DETAILED ACTION
This office action is in response to applicant’s RCE amendment filed on 07/01/2022.  Claims 1 and 9 have been amended.  Claims 1-4, 6-22, and 24-27 are pending and are directed towards system, apparatus, method, and computer product for Provision of Secure Communication in a Communication Network Capable of Operating in Real Time.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
1.	Applicant’s arguments filed 07/01/2022 have been fully considered.
A) Applicant’s arguments, with respect to the amended limitations of claims 1 and 9, that Rose, Rayapeta, and Falk fail to teach “a test unit which is separate and apart from the communication partners, which is securably connectable to two interfaces, and which makes integrity correlations without monitoring transmitted and/or received messages between the at least two communication partners” (page 11 of the present response) have been fully considered but they are moot in view of the new grounds of 35 U.S.C. 103 rejections.
Claim Rejections - 35 USC § 103
2.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
3.	Claims 1-4, 6-22, and 24-27 are rejected under 35 U.S.C. 103 as being unpatentable over Buber et al. (US Pub. 2015/0264080), hereinafter Buber, filed Aug. 13, 2013 in view of Rayapeta et al. (US Pub. 2016/0344754), hereinafter Rayapeta, filed on May 22, 2015 and Falk (US Pub. 2013/0132730) filed on Jul. 22, 2011. 
Regarding claim 1, Buber teaches a method for providing secure communication between at least one first communication partner and at least one second communication partner within a communication network capable of operating in real time (para 21, line 1-11 and para  61, line 1-17; automation system contains numerous devices checked for manipulation as part of network, where a state of a device is up-to-date at the time of the check), the method comprising: 
providing at least two interfaces, each of which are assigned to a communication partner (para 91, line 1-4 and para 93, line 1-4; devices can be include input/output unit being able to be used to receive and/or transmit data);
Buber does not teach wherein the at least two interfaces passively monitor transmitted and/or received messages between the communication partners 
isolating at least one message transmitted and/or received between the communication partners at the respectively associated interface, by means of at least one definable filtering criterion, wherein the at least one isolated message undergoes an integrity check;
Rayapeta teaches wherein the at least two interfaces passively monitor transmitted and/or received messages between the communication partners (para 24, line 1-16 and para 26, line 4-9; robustness agent located at one or more node interfaces analyzes the flow of message traffic into and out of a communication node for characteristics indicative of an attack);
isolating at least one message transmitted and/or received between the communication partners at the respectively associated interface, by means of at least one definable filtering criterion, wherein the at least one isolated message undergoes an integrity check (para 24, line 1-29 and para 27, line 1-6; quarantine a message communicated between two nodes, with an interface at each node, of a network and analyze if message may be indicative of an attack by determining characteristics of the message, such as a message type or a certain sender or receiver); 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buber to incorporate the teachings of Rayapeta to provide for quarantine of a message communicated between two nodes of a network and analyze if message may be indicative of an attack by determining characteristics of the message.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Buber teaches for the purposes of integrity checking, constituting a first integrity reference value for at least one message transmitted by the first communication partner, and at least one second integrity reference value for at least one message received by at least the second communication partner; transmitting the first integrity reference value and the second integrity reference value from the at least two interfaces to a test unit for integrity checking (para 41, line 1-12 and para 45, line 1-9; multiple devices calculate a hash value and transmit the hash values to a testing device to check for manipulation),
 wherein the test unit is a separate device from the first and second communication partners, and wherein the at least two interfaces establish a secure connection with the test unit (Fig. 2 and para 28, line 1-3 and para 48, line 1-8; a testing device receives data from multiple devices in a cryptographically secure manner);
Buber and Rayapeta do not teach correlating the first integrity reference value with the second integrity reference value, and comparing of same by the test unit; and
Falk teaches correlating the first integrity reference value with the second integrity reference value, and comparing of same by the test unit (para 41, line 1-8 and para 42, line 15-35; integrity check verification unit IPVE, as a remote checking unit, compares the received integrity check information generated on the receiver side with that of the transmitter side); and
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buber and Rayapeta to incorporate the teachings of Falk to provide integrity check verification unit IPVE, as a remote checking unit, compares the received integrity check information generated on the receiver side with that of the transmitter side.  Doing so would allow for detection of manipulation of the transmitted control data, as recognized by Falk in para 12, line 22-28. 
