Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Claim Objections
Claim 12 is objected to because of the following informalities:  It appears claim 13 has been merged with claim 12.  Appropriate correction is required.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-4, 7-16, 18-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sachs US 2020/0259896 in view of Mattes US 2016/0036861


As per claim 1. Sachs teaches A network access control system comprising: a communication device configured to communicate time-critical messages through a time-sensitive network during scheduled time windows, the communication device further configured to be communicatively connected to a candidate device and to receive a network access request from the candidate device the communication device is configured to grant the candidate device restricted access to one or more of send or receive approved messages through the time-sensitive network.  [0243][0253][0720][0743]-[0746][0771][0772]  (Saches teaches a Time Sensitive network including security and preventing unauthorized access, teaches scheduling prioritized messages to be sent during specific windows, and delaying non-critical traffic)

Mattes teaches and an authorization system communicatively connected to the communication device and configured to authorize the candidate device via a multi-factor authentication protocol that requires a user of the candidate device to successfully provide multiple identification factors, wherein, in response to the authorization system authorizing the candidate device, the communication device is configured to grant the candidate device restricted access [0061][0063][0068]-[0072][0123] (teaches a multifactor authentication system to grant a user access to a restricted industrial private network, wherein upon authorization, access is granted)
It would have been obvious to one of ordinary skill in the art to use the security of Mattes with Sachs because it increases security.

As per claim 2. Sachs teaches The network access control system of claim 1, wherein upon granting the candidate device the restricted access, the communication device is configured to avoid communicating the approved messages to or from the candidate device during the scheduled time windows reserved for the time-critical messages.  [0739][0740][0772][0814][1184] (a Time sensitive network that schedules priority data windows and deprioritizes remaining data messages)


As per claim 3. Sachs teaches The network access control system of claim 1, wherein the approved messages represent best-effort messages that are unscheduled and lower priority than the time-critical messages, and the communication device is configured to communicate the best-effort messages outside of the scheduled time windows reserved for the time-critical messages. [0739][0740][0772][0814][1184] (best effort messages outside of priority windows)
 
As per claim 4. Sachs teaches The network access control system of claim 1, wherein the time- sensitive network includes a plurality of end devices communicatively connected via multiple communication devices and communication links, and wherein the approved messages represent messages communicated with a designated subset of the end devices. [0761][1225][1243] (teaches communication to certain endpoints)  [1519] (subsets of TSN network)


As per claim 7. Mattes teaches The network access control system of claim 1, wherein the multiple identification factors of the multi-factor authentication protocol include at least two of a knowledge factor, a possession factor, or an inherence factor.  [0123] (knowledge, possession)

As per claim 8. Mattes teaches The network access control system of claim 1, further comprising a network configurator device communicatively connected to the communication device, wherein in response to receiving an indication that the candidate device is authorized, the network configurator device is configured to reconfigure the communication device to provide the candidate device the restricted access.   [0061][0063][0068]-[0073][0123] (teaches authentication of a device and configuring the access control system to provide access based on policy)
Sachs teaches security and access control in general [0253][0633] [0635]

As per claim 9. Sachs teaches The network access control system of claim 1, further comprising a time-aware scheduler device configured to generate a schedule for message communication through the time-sensitive network, wherein in response to receiving an indication that the candidate device is authorized, the time-aware scheduler device is configured to modify the schedule to accommodate communication of the approved messages to and from the candidate device through the communication device.  [0751][0771]-[0773] (scheduling priority windows for TSN)

As per claim 10. Sachs teaches The network access control system of claim 9, wherein the authorization system is physically integrated with the time-aware scheduler device.  [0253]

As per claim 11. Sachs teaches The network access control system of claim 1, wherein the communication device is an Ethernet switch including multiple ports for connecting to multiple different communication links in the time-sensitive network, wherein the Ethernet switch is configured to open and close the multiple ports at respective designated times to communicate data packets, wherein the designated times are based on a schedule of the time-sensitive network.  [0750][0771][0772] Fig 35

As per claim 12. Mattes teaches The network access control system of claim 1, wherein the authorization system is physically integrated with the communication device. [0159] (teaches authorization and components with a switch)
Sachs teaches that the TSN is implemented on an Ethernet switch. [0750][0771][0772] Fig 35

As per claim 13. Mattes teaches The network access control system of claim 1, wherein the time-sensitive network is disposed within an electronic security perimeter of an industrial facility. [0024][0025][0029]  (industrial network and security)

As per claim 14. Sachs teaches A method comprising: receiving a network access request at a communication device that is configured to communicate time-critical messages through a time-sensitive network during scheduled time windows, the network access request received from a candidate device while the candidate device is blocked by the communication device from communicating through the time-sensitive network; and responsive to authorizing the candidate device, granting the candidate device restricted access for one or more of sending or receiving approved messages through the time-sensitive network.  [0243][0253][0720][0743]-[0746][0771][0772]  (Saches teaches a Time Sensitive network including security and preventing unauthorized access, teaches scheduling prioritized messages to be sent during specific windows, and delaying non-critical traffic)

Mattes teaches responsive to receiving the network access request, authorizing the candidate device via a multi-factor authentication protocol that requires a user of the candidate device to successfully provide multiple identification factors; [0061][0063][0068]-[0072][0123] (teaches a multifactor authentication system to grant a user access to a restricted industrial private network, wherein upon authorization, access is granted)
It would have been obvious to one of ordinary skill in the art to use the security of Mattes with Sachs because it increases security.

