DETAILED ACTION

1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
 
 2.	The Office action is in response to the patent application filed on October 26, 2020.  The application contains 7 claims.  Claims 1-7 are directed to a system for securing an industrial system comprising machines, controllers, a gateway, and an analyzer.  Claims 1-7 are pending.

Drawings
3. 	Figures 3-4, 7, and 12-13 are objected to because of:  these figures contain non-English descriptions for each element. An English translation is needed.

Claim Objections
4.	Claims 1-7 are objected to because of the following informalities:
Referring to claim 1:
	Claim 1 recites:
           (i) “Industrial system comprising …”, where “Industrial system” should be “An industrial system”;
	(ii) “- provide, for each impact and the severity-likelihood combination thereof, a numerical value,”, where “a numerical value” should be “a numerical value, and”, since this is the next to the last configured element. 
Referring to claims 2-7:
	Claims 2-7 recite “Industrial system according to …”, which should be “The industrial system according to …”.
Referring to claim 2:
            Claim 2 recites “the control systems”, which is objected for lack of precedent basis.
Referring to claim 7:
	Claim 7 recites “the first model … the second model …”, where “model” should be “operation model” in order to be consistent with the term used in claim 1 (“at least one first operational model”).
 
Claim Rejections - 35 USC § 112
5.	Claims 1-7 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Referring to claims 1-7:
	Claim 1 recites:
	“Industrial system comprising machines, systems for controlling machines connected by a first communication network and a gateway intended to connect the first communication network to a second communication network, the gateway comprising a memory and comprising a processor configured to copy to the memory first data transmitted over the second communication network and relating to the operation of the machines, further comprising an analyser, configured to: 
- collect values of variables relating to the operation of the machines, …”, 
 wherein:
            (i) “systems for controlling machines”:  “systems” should be “control systems” in order to be consistent with Claim 2 (“by the control systems”).  Since the specification also uses the term controller, Examiner suggests to change “systems for controlling machines” to “controllers for controlling machines”;
	(ii)  “a gateway intended to connect the first communication network to a second communication network”: where “intended to connect” could be interpreted as “is not being connected”.  Examiner suggests changing “intended to connect” to “connecting” in order to be clear;
	(iii)  “first data transmitted over the second communication network”:  where “transmitted over” should be “transmitted to” to be clear about the direction of transmission;
	(iv)  “Industrial system comprising … the gateway comprising … and comprising … further comprising an analyser”:  it is not clear whether “Industrial system” further comprising an analyser, or “the gateway” further comprising an analyser. Clarification is needed.
	Claims 2-7 are dependent from claim 1, and are therefore rejected based on the same rationale. 

