parameter setting and the determined security parameter setting” (Fig. 14 and [0049] Graphical interface component 204 can be configured to generate a set of graphical user interface displays with which a user can interact in order to define security zones, assign industrial and networking devices to defined zones, define conduits between devices and/or zones, download or distribute security configuration instructions to appropriate devices that make up an industrial automation environment, and other such functions; [0107] Once the security model has been completed and has been determined to comprise only enforceable security policies (NO at step 1414), the methodology proceeds to step 1416, where the system generates a set of device-level security instructions for implementation on one or more of the industrial assets. These security configuration instructions are generated based on an analysis of the security model, which in turn is generated based on the configuration input provided by the user....The system's translation engine can include knowledge of the types and formats of security configuration instructions supported by a range of different device types and vendors, allowing the system to appropriately map the security policies defined by the model to a set of vendor- and model-specific device-level security configuration instructions in order to implement the defined security policy. At 1420, the security configuration instructions are sent to the appropriate industrial assets on the plant floor (e.g., via the plant network).) “and configuring the at least one automation component of the industrial automation project based on the determined functionality parameter settings and the determined security parameter settings” (Fig. 14 and [0046] The configuration system translates the defined security policy into device-level security configuration instructions that are then downloaded or otherwise sent to the appropriate devices (e.g., network infrastructure devices and/or industrial devices) in order to implement the defined security policy. This translation can be based on defined translation rules maintained by the configuration system. These translation rules can include vendor-specific rules capable of generating appropriate security configuration instructions for respective vendor-specific devices. In this way, the system hides or abstracts from the user the technical complexities associated with setting device-level security parameters; [0107] Once the security model has been completed and has been determined to comprise only enforceable security policies (NO at step 1414), the methodology proceeds to step 1416, where the system generates a set of device-level security instructions for implementation on one or more of the industrial assets. These security configuration instructions are generated based on an analysis of the security model, which in turn is generated based on the configuration input provided by the user....The system's translation engine can include knowledge of the types and formats of security configuration instructions supported by a range of different device types and vendors, allowing the system to appropriately map the security policies defined by the model to a set of vendor- and model-specific device-level security configuration instructions in order to implement the defined security policy. At 1420, the security configuration instructions are sent to the appropriate industrial assets on the plant floor (e.g., via the plant network)).

In regard to Claim 18, Bush discloses “The method according to claim 17, wherein said determining automation component description data further comprises: retrieving at least one of (i) a default functionality parameter setting and (ii) a default security parameter setting; said determining the functionality parameter setting being further based on at least one of (i) the default functionality parameter setting and (ii) the default security parameter setting” ([0056] For embodiments that include a device discovery component 210, the configuration system 202 can poll plant network 406 for industrial devices present on the network. In such embodiments, the device discovery component 210 can access device identification information present on a networked device (if the device supports auto-discovery) and update the model 216 to include the discovered device. In some embodiments, the device discovery component 210 can also retrieve any current device configuration information on the device (e.g., network address, pre-existing security parameters, etc.) that may be required by the system in order to generate security configuration instructions for the device or for other devices that will be communicating with the device.).

In regards to Claim 20, Bush discloses “The method according to claim 17, further comprising: combining the determined security parameter settings to a set of project-level security data for the automation project” (Fig. 4 and [0045] one or more embodiments of the present disclosure relate to a model-based security policy configuration system for industrial automation devices and assets. In one or more embodiments, the configuration system can maintain a model of an industrial environment that inventories industrial devices and network infrastructure devices distributed throughout a plant environment, as well as networked interconnections and relationships between the various devices; wherein a plant is considered a project, as it is an interrelated set of devices all functioning towards the same goal (i.e. operating the plant) [0086] A Device Definition table 704 may include information defining the inventory of industrial assets and devices for which the plant-wide security strategy is to be implemented).  

In regards to Claim 21, Bush discloses “The method according to claim 17, further comprising: providing at least one of (i) the automation component configurations and (ii) project-level security data to a receiving tool” ([0056] For embodiments that include a device discovery component 210, the configuration system 202 can poll plant network 406 for industrial devices present on the network. In such embodiments, the device discovery component 210 can access device identification information present on a networked device (if the device supports auto-discovery) and update the model 216 to include the discovered device. In some embodiments, the device discovery component 210 can also retrieve any current device configuration information on the device (e.g., network address, pre-existing security parameters, etc.) that may be required by the system in order to generate security configuration instructions for the device or for other devices that will be communicating with the device; [0083] business rules may also identify potential conflicts between enforcement solutions before or after such solutions are deployed. In such embodiments, the system may perform real-time monitoring of the devices involved in the security policy to ensure that subsequent re-configurations of the devices do not conflict with a previously established security policy. For example, after deployment of a security strategy by the system, whereby secure communication between two devices is established, a user may use an independent configuration tool to re-configure a network infrastructure device (e.g., a firewall) in such a way as to block communications between the two devices, inadvertently conflicting with the security policy previously established by the security configuration system. Based on the model and the business rules, the system may detect such re-configurations, determine that the re-configuration conflicts with the previously defined security policy, and perform an action in response to this determination. The action may comprise, for example, delivering a notification message to one or more personnel responsible for administering the security strategy, automatically returning the affected device to its previously configured security settings (i.e., over-riding the re-configuration), or other such actions. In this way, the modeling tool and business rules can enforce defined security policies in real-time, easily identifying policy conflicts that would otherwise be difficult to track). 

In regards to Claim 22, Bush discloses “The method according to claim 21, wherein the receiving tool comprises at least one of a verification tool and a monitoring tool” ([[0083] business rules may also identify potential conflicts between enforcement solutions before or after such solutions are deployed. In such embodiments, the system may perform real-time monitoring of the devices involved in the security policy to ensure that subsequent re-configurations of the devices do not conflict with a previously established security policy. For example, after deployment of a security strategy by the system, whereby secure communication between two devices is established, a user may use an independent configuration tool to re-configure a network infrastructure device (e.g., a firewall) in such a way as to block communications between the two devices, inadvertently conflicting with the security policy previously established by the security configuration system. Based on the model and the business rules, the system may detect such re-configurations, determine that the re-configuration conflicts with the previously defined security policy, and perform an action in response to this determination. The action may comprise, for example, delivering a notification message to one or more personnel responsible for administering the security strategy, automatically returning the affected device to its previously configured security settings (i.e., over-riding the re-configuration), or other such actions. In this way, the modeling tool and business rules can enforce defined security policies in real-time, easily identifying policy conflicts that would otherwise be difficult to track; [0039] The industrial controllers 118 can also store persisted data values that can be referenced by the control program and used for control decisions, including but not limited to measured or calculated values representing operational states of a controlled machine or process (e.g., tank levels, positions, alarms, etc.) or captured time series data that is collected during operation of the automation system (e.g., status information for multiple points in time, diagnostic occurrences, etc.).

