DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 12 and 13 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 12 recites the limitation "fourth data" twice in [Page 4 Line 19 and Page 5 Line 1].  There is insufficient antecedent basis for this limitation in the claim. The issue is: “fourth data” is not recited anywhere in claim 9.
Claim 13 recites the limitation "fourth data" twice in [Line 3 and Line 4].  There is insufficient antecedent basis for this limitation in the claim. The issue is: “fourth data” is not recited anywhere in claim 9.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1 - 20 are rejected under 35 U.S.C. 103 as being unpatentable over Koval et al US PGPUB No. 20190260204 in view of Coyle US PGPUB No. 20210067329.

Regarding Claim 1. Koval teaches: a system comprising: 
an intelligent electronic device (IED); ([Koval ¶0172] “The system of FIG . 10 includes a Meter Data Cloud Server , which may represent any of servers 424 , 524 , 530 , 630 , etc . , for communicating with and receiving data from a plurality of devices 702 e . g . , IEDs 410 , 412 , 414 , 410 , 512 , 514 , 610 , 612 , 614 .”) and 
a proxy device communicatively coupled to the IED ([Koval ¶0172] “The system of FIG . 10 includes a Meter Data Cloud Server , which may represent any of servers 424 , 524 , 530 , 630 , etc . , for communicating with and receiving data from a plurality of devices 702 e . g . , IEDs 410 , 412 , 414 , 410 , 512 , 514 , 610 , 612 , 614 .”) …  wherein the proxy device is configured to perform operations comprising: 
receiving permissions data; ([Koval ¶0273] “Referring to FIG . 13B, one example may be a meter ' s programmable settings may be updated by User A ( e . g . , client 428 / 528 / 628) posting Message A , which contains the settings to be changed , along with the update programmable settings command , to the Message Queue A 1006 on server 424 / 524 , ( step 1012 )”  [Koval ¶0193] “One improvement to the production registration of meters 702 would be to provide a unique key , generated by the Meter Data Cloud server 424 / 524 during registration , to the customer that purchased the meter 702 .” Thus one of the clients post the message containing data related to a key (permission data) for first authentication.)
receiving a request to perform an action associated with the IED; ([Koval ¶0193] “Such a key may then be used by the customer to add the meter 702 to the list of meters they own in the Meter Data Cloud server 424 / 524” Thus, the first data is to be processed by the meter data cloud 424/524 to determine the action if meter is valid for registration.)  
determining whether the action is authorized based on the permissions data; ([Koval ¶0186] “One problem created by allowing meters 702 to self - register is that without a user entering the registration information , the server 424 / 524 cannot verify that the meter 702 being registered is valid. One embodiment of registration verification is to keep a list of all valid devices 702 in the Meter Data Cloud 424 / 524. The list of valid devices may be stored along with the list of active devices in list 706 ( i . e . , a database ) . Such a list 706 may be used to verify each meter 702 as it attempts to be registered” Thus, the meter data cloud processes the data (key values) to valid the registration for IED device (meter).) and 
transmitting data to the IED … in response to determining that the action is authorized. ([Koval ¶0186] “One example may be when a valid meter 702 attempts to register with the Cloud Server 424 / 524 (i . e, a processor or communication module sends a registration request 704 to server 424 / 524), the server 424 / 524 checks the serial number of the meter 702 against the list of valid devices 706 , and finding the meter 702 to be valid , allows the meter 702 to continue registration.” [Koval ¶0273] “In step 1014, a processor and / or communication module of the Meter A would read Message A , and update Meter A ' s settings …” Thus, on the process of continuation of registration validated by meter cloud server 424/524, the Message A posted by the user to 424/524 server is transmitted to IED meter to be read.)”
But Koval fails to disclose:
… via a Media Access Control (MACsec) communication link …
… via the MACsec communication link …
However, Coyle teaches:
… via a Media Access Control (MACsec) communication link … …([Coyle ¶0020] “Each authenticated dual - mode peer device 102a 102N establishes a plurality of secured data links 104 between one another , which allows for the exchange of secured user data such as , for example , 802.1X EAPOL and MACsec secured user data . The collection of data links 104 defines a group connectivity association ( CA ) 106 of service access points secured by a shared group key to form a local area network ( LAN ) 108 such as , for example , a LAN cloud network . In one or more embodiments , the group CA 106 operates according to IEEE 802.1X and MACsec protocols .” Thus, the devices can communicate through each other by using datalink with MACsec protocols.)