As per claim 15. Sachs teaches The method of claim 14, wherein granting the restricted access includes controlling the communication device to avoid communicating the approved messages during the scheduled time windows reserved for the time-critical messages.   [0739][0740][0772][0814][1184] (a Time sensitive network that schedules priority data windows and deprioritizes remaining data messages)


As per claim 16. Sachs teaches The method of claim 14, wherein the approved messages represent best- effort messages that are unscheduled and lower priority than the time-critical messages, and granting the restricted access includes communicating the best-effort messages through the time-sensitive network outside of the scheduled time windows reserved for the time-critical messages.  [0739][0740][0772][0814][1184] (best effort messages outside of priority windows)



As per claim 18. Sachs teaches The method of claim 14, wherein granting the restricted access includes one or more of reconfiguring the communication device or modifying a schedule for message communication through the time-sensitive network to accommodate communication of the approved messages to and from the candidate device through the communication device.  [0751][0771]-[0773] (scheduling priority windows for TSN)


As per claim 19. Mattes teaches The method of claim 14, wherein authorizing the candidate device via the multi-factor authentication protocol includes requiring the user of the candidate device to successfully provide at least two of a knowledge factor, a possession factor, or an inherence factor.  [0123] (knowledge, possession)

As per claim 20. Sachs teaches A communication system comprising: a time-sensitive network including plural communication devices interconnected by communication links, the communication devices configured to communicate data packets representing time-critical traffic via the communication links during designated time windows according to a schedule of the time-sensitive network, the communication devices further configured to communicate data packets representing best-effort traffic via the communication links outside of the designated time windows; and the first communication device is configured to grant the candidate device restricted access for one or more of sending or receiving messages within the best-effort traffic without permission to one or more of send or receive messages within the time- critical traffic.  [0243][0253][0720][0743]-[0746][0771][0772]  (Saches teaches a Time Sensitive network including security and preventing unauthorized access, teaches scheduling prioritized messages to be sent during specific windows, and delaying non-critical traffic)  [0739][0740][0772][0814][1184] (teaches that schedules priority data windows and deprioritizes remaining data messages)

Mattes teaches an authorization system communicatively connected to a candidate device via a first communication device of the communication devices, wherein the first communication devices is configured to receive a network access request from the candidate device while blocking the candidate device from communicating through the time-sensitive network, wherein the authorization system is configured to authorize the candidate device via a multi-factor authentication protocol that requires a user of the candidate device to successfully provide multiple identification factors, and wherein, in response to the authorization system authorizing the candidate device, [0061][0063][0068]-[0072][0123] (teaches a multifactor authentication system to grant a user access to a restricted industrial private network, wherein upon authorization, access is granted)
It would have been obvious to one of ordinary skill in the art to use the security of Mattes with Sachs because it increases security.


As per claim 21. Sachs teaches The communication system of claim 20, wherein the first communication device is an Ethernet switch including multiple ports for connecting to multiple links of the communication links in the time-sensitive network,  [0750][0771][0772] Fig 35
Mattes teaches the authorization system is disposed within a housing of the Ethernet switch. [0159]



Claim(s) 5, 6, 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sachs US 2020/0259896 in view of Mattes US 2016/0036861 in view of Milton US 2021/0014319

As per claim 5. Milton teaches The network access control system of claim 1, wherein the restricted access that is granted to the candidate device has a time limit, and the communication device is configured to block the candidate device from communicating through the time-sensitive network upon expiration of the time limit.  [0029][0042][0043]
(teaches granting user access according to limits such as a time limit or data limit, and blocking the candidate after the limit has been reached)

It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the teaching of Milton with the prior art because it promotes resource efficiency. 


As per claim 6. Milton teaches The network access control system of claim 1, wherein the restricted access that is granted to the candidate device has a message count limit, and the communication device is configured to block the candidate device from communicating through the time-sensitive network upon an aggregate number of the approved messages one or more of sent to or received by the candidate device exceeding the message count limit.  [0029][0042][0043] (teaches granting user access according to limits such as a time limit or data limit, and blocking the candidate after the limit has been reached)


As per claim 17. Milton teaches The method of claim 14, wherein the restricted access that is granted to the candidate device has one or more of a time limit or a message count limit, and the method further comprises blocking the candidate device from communicating through the time-sensitive network upon one or more of expiration of the time limit or fulfillment of the message count limit.  [0029][0042][0043]
(teaches granting user access according to limits such as a time limit or data limit, and blocking the candidate after the limit has been reached)

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER BROWN whose telephone number is (571)272-3833. The examiner can normally be reached M-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439