Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This communication is in response to the amended application filed on 04/26/2022.
Claims 1-25 are pending.
Claim 1 is amended.
Information Disclosure Statement
The information disclosure statements (IDS) submitted on 07/15/2022 and 03/18/2022 are in compliance with the provisions of 37 C.F.R. § 1.97. Accordingly, the IDS are being considered by the examiner.
Remarks
Applicant’s arguments (“Remarks”) filed on 04/26/2022 have been considered, however, they are moot due to the new reference, Telljohan (Pub. No. US 2015/0127120 A1), used in the current rejection. See 35 U.S.C. § 103 rejection below. 
Claim Rejections - 35 U.S.C. § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. §§ 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. § 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. § 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-16 and 24-25 are rejected under 35 U.S.C. § 103 as being unpatentable over Mujtaba (Pub. No. US 2011/0258426) in view of Telljohan (Pub. No. US 2015/0127120 A1).

Regarding claim 1, Mujtaba teaches a field device, comprising: 
a device hardware component (Mujtaba Fig. 1 & ¶ [0026], computing device 100 includes field device hardware component); 
a communication interface that communicatively couples to one or more external devices via an external communication network (Mujtaba ¶ [0059], “The system 900 also includes one or more wireless transceivers 903 to communicate with another data processing system.”; see also ¶ [0058], “system 900 may be implemented as device 100 as shown in FIG. 1”);
a processor coupled to the field device hardware component and to the communication interface (Mujtaba Fig. 1, wireless communication processor 101 & ¶ [0026]); 
a computer readable memory coupled to the processor, wherein the computer readable memory includes a secure storage that stores boot firmware to be executed upon start-up of the processor (Mujtaba Fig. 1, secure ROM 112 stores ROM Boot Loader 117 & ¶ [0031]); 
an operating system stored in the memory and implemented on the processor to perform communications via the communication interface (Mujtaba ¶ [0034], OS is established for the wireless processor; see also ¶ [0059], “The system 900 also includes one or more wireless transceivers 903 to communicate with another data processing system.”; see also ¶ [0058], “system 900 may be implemented as device 100 as shown in FIG. 1”; see also Fig. 7); 
a root of trust component including a unique device identity stored in the computer readable memory (Mujtaba ¶ [0023], UID is stored in the secure ROM or hardwired on the hardware); and 
one or more security keys or security certificates stored in the computer readable memory, capable of being used to perform secure communications with external devices via the communication interface (Mujtaba ¶ [0031], storage key is used to encrypt messages generated/received by wireless communication processor; see also Fig. 7 & ¶ [0052], session key is encrypted via a public key/storage key/key derived from the UID and sent to external device); 
wherein the processor implements a secure boot procedure that provides for protecting boot firmware from tampering upon startup, generates an endpoint identity feature including a device identification derived from the unique device identity (Mujtaba claim 13, a UID is used to derive a digital certificate [endpoint identity feature including a device identification], where the digital certificate authenticates the boot code image by the ROM boot loader; see also ¶ [0023], “the code image and/or data may be encrypted by a key derived from a unique identifier (UID) that uniquely identifies the wireless communications processor”; see also Fig. 1, secure ROM 112 stores ROM Boot Loader 117 & ¶ [0031], storing the boot firmware in the secure ROM protects it from tampering; see also ¶ [0037]) and uses a cryptographic algorithm to encrypt one or more of data communications performed by the device, data stored in the device and data as used in device (Mujtaba ¶ [0031], storage key is used to encrypt messages generated/received by wireless communication processor; see also Fig. 7 & ¶ [0052], session key is encrypted via a public key/storage key/key derived from the UID and sent to external device), and wherein the communication applications use the one or more security keys or certificates to perform communications with external devices via the communication interface (Mujtaba ¶ [0031], storage key is used to encrypt messages generated/received by wireless communication processor; see also Fig. 7 & ¶ [0052], session key is encrypted via a public key/storage key/key derived from the UID and sent to external device).
Mujtaba does not explicitly teach a field device hardware component that interacts with a process phenomenon associated with at least a portion of an industrial process in a process plant and where one or more communication applications stored in the memory and executed on the processor implement communications via the communication interface to communicate information associated with the process phenomenon.
	However, Telljohan teaches a field device hardware component (Telljohan Fig. 2, industrial controller 24 & ¶ [0018]) that interacts with a process phenomenon associated with at least a portion of an industrial process in a process plant and one or more communication applications stored in the memory and executed on the processor (Telljohan ¶ [0018], “the industrial controller 24 includes a processor 25 and a memory device 27 in communication with the processor 25… The memory device 27 is configured to store configuration data and a control program [communications application] for the industrial control system. The processor 25 is configured to execute the control program for operation of a controlled industrial machine or process to which the industrial controller 24 is connected”), wherein the one or more communication applications implement communications via the communication interface to communicate information associated with the process phenomenon (Telljohan ¶ [0018], “The industrial controller 24 also includes a port 29 such as a network interface card [communications interface] in communication with the processor 25. The port 29 is connected to the industrial network 30 providing a connection between the industrial controller 24 and the programmer interface 40 and other devices 50 on the network 30. The stored control program reads signals from a portion of the devices 50 indicating the state of the industrial process or machine (from sensors or the like) and generates outputs to another portion of the devices 50 to control the industrial process or machine according to those sensed inputs and the logic of the control program. Industrial controllers 24 suitable for use with the present invention include, for example, programmable controllers commercially available from Rockwell Automation, Inc.”).
It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the information security teachings of Mujtaba into the industrial process field in Telljohan because it is merely combining prior art elements (field devices in an industrial process plant) according to known methods (methods of securing information taught in Mujtaba) to yield predictable results (securing information within an industrial process plant to prevent tampering, hacking, and enhance reliability/safety etc.). MPEP 2143(I). Furthermore, this is known work in one field of endeavor that may prompt variations of it for use in either the same field or a different one (industrial process automation) based on design incentives (securing data/communications) or other market forces where the variations are predictable to one of ordinary skill in the art. MPEP 2143(I).