In regards to Claim 23, Bush discloses “The method according to claim 17, further comprising: providing an automation component configuration for one of (i) each automation component and (ii) each group of related automation components” ([0046] Once all necessary devices of an automation system or plant environment have been added to respective security zones and any desired conduits are defined, the configuration system can implement a system-wide security policy based on the zone and conduit information defined by the user, as well as the system model. The configuration system translates the defined security policy into device-level security configuration instructions that are then downloaded or otherwise sent to the appropriate devices (e.g., network infrastructure devices and/or industrial devices) in order to implement the defined security policy; wherein a zone is a group of related automation components).

In regards to Claim 24, Bush discloses “The method according to claim 17, further comprising: evaluating a set of project-level security data of the automation project in accordance with definable security criteria” ([0083] business rules may also identify potential conflicts between enforcement solutions before or after such solutions are deployed. In such embodiments, the system may perform real-time monitoring of the devices involved in the security policy to ensure that subsequent re-configurations of the devices do not conflict with a previously established security policy. For example, after deployment of a security strategy by the system, whereby secure communication between two devices is established, a user may use an independent configuration tool to re-configure a network infrastructure device (e.g., a firewall) in such a way as to block communications between the two devices, inadvertently conflicting with the security policy previously established by the security configuration system. Based on the model and the business rules, the system may detect such re-configurations, determine that the re-configuration conflicts with the previously defined security policy, and perform an action in response to this determination. The action may comprise, for example, delivering a notification message to one or more personnel responsible for administering the security strategy, automatically returning the affected device to its previously configured security settings (i.e., over-riding the re-configuration), or other such actions. In this way, the modeling tool and business rules can enforce defined security policies in real-time, easily identifying policy conflicts that would otherwise be difficult to track).

In regards to Claim 25, Bush discloses “The method according to claim 17, further comprising: optimizing a set of project-level security data in accordance with at least one of (i) a definable project security level and (ii) definable security zones” (Fig. 6D and [0049] Graphical interface component 204 can be configured to generate a set of graphical user interface displays with which a user can interact in order to define security zones, assign industrial and networking devices to defined zones, define conduits between devices and/or zones, download or distribute security configuration instructions to appropriate devices that make up an industrial automation environment, and other such functions; [0050] Instruction translation component 206 can be configured to read device, zone, and conduit information provided by the user (or automatically detected by the configuration system 202) and generate a set of security configuration instructions that, when implemented on respective industrial and/or networking devices, enforce the plant-wide security strategy defined by the user-provided device, zone, and conduit information; [0060] Through interaction with the Security Zones node 604, a user can create any number of security zones. As shown in FIG. 6B, devices can then be added to each zone by invoking a pop-up menu 608 for a selected zone (e.g., by right-clicking on the selected zone's icon) and selecting a Add Device option, which can invoke a list of available devices that make up the set of industrial assets 408. The user can associate one or more devices with a zone by selecting the desired devices from this device list. Menu 608 also allows the user to assign a defined certificate authority to each zone, as well as to set other zone-level security attributes and properties for the zone. Zone-level attributes configured in this manner will be applied to all devices assigned to the zone).

In regards to Claim 26, Bush discloses “The method according to claim 17, further comprising: structuring the automation component description data in accordance with a format comprising at least functionality data and security data” (Fig. 7A, 8A, 9A, 10A, 11A, 12A and 13A all show a format of data in the form of a table that comprises all functional and security data; [0085] FIG. 7A is a table illustrating configuration input provided to the security configuration system 202 by a user in order to implement the security policy. As noted above, this configuration input can be received via interaction with one or more user interface displays generated by the graphical interface component 204, where the interface displays can conform to any suitable format in accordance with various embodiments. In one or more embodiments, the graphical interface component 204 may display one or more tables similar in format to those depicted in FIG. 7A. For example, the graphical interface component 204 may generate and display a Zone Definition table 702 for entry of zone definition information, and a Conduit Definition table 706 for entry of conduit definition information. The Zone Definition table 702 may include fields for assigning a zone name to a new zone, selecting a type of security to be used within each zone (e.g., user certificate, PSK, whitelist, etc.), indicating whether I/O and/or messaging within the zone is to be secure, and other such zone-level definitions).

In regards to Claim 27, Bush discloses “The method according to claim 17, further comprising: enriching the automation component description data with at least parts of the automation component configurations” ([0056] Security configuration using the security configuration system 202 is driven in part by model 216, which models the collection of industrial assets 408 and the networked connectivity between the devices. Model 216 can be generating using one or both of manual configuration or automatic device detection. To allow devices to be added to model 216, some embodiments of security configuration system 202 can maintain a database of industrial device definitions that can be manually or automatically selected and added to the model as needed. For manual configuration, the graphical interface component 204 may generate and display one or more device selection screens that allow the user to browse a stored database of devices according to one or more of device vendor, device model, device type, firmware revision, or other device identification information. For embodiments that include a device discovery component 210, the configuration system 202 can poll plant network 406 for industrial devices present on the network. In such embodiments, the device discovery component 210 can access device identification information present on a networked device (if the device supports auto-discovery) and update the model 216 to include the discovered device; [0057] Model 216 represents this configuration of devices, and comprises a set of information identifying the industrial devices and network infrastructure devices that make up the collected set of industrial assets 408. An example model 216 may define each device in terms of the device vendor and model, the device's current software or firmware revisions, current network settings (e.g., network addresses), current security settings, and other relevant information.; [0077] As the industrial assets 408 are defined and grouped into security zones (and any desired conduits between devices and/or zones are defined), the model 216 is updated to record the set of industrial assets and the security relationships therebetween, as defined by the zones, conduits, channels, and any other zone-level and/or asset-level security attributes set by the user).