… via the MACsec communication link … …([Coyle ¶0020] “Each authenticated dual - mode peer device 102a 102N establishes a plurality of secured data links 104 between one another , which allows for the exchange of secured user data such as , for example , 802.1X EAPOL and MACsec secured user data . The collection of data links 104 defines a group connectivity association ( CA ) 106 of service access points secured by a shared group key to form a local area network ( LAN ) 108 such as , for example , a LAN cloud network . In one or more embodiments , the group CA 106 operates according to IEEE 802.1X and MACsec protocols .” Thus, the devices can communicate through each other by using datalink with MACsec protocols.)
Therefore, before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Koval’s system of configuring, collecting, viewing and analyzing the meter data by enhancing Koval’s system by including MACsec protocol as taught by Coyle for continuously protecting the Layer 2 (data link) user data through an authenticator module with MACsec protocol (Coyle ¶0017)
The motivation is to improve Koval’s system of configuring, collecting, viewing and analyzing the meter data by further including the MACsec protocol for continuously protecting the Layer 2 (data link) user data through an authenticator module with MACsec protocol (Coyle ¶0017).
Regarding Claim 2: Koval in view of Coyle teaches: the system of claim 1, wherein the proxy device is configured to perform operations comprising receiving data indicative of the action (([Koval ¶0273] “Referring to FIG . 13B, one example may be a meter ' s programmable settings may be updated by User A ( e . g . , client 428 / 528 / 628) posting Message A , which contains the settings to be changed , along with the update programmable settings command , to the Message Queue A 1006 on server 424 / 524 , ( step 1012 )”  [Koval ¶0193] “One improvement to the production registration of meters 702 would be to provide a unique key , generated by the Meter Data Cloud server 424 / 524 during registration , to the customer that purchased the meter 702 .” Thus one of the clients post the message containing data related to a key (permission data) for first authentication. [Koval ¶0193] “Such a key may then be used by the customer to add the meter 702 to the list of meters they own in the Meter Data Cloud server 424 / 524” Thus, the first data is to be processed by the meter data cloud 424/524 to determine the action if meter is valid for registration. and relaying the data to the IED … in response to determining that the action is authorized. ([Koval ¶0186] “One example may be when a valid meter 702 attempts to register with the Cloud Server 424 / 524 (i . e, a processor or communication module sends a registration request 704 to server 424 / 524), the server 424 / 524 checks the serial number of the meter 702 against the list of valid devices 706 , and finding the meter 702 to be valid , allows the meter 702 to continue registration.” [Koval ¶0273] “In step 1014, a processor and / or communication module of the Meter A would read Message A , and update Meter A ' s settings …” Thus, on the process of continuation of registration validated by meter cloud server 424/524, the Message A posted by the user to 424/524 server is transmitted to IED meter to be read.)  
	But Koval fails to disclose:
	… via the MACsec communication link …
	However, Coyle teaches:
	… via the MACsec communication link … ([Coyle ¶0020] “Each authenticated dual - mode peer device 102a 102N establishes a plurality of secured data links 104 between one another , which allows for the exchange of secured user data such as , for example , 802.1X EAPOL and MACsec secured user data . The collection of data links 104 defines a group connectivity association ( CA ) 106 of service access points secured by a shared group key to form a local area network ( LAN ) 108 such as , for example , a LAN cloud network . In one or more embodiments , the group CA 106 operates according to IEEE 802.1X and MACsec protocols .” Thus, the devices can communicate through each other by using datalink with MACsec protocols.)
Therefore, before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Koval’s system of configuring, collecting, viewing and analyzing the meter data by enhancing Koval’s system by including MACsec protocol as taught by Coyle for continuously protecting the Layer 2 (data link) user data through an authenticator module with MACsec protocol (Coyle ¶0017)
The motivation is to improve Koval’s system of configuring, collecting, viewing and analyzing the meter data by further including the MACsec protocol for continuously protecting the Layer 2 (data link) user data through an authenticator module with MACsec protocol (Coyle ¶0017). 
 