	Buber teaches the test unit without the test unit monitoring the transmitted and/or received messages between the communication partners (para 44, line 1-4 and para 45, line 1-9; testing device receives transmitted hash value from a plurality of devices to be checked for manipulation);
generating a warning and/or alarm signal by the test unit (para 47, line 1-15; test unit can trigger an alarm warning manipulation of a device),
Buber and Rayapeta do not teach generating the referral of the warning and/or alarm signal originating from the test unit to an authority responsible for the deployment of corresponding counter-measures, in the event that the correlated integrity reference values deviate from each other.
Falk teaches generating the referral of the warning and/or alarm signal originating from the test unit to an authority responsible for the deployment of corresponding counter-measures, in the event that the correlated integrity reference values deviate from each other (para 42, line 19-48; the integrity check verifying unit IPVE generates an alarm signal and transmits the alarm signal to an operating person as well as initiating an operationally secure state for the network if the integrity check information of the receiver side deviates from the integrity check information of the transmitter side).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buber and Rayapeta to incorporate the teachings of Falk to provide the integrity check verifying unit IPVE generates an alarm signal and transmits the alarm signal to an operating person as well as initiating an operationally secure state for the network if the integrity check information of the receiver side deviates from the integrity check information of the transmitter side.  Doing so would allow for detection of manipulation of the transmitted control data, as recognized by Falk in para 12, line 22-28.
Regarding claim 2, Buber, Rayapeta, and Falk teach method of claim 1.
Buber and Rayapeta do not teach wherein, for communication between the communication partners, a communication protocol below level 3, also described as the network layer in the OSI reference model applied in communication technology, is employed.
	Falk teaches wherein, for communication between the communication partners, a communication protocol below level 3, also described as the network layer in the OSI reference model applied in communication technology, is employed (para 23, line 1-4 and para 36, line 1-13; data are transmitted between control units SEs where each control unit SE is connected to a gateway via a bus 5-1 in an Ethernet transmission network).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buber and Rayapeta to incorporate the teachings of Falk to provide data are transmitted between control units SEs where each control unit SE is connected to a gateway via a bus 5-1 in an Ethernet transmission network.  Doing so would allow for detection of manipulation of the transmitted control data, as recognized by Falk in para 12, line 22-28.
Regarding claim 3, Buber, Rayapeta, and Falk teach method of claim 1.
	Buber does not teach wherein, for communication between the communication partners, a fieldbus communication protocol is employed.
Rayapeta teaches wherein, for communication between the communication partners, a fieldbus communication protocol is employed (para 36, line 1-4 and line 25-29; communication between various nodes on the network uses fieldbus protocol).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buber to incorporate the teachings of Rayapeta to provide for communication between various nodes on the network using fieldbus protocol.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Regarding claim 4, Buber, Rayapeta, and Falk teach method of claim 1.
	Buber does not teach wherein the at least one filtering criterion relates to the message type, a sender and/or receiver, a random message filtering function, a bandwidth and/or network load and/or a filterable message content, and/or any combination thereof.
Rayapeta teaches wherein the at least one filtering criterion relates to the message type, a sender and/or receiver, a random message filtering function, a bandwidth and/or network load and/or a filterable message content, and/or any combination thereof (para 24, line 12-33; analyze if message may be indicative of an attack by determining characteristics of the message, such as a message type or a certain sender or receiver).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buber to incorporate the teachings of Rayapeta to provide for analyzing if message may be indicative of an attack by determining characteristics of the message, such as a message type or a certain sender or receiver.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Regarding claim 6, Buber, Rayapeta, and Falk teach method of claim 1.
Buber does not teach an isolated sent/received message
Rayapeta teaches an isolated sent/received message (para 24, line 5-11 and line 23-30; quarantined message into or out of a communication node)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buber to incorporate the teachings of Rayapeta to provide for quarantine of a message into or out of a communication node.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Buber and Rayapeta do not teach wherein, as an integrity reference value, a hash value of an sent/received message and/or elements thereof, and/or an accumulation of a plurality of filtered messages and/or elements thereof is employed.