In regards to Claim 28, Bush discloses “An engineering system for providing at least one automation component configurations for an industrial automation project, the engineering system being configured to: determine automation component description data comprising at least one functionality parameter for configuring functionality of the at least one automation component and at least one security parameter for configuring security functions of the at least one automation component” (Fig. 2 item 202 and [0004]  a system for configuring security in an industrial environment is provided, comprising an interface component configured to receive zone configuration input that assigns respective industrial assets to selected security zones; an instruction translation component configured to generate one or more security configuration instructions directed to one or more of the industrial assets based on the zone configuration input, wherein the one or more security configuration instructions are configured to set respective asset-level security settings on the one or more of the industrial assets; [0053] The model-based security configuration system described herein allows a user to easily create a security model for their collection of networked industrial assets, which is then used by the system to generate device-specific security configuration instructions and set device security parameters for individual devices on the network [0054]  the security configuration system 202 described herein provides an intuitive interface with which the user can define these various trust relationships between their various industrial assets, and generates a suitable set of security configuration instructions for deployment to the user's industrial assets based on these defined trust relationships, thereby abstracting and simplifying the process of configuring the security parameters for each individual device; [0075] The system can also allow the user to set other security attributes for a defined zone (e.g., allowed cipher suites, verify expirations, or other such security attributes). The system can also allow the user to set a number of attributes for the zone that are not specifically security related (e.g., disable HTTP, etc.).[0076] In addition to zone-level attributes, the system also allows the user to set a number of asset-level attributes. These attributes are applied to specific industrial assets and devices. In some scenarios, some or all of these asset-level attributes may be read automatically by the configuration system as part of a device auto-discovery routine (implemented by the device discovery component 210). These manually provided or automatically discovered asset-level attributes are encoded in the model 216 together with the zone-level attributes. Asset-level attributes may include, for example, an asset type attribute used to classify the device and to render the device's capabilities in the model 216, port attributes that specify one or more mechanisms by which the asset communicates with other assets (e.g., specifying that the asset is to communicate via its Ethernet port, and setting an IP address for the device), or other such attributes) “determine, based on the industrial automation project, a functionality parameter setting for the at least one functionality parameter and a security parameter setting for the at least one security parameter” (Fig. 2 and 14 and [0050] Instruction translation component 206 can be configured to read device, zone, and conduit information provided by the user (or automatically detected by the configuration system 202) and generate a set of security configuration instructions that, when implemented on respective industrial and/or networking devices, enforce the plant-wide security strategy defined by the user-provided device, zone, and conduit information. The instruction translation component 206 can generate these instructions based on a stored model 216 that describes the inventory of industrial and networking devices that make up the user's plant environment, as well as the networked connectivity between the devices. This model 216 includes vendor and model information for the various devices, allowing instruction translation component 206 to generate appropriate vendor- and model-specific security configuration instructions that will implement the user's desired security policies. Instruction translation component 206 can also generate these instructions based on defined business rules 218 that determine how security configuration conflicts are to be resolved for a given scenario; [0107] Once the security model has been completed and has been determined to comprise only enforceable security policies (NO at step 1414), the methodology proceeds to step 1416, where the system generates a set of device-level security instructions for implementation on one or more of the industrial assets. These security configuration instructions are generated based on an analysis of the security model, which in turn is generated based on the configuration input provided by the user. In one or more embodiments, the system that generated the interface at step 1402 maintains a translation engine capable of converting the security policy configuration information provided in previous steps into device- and vendor-specific security configuration instructions that, when executed on the individual target assets, will implement the plant-wide security strategy defined in previous steps) “create at least one automation component configuration comprising the determined functionality parameter settings and the determined security parameter settings;” (Fig. 14 and [0049] Graphical interface component 204 can be configured to generate a set of graphical user interface displays with which a user can interact in order to define security zones, assign industrial and networking devices to defined zones, define conduits between devices and/or zones, download or distribute security configuration instructions to appropriate devices that make up an industrial automation environment, and other such functions; [0107] Once the security model has been completed and has been determined to comprise only enforceable security policies (NO at step 1414), the methodology proceeds to step 1416, where the system generates a set of device-level security instructions for implementation on one or more of the industrial assets. These security configuration instructions are generated based on an analysis of the security model, which in turn is generated based on the configuration input provided by the user....The system's translation engine can include knowledge of the types and formats of security configuration instructions supported by a range of different device types and vendors, allowing the system to appropriately map the security policies defined by the model to a set of vendor- and model-specific device-level security configuration instructions in order to implement the defined security policy. At 1420, the security configuration instructions are sent to the appropriate industrial assets on the plant floor (e.g., via the plant network)) “aggregating active ports and configured IP addresses of the automation component in the determined automation component description data and optimizing a resultant list of data by identifying communication relations and reducing a complexity of the resultant list;” (Fig. 7A, 8A show list of data with identified communication relations in the form of assigned zone and [0056] the device discovery component 210 can access device identification information present on a networked device (if the device supports auto-discovery) and update the model 216 to include the discovered device. In some embodiments, the device discovery component 210 can also retrieve any current device configuration information on the device (e.g., network address, pre-existing security parameters, etc.) that may be required by the system in order to generate security configuration instructions for the device or for other devices that will be communicating with the device; [0074] Selecting IP Block security for a zone specifies that the selected zone contains industrial assets identified by individual IP addresses or a range of IP addresses. This type of security may be mixed with either CIP Security with Certificate or CIP Security with PSK in the same security zone. [0076] These manually provided or automatically discovered asset-level attributes are encoded in the model 216 together with the zone-level attributes. Asset-level attributes may include, for example, an asset type attribute used to classify the device and to render the device's capabilities in the model 216, port attributes that specify one or more mechanisms by which the asset communicates with other assets (e.g., specifying that the asset is to communicate via its Ethernet port, and setting an IP address for the device), or other such attributes; [0085] FIGS. 7A and 7B depict a security policy comprising two security zones and an asset-to-asset conduit, in which all assets comprise devices that support CIP security. FIG. 7A is a table illustrating configuration input provided to the security configuration system 202 by a user in order to implement the security policy. As noted above, this configuration input can be received via interaction with one or more user interface displays generated by the graphical interface component 204, where the interface displays can conform to any suitable format in accordance with various embodiments. In one or more embodiments, the graphical interface component 204 may display one or more tables similar in format to those depicted in FIG. 7A; [0092] FIGS. 8A and 8B illustrate another example security strategy that can be implemented by security configuration system 202. FIG. 8A is a table illustrating example user configuration input that can be provided to (or, in some cases, automatically discovered by) security configuration system 202, and FIG. 8B is a diagram representing the security policy. In this example, devices D2-D3 all support CIP security and are assigned to the same zone (Zone 1); wherein the optimizing the resultant list of identified communication relations is showing which devices are in the specific security zone assigned, and in accordance with Fig. 7A and 8A, the complexity is reduced because only those devices which are in the zone are included in each area of the display, while other devices not in the zone are not included, thus reducing complexity because a list of all devices intermixed by zone is considered complex while a list of only those in a zone is simplified) “and configuring the at least one automation component of the industrial automation project based on the determined functionality parameter settings and the determined security parameter settings” (Fig. 14 and [0046] The configuration system translates the defined security policy into device-level security configuration instructions that are then downloaded or otherwise sent to the appropriate devices (e.g., network infrastructure devices and/or industrial devices) in order to implement the defined security policy. This translation can be based on defined translation rules maintained by the configuration system. These translation rules can include vendor-specific rules capable of generating appropriate security configuration instructions for respective vendor-specific devices. In this way, the system hides or abstracts from the user the technical complexities associated with setting device-level security parameters; [0107] Once the security model has been completed and has been determined to comprise only enforceable security policies (NO at step 1414), the methodology proceeds to step 1416, where the system generates a set of device-level security instructions for implementation on one or more of the industrial assets. These security configuration instructions are generated based on an analysis of the security model, which in turn is generated based on the configuration input provided by the user....The system's translation engine can include knowledge of the types and formats of security configuration instructions supported by a range of different device types and vendors, allowing the system to appropriately map the security policies defined by the model to a set of vendor- and model-specific device-level security configuration instructions in order to implement the defined security policy. At 1420, the security configuration instructions are sent to the appropriate industrial assets on the plant floor (e.g., via the plant network)).