Regarding claim 2, Mujtaba and Telljohan teach the field device of claim 1. Mujtaba furthermore teaches wherein the processor uses the unique device identity to verify communications between the external devices and the field device (Mujtaba ¶ [0053], “if computing device 701 is the intended recipient of the encrypted data 707, computing device 701 should be able to recover the session key by decrypting the recovery blob using storage key 114”; see also ¶ [0052], session key can be encrypted by key derived from the UID; see also ¶ [0031], storage key can be generated based on the UID).

Regarding claim 3, Mujtaba and Telljohan teach the field device of claim 1. Mujtaba furthermore teaches wherein the processor uses the unique device identity to verify boot activities performed by the processor in the field device (Mujtaba claim 13, a UID is used to derive a digital certificate, where the digital certificate authenticates the boot code image by the ROM boot loader; see also ¶ [0023], “the code image and/or data may be encrypted by a key derived from a unique identifier (UID) that uniquely identifies the wireless communications processor”). 

Regarding claim 4, Mujtaba and Telljohan teach the field device of claim 1. Mujtaba furthermore teaches wherein the boot firmware is stored and executed directly from a non-writable location in the computer readable memory (Mujtaba Fig. 1, secure ROM 112 stores ROM Boot Loader 117 & ¶¶ [0031]-[0032], boot loader is executed from secure ROM).

Regarding claim 5, Mujtaba and Telljohan teach the field device of claim 1. Mujtaba furthermore teaches wherein the processor loads the boot firmware executed by the processor from a protected memory region of the computer readable memory into a protected memory store set aside for boot firmware execution by the processor (Mujtaba Fig. 1, secure ROM 112 stores ROM Boot Loader 117 & ¶¶ [0031]-[0032], boot loader is executed from secure ROM).

Regarding claim 6, Mujtaba and Telljohan teach the field device of claim 1. Mujtaba furthermore teaches wherein the processor derives internal keys from the unique device identity, and the processor executes self-tests and code validation to verify the code identity and to establish a set of keys for use in performing secured communications with the external devices via the communication interface (Mujtaba ¶ [0053], “if computing device 701 is the intended recipient of the encrypted data 707, computing device 701 should be able to recover the session key by decrypting the recovery blob using storage key 114”; see also ¶ [0052], session key can be encrypted by key derived from the UID; see also ¶ [0031], storage key can be generated based on the UID).