Falk teaches wherein, as an integrity reference value, a hash value of an sent/received message and/or elements thereof, and/or an accumulation of a plurality of filtered messages and/or elements thereof is employed (para 43, line 1-8; integrity check information is formed by a hash value of at least part of the control data packet or a particular number of control data packets).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buber and Rayapeta to incorporate the teachings of Falk to provide integrity check information is formed by a hash value of at least part of the control data packet or a particular number of control data packets.  Doing so would allow for detection of manipulation of the transmitted control data, as recognized by Falk in para 12, line 22-28.
Regarding claim 7, Buber, Rayapeta, and Falk teach method of claim 1.
Buber and Rayapeta do not teach the at least one first integrity reference value from a definable time window is compared with at least the second correlating integrity reference value from the same time window.
Falk teaches the at least one first integrity reference value from a definable time window is compared with at least the second correlating integrity reference value from the same time window (para 41, line 1-8 and para 52, line 1-6 and para 53, line 1-5; integrity check verification unit IPVE compares the integrity check information, containing a timestamp with value range within a particular timespan, generated on the receiver side with that of the transmitter side).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buber and Rayapeta to incorporate the teachings of Falk to provide integrity check verification unit IPVE compares the integrity check information, containing a timestamp with value range within a particular timespan, generated on the receiver side with that of the transmitter side.  Doing so would allow for detection of manipulation of the transmitted control data, as recognized by Falk in para 12, line 22-28.
Regarding claim 8, Buber, Rayapeta, and Falk teach method of claim 1.
Buber and Rayapeta do not teach the communication between the communication partners and the communication between the respective interface and the test unit are executed in mutually independent channels.
Falk teaches the communication between the communication partners and the communication between the respective interface and the test unit are executed in mutually independent channels (para 39, line 1-16; transmitting control data and integrity check information from transmitter side to receiver side occurs over different networks or over different virtual local networks VLAN).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buber and Rayapeta to incorporate the teachings of Falk to provide transmitting control data and integrity check information from transmitter side to receiver side occurs over different networks or over different virtual local networks VLAN.  Doing so would allow for detection of manipulation of the transmitted control data, as recognized by Falk in para 12, line 22-28.
Regarding claim 9, Buber teaches a device for integrity checking, which is suitable for the provision of secure communication between at least two communication partners within a communication network capable of operating in real time (para 21, line 1-11 and para  61, line 1-17; automation system contains numerous devices checked for manipulation as part of network, where a state of a device is up-to-date at the time of the check), the device comprising: 
at least one processor configured to (para 87, line 1-12; the testing device includes a processor):
establish a secure connection with a first interface and a second interface (Fig. 2 and para 28, line 1-3 and para 48, line 1-8; a testing device receives data from multiple devices in a cryptographically secure manner);
Buber does not teach at least one isolated message 
Rayapeta teaches at least one isolated message (para 24, line 23-30; quarantine the message on the network communication)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buber to incorporate the teachings of Rayapeta to provide for quarantine of a message communicated between two nodes of a network.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Buber teaches receive a formed first integrity reference value for at least one message from the first interface; receive at least one formed second integrity reference value for at least one message from the second interface (para 41, line 1-12 and para 45, line 1-9; multiple devices calculate a hash value and transmit the hash values to a testing device to check for manipulation);
Buber and Rayapeta do not teach correlate the first integrity reference value with the at least one second integrity reference value, and for comparing same,
Falk teaches correlate the first integrity reference value with the at least one second integrity reference value, and for comparing same (para 41, line 1-8 and para 42, line 15-35; integrity check verification unit IPVE compares the integrity check information generated on the receiver side with that of the transmitter side),
PCT/EP2017/072801- 18 - 2016P19473WOUS It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buber and Rayapeta to incorporate the teachings of Falk to provide integrity check verification unit IPVE, as a remote checking unit, compares the received integrity check information generated on the receiver side with that of the transmitter side.  Doing so would allow for detection of manipulation of the transmitted control data, as recognized by Falk in para 12, line 22-28.