In regards to Claim 29, Bush discloses “Automation component comprising: a processor; and memory;” ([0039] Industrial controllers 118 may communicatively interface with industrial devices 120 over hardwired or networked connections. For example, industrial controllers 118 can be equipped with native hardwired inputs and outputs that communicate with the industrial devices 120 to effect control of the devices; [0047] FIG. 2 is a block diagram of an example model-based security configuration system 202 according to one or more embodiments of this disclosure; [0048] Model-based security configuration system 302 can include a graphical interface component 204, an instruction translation component 206, a communication component 208, a device discovery component 210, one or more processors 212, and memory 214;) “wherein the processor is configured to: at least one of (i) receive and (ii) retrieve automation component configurations by receiving: determined automation component description data comprising at least one functionality parameter for configuring functionality of the automation component; and determined at least one security parameter for configuring security functions of the automation component” ([0004]  a system for configuring security in an industrial environment is provided, comprising an interface component configured to receive zone configuration input that assigns respective industrial assets to selected security zones; an instruction translation component configured to generate one or more security configuration instructions directed to one or more of the industrial assets based on the zone configuration input, wherein the one or more security configuration instructions are configured to set respective asset-level security settings on the one or more of the industrial assets; [0053] The model-based security configuration system described herein allows a user to easily create a security model for their collection of networked industrial assets, which is then used by the system to generate device-specific security configuration instructions and set device security parameters for individual devices on the network [0049] Graphical interface component 204 can be configured to generate a set of graphical user interface displays with which a user can interact in order to define security zones, assign industrial and networking devices to defined zones, define conduits between devices and/or zones, download or distribute security configuration instructions to appropriate devices that make up an industrial automation environment, and other such functions; [0054] the security configuration system 202 described herein provides an intuitive interface with which the user can define these various trust relationships between their various industrial assets, and generates a suitable set of security configuration instructions for deployment to the user's industrial assets based on these defined trust relationships, thereby abstracting and simplifying the process of configuring the security parameters for each individual device; [0075] The system can also allow the user to set other security attributes for a defined zone (e.g., allowed cipher suites, verify expirations, or other such security attributes). The system can also allow the user to set a number of attributes for the zone that are not specifically security related (e.g., disable HTTP, etc.).[0076] In addition to zone-level attributes, the system also allows the user to set a number of asset-level attributes. These attributes are applied to specific industrial assets and devices. In some scenarios, some or all of these asset-level attributes may be read automatically by the configuration system as part of a device auto-discovery routine (implemented by the device discovery component 210). These manually provided or automatically discovered asset-level attributes are encoded in the model 216 together with the zone-level attributes. Asset-level attributes may include, for example, an asset type attribute used to classify the device and to render the device's capabilities in the model 216, port attributes that specify one or more mechanisms by which the asset communicates with other assets (e.g., specifying that the asset is to communicate via its Ethernet port, and setting an IP address for the device), or other such attributes) “and provided at least one automation component configuration comprising a determined functionality parameter settings and determined security parameter settings” (Fig. 14 and [0049] Graphical interface component 204 can be configured to generate a set of graphical user interface displays with which a user can interact in order to define security zones, assign industrial and networking devices to defined zones, define conduits between devices and/or zones, download or distribute security configuration instructions to appropriate devices that make up an industrial automation environment, and other such functions;[0107] The system's translation engine can include knowledge of the types and formats of security configuration instructions supported by a range of different device types and vendors, allowing the system to appropriately map the security policies defined by the model to a set of vendor- and model-specific device-level security configuration instructions in order to implement the defined security policy. At 1420, the security configuration instructions are sent to the appropriate industrial assets on the plant floor (e.g., via the plant network)) “and wherein the processor is configured to: apply functionality parameter settings and security parameter settings obtained from at least one of the (i) received and (ii) retrieved automation component configurations” ([0060] The user can associate one or more devices with a zone by selecting the desired devices from this device list. Menu 608 also allows the user to assign a defined certificate authority to each zone, as well as to set other zone-level security attributes and properties for the zone. Zone-level attributes configured in this manner will be applied to all devices assigned to the zone; [0071] Once one or more security zones have been defined, the graphical interface component 204 allows the user to define various zone-level security attributes for each zone. The configuration system will apply these zone-level security attributes to all devices within the zone) “and wherein active ports and configured IP addresses of the automation component in the determined automation component description data are aggregated by an engineering system and a resultant list of data is optimized by the engineering system by identifying communication relations and reducing a complexity of the resultant list;” (Fig. 2 shows engineer system, 7A, 8A show list of data with identified communication relations in the form of assigned zone and [0056] the device discovery component 210 can access device identification information present on a networked device (if the device supports auto-discovery) and update the model 216 to include the discovered device. In some embodiments, the device discovery component 210 can also retrieve any current device configuration information on the device (e.g., network address, pre-existing security parameters, etc.) that may be required by the system in order to generate security configuration instructions for the device or for other devices that will be communicating with the device; [0074] Selecting IP Block security for a zone specifies that the selected zone contains industrial assets identified by individual IP addresses or a range of IP addresses. This type of security may be mixed with either CIP Security with Certificate or CIP Security with PSK in the same security zone. [0076] These manually provided or automatically discovered asset-level attributes are encoded in the model 216 together with the zone-level attributes. Asset-level attributes may include, for example, an asset type attribute used to classify the device and to render the device's capabilities in the model 216, port attributes that specify one or more mechanisms by which the asset communicates with other assets (e.g., specifying that the asset is to communicate via its Ethernet port, and setting an IP address for the device), or other such attributes; [0085] FIGS. 7A and 7B depict a security policy comprising two security zones and an asset-to-asset conduit, in which all assets comprise devices that support CIP security. FIG. 7A is a table illustrating configuration input provided to the security configuration system 202 by a user in order to implement the security policy. As noted above, this configuration input can be received via interaction with one or more user interface displays generated by the graphical interface component 204, where the interface displays can conform to any suitable format in accordance with various embodiments. In one or more embodiments, the graphical interface component 204 may display one or more tables similar in format to those depicted in FIG. 7A; [0092] FIGS. 8A and 8B illustrate another example security strategy that can be implemented by security configuration system 202. FIG. 8A is a table illustrating example user configuration input that can be provided to (or, in some cases, automatically discovered by) security configuration system 202, and FIG. 8B is a diagram representing the security policy. In this example, devices D2-D3 all support CIP security and are assigned to the same zone (Zone 1); wherein the optimizing the resultant list of identified communication relations is showing which devices are in the specific security zone assigned, and in accordance with Fig. 7A and 8A, the complexity is reduced because only those devices which are in the zone are included in each area of the display, while other devices not in the zone are not included, thus reducing complexity because a list of all devices intermixed by zone is considered complex while a list of only those in a zone is simplified) “and wherein the automation component is configured in an industrial automation project based on the determined functionality parameter settings and the determined security parameter settings” (Fig. 14 and [0046] The configuration system translates the defined security policy into device-level security configuration instructions that are then downloaded or otherwise sent to the appropriate devices (e.g., network infrastructure devices and/or industrial devices) in order to implement the defined security policy. This translation can be based on defined translation rules maintained by the configuration system. These translation rules can include vendor-specific rules capable of generating appropriate security configuration instructions for respective vendor-specific devices. In this way, the system hides or abstracts from the user the technical complexities associated with setting device-level security parameters; [0107] Once the security model has been completed and has been determined to comprise only enforceable security policies (NO at step 1414), the methodology proceeds to step 1416, where the system generates a set of device-level security instructions for implementation on one or more of the industrial assets. These security configuration instructions are generated based on an analysis of the security model, which in turn is generated based on the configuration input provided by the user....The system's translation engine can include knowledge of the types and formats of security configuration instructions supported by a range of different device types and vendors, allowing the system to appropriately map the security policies defined by the model to a set of vendor- and model-specific device-level security configuration instructions in order to implement the defined security policy. At 1420, the security configuration instructions are sent to the appropriate industrial assets on the plant floor (e.g., via the plant network)).