Regarding claim 7, Mujtaba and Telljohan teach the field device of claim 1. Mujtaba furthermore teaches wherein the processor executes the boot firmware using digitally signed binaries or digitally signed boot files and verifies the boot files using a digital key verified using the root of trust component (Mujtaba claim 13, a UID is used to derive a digital certificate, where the digital certificate authenticates the boot code image by the ROM boot loader; see also ¶ [0023], “the code image and/or data may be encrypted by a key derived from a unique identifier (UID) that uniquely identifies the wireless communications processor”). 

Regarding claim 8, Mujtaba and Telljohan teach the field device of claim 1. Mujtaba furthermore teaches, wherein the processor executes the boot firmware using a secure or trusted boot loader or a security microprocessor (Mujtaba claim 13, a UID is used to derive a digital certificate, where the digital certificate authenticates the boot code image by the ROM boot loader; see also ¶ [0031], the boot loader is stored on secure ROM and is therefore a secure boot loader)

Regarding claim 9, Mujtaba and Telljohan teach the field device of claim 1. Mujtaba furthermore teaches wherein the processor executes the boot firmware using boot file encryption (Mujtaba ¶ [0023], “the code image and/or data may be encrypted by a key derived from a unique identifier (UID) that uniquely identifies the wireless communications processor”).

Regarding claim 10, Mujtaba and Telljohan teach the field device of claim 1. Mujtaba furthermore teaches wherein the processor checks the validity of the boot firmware using the root of trust component (Mujtaba claim 13, a UID is used to derive a digital certificate, where the digital certificate authenticates the boot code image by the ROM boot loader; see also ¶ [0023], “the code image and/or data may be encrypted by a key derived from a unique identifier (UID) that uniquely identifies the wireless communications processor”).

Regarding claim 11, Mujtaba and Telljohan teach the field device of claim 1. Mujtaba furthermore teaches wherein the processor performs a secure firmware update by validating incoming communication payloads intended to replace existing firmware images prior to being stored or applied in the computer readable memory (Mujtaba ¶ [0053], “if computing device 701 is the intended recipient of the encrypted data 707, computing device 701 should be able to recover the session key by decrypting the recovery blob using storage key 114”; see also ¶ [0006], regarding a command to update a software component; see also ¶ [0022]).

Regarding claim 12, Mujtaba and Telljohan teach the field device of claim 1. Mujtaba furthermore teaches wherein the processor performs a secure firmware update by performing a rollback to a known verified boot firmware image if there is a failure to validate new boot image code (Mujtaba ¶ [0022], “If there is any segment of software components that cannot be successfully authenticated and executed, the device may be forced into a recovery mode (e.g., device firmware update or DFU mode), in which a new version of the software may be downloaded from a trusted server over a network”).

Regarding claim 13, Mujtaba and Telljohan teach the field device of claim 1. Mujtaba furthermore teaches wherein the processor performs secure communication connectivity to cloud resources by implementing a secure boot process that ensures that the field device is authenticated with an external device each time the field device attempts a connection to the external device through the use of the security keys or certificates (Mujtaba ¶ [0052], authorization server authenticates computing device via security keys; see also ¶ [0051], regarding a cloud network).
Regarding claim 14, Mujtaba and Telljohan teach the field device of claim 1. Mujtaba furthermore teaches wherein the secure storage includes off-chip flash memory, and wherein the processor copies one or more software applications or the operating system into SRAM or external DDR memory to execute after the processor is booted (Mujtaba ¶ [0032], “when wireless processor 101 receives a command to boot, ROM BL 117 is executed from secure ROM 112. ROM BL 117 is configured to initialize certain hardware components of wireless processor 101… ROM BL 117 fetches wireless processor code image 201 from partition 106 of storage device 105 over the communications link. The wireless processor code image 201 is loaded into internal RAM 113 and/or external RAM 103.”; see also Fig. 1, external DDR RAM).

Regarding claim 15, Mujtaba and Telljohan teach the field device of claim 1. Mujtaba furthermore teaches wherein the cryptography algorithm includes a standards-based symmetric cipher suite, or a hashing function, or a random number generator (Mujtaba ¶¶ [0052]-[0053] a recovery blob is encrypted and decrypted via a same storage key which is symmetric encryption).