Buber teaches without monitoring transmitted and/or received messages between the at least two communication partners (para 44, line 1-4 and para 45, line 1-9; testing device receives transmitted hash value from a plurality of devices to be checked for manipulation); and 
emit a warning and/or alarm signal (para 47, line 1-15; test unit can trigger an alarm warning manipulation of a device),
Buber and Rayapeta do not teach emit a warning and/or alarm signal, which is delivered to an authority responsible for the deployment of corresponding counter-measures, in the event that the correlated integrity reference values deviate from each other;
Falk teaches emit a warning and/or alarm signal, which is delivered to an authority responsible for the deployment of corresponding counter-measures, in the event that the correlated integrity reference values deviate from each other (para 42, line 19-48; the integrity check verifying unit IPVE generates an alarm signal and transmits the alarm signal to an operating person as well as initiating an operationally secure state for the network if the integrity check information of the receiver side deviates from the integrity check information of the transmitter side);
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buber and Rayapeta to incorporate the teachings of Falk to provide the integrity check verifying unit IPVE generates an alarm signal and transmits the alarm signal to an operating person as well as initiating an operationally secure state for the network if the integrity check information of the receiver side deviates from the integrity check information of the transmitter side.  Doing so would allow for detection of manipulation of the transmitted control data, as recognized by Falk in para 12, line 22-28.
Buber does not teach wherein the transmitted and/or received messages between the communication partners are passively monitored.
Rayapeta teaches wherein the transmitted and/or received messages between the communication partners are passively monitored (para 24, line 1-16 and para 26, line 4-9; robustness agent located at one or more node interfaces analyzes the flow of message traffic into and out of a communication node for characteristics indicative of an attack).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buber to incorporate the teachings of Rayapeta to provide for robustness agent on node interface analyzing the flow of message traffic into and out of a communication node for characteristics indicative of an attack.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Regarding claim 10, Buber, Rayapeta, and Falk teach device of claim 9.
Buber does not teach the isolated message
Rayapeta teaches the isolated message (para 24, line 23-30; quarantine the message on the network communication)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buber to incorporate the teachings of Rayapeta to provide for quarantine of a message communicated between two nodes of a network.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Buber and Rayapeta do not teach correlation involves an association of the first integrity value with the at least second integrity value, with respect to the same message which is transmitted between the communication partners.
Falk teaches correlation involves an association of the first integrity value with the at least second integrity value, with respect to the same message which is transmitted between the communication partners (para 41, line 1-8; integrity check verification unit IPVE compares the integrity check information generated on the receiver side with that of the transmitter side).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buber and Rayapeta to incorporate the teachings of Falk to provide integrity check verification unit IPVE compares the integrity check information generated on the receiver side with that of the transmitter side.  Doing so would allow for detection of manipulation of the transmitted control data, as recognized by Falk in para 12, line 22-28.
Regarding claim 11, Buber, Rayapeta, and Falk teach device of claim 9.
Buber and Rayapeta do not teach the at least one first integrity reference value from a definable time window is compared with at least the second correlating integrity reference value from the same time window.
Falk teaches the at least one first integrity reference value from a definable time window is compared with at least the second correlating integrity reference value from the same time window (para 41, line 1-8 and para 52, line 1-6 and para 53, line 1-5; integrity check verification unit IPVE compares the integrity check information, containing a timestamp with value range within a particular timespan, generated on the receiver side with that of the transmitter side).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buber and Rayapeta to incorporate the teachings of Falk to provide integrity check verification unit IPVE compares the integrity check information, containing a timestamp with value range within a particular timespan, generated on the receiver side with that of the transmitter side.  Doing so would allow for detection of manipulation of the transmitted control data, as recognized by Falk in para 12, line 22-28.
Regarding claim 12, Buber, Rayapeta, and Falk teach device of claim 9.
Buber does not teach the device comprises at least one unit for synchronizing the isolation of at least one transmitted and/or received message between the communication partners, with reference to at least one definable filtering criterion.
Rayapeta teaches the device comprises at least one unit for synchronizing the isolation of at least one transmitted and/or received message between the communication partners, with reference to at least one definable filtering criterion (para 24, line 1-29 and para 27, line 1-6; quarantine a message communicated between two nodes, with an interface at each node, of a network and analyze if message may be indicative of an attack by determining characteristics of the message, such as a message type or a certain sender or receiver); 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buber to incorporate the teachings of Rayapeta to provide for quarantine of a message communicated between two nodes of a network and analyze if message may be indicative of an attack by determining characteristics of the message.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Regarding claim 13, Buber, Rayapeta, and Falk teach device of claim 9.