Regarding Claim 3: Koval in view of Coyle teaches: the system of claim 1, Koval teaches wherein the proxy device is configured to perform operations comprising receiving the request from a computing device ([Koval ¶0273] “Referring to FIG . 13B, one example may be a meter ' s programmable settings may be updated by User A ( e . g . , client 428 / 528 / 628) posting Message A , which contains the settings to be changed , along with the update programmable settings command , to the Message Queue A 1006 on server 424 / 524 , ( step 1012 )”  [Koval ¶0193] “One improvement to the production registration of meters 702 would be to provide a unique key , generated by the Meter Data Cloud server 424 / 524 during registration , to the customer that purchased the meter 702 .” ([Koval ¶0193] “Such a key may then be used by the customer to add the meter 702 to the list of meters they own in the Meter Data Cloud server 424 / 524” Thus, the proxy devices (Meter data cloud server) process the request of registration.) and blocking data from being transmitted from the computing device to the IED in response to determining that the action is not authorized. ([Koval ¶0098] “A firewall 418 is disposed between the internal network 416 and external network 422 to prevent unauthorized access from outside the internal network 416 to the IEDs or meters 410 , 412 , 414 .” The firewall prevents the data flow to the IEDS or meters in case of an unauthorized access.)
 
Regarding Claim 4: Koval in view of Coyle teaches the system of claim 1, Koval teaches wherein the permissions data comprises an authentication token. ([Koval ¶0110] “in another embodiment , each IED 610 , 612 , 614 and each client device 628 may be configured as a server to create a peer - to - peer network , token ring or a combination of any such topology .” Therefore, the authentication token contained in the permissions data in case of “token ring” topology is possible.)

Regarding Claim 5: Koval in view of Coyle teaches the system of claim 1, Koval teaches wherein the proxy device is configured to perform operations comprising: 
processing the permissions data to determine a set of authorized IEDs; ([Koval ¶0234] “a unique identifier which is associated with all meter information , here called a UID , i . e . , unique identifier” [Koval ¶0238] “In one embodiment , the UID may restrict what data a user can query . Such UID ' s may be improved by config uring server 424 / 524 to associate UID ' s with each other , thereby allowing UID ' s that are associated to access each other ' s data . One example may be for User A to be associated with Customer A , and Customer A to be associated with Meter A , B , and C , whereby User A would have access to Meter A , B , and C ' s data .” So a permission data (UID)can be used to authorize a set of IEDs or meters.) and 
determining whether the set of authorized IEDs includes the IED associated with the request. ([Koval ¶0238] “Another example may be for User B and User C to be associated with Customer B , and User B to be associated with Meter D , E , and F . In such an example User B would have access to Meter D , E , and F , but not to User C.” Therefore, the authorized IED (meter D, E, and F) are included to the request of user B not to the request of User C.)  

Regarding Claim 6: Koval in view of Coyle teaches the system of claim 1, Koval teaches wherein the proxy device is configured to perform operations comprising: 
processing the permissions data to determine a set of authorized actions; ([Koval ¶0227] “One example of such a Meter Data Cloud server 424 / 524 may be a collection of servers and components that include , but are not limited to , a Web Server to present web files , a file storage for storage of data and static web resources , a Web Service provider to accept meter pushed data points and perform dynamic interactions with clients , a database to store the meter data points uploaded , a user manager to authorize user credentials during login , and a system logger to audit user actions and monitor performance .” Therefore, based on the credential of authorized user, the system (Meter Data Cloud Server 424/524) audit the user actions and monitoring the performance.) and 
determining whether the set of authorized actions includes the action associated with the request. ([Koval ¶0186] “One example may be when a valid meter 702 attempts to register with the Cloud Server 424 / 524 ( i . e . , a processor or communication module sends a registration request 704 to server 424 / 524 ) , the server 424 / 524 checks the serial number of the meter 702 against the list of valid devices 706 , and finding the meter 702 to be valid , allows the meter 702 to continue registration . Another example may be when an invalid meter , such as malicious host , attempts to register with the Meter Data Cloud server 424 / 524 , the server 424 / 524 checks the serial number of the meter 702 against the list of valid devices 706 , and not finding the meter 702 to be valid , rejects the meter 702 from continuing registration .” So, acceptance/rejection of registration to a meter IDE 702 is to be determined the request (serial number of the meter).) 