Claim Rejections - 35 USC § 103

6.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

7.	Claims 1-3, and 6-7 are rejected under 35 U.S.C. 103 as being unpatentable over Bushey et al. (U.S. 2017/0359366 A1), hereinafter “Bushey”, in view of Martinez et al. (U.S. 2014/0137257 A1), hereinafter “Martinez”.
Referring to claim 1:
	 	Bushey teaches:
                      Industrial system comprising machines, systems for controlling machines connected by a first communication network and a gateway intended to connect the first communication network to a second communication network, the gateway comprising a memory and comprising a processor configured to copy to the memory first data transmitted over the second communication network and relating to the operation of the machines, further comprising an analyser, configured to (see Bushey, fig. 1, item 100 (an industrial system), item 130 (machines), items MN1, MN2, … MNn (the first communication network), item 140, 150, and item 170 (the second communication network), 150 ‘threat detection computer (an analyser); fig. 2, 336 (systems for controlling machines); [0016] ‘devices, including those associated with the system 100 … may exchange information via any communication network which may be one or more a Local Area Network(“LAN”), … a Wide Area Network (“WAN”) … Note that any devices described herein may communicate via one or more such communication networks [i.e., communicating via a gateway ].’): 
         - collect values of variables relating to the operation of the machines (see Bushey, [0002] ‘receive, via a plurality of real-time monitoring node signal inputs, streams of monitoring node signal values over time that represent a current operation of the industrial asset control system.’), 
         - determine, for at least some of the variables, ranges of values from at least one first operational model of the machines (see Bushey, [0002] ‘compare each generated current monitoring node feature vector with a corresponding decision boundary for that monitoring node,’), 
          - detect at least one anomaly, if the value of at least one variable is outside of the range of values of said variable, said anomaly having a likelihood (see Bushey, [0002] ‘the decision boundary separating a normal state from an abnormal state for that control node and localize a threat to a particular monitoring node.‘), 
          - detect, from the at least one anomaly, at least one undesirable event, to which is allocated an impact on the industrial system, said impact having a severity (see Bushey, [0014] ‘the nodes may be used to monitor occurrences of cyber-threats or abnormal events.’),
             - determine an overall risk level of the industrial system from the numerical values obtained of the impacts of the at least one undesirable event detected (see Bushey, [0002] ‘automatically transmitting a threat alert signal based on results of said comparisons along with an indication of the particular monitoring node.’).
	However, Bushey does not disclose the likelihood of the anomaly.
	Bushey disclose determining a risk (see Bushey, [0002] ‘a threat alert’).  However, Bushey does not disclose a risk level.
	Bushey suggests the gateway (see Bushey, [0016] ‘devices, including those associated with the system 100 … may exchange information via any communication network which may be one or more a Local Area Network(“LAN”), … a Wide Area Network (“WAN”) … Note that any devices described herein may communicate via one or more such communication networks [i.e., communicating via a gateway ].’).  However, Bushey does not explicitly disclose it.
	Martinez disclose the likelihood of the anomaly (see Martinez, [0102] ‘The likelihood rating indicates the probability that a potential critical asset will be subjected to an attack by the threat-source.’).
	Martinez further disclose the risk level (see Martinez, [0010] ‘… a threat score … a vulnerability score … an impact score … determining the risk of the one or more assets based on the threat score …’).
	Martinez further disclose the gateway (see Martinez, [0065] ‘switches, relays’; [0117] ‘system interconnection, routers’).
	In addition, Martinez further discloses the first communication network, the second communication network (see Martinez, fig. 2, 200 ‘Operation Technology (OT) [i.e., the first communication network ]’, 206 ‘Information Technology (IT) [i.e., the second communication network ]’).
	 	It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Martinez into the system of Bushey to use the likelihood of the anomaly, the risk level, and the gateway.  Bushey teaches "a system to protect an industrial asset control system from cyber threats” (see Bushey, [0002]).  Therefore, Martinez’s teaching could enhance the system of Bushey,  because Martinz discloses “the present invention provides a method for assessing a risk of one or more assets within an operational technology infrastructure by providing a database containing data relating to the one or more assets” (see Martinez, [0010]).
Referring to claim 2:
	 	Bushey and Martinez further disclose:
          wherein the first data are provided by the control systems (see Bushey, fig. 3, 336 ‘control systems’, ‘controller node data’).
Referring to claim 3:
	 	Bushey and Martinez further disclose:
	wherein the processor is configured to write in the memory second data provided by a station connected to the second communication network (see Bushey, fig. 1, item 170 (a station connected to the second communication network).  In addition, Martinez, fig. 2, 206 ‘Information Technology (IT) [i.e., the second communication network’).
Referring to claim 6:
	 	Bushey and Martinez further disclose:
	comprising at least one network sensor configured to make a copy of third data circulating over the first communication network and connected to the analyser (see Bushey, [0015] ‘… The threat detection model 155 [i.e., the analyzer ] may, for example, monitor streams of data from the monitoring nodes 130 comprising data from sensor nodes, actuator nodes, and/or any other critical monitoring nodes (e.g., monitoring nodes MN.sub.1 through MN.sub.N),’).
Referring to claim 7:
	 	Bushey and Martinez further disclose:
	wherein the analyser is configured to receive the third data, in order to classify the third data according to at least first and second categories, and in order to determine at least the first model from the third data of the first category and a second model from the third data of the second category (see Bushey, [0015] ‘Information from the normal space data source 110 and the threatened space data source 120 [i.e.,  the first mode (the normal space data source 110), the second model (the threatened space data source 120) ] may be provided to a threat detection model 140 [i.e., the analyser ] … monitor streams of data from the monitoring nodes 130 comprising data from sensor nodes, actuator nodes, and/or any other critical monitoring nodes [i.e., classifying the third data (monitored stream of data) according to at least first category (e.g., sensor nodes data) and second category (e.g., actuator nodes data) ] …’; [0014] ‘Moreover, the nodes may be used to monitor occurrences of cyber-threats or abnormal events [i.e., determining a first model from the third data of the first category and a second model from the third data of the second category ].’).