Regarding claim 16, Mujtaba and Telljohan teach the field device of claim 1. Mujtaba furthermore teaches wherein the processor stores and performs a security audit application that enables the field device to be monitored (Mujtaba Fig. 2 & ¶¶ [0030]-[0031], runtime logging data generated by the wireless processor is stored and this data must come from an application; see also Fig. 4 & ¶ [0042], “a cryptographic unit 152 [security audit application] is configured to encrypt any runtime data that will be stored in storage partition 106 of storage device 105 using storage key 114. The runtime generated data may include any over-the-air provisioning data received by wireless processor over a wireless network and/or user specific or confidential data (e.g., emails or messages such as SMS messages, logging, and/or file system related files), etc.”).

Regarding claim 24, Mujtaba and Telljohan teach the field device of claim 1. Mujtaba furthermore teaches including provisioning information stored into the computer readable memory by the device manufacturer (Mujtaba ¶ [0052], “Public key 119 may be distributed previously in a form of a digital certificate, for example, during the manufacturing of the device”).

Regarding claim 25, Mujtaba and Telljohan teach the field device of claim 1. Mujtaba furthermore teaches wherein the provisioning information includes one or more of a device tag, a pre-shared security key and or certificate, a security server hostname and port, a DNS server name, a default port number that the field device listens on and a static IP address and mask (Mujtaba ¶ [0052], “Public key 119 may be distributed previously in a form of a digital certificate, for example, during the manufacturing of the device”).

Claims 17-20 and 23 are rejected under 35 U.S.C. 103 as being unpatentable over Mujtaba (Pub. No. US 2011/0258426) in view of Telljohan (Pub. No. US 2015/0127120 A1) and further in view of Kardesler (Pub. No. US 2021/0233115 A1).

Regarding claim 17, Mujtaba and Telljohan teach the field device of claim 1. Mujtaba furthermore teaches wherein the security audit application performs logging (Mujtaba Fig. 2 & ¶¶ [0030]-[0031], runtime logging data generated by the wireless processor is stored and this data must come from an application; see also Fig. 4 & ¶ [0042], “a cryptographic unit 152 [security audit application] is configured to encrypt any runtime data that will be stored in storage partition 106 of storage device 105 using storage key 114. The runtime generated data may include any over-the-air provisioning data received by wireless processor over a wireless network and/or user specific or confidential data (e.g., emails or messages such as SMS messages, logging, and/or file system related files), etc.”).
Mujtaba and Telljohan do not explicitly teach provide audit log information to an external server.
However, Kardesler teaches provide audit log information to an external server (Kardesler ¶ [0109], sensor data is logged and provided to an external server).
It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Mujtaba, Telljohan and Kardesler to teach transmitting logged data to an external server to “enable distributed computing, such as cloud computing” Kardesler ¶ [0163].

Regarding claim 18, Mujtaba, Telljohan and Kardesler teach the field device of claim 17. Mujtaba furthermore teaches, wherein the audit log information includes event logs (Mujtaba Fig. 2 & ¶¶ [0030]-[0031], runtime logging data generated by the wireless processor is stored and this data must come from an application; see also Fig. 4 & ¶ [0042], “a cryptographic unit 152 [security audit application] is configured to encrypt any runtime data that will be stored in storage partition 106 of storage device 105 using storage key 114. The runtime generated data may include any over-the-air provisioning data received by wireless processor over a wireless network and/or user specific or confidential data (e.g., emails or messages such as SMS messages, logging, and/or file system related files), etc.”).

Regarding claim 19, Mujtaba, Telljohan and Kardesler teach the field device of claim 17. Mujtaba furthermore teaches wherein the security audit application captures system and security events (Mujtaba Fig. 2 & ¶¶ [0030]-[0031], runtime logging data generated by the wireless processor is stored and this data must come from an application; see also Fig. 4 & ¶ [0042], “a cryptographic unit 152 [security audit application] is configured to encrypt any runtime data that will be stored in storage partition 106 of storage device 105 using storage key 114. The runtime generated data may include any over-the-air provisioning data received by wireless processor over a wireless network and/or user specific or confidential data (e.g., emails or messages such as SMS messages, logging, and/or file system related files), etc.”).
Mujtaba and Telljohan do not explicitly teach transfer the captured events to a host using the external server.
However, Kardesler teaches transfer the captured events to a host using the external server (Kardesler ¶ [0109], sensor data is logged and provided to an external server).
It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Mujtaba, Telljohan and Kardesler to teach transmitting logged data to an external server to “enable distributed computing, such as cloud computing” Kardesler ¶ [0163].