Buber and Rayapeta do not teach wherein, for communication between the communication partners, a communication protocol below level 3, also described as the network layer in the OSI reference model applied in communication technology, is employed.
	Falk teaches wherein, for communication between the communication partners, a communication protocol below level 3, also described as the network layer in the OSI reference model applied in communication technology, is employed (para 23, line 1-4 and para 36, line 1-13; data are transmitted between control units SEs where each control unit SE is connected to a gateway via a bus 5-1 in an Ethernet transmission network).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buber and Rayapeta to incorporate the teachings of Falk to provide data are transmitted between control units SEs where each control unit SE is connected to a gateway via a bus 5-1 in an Ethernet transmission network.  Doing so would allow for detection of manipulation of the transmitted control data, as recognized by Falk in para 12, line 22-28.
Regarding claim 14, Buber, Rayapeta, and Falk teach device of claim 9.
Buber does not teach wherein, for communication between the communication partners, a fieldbus communication protocol is employable.
Rayapeta teaches wherein, for communication between the communication partners, a fieldbus communication protocol is employable (para 36, line 1-4 and line 25-29; communication between various nodes on the network uses fieldbus protocol).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buber to incorporate the teachings of Rayapeta to provide for communication between various nodes on the network using fieldbus protocol.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Regarding claim 15, Buber, Rayapeta, and Falk teach device of claim 9.
Buber does not teach the at least one definable filtering criterion relates to a message type, a sender and/or receiver, a random message filtering function, a bandwidth and/or network load and/or a filterable message content, and/or any combination thereof.
Rayapeta teaches the at least one definable filtering criterion relates to a message type, a sender and/or receiver, a random message filtering function, a bandwidth and/or network load and/or a filterable message content, and/or any combination thereof (para 24, line 12-33; analyze if message may be indicative of an attack by determining characteristics of the message, such as a message type or a certain sender or receiver).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buber to incorporate the teachings of Rayapeta to provide for analyzing if message may be indicative of an attack by determining characteristics of the message, such as a message type or a certain sender or receiver.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Regarding claim 16, Buber, Rayapeta, and Falk teach device of claim 9.
Buber does not teach an isolated sent/received message
Rayapeta teaches an isolated sent/received message (para 24, line 5-11 and line 23-30; quarantined message into or out of a communication node)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buber to incorporate the teachings of Rayapeta to provide for quarantine of a message into or out of a communication node.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Buber and Rayapeta do not teach wherein, as an integrity reference value, a hash value of an sent/received message and/or elements thereof, and/or an accumulation of a plurality of filtered messages and/or elements thereof is employed.
Falk teaches wherein, as an integrity reference value, a hash value of an sent/received message and/or elements thereof, and/or an accumulation of a plurality of filtered messages and/or elements thereof is employed (para 43, line 1-8; integrity check information is formed by a hash value of at least part of the control data packet or a particular number of control data packets).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buber and Rayapeta to incorporate the teachings of Falk to provide integrity check information is formed by a hash value of at least part of the control data packet or a particular number of control data packets.  Doing so would allow for detection of manipulation of the transmitted control data, as recognized by Falk in para 12, line 22-28.
Regarding claim 17, Buber, Rayapeta, and Falk teach device of claim 9.
Buber and Rayapeta do not teach at least one channel for communication between the communication partners and at least one channel for the reception of the at least one first and/or the at least second integrity value are mutually independent.
Falk teaches at least one channel for communication between the communication partners and at least one channel for the reception of the at least one first and/or the at least second integrity value are mutually independent (para 39, line 1-16; transmitting control data and integrity check information from transmitter side to receiver side occurs over different networks or over different virtual local networks VLAN).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buber and Rayapeta to incorporate the teachings of Falk to provide transmitting control data and integrity check information from transmitter side to receiver side occurs over different networks or over different virtual local networks VLAN.  Doing so would allow for detection of manipulation of the transmitted control data, as recognized by Falk in para 12, line 22-28.
Regarding claim 18, Buber, Rayapeta, and Falk teach device of claim 9.