8.	Claims 4-5 are rejected under 35 U.S.C. 103 as being unpatentable over Bushey et al. (U.S. 2017/0359366 A1), in view of Martinez et al. (U.S. 2014/0137257 A1), further in view of Luo et al. (U.S. 2016/0087958 A1), hereinafter “Luo”.
Referring to claim 4:
	 	Bushey and Martinez disclose the limitations as described in claim 1 and 2.  However, they do not disclose the processor is configured to transmit to at least one of the control systems the second data written in the memory.
		Luo discloses the processor is configured to transmit to at least one of the control systems the second data written in the memory (see Luo, [0006] ‘encrypting the generated query and providing the encrypted query to a security relay server [i.e., where the security relay server (gateway) comprising a processor ] for the selected subset of controller devices;’).
		In addition, Luo further discloses gateway (see Luo, [0029] ‘the control zone 206 includes a security relay 228 (e.g., similar to the security relay servers 128a, 128b, and 128n, shown in FIG. 1) that can operate as a gateway to incoming and outgoing network traffic,’).
           It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Luo into the system of Bushey to transmit to at least one of the control systems the second data written in the memory.  Bushey teaches "a system to protect an industrial asset control system from cyber threats” (see Bushey, [0002]).  Therefore, Luo’s teaching could enhance the system of Bushey,  because Luo discloses “methods for facilitating secure communication”(see Luo, [0006]). 
Referring to claim 5:
	 	Bushey, Martinez, and Luo further disclose:
	wherein the processor is configured to perform an authentication of a user of said station implementing two distinct identification methods (see Luo, [0024] ‘two-factor authentication’).
           It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Luo into the system of Bushey to use two factor authentication.  Bushey teaches "a system to protect an industrial asset control system from cyber threats” (see Bushey, [0002]).  Therefore, Luo’s teaching could enhance the system of Bushey, because it is well known and popular in the art that two-factor authentication is a strong authentication. 
 
Conclusion

9.	The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.
(a)	Fellows; Simon David Lincoln et al. (US 20210273953 A1) disclose endpoint agent client sensors (csensors) and associated infrastructures for extending network visibility in an artificial intelligence (ai) threat defense environment’
(b)	Muddu; Sudhakar et al. (US 20190342311 A1) disclose processing anomaly data to identify threats to network security;
(c)	Anachi; Rajini B. (US 20190089725 A1) disclose Deep Architecture for Learning Threat Characterization;
(d)	Du; Jun et al. (US 20190014137 A1) disclose IoT DEVICE SECURITY;
(e)	Baxley; Robert John et al. (US 10104098 B2) disclose Electromagnetic threat detection and mitigation in the Internet of Things; 
(f)	OYAMADA; Masahiro (US 20180212980 A1) disclose system and method of detecting intrusion into communication environment;
(g)	Gill; Jasvir Singh et al. (US 10019677 B2) disclose Active policy enforcement.

 	10.       Any inquiry concerning this communication or earlier communications from the examiner should be directed to Peiliang Pan whose telephone number is (571) 272-5987.  The examiner can normally be reached on Monday-Friday 8:00 am - 5:00 pm EST.
          If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
           Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/PEILIANG PAN/Examiner, Art Unit 2492                                                                                                                                                                                             




/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492