Regarding claim 20, Mujtaba, Telljohan and Kardesler teach the field device of claim 17. 
Mujtaba and Telljohan do not explicitly teach wherein the audit log includes one or more of the last time/date the external server was powered up; the last time/date the security credentials were modified; the external server status; a circular 128 entry session summary list; and timestamps.
However, Kardesler teaches wherein the audit log includes one or more of the last time/date the external server was powered up; the last time/date the security credentials were modified; the external server status; a circular 128 entry session summary list; and timestamps (Kardesler ¶ [0130], sensors collect time of day information).
It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Mujtaba, Telljohan and Kardesler to teach collect timestamp information because it is merely combining prior art elements (collecting runtime information) according to known methods (timestamping runtime information) to yield predictable results (correlating runtime events in time). MPEP 2143(I).

Regarding claim 23, Mujtaba, Telljohan r and Kardesler teach the field device of claim 17. 
Mujtaba and Telljohan r do not explicitly teach wherein the security application performs push audit messaging by pushing messages to an external security information and event management system.
However, Kardesler teaches wherein the security application performs push audit messaging by pushing messages to an external security information and event management system (Kardesler ¶ [0109], sensor data is logged and pushed to an external server).
It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Mujtaba, Telljohan and Kardesler to teach transmitting logged data to an external server to “enable distributed computing, such as cloud computing” Kardesler ¶ [0163].

Claims 21-22 are rejected under 35 U.S.C. 103 as being unpatentable over Mujtaba (Pub. No. US 2011/0258426) ) in view of Telljohan (Pub. No. US 2015/0127120 A1) in view of Kardesler (Pub. No. US 2021/0233115 A1) and further in view of Mohamed (Pat. No. US 11,076,001 B1)
Regarding claim 21, Mujtaba, Telljohan and Kardesler teach the field device of claim 17. 
Mujtaba, Telljohan and Kardesler do not explicitly teach wherein the security audit application stores a session summary for each communication session with an external device.
However, Mohamed teaches wherein the security audit application stores a session summary for each communication session with an external device. (Mohamed claim 1, sessions log includes a session status and other information status; see also Fig. 2A and column 12, lines 10-24).
It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Mujtaba, Telljohan, Kardesler and Mohamed to teach collect session information because it is merely combining prior art elements (collecting runtime information) according to known methods (collecting session status/summary information) to yield predictable results (securing a session such as in Mohammed column 1, lines 6-12 and column 6, lines 36-55). MPEP 2143(I).

Regarding claim 22, Mujtaba, Telljohan, Kardesler and Mohammed teach the field device of claim 17. 
Mujtaba, Telljohan and Kardesler do not explicitly teach wherein each session summary includes one or more of a client identity including an IP address and port number, a connect/disconnect time/date for a client, a starting/ending configuration change counter, a session status and a communication counter indicating the number of publish, request, and response PDUs.
However, Mohamed teaches wherein each session summary includes one or more of a client identity including an IP address and port number, a connect/disconnect time/date for a client, a starting/ending configuration change counter, a session status (Mohamed claim 1, sessions log includes a session status and other information status; see also Fig. 2A and column 12, lines 10-24) and a communication counter indicating the number of publish, request, and response PDUs. 
It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Mujtaba, Telljohan, Kardesler and Mohamed to teach collect session information because it is merely combining prior art elements (collecting runtime information) according to known methods (collecting session status/summary information) to yield predictable results (securing a session such as in Mohammed column 1, lines 6-12 and column 6, lines 36-55). MPEP 2143(I).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GREGORY P TOLCHINSKY whose telephone number is (571)270-0599. The examiner can normally be reached m-f (9:30-6:30PM).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Umar Cheema can be reached on 571-270-3037. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/G.P.T./Examiner, Art Unit 2456                                                                                                                                                                                                        
/Brian Whipple/Primary Examiner, Art Unit 2456                                                                                                                                                                                                        7/28/2022