Buber does not teach wherein, for integrity checking, plausibility data, specifically projection data and/or configuration data and/or physical properties of the communication partners, data derived from a simulation and/or digital twinning data can be incorporated.
Rayapeta teaches wherein, for integrity checking, plausibility data, specifically projection data and/or configuration data and/or physical properties of the communication partners, data derived from a simulation and/or digital twinning data can be incorporated (para 53, line 1-28; analyze messages into and out of the nodes of the network for expected behavior using various traffic pattern statistics generated at any particular node which reflects the configuration of the network).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buber to incorporate the teachings of Rayapeta to provide for analyze messages for expected behavior using various traffic pattern statistics generated at any particular node which reflects the configuration of the network.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Regarding claim 19, Buber teaches a communication system for providing secure communication between at least two communication partners within a communication network capable of operating in real time, comprising at least two interfaces which are assigned to the communication partners, each having at least one unit for the constitution of an integrity reference value for a sent and/or received message (para 21, line 1-11 and para  61, line 1-17 and para 93, line 1-4; automation system contains numerous devices checked for manipulation as part of network, where a state of a device is up-to-date at the time of the check, where devices can be include input/output unit being able to be used to receive and/or transmit data), and 
Buber does not teach perform the passive monitoring
Rayapeta teaches perform the passive monitoring (para 24, line 1-16 and para 26, line 4-9; robustness agent located at one or more node interfaces analyzes the flow of message traffic into and out of a communication node for characteristics indicative of an attack)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buber to incorporate the teachings of Rayapeta to provide for node interface analyzing the flow of message traffic into and out of a communication node for characteristics indicative of an attack.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
for the transmission of the integrity reference value to at least one integrity reference value checking device as claimed in claim 9 (see rejection in claim 9).
Regarding claim 20, Buber, Rayapeta, and Falk teach system of claim 19.
Buber does not teach a unit for the isolation of at least one transmitted and/or received message between the communication partners on the basis of least one definable filtering criterion is further assigned to each interface, 
Rayapeta teaches a unit for the isolation of at least one transmitted and/or received message between the communication partners on the basis of least one definable filtering criterion is further assigned to each interface (para 24, line 1-29 and para 27, line 1-6; quarantine a message communicated between two nodes, with an interface at each node, of a network and analyze if message may be indicative of an attack by determining characteristics of the message, such as a message type or a certain sender or receiver), 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buber to incorporate the teachings of Rayapeta to provide for quarantine of a message communicated between two nodes of a network and analyze if message may be indicative of an attack by determining characteristics of the message.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6. 
Buber, Rayapeta, and Falk teaches wherein the at least one filtering criterion is synchronizable by means of the least one integrity reference value checking device (see rejection for claim 19).
Regarding claim 21, Buber, Rayapeta, and Falk teach system of claim 19.
Buber and Rayapeta do not teach the interface which is assigned to the message-receiving communication partner and/or which is assigned to the message-transmitting communication partner can moreover comprise a unit for the reception of an integrity value comparison result.
Falk teaches the interface which is assigned to the message-receiving communication partner and/or which is assigned to the message-transmitting communication partner can moreover comprise a unit for the reception of an integrity value comparison result (para 41, line 1-8; integrity check verification unit IPVE compares the integrity check information generated on the receiver side with that of the transmitter side)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buber and Rayapeta to incorporate the teachings of Falk to provide integrity check verification unit IPVE compares the integrity check information generated on the receiver side with that of the transmitter side.  Doing so would allow for detection of manipulation of the transmitted control data, as recognized by Falk in para 12, line 22-28. 
Buber, Rayapeta, and Falk teaches a unit for the reception of an integrity value comparison result from the least one integrity reference value checking device (see rejection for claim 19).
Regarding claim 22, Buber, Rayapeta, and Falk teach system of claim 21.
Buber and Rayapeta do not teach the interface further comprises an output unit for the delivery of a warning and/or alarm signal to an authority for the initiation of corresponding counter-measures, depending upon the integrity value comparison result.