In regards to Claim 30, Bush discloses “An automation component database providing at least one of (i) automation component description data, (ii) default functionality parameters and (iii) default security parameters” (Fig. 2 memory 214 and [0056] To allow devices to be added to model 216, some embodiments of security configuration system 202 can maintain a database of industrial device definitions that can be manually or automatically selected and added to the model as needed; [0086] A Device Definition table 704 may include information defining the inventory of industrial assets and devices for which the plant-wide security strategy is to be implemented. For embodiments that support auto-discovery, at least some of this device information may be discovered automatically by the device discovery component 210, including but not limited to asset catalog numbers and current IP addresses, and indications as to whether each device supports CIP security) “wherein the database is accessed when: determining automation component description data comprising at least one functionality parameter for configuring functionality of at least one automation component and determining at least one security parameter for configuring security functions of the at least one automation component;” (Fig. 2 and 4 and [0004]  a system for configuring security in an industrial environment is provided, comprising an interface component configured to receive zone configuration input that assigns respective industrial assets to selected security zones; an instruction translation component configured to generate one or more security configuration instructions directed to one or more of the industrial assets based on the zone configuration input, wherein the one or more security configuration instructions are configured to set respective asset-level security settings on the one or more of the industrial assets; [0053] The model-based security configuration system described herein allows a user to easily create a security model for their collection of networked industrial assets, which is then used by the system to generate device-specific security configuration instructions and set device security parameters for individual devices on the network [0054]  the security configuration system 202 described herein provides an intuitive interface with which the user can define these various trust relationships between their various industrial assets, and generates a suitable set of security configuration instructions for deployment to the user's industrial assets based on these defined trust relationships, thereby abstracting and simplifying the process of configuring the security parameters for each individual device; [0075] The system can also allow the user to set other security attributes for a defined zone (e.g., allowed cipher suites, verify expirations, or other such security attributes). The system can also allow the user to set a number of attributes for the zone that are not specifically security related (e.g., disable HTTP, etc.).[0076] In addition to zone-level attributes, the system also allows the user to set a number of asset-level attributes. These attributes are applied to specific industrial assets and devices. In some scenarios, some or all of these asset-level attributes may be read automatically by the configuration system as part of a device auto-discovery routine (implemented by the device discovery component 210). These manually provided or automatically discovered asset-level attributes are encoded in the model 216 together with the zone-level attributes. Asset-level attributes may include, for example, an asset type attribute used to classify the device and to render the device's capabilities in the model 216, port attributes that specify one or more mechanisms by which the asset communicates with other assets (e.g., specifying that the asset is to communicate via its Ethernet port, and setting an IP address for the device), or other such attributes) “determining, by an engineering system, based on an industrial automation project, a functionality parameter setting for the at least one functionality parameter and a security parameter setting for the at least one security parameter;” (Fig. 2, 4 and [0050] Instruction translation component 206 can be configured to read device, zone, and conduit information provided by the user (or automatically detected by the configuration system 202) and generate a set of security configuration instructions that, when implemented on respective industrial and/or networking devices, enforce the plant-wide security strategy defined by the user-provided device, zone, and conduit information. The instruction translation component 206 can generate these instructions based on a stored model 216 that describes the inventory of industrial and networking devices that make up the user's plant environment, as well as the networked connectivity between the devices. This model 216 includes vendor and model information for the various devices, allowing instruction translation component 206 to generate appropriate vendor- and model-specific security configuration instructions that will implement the user's desired security policies. Instruction translation component 206 can also generate these instructions based on defined business rules 218 that determine how security configuration conflicts are to be resolved for a given scenario; [0107] Once the security model has been completed and has been determined to comprise only enforceable security policies (NO at step 1414), the methodology proceeds to step 1416, where the system generates a set of device-level security instructions for implementation on one or more of the industrial assets. These security configuration instructions are generated based on an analysis of the security model, which in turn is generated based on the configuration input provided by the user. In one or more embodiments, the system that generated the interface at step 1402 maintains a translation engine capable of converting the security policy configuration information provided in previous steps into device- and vendor-specific security configuration instructions that, when executed on the individual target assets, will implement the plant-wide security strategy defined in previous steps) “providing at least one automation component configuration comprising the determined functionality parameter settings and the determined security parameter settings” (Fig. 14 and [0049] Graphical interface component 204 can be configured to generate a set of graphical user interface displays with which a user can interact in order to define security zones, assign industrial and networking devices to defined zones, define conduits between devices and/or zones, download or distribute security configuration instructions to appropriate devices that make up an industrial automation environment, and other such functions;[0107] The system's translation engine can include knowledge of the types and formats of security configuration instructions supported by a range of different device types and vendors, allowing the system to appropriately map the security policies defined by the model to a set of vendor- and model-specific device-level security configuration instructions in order to implement the defined security policy. At 1420, the security configuration instructions are sent to the appropriate industrial assets on the plant floor (e.g., via the plant network)) “aggregating active ports and configured IP addresses of the automation component in the determined automation component description data and optimizing a resultant list of data by identifying communication relations and reducing a complexity of the resultant list;” (Fig. 7A, 8A show list of data with identified communication relations in the form of assigned zone and [0056] the device discovery component 210 can access device identification information present on a networked device (if the device supports auto-discovery) and update the model 216 to include the discovered device. In some embodiments, the device discovery component 210 can also retrieve any current device configuration information on the device (e.g., network address, pre-existing security parameters, etc.) that may be required by the system in order to generate security configuration instructions for the device or for other devices that will be communicating with the device; [0074] Selecting IP Block security for a zone specifies that the selected zone contains industrial assets identified by individual IP addresses or a range of IP addresses. This type of security may be mixed with either CIP Security with Certificate or CIP Security with PSK in the same security zone. [0076] These manually provided or automatically discovered asset-level attributes are encoded in the model 216 together with the zone-level attributes. Asset-level attributes may include, for example, an asset type attribute used to classify the device and to render the device's capabilities in the model 216, port attributes that specify one or more mechanisms by which the asset communicates with other assets (e.g., specifying that the asset is to communicate via its Ethernet port, and setting an IP address for the device), or other such attributes; [0085] FIGS. 7A and 7B depict a security policy comprising two security zones and an asset-to-asset conduit, in which all assets comprise devices that support CIP security. FIG. 7A is a table illustrating configuration input provided to the security configuration system 202 by a user in order to implement the security policy. As noted above, this configuration input can be received via interaction with one or more user interface displays generated by the graphical interface component 204, where the interface displays can conform to any suitable format in accordance with various embodiments. In one or more embodiments, the graphical interface component 204 may display one or more tables similar in format to those depicted in FIG. 7A; [0092] FIGS. 8A and 8B illustrate another example security strategy that can be implemented by security configuration system 202. FIG. 8A is a table illustrating example user configuration input that can be provided to (or, in some cases, automatically discovered by) security configuration system 202, and FIG. 8B is a diagram representing the security policy. In this example, devices D2-D3 all support CIP security and are assigned to the same zone (Zone 1); wherein the optimizing the resultant list of identified communication relations is showing which devices are in the specific security zone assigned, and in accordance with Fig. 7A and 8A, the complexity is reduced because only those devices which are in the zone are included in each area of the display, while other devices not in the zone are not included, thus reducing complexity because a list of all devices intermixed by zone is considered complex while a list of only those in a zone is simplified) “and configuring the at least one automation component of the industrial automation project based on the determined functionality parameter settings and the determined security parameter settings” (Fig. 14 and [0046] The configuration system translates the defined security policy into device-level security configuration instructions that are then downloaded or otherwise sent to the appropriate devices (e.g., network infrastructure devices and/or industrial devices) in order to implement the defined security policy. This translation can be based on defined translation rules maintained by the configuration system. These translation rules can include vendor-specific rules capable of generating appropriate security configuration instructions for respective vendor-specific devices. In this way, the system hides or abstracts from the user the technical complexities associated with setting device-level security parameters; [0107] Once the security model has been completed and has been determined to comprise only enforceable security policies (NO at step 1414), the methodology proceeds to step 1416, where the system generates a set of device-level security instructions for implementation on one or more of the industrial assets. These security configuration instructions are generated based on an analysis of the security model, which in turn is generated based on the configuration input provided by the user....The system's translation engine can include knowledge of the types and formats of security configuration instructions supported by a range of different device types and vendors, allowing the system to appropriately map the security policies defined by the model to a set of vendor- and model-specific device-level security configuration instructions in order to implement the defined security policy. At 1420, the security configuration instructions are sent to the appropriate industrial assets on the plant floor (e.g., via the plant network)).

In regards to Claim 31, Bush discloses “A receiving tool operative to at least one of receive and retrieve at least one of (i) automation component configurations and (ii) project-level security data provided by: determining automation component description data comprising at least one functionality parameter for configuring functionality of at least one automation component and determining at least one security parameter for configuring security functions of the at least one automation component;” (Fig. 2 and 14 and [0056] For manual configuration, the graphical interface component 204 may generate and display one or more device selection screens that allow the user to browse a stored database of devices according to one or more of device vendor, device model, device type, firmware revision, or other device identification information. For embodiments that include a device discovery component 210, the configuration system 202 can poll plant network 406 for industrial devices present on the network. In such embodiments, the device discovery component 210 can access device identification information present on a networked device (if the device supports auto-discovery) and update the model 216 to include the discovered device. In some embodiments, the device discovery component 210 can also retrieve any current device configuration information on the device (e.g., network address, pre-existing security parameters, etc.) that may be required by the system in order to generate security configuration instructions for the device or for other devices that will be communicating with the device; [0058]once the model 216 is configured to reflect the collection of industrial assets, the graphical interface component 204 can generate one or more trust definition screens that allow the user to further refine the model by defining a plant-wide security strategy for the device. In particular, the trust definitions screens provide an intuitive interface that allows the user to group the devices and assets into security zones, and define any desired channels and/or conduits between devices and zones, thereby defining high-level security policies for the collection of industrial assets 408. The graphical interface component 204 can render these security policy definition displays in any format suitable for receiving the user-defined security definition information; [0075] The system can also allow the user to set other security attributes for a defined zone (e.g., allowed cipher suites, verify expirations, or other such security attributes). The system can also allow the user to set a number of attributes for the zone that are not specifically security related (e.g., disable HTTP, etc.).[0076] In addition to zone-level attributes, the system also allows the user to set a number of asset-level attributes. These attributes are applied to specific industrial assets and devices. In some scenarios, some or all of these asset-level attributes may be read automatically by the configuration system as part of a device auto-discovery routine (implemented by the device discovery component 210). These manually provided or automatically discovered asset-level attributes are encoded in the model 216 together with the zone-level attributes. Asset-level attributes may include, for example, an asset type attribute used to classify the device and to render the device's capabilities in the model 216, port attributes that specify one or more mechanisms by which the asset communicates with other assets (e.g., specifying that the asset is to communicate via its Ethernet port, and setting an IP address for the device), or other such attributes) “determining, by an engineering system, based on the industrial automation project, a functionality parameter setting for the at least one functionality parameter (FP) and a security parameter setting for the at least one security parameter” (Fig. 2 and [0050] Instruction translation component 206 can be configured to read device, zone, and conduit information provided by the user (or automatically detected by the configuration system 202) and generate a set of security configuration instructions that, when implemented on respective industrial and/or networking devices, enforce the plant-wide security strategy defined by the user-provided device, zone, and conduit information. The instruction translation component 206 can generate these instructions based on a stored model 216 that describes the inventory of industrial and networking devices that make up the user's plant environment, as well as the networked connectivity between the devices. This model 216 includes vendor and model information for the various devices, allowing instruction translation component 206 to generate appropriate vendor- and model-specific security configuration instructions that will implement the user's desired security policies. Instruction translation component 206 can also generate these instructions based on defined business rules 218 that determine how security configuration conflicts are to be resolved for a given scenario; [0107] Once the security model has been completed and has been determined to comprise only enforceable security policies (NO at step 1414), the methodology proceeds to step 1416, where the system generates a set of device-level security instructions for implementation on one or more of the industrial assets. These security configuration instructions are generated based on an analysis of the security model, which in turn is generated based on the configuration input provided by the user. In one or more embodiments, the system that generated the interface at step 1402 maintains a translation engine capable of converting the security policy configuration information provided in previous steps into device- and vendor-specific security configuration instructions that, when executed on the individual target assets, will implement the plant-wide security strategy defined in previous steps) “said engineering system aggregating active ports and configured IP addresses of the automation component in the determined automation component description data and optimizing a resultant list of data by identifying communication relations and reducing a complexity of the resultant list;” (Fig. 7A, 8A show list of data with identified communication relations in the form of assigned zone and [0056] the device discovery component 210 can access device identification information present on a networked device (if the device supports auto-discovery) and update the model 216 to include the discovered device. In some embodiments, the device discovery component 210 can also retrieve any current device configuration information on the device (e.g., network address, pre-existing security parameters, etc.) that may be required by the system in order to generate security configuration instructions for the device or for other devices that will be communicating with the device; [0074] Selecting IP Block security for a zone specifies that the selected zone contains industrial assets identified by individual IP addresses or a range of IP addresses. This type of security may be mixed with either CIP Security with Certificate or CIP Security with PSK in the same security zone. [0076] These manually provided or automatically discovered asset-level attributes are encoded in the model 216 together with the zone-level attributes. Asset-level attributes may include, for example, an asset type attribute used to classify the device and to render the device's capabilities in the model 216, port attributes that specify one or more mechanisms by which the asset communicates with other assets (e.g., specifying that the asset is to communicate via its Ethernet port, and setting an IP address for the device), or other such attributes; [0085] FIGS. 7A and 7B depict a security policy comprising two security zones and an asset-to-asset conduit, in which all assets comprise devices that support CIP security. FIG. 7A is a table illustrating configuration input provided to the security configuration system 202 by a user in order to implement the security policy. As noted above, this configuration input can be received via interaction with one or more user interface displays generated by the graphical interface component 204, where the interface displays can conform to any suitable format in accordance with various embodiments. In one or more embodiments, the graphical interface component 204 may display one or more tables similar in format to those depicted in FIG. 7A; [0092] FIGS. 8A and 8B illustrate another example security strategy that can be implemented by security configuration system 202. FIG. 8A is a table illustrating example user configuration input that can be provided to (or, in some cases, automatically discovered by) security configuration system 202, and FIG. 8B is a diagram representing the security policy. In this example, devices D2-D3 all support CIP security and are assigned to the same zone (Zone 1); wherein the optimizing the resultant list of identified communication relations is showing which devices are in the specific security zone assigned, and in accordance with Fig. 7A and 8A, the complexity is reduced because only those devices which are in the zone are included in each area of the display, while other devices not in the zone are not included, thus reducing complexity because a list of all devices intermixed by zone is considered complex while a list of only those in a zone is simplified) “and providing at least one automation component configuration comprising the determined functionality parameter settings and the determined security parameter settings” (Fig. 14 and [0049] Graphical interface component 204 can be configured to generate a set of graphical user interface displays with which a user can interact in order to define security zones, assign industrial and networking devices to defined zones, define conduits between devices and/or zones, download or distribute security configuration instructions to appropriate devices that make up an industrial automation environment, and other such functions;[0107] The system's translation engine can include knowledge of the types and formats of security configuration instructions supported by a range of different device types and vendors, allowing the system to appropriately map the security policies defined by the model to a set of vendor- and model-specific device-level security configuration instructions in order to implement the defined security policy. At 1420, the security configuration instructions are sent to the appropriate industrial assets on the plant floor (e.g., via the plant network); [0076] In addition to zone-level attributes, the system also allows the user to set a number of asset-level attributes. These attributes are applied to specific industrial assets and devices. In some scenarios, some or all of these asset-level attributes may be read automatically by the configuration system as part of a device auto-discovery routine (implemented by the device discovery component 210). These manually provided or automatically discovered asset-level attributes are encoded in the model 216 together with the zone-level attributes.) “and wherein the receiving tool is further configured to process at least one of (i) the automation component configurations and (ii) project-level security data” ([0071] Once one or more security zones have been defined, the graphical interface component 204 allows the user to define various zone-level security attributes for each zone. The configuration system will apply these zone-level security attributes to all devices within the zone. For example, the user may define the type of security to be used within each security zone. Example security types that may be configured for a zone include, but are not limited to, common industrial protocol (CIP) Security with Certificate, CIP Security with Pre-Shared Key (PSK), IP Block security, firewall rules, etc.; [0077] The instruction translation component 206 translates the high-level, user-defined security policies—as defined by the zone, channel, and conduit definitions—into security configuration data 404 that can be sent to individual assets and devices to facilitate implementing the plant-wide security strategy.) “and configuring the at least one automation component of the industrial automation project based on the determined functionality parameter settings and the determined security parameter settings” (Fig. 14 and [0046] The configuration system translates the defined security policy into device-level security configuration instructions that are then downloaded or otherwise sent to the appropriate devices (e.g., network infrastructure devices and/or industrial devices) in order to implement the defined security policy. This translation can be based on defined translation rules maintained by the configuration system. These translation rules can include vendor-specific rules capable of generating appropriate security configuration instructions for respective vendor-specific devices. In this way, the system hides or abstracts from the user the technical complexities associated with setting device-level security parameters; [0107] Once the security model has been completed and has been determined to comprise only enforceable security policies (NO at step 1414), the methodology proceeds to step 1416, where the system generates a set of device-level security instructions for implementation on one or more of the industrial assets. These security configuration instructions are generated based on an analysis of the security model, which in turn is generated based on the configuration input provided by the user....The system's translation engine can include knowledge of the types and formats of security configuration instructions supported by a range of different device types and vendors, allowing the system to appropriately map the security policies defined by the model to a set of vendor- and model-specific device-level security configuration instructions in order to implement the defined security policy. At 1420, the security configuration instructions are sent to the appropriate industrial assets on the plant floor (e.g., via the plant network)).

In regards to Claim 32, Bush discloses “The receiving tool according to claim 31, wherein the receiving tool is further operative to provide a result of processing at least one of the (i) automation component configuration and (ii) project-level security data to an engineering system” ([0083] business rules may also identify potential conflicts between enforcement solutions before or after such solutions are deployed. In such embodiments, the system may perform real-time monitoring of the devices involved in the security policy to ensure that subsequent re-configurations of the devices do not conflict with a previously established security policy. For example, after deployment of a security strategy by the system, whereby secure communication between two devices is established, a user may use an independent configuration tool to re-configure a network infrastructure device (e.g., a firewall) in such a way as to block communications between the two devices, inadvertently conflicting with the security policy previously established by the security configuration system. Based on the model and the business rules, the system may detect such re-configurations, determine that the re-configuration conflicts with the previously defined security policy, and perform an action in response to this determination. The action may comprise, for example, delivering a notification message to one or more personnel responsible for administering the security strategy, automatically returning the affected device to its previously configured security settings (i.e., over-riding the re-configuration), or other such actions. In this way, the modeling tool and business rules can enforce defined security policies in real-time, easily identifying policy conflicts that would otherwise be difficult to track).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claim 35 is rejected under 35 U.S.C. 103 as being unpatentable over Bush as applied to claim 17 above, and further in view of Dutta et al. (US 20170359222, hereinafter Dutta).