Regarding Claim 7: The system of claim 1, wherein the proxy device is configured to perform operations comprising: 
determining a target operation of the IED based on the request; ([Koval ¶0193] “One improvement to the production registration of meters 702 would be to provide a unique key , generated by the Meter Data Cloud server 424 / 524 during registration , to the customer that purchased the meter 702 .” [Koval ¶0193] “Such a key may then be used by the customer to add the meter 702 to the list of meters they own in the Meter Data Cloud server 424 / 524” [Koval ¶0186] “ One embodiment of registration verification is to keep a list of all valid devices 702 in the Meter Data Cloud 424 / 524. The list of valid devices may be stored along with the list of active devices in list 706 ( i . e . , a database ) . Such a list 706 may be used to verify each meter 702 as it attempts to be registered” Thus, the request data (unique key) determines the targeted IED though the data base of the Meter data Cloud.). and
transmitting the data to the IED … to cause the IED to operate based on the target operation. ([Koval ¶0186] “One example may be when a valid meter 702 attempts to register with the Cloud Server 424 / 524 (i . e, a processor or communication module sends a registration request 704 to server 424 / 524), the server 424 / 524 checks the serial number of the meter 702 against the list of valid devices 706 , and finding the meter 702 to be valid , allows the meter 702 to continue registration.” [Koval ¶0273] “In step 1014, a processor and / or communication module of the Meter A would read Message A , and update Meter A ' s settings …” Thus, on the process of continuation of registration validated by meter cloud server 424/524, the Message A posted by the user to 424/524 server is transmitted to IED meter to be read.)
But Koval fails to disclose:
… via the MACsec communication link … 
However, Coyle teaches:
… via the MACsec communication link … ([Coyle ¶0020] “Each authenticated dual - mode peer device 102a 102N establishes a plurality of secured data links 104 between one another , which allows for the exchange of secured user data such as , for example , 802.1X EAPOL and MACsec secured user data . The collection of data links 104 defines a group connectivity association ( CA ) 106 of service access points secured by a shared group key to form a local area network ( LAN ) 108 such as , for example , a LAN cloud network . In one or more embodiments , the group CA 106 operates according to IEEE 802.1X and MACsec protocols .” Thus, the devices can communicate through each other by using datalink with MACsec protocols.)
Therefore, before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Koval’s system of configuring, collecting, viewing and analyzing the meter data by enhancing Koval’s system by including MACsec protocol as taught by Coyle for continuously protecting the Layer 2 (data link) user data through an authenticator module with MACsec protocol (Coyle ¶0017)
The motivation is to improve Koval’s system of configuring, collecting, viewing and analyzing the meter data by further including the MACsec protocol for continuously protecting the Layer 2 (data link) user data through an authenticator module with MACsec protocol (Coyle ¶0017).
 
Regarding Claim 8: Koval in view of Coyle teaches the system of claim 1, wherein the action comprises retrieving information associated with the IED, ([Koval ¶0172] “The system of FIG . 10 includes a Meter Data Cloud Server , which may represent any of servers 424 , 524 , 530 , 630 , etc . , for communicating with and receiving data from a plurality of devices 702 e . g . , IEDs 410 , 412 , 414 , 410 , 512 , 514 , 610 , 612 , 614 .” So, the data can be received from IEDs.) and the proxy device is configured to perform operations comprising: transmitting the data to the IED … to retrieve the information in response to determining that the action is authorized; and transmitting the information received from the IED. ([Koval ¶0186] “One example may be when a valid meter 702 attempts to register with the Cloud Server 424 / 524 (i . e, a processor or communication module sends a registration request 704 to server 424 / 524), the server 424 / 524 checks the serial number of the meter 702 against the list of valid devices 706 , and finding the meter 702 to be valid , allows the meter 702 to continue registration.” [Koval ¶0273] “In step 1014, a processor and / or communication module of the Meter A would read Message A , and update Meter A ' s settings … After updating Meter A ' s settings , the processor or communication module of Meter A , e . g . , IED 702 , would post success with Message B to Message Queue A , in step 1018 . User A would subsequently read Message B to be notify that the updating of Meter A ' s settings were successful , in step 1020 .” Thus, on the process of continuation of registration validated by meter cloud server 424/524, the Message A posted by the user to 424/524 server is transmitted to IED meter to be read and after updating the IED meter sends back a message to the meter cloud server (step 1018) and ultimately this message is sent to client device (step 1020).)  
	But Koval fails to disclose:
	… via the MACsec communication link …
	However, Coyle teaches:
… via the MACsec communication link … ([Coyle ¶0020] “Each authenticated dual - mode peer device 102a 102N establishes a plurality of secured data links 104 between one another , which allows for the exchange of secured user data such as , for example , 802.1X EAPOL and MACsec secured user data . The collection of data links 104 defines a group connectivity association ( CA ) 106 of service access points secured by a shared group key to form a local area network ( LAN ) 108 such as , for example , a LAN cloud network . In one or more embodiments , the group CA 106 operates according to IEEE 802.1X and MACsec protocols .” Thus, the devices can communicate through each other by using datalink with MACsec protocols.)
Therefore, before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Koval’s system of configuring, collecting, viewing and analyzing the meter data by enhancing Koval’s system by including MACsec protocol as taught by Coyle for continuously protecting the Layer 2 (data link) user data through an authenticator module with MACsec protocol (Coyle ¶0017)
The motivation is to improve Koval’s system of configuring, collecting, viewing and analyzing the meter data by further including the MACsec protocol for continuously protecting the Layer 2 (data link) user data through an authenticator module with MACsec protocol (Coyle ¶0017).