Falk teaches the interface further comprises an output unit for the delivery of a warning and/or alarm signal to an authority for the initiation of corresponding counter-measures, depending upon the integrity value comparison result (para 42, line 19-48; the integrity check verifying unit IPVE generates an alarm signal and transmits the alarm signal to an operating person as well as initiating an operationally secure state for the network if the integrity check information of the receiver side deviates from the integrity check information of the transmitter side).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buber and Rayapeta to incorporate the teachings of Falk to provide the integrity check verifying unit IPVE generates an alarm signal and transmits the alarm signal to an operating person as well as initiating an operationally secure state for the network if the integrity check information of the receiver side deviates from the integrity check information of the transmitter side.  Doing so would allow for detection of manipulation of the transmitted control data, as recognized by Falk in para 12, line 22-28.
Regarding claim 24, Buber, Rayapeta, and Falk teach system of claim 19.
Buber and Rayapeta do not teach wherein, for communication between the communication partners, a communication protocol below level 3, also described as the network layer in the OSI reference model applied in communication technology, is employable.
	Falk teaches wherein, for communication between the communication partners, a communication protocol below level 3, also described as the network layer in the OSI reference model applied in communication technology, is employable (para 23, line 1-4 and para 36, line 1-13; data are transmitted between control units SEs where each control unit SE is connected to a gateway via a bus 5-1 in an Ethernet transmission network).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buber and Rayapeta to incorporate the teachings of Falk to provide data are transmitted between control units SEs where each control unit SE is connected to a gateway via a bus 5-1 in an Ethernet transmission network.  Doing so would allow for detection of manipulation of the transmitted control data, as recognized by Falk in para 12, line 22-28.
Regarding claim 25, Buber, Rayapeta, and Falk teach system of claim 19.
	Buber does not teach wherein, for communication between the communication partners, a fieldbus communication protocol is employable.
Rayapeta teaches wherein, for communication between the communication partners, a fieldbus communication protocol is employable (para 36, line 1-4 and line 25-29; communication between various nodes on the network uses fieldbus protocol).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buber to incorporate the teachings of Rayapeta to provide for communication between various nodes on the network using fieldbus protocol.  Doing so would allow for detecting intrusions into control and maintenance communications networks, such as those used in process and industrial control systems, based on traffic detection and filtering within the plant communications networks, as recognized by Rayapeta in para 1, line 1-6.
Regarding claim 26, Buber, Rayapeta, and Falk teach system of claim 19.
Buber and Rayapeta do not teach the communication between the communication partners and the communication between the respective interface and the device for integrity checking can be executed in mutually independent channels.
Falk teaches the communication between the communication partners and the communication between the respective interface and the device for integrity checking can be executed in mutually independent channels (para 39, line 1-16; transmitting control data and integrity check information from transmitter side to receiver side occurs over different networks or over different virtual local networks VLAN).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buber and Rayapeta to incorporate the teachings of Falk to provide transmitting control data and integrity check information from transmitter side to receiver side occurs over different networks or over different virtual local networks VLAN.  Doing so would allow for detection of manipulation of the transmitted control data, as recognized by Falk in para 12, line 22-28.
Regarding claim 27, Buber teaches a computer program product comprising a computer readable hardware storage device having computer readable program code stored therein, said program code executable by a processor of a computer system to implement a method, at least one computer program (para 92, line 1-7; program code on a storage medium and processed by at least one computing unit comprising a processor), 
Buber, Rayapeta, and Falk teaches having means for the execution of the method as claimed in claim 1 (see rejection for claim 1).
Conclusion
4.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following are relevant prior arts:  Bare et al. (US  Pub. 20060168265) discloses assuring integrity of a data set between multiple devices, where a first integrity mechanism is calculated and the first integrity mechanism are sent from the first device to at least a second device.; Cha et al. (US Pub. 20110265158) discloses an integrated solution in the M2ME, the M2ME supports integrity checks of the software code and data that make up the TRE code base and a network entity may be a PVA 150 which has validated the integrity of the TRE; Zisowski (US Pub. 20030188174) discloses protecting the integrity of a computer program running on a computer device includes a procedure of detecting of an unauthorized modification between at least two communication parties.
5.	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
6.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to NHAN H NGUYEN whose telephone number is (571)272-6443.  The examiner can normally be reached on Monday-Friday 8:30am - 4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/NHAN HUU NGUYEN/Examiner, Art Unit 2492

/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492