In regards to Claim 35, Bush teaches the method of configuring an automation component with functional and security parameters as incorporated by claim 17 above.
Bush further teaches “The method according to claim 17, wherein the identified communication relations are enriched with security relevant data and automatically generated as communication graphs...” ([0089] FIG. 7B is a diagram depicting the security strategy implemented by the system in accordance with the user-provided configuration input depicted in FIG. 7A. In this example, the industrial assets comprise six devices D1-D6 that are grouped into two zones Z1 and Z2 (as indicated in the Device Definition section of FIG. 7A). The devices all support CIP security, and so are capable of exchanging data securely. In accordance with the zone groupings defined by the user, the instruction translation component 206 generates and deploys any device-level security configuration instructions necessary to allow devices D1-D3 to securely exchange data with one another in accordance with their Zone 1 designation, and to allow devise D4-D6 to securely exchange data with one another in accordance with their Zone 2 designation; [0092] FIG. 8B is a diagram representing the security policy. In this example, devices D2-D3 all support CIP security and are assigned to the same zone (Zone 1). Device D4, assigned to Zone 2, is a legacy product that does not support CIP security. An asset-to-asset conduit has been defined to allow communication between device D1 and legacy device D4. Since devices D1-D3 support CIP security, data exchange between these devices is performed securely. Since device D4 does not support CIP security, data exchange between D1 and D4 is permitted by virtue of the defined conduit between those two devices, but is not secure; wherein the indication of CIP security zone versus non-CIP security zone is considered ‘security relevant data’, and likewise the use of different security zones by different devices, including those that can exist in multiple zones like those of Fig. 9B).
Bush fails to teach “The method according to claim 17, wherein the identified communication relations are enriched with security relevant data and automatically generated as communication graphs illustrated on HMI systems to provide simplified security analysis and monitoring”.
Dutta teaches “The method according to claim 17, wherein the identified communication relations are enriched with security relevant data and automatically generated as communication graphs illustrated on HMI systems to provide simplified security analysis and monitoring” (Fig. 3 and [0030] The data agents block 110 can use the following steps described below relative to method 200 to discover and store the network topology including all the nodes present and their interconnection for any target C&I system (say DCS 105a) in the IF105, or for all C&I systems in IF105. FIG. 2A is a flow chart for an example method 200 of network topology determination for at least one C&I system in an IF, according to an example embodiment; [0032] For example, EXPERION information can be extracted from databases referred to as EMDB and ERDB of the C&I systems (that are generally stored in a memory of a server in the respective C&I systems) at a server node, and then a query of those devices based on the list of devices extracted from the server enables further information to be obtained that generally differs from node to node. [0039] FIG. 3 shows a simplified example C&I network topology drawing 300 that can be determined by a disclosed ANTD system 100 which automatically discovers all the nodes present in C&I system and connection details (including signal flow) between the nodes to automatically determine the network topology drawing 300. C&I network topology drawing 300 includes the network type, all its nodes and interconnecting networking devices, connectivity information including network relationships between the nodes and the interconnecting networking devices).
It would have been obvious to a person having ordinary skill in the art before the effective file date of the claimed invention to have modified the system that creates security zones and configuration information for configuring the network connections and security between automation devices, including the ability to understand how a communication graph would be created with security relevant data such as that shown in 7A and 7B, with the ability to display said graph on an HMI as taught by Dutta because it would offer the intrinsic benefit of allowing a user to more easily digest and understand the network security zones and how devices are allowed or disallowed from communicating with one another.  Additionally, the incorporation of the features of Dutta into Bush would offer the stated benefits noted by Dutta in [0006]-[0010], as Dutta notes that “[0010] The complete network topology diagram is highly useful as it provides a full view of control network(s) in the IF with the networking devices and the signal flow shown. The network topology diagram can be used to perform impact assessment or resolve network issues including in the case of overloading/packet loss or a network outage.”.  Both Bush and Dutta relate to automation system and the networking environment that exists for a particular automation system, making them in similar fields of use.  Based upon the provided disclosures, Bush teaches that network node maps/graphs like those made by Dutta can be created like those in figures 7B and 8B (and others) but does not explicitly say that an actual HMI presented to a user is created to show these relationship.  Dutta teaches a system that creates these network node maps/graphs and shows these to users.  It is therefore a simple task for Bush to create an HMI for presentation to a user like those shown in figures 7B and 8B using procedures utilized by Dutta.  Dutta also teaches that “signal flow” can be shown thus assisting in determining packet loss and network outage, thus providing ‘simplified security analysis and monitoring.  For example, the databases shown in Fig. 7A and 8A can be parsed in the way Dutta does to discover these security and communication relationships and create an HMI like that of Dutta using the information from Bush along with the additional data gathered by Dutta.  It would be understood by a person having ordinary skill in the art that once the networking information is known, putting it into a display graph for a user is trivial as the use of computer graphics for representing information is well-known.  By combining these elements, it can be considered taking the known system that uses a database of networking connectivity and security information to create security zones and configure the devices to operate in those zones as taught by Bush, with the known ability to create a network map/graph from a database of network connectivity information for display to a user to create a system wherein a database of networking connectivity and security information to create security zones and configure the devices to operate in those zones is then utilized to build an HMI displaying said information graphically to a user.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JONATHAN M SKRZYCKI whose telephone number is (571)272-0933. The examiner can normally be reached M-F 7:30-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kenneth Lo can be reached on (571) 272-9774. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JONATHAN MICHAEL SKRZYCKI/           Examiner, Art Unit 2116                                                                                                                                                                                             
/KENNETH M LO/           Supervisory Patent Examiner, Art Unit 2116