Regarding Claim 9: Koval teaches: a proxy device for an electric power distribution system ([Koval ¶0172] “The system of FIG . 10 includes a Meter Data Cloud Server , which may represent any of servers 424 , 524 , 530 , 630 , etc . , for communicating with and receiving data from a plurality of devices 702 e . g . , IEDs 410 , 412 , 414 , 410 , 512 , 514 , 610 , 612 , 614 .”), the proxy device comprising: 
processing circuitry; ([Koval ¶0273] “As shown in FIG . 13A , server 424 / 524 includes at least one processor 1002 and at least one memory 1006 .”) and 
a memory comprising instructions that, when executed by the processing circuitry, are configured to cause the processing circuitry ([Koval ¶00273] to perform operations comprising: 
receiving first permissions data associated with a first user from a first computing device; ([Koval ¶0273] “Referring to FIG . 13B, one example may be a meter ' s programmable settings may be updated by User A ( e . g . , client 428 / 528 / 628) posting Message A , which contains the settings to be changed , along with the update programmable settings command , to the Message Queue A 1006 on server 424 / 524 , ( step 1012 )”  [Koval ¶0193] “One improvement to the production registration of meters 702 would be to provide a unique key , generated by the Meter Data Cloud server 424 / 524 during registration , to the customer that purchased the meter 702 .” Thus one (say first) of the client computing devices (say 428, 428/528/628) post the message containing data related to a key (first permission data) for first authentication.) 
receiving second permissions data associated with a second user from a second computing device; ([Koval ¶0273] “Referring to FIG . 13B, one example may be a meter ' s programmable settings may be updated by User A (e. g., client 428 / 528 / 628) posting Message A , which contains the settings to be changed , along with the update programmable settings command , to the Message Queue A 1006 on server 424 / 524 , ( step 1012 )” [Koval ¶0194] “One method of distributing such a unique key may be by programming it into the meter 702 . In such a system, the user may then query the unique key from the meter 702 using a software , such as a webpage on the meter 702 , and then enter it into the Meter Data Cloud server 424 / 524” Thus, second client computing device (among 428/528/628, say 528) posts the message containing data (second permission data) related to unique key obtained by using a software.)
 receiving first data from the first computing device, wherein the first data comprises performing a first action associated with an IED of the electric power distribution system; ([Koval ¶0193] “Such a key may then be used by the customer to add the meter 702 to the list of meters they own in the Meter Data Cloud server 424 / 524” Thus, the first data is to be processed by the meter data cloud 424/524 to determine the meter is valid for registration.) 
processing the first data based on the first permissions data to determine that the first action is authorized; ([Koval ¶0186] “One problem created by allowing meters 702 to self - register is that without a user entering the registration information , the server 424 / 524 cannot verify that the meter 702 being registered is valid. One embodiment of registration verification is to keep a list of all valid devices 702 in the Meter Data Cloud 424 / 524. The list of valid devices may be stored along with the list of active devices in list 706 ( i . e . , a database ) . Such a list 706 may be used to verify each meter 702 as it attempts to be registered” Thus, the meter data cloud processes the data (key values) to valid the registration.)
transmitting second data to the IED … in response to determining that the first action is authorized; ([Koval ¶0186] “One example may be when a valid meter 702 attempts to register with the Cloud Server 424 / 524 (i . e, a processor or communication module sends a registration request 704 to server 424 / 524), the server 424 / 524 checks the serial number of the meter 702 against the list of valid devices 706 , and finding the meter 702 to be valid , allows the meter 702 to continue registration.” [Koval ¶0273] “In step 1014, a processor and / or communication module of the Meter A would read Message A , and update Meter A ' s settings …” Thus, on the process of continuation of registration validated by meter cloud server 424/524, the Message A posted by the user to 424/524 server is transmitted to IED meter to be read.)”
receiving third data from the second computing device, wherein the third data comprises performing a second action associated with the IED of the electric power distribution system; ([Koval ¶0273] “Referring to FIG . 13B, one example may be a meter ' s programmable settings may be updated by User A (e. g., client 428 / 528 / 628) posting Message A , which contains the settings to be changed , along with the update programmable settings command , to the Message Queue A 1006 on server 424 / 524 , ( step 1012 )” [Koval ¶0189] “One example may be a meter 702 purchased by customer ABC , then registered and associated with customer ABC by Meter Data Cloud server in list 722 .” Thus, third data related to the ownership may be posted from second computing device (say 528 from 428/528/628) as indicated and illustrated in the earlier claim limitation.) 
processing the third data based on the second permissions data to determine that the second action is not authorized; ([Koval ¶0189] “In such a system , since the meter 702 has customer ABC listed as the owner of that meter 702 , but the user is attempting to associate the meter 702 with customer DEF , the Cloud Server 424 / 524 prevents the meter 702 from being associated with customer DEF” Thus, the meter cloud server cloud determine that the permission data (Data for customer DEF) would not be authorized to access IED meter 702.) and 
blocking the second action from being performed in response to determining that the second action is not authorized. ([Koval ¶0189] “a meter 702 purchased by customer ABC , then registered and attempted to be associated with customer DEF in the Meter Data Cloud server 424 / 524 . In such a system , since the meter 702 has customer ABC listed as the owner of that meter 702 , but the user is attempting to associate the meter 702 with customer DEF , the Cloud Server 424 / 524 prevents the meter 702 from being associated with customer DEF” Thus, the second action (registering of the user DEF instead of ABC) is blocked.)
But Koval fails to disclose:
… via a MACsec communication link …
However, 
Coyle teaches:
… via a MACsec communication link …([Coyle ¶0020] “Each authenticated dual - mode peer device 102a 102N establishes a plurality of secured data links 104 between one another , which allows for the exchange of secured user data such as , for example , 802.1X EAPOL and MACsec secured user data . The collection of data links 104 defines a group connectivity association ( CA ) 106 of service access points secured by a shared group key to form a local area network ( LAN ) 108 such as , for example , a LAN cloud network . In one or more embodiments , the group CA 106 operates according to IEEE 802.1X and MACsec protocols .” Thus, the devices can communicate through each other by using datalink with MACsec protocols.)
Therefore, before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Koval’s system of configuring, collecting, viewing and analyzing the meter data by enhancing Koval’s system by including MACsec protocol as taught by Coyle for continuously protecting the Layer 2 (data link) user data through an authenticator module with MACsec protocol (Coyle ¶0017)
The motivation is to improve Koval’s system of configuring, collecting, viewing and analyzing the meter data by further including the MACsec protocol for continuously protecting the Layer 2 (data link) user data through an authenticator module with MACsec protocol (Coyle ¶0017).  

Regarding Claim 10: Koval in view of Coyle teaches the proxy device of claim 9, Koval teaches wherein the first action and the second action comprise the same action. ([Koval ¶0192] “… a unique identifier for the meter 702 with the Meter Data Cloud server 424 / 524 , or the ApiKey for the meter 702 to use when uploading data to the Meter Data Cloud server 424 / 524 .” Therefore, two different parameters (a unique identifier for the meter, ApiKey for the meter 702 might be used for two actions (first and second). [Koval ¶0193] “Such a key may then be used by the customer to add the meter 702 to the list of meters they own in the Meter Data Cloud server 424 / 524” Thus, two actions initiated by two different parameters may comprise one action of valid registration of meter IED 702)   
  
Regarding Claim 11: Koval in view of Coyle teaches the proxy device of claim 9, Koval teaches wherein the instructions, when executed by the processing circuitry ([Koval ¶0273] “As shown in FIG . 13A , server 424 / 524 includes at least one processor 1002 and at least one memory 1006 .”) are configured to cause the processing circuitry to perform operations comprising:
receiving fourth data from the second computing device ([Koval ¶0273] “Referring to FIG . 13B, one example may be a meter ' s programmable settings may be updated by User A ( e . g . , client 428 / 528 / 628) posting Message A , which contains the settings to be changed , along with the update programmable settings command , to the Message Queue A 1006 on server 424 / 524 , ( step 1012 )”   [Koval ¶0234] “a unique identifier which is associated with all meter information, here called a UID , i . e . , unique identifier”) Therefore, fourth data related to UID may be posted from second computing device (say 528 form 428/528/628)), wherein the fourth data comprises performing a third action associated with the IED of the electric power distribution system ([Koval ¶0238] “In one embodiment , the UID may restrict what data a user can query . Such UID ' s may be improved by config uring server 424 / 524 to associate UID ' s with each other , thereby allowing UID ' s that are associated to access each other ' s data . One example may be for User A to be associated with Customer A , and Customer A to be associated with Meter A , B , and C , whereby User A would have access to Meter A , B , and C ' s data .” Therefore, the use of UID (fourth data might be used for accessing data of Meter A, B, and C (third action)); 
processing the fourth data based on the second permissions data to determine that the third action is authorized; ([Koval ¶0186] “One problem created by allowing meters 702 to self - register is that without a user entering the registration information , the server 424 / 524 cannot verify that the meter 702 being registered is valid. One embodiment of registration verification is to keep a list of all valid devices 702 in the Meter Data Cloud 424 / 524. The list of valid devices may be stored along with the list of active devices in list 706 ( i . e . , a database ) . Such a list 706 may be used to verify each meter 702 as it attempts to be registered” [Koval ¶0189] “Such a list of valid devices 706 may be improved by associating the customer that purchased the device with the device in the valid list 706 . This association may be stored in database having a list of valid customers 722 within server 424 / 524” Therefore the improved list 706 related to the device and users can have the UID (fourth data) and unique key obtained by using a software (second data) together process the authorization of third action (say, accessing data from three different meter A, B, C). 
transmitting fifth data to the IED … in response to determining that the third action is authorized. ([Koval ¶0186] “One example may be when a valid meter 702 attempts to register with the Cloud Server 424 / 524 (i . e, a processor or communication module sends a registration request 704 to server 424 / 524), the server 424 / 524 checks the serial number of the meter 702 against the list of valid devices 706 , and finding the meter 702 to be valid , allows the meter 702 to continue registration.” [Koval ¶0273] “In step 1014, a processor and / or communication module of the Meter A would read Message A , and update Meter A ' s settings …” Thus, on the process of continuation of registration validated by meter cloud server 424/524, the Message A (which contains the fifth data as mentioned in earlier claim limitation) posted by the user to 424/524 server is transmitted to IED meter to be read.)
But Koval fails to disclose:
… via the MACsec communication link …
However, Coyle teaches:
… via the MACsec communication link … ([Coyle ¶0020] “Each authenticated dual - mode peer device 102a 102N establishes a plurality of secured data links 104 between one another , which allows for the exchange of secured user data such as , for example , 802.1X EAPOL and MACsec secured user data . The collection of data links 104 defines a group connectivity association ( CA ) 106 of service access points secured by a shared group key to form a local area network ( LAN ) 108 such as , for example , a LAN cloud network . In one or more embodiments , the group CA 106 operates according to IEEE 802.1X and MACsec protocols .” Thus, the devices can communicate through each other by using datalink with MACsec protocols.)
Therefore, before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Koval’s system of configuring, collecting, viewing and analyzing the meter data by enhancing Koval’s system by including MACsec protocol as taught by Coyle for continuously protecting the Layer 2 (data link) user data through an authenticator module with MACsec protocol (Coyle ¶0017)
The motivation is to improve Koval’s system of configuring, collecting, viewing and analyzing the meter data by further including the MACsec protocol for continuously protecting the Layer 2 (data link) user data through an authenticator module with MACsec protocol (Coyle ¶0017).
  
Regarding Claim 12: Koval in view of Coyle teaches the proxy device of claim 9, Koval teaches wherein the instructions, when executed by the processing circuitry ([Koval ¶0273] “As shown in FIG . 13A , server 424 / 524 includes at least one processor 1002 and at least one memory 1006 .”), are configured to cause the processing circuitry to perform operations comprising transmitting fourth data to the second computing device in response to determining that the second action is not authorized, wherein the fourth data is indicative that the second action is not authorized. [Koval ¶0273] “Referring to FIG . 13B, one example may be a meter ' s programmable settings may be updated by User A ( e . g . , client 428 / 528 / 628) posting Message A , which contains the settings to be changed , along with the update programmable settings command , to the Message Queue A 1006 on server 424 / 524 , ( step 1012 )”   [Koval ¶0234] “a unique identifier which is associated with all meter information, here called a UID , i . e . , unique identifier”) Therefore, fourth data related to UID may be posted from first computing device (say 428 form 428/528/628) [[Koval ¶0186] “Another example may be when an invalid meter, such as malicious host, attempts to register with the Meter Data Cloud server 424 / 524, the server 424 / 524 checks the serial number of the meter 702 against the list of valid devices 706, and not finding the meter 702 to be valid, rejects the meter 702 from continuing registration.” Thus, the registration of meter IED is failed when a mischievous data (fourth data may be mischievous) is used to resister. [Koval ¶0273] “wherein a processor and / or communication device of the meter 702 periodically queries the message queue 1006 for new commands and data requests, and a user posts requests into the queue 1006 . In such a system , the meter 702 would respond to the user by posting a message to the queue 1006 for the user” So as per this recitation, any respond can be posted by the IDE meter 702 to the user (say user computing device 428/528/628) to the message queue. Thus, the respond related to mischievous data can be transmitted to the user (in our case let us consider it is first computing device say 428.)    

Regarding Claim 13: Koval in view of Coyle teaches the proxy device of claim 9, wherein the instructions, when executed by the processing circuitry ([Koval ¶0273] “As shown in FIG . 13A , server 424 / 524 includes at least one processor 1002 and at least one memory 1006 .”), are configured to cause the processing circuitry to perform operations comprising transmitting fourth data to the first computing device in response to determining that the first action is authorized, wherein the fourth data is indicative that the first action is being performed. ([Koval ¶0273] “Referring to FIG . 13B, one example may be a meter ' s programmable settings may be updated by User A ( e . g . , client 428 / 528 / 628) posting Message A , which contains the settings to be changed , along with the update programmable settings command , to the Message Queue A 1006 on server 424 / 524 , ( step 1012 )”   [Koval ¶0234] “a unique identifier which is associated with all meter information, here called a UID , i . e . , unique identifier”) Therefore, fourth data related to UID may be posted from first computing device (say 428 form 428/528/628) [Koval ¶0186] “One example may be when a valid meter 702 attempts to register with the Cloud Server 424 / 524 (i . e, a processor or communication module sends a registration request 704 to server 424 / 524), the server 424 / 524 checks the serial number of the meter 702 against the list of valid devices 706 , and finding the meter 702 to be valid , allows the meter 702 to continue registration.” [Koval ¶0273] “In step 1014, a processor and / or communication module of the Meter A would read Message A , and update Meter A ' s settings … After updating Meter A ' s settings , the processor or communication module of Meter A , e . g . , IED 702 , would post success with Message B to Message Queue A , in step 1018 . User A would subsequently read Message B to be notify that the updating of Meter A ' s settings were successful , in step 1020 .” Thus, on the process of continuation of registration validated by meter (first action) Meter cloud server 424/524, the Message A posted by the user to 424/524 server is transmitted to IED meter to be read and after updating the IED meter sends back a message to the meter cloud server (step 1018) and ultimately this message (Message B) is sent to client computing device (say first 428 of 428/528/628) in step 1020. The Message B notifying the success of updating the IED meter A may contain the fourth data or UID.)  

Regarding Claim 14: Koval in view of Coyle teaches the proxy device of claim 9, wherein the instructions, when executed by the processing circuitry ([Koval ¶0273] “As shown in FIG . 13A , server 424 / 524 includes at least one processor 1002 and at least one memory 1006 .”), are configured to cause the processing circuitry to perform operations comprising:
processing the first permissions data ([Koval ¶0193] “One improvement to the production registration of meters 702 would be to provide a unique key , generated by the Meter Data Cloud server 424 / 524 during registration , to the customer that purchased the meter 702 .” Therefore “unique key” may be considered as first permissions data.) to determine a first set of authorized IEDs, a first set of authorized actions, or both; ([Koval ¶0193] “in such a system , it is envisioned that this would prevent users from claiming ownership and access to meters 702 and their data , to which they did not purchase and do not have legitimate access” Therefore, the “unique key” obtained at the time of purchasing the meters are processed to determine the authorization of meters 702 and action like accessing the data.) and 
processing the second permissions data [Koval ¶0194] “One method of distributing such a unique key may be by programming it into the meter 702 . In such a system, the user may then query the unique key from the meter 702 using a software , such as a webpage on the meter 702 , and then enter it into the Meter Data Cloud server 424 / 524” Thus, the second permission data may be the unique key obtained by using a software) to determine a second set of authorized IEDs, a second set of authorized actions, or both ([Koval ¶0193] “Such a key may then be used by the customer to add the meter 702 to the list of meters they own in the Meter Data Cloud server 424 / 524 , from their management interface in the Cloud Server 424 / 524 . In such a system , this would allow the meter 702 to be registered , managed , and begin uploading data to the server 424 / 524 , without any user intervention” Therefore, this unique key is processed to allow (authorize) the meters to be registered owned to the customer and other actions like uploading the data to the proxy cloud server 424/524.)  

Regarding Claim 15: The proxy device of claim 14, wherein the instructions, when executed by the processing circuitry, are configured to cause the processing circuitry to perform operations comprising: 
processing the first data based on the first permissions data ([Koval ¶0193] “One improvement to the production registration of meters 702 would be to provide a unique key , generated by the Meter Data Cloud server 424 / 524 during registration , to the customer that purchased the meter 702 .” Therefore “unique key” may be considered as first permissions data.) by comparing the first data with the first set of authorized IEDs, the first set of authorized actions, or both; ([Koval ¶0193] “in such a system , it is envisioned that this would prevent users from claiming ownership and access to meters 702 and their data , to which they did not purchase and do not have legitimate access” Therefore, the “unique key” obtained at the time of purchasing the meters are processed to determine the authorization of meters 702 and action like accessing the data.) and   
processing the third data based on the second permissions data ([Koval ¶0189] “One example may be a meter 702 purchased by customer ABC , then registered and associated with customer ABC by Meter Data Cloud server in list 722 .” Therefore “name of owner” may be considered as first permissions data.) by comparing the third data with the second set of authorized IEDs, the second set of authorized actions, or both. [Koval ¶0189] “In such a system , since the meter 702 has customer ABC listed as the owner of that meter 702 , but the user is attempting to associate the meter 702 with customer DEF , the Cloud Server 424 / 524 prevents the meter 702 from being associated with customer DEF” Therefore, the third permission data (name of ownership) may be processed to determine the authorization of meters IED 702.)
  
Regarding Claim 16: Koval teaches: a system comprising: 
a plurality of intelligent electronic devices (IEDs); ([Koval ¶0172] “The system of FIG . 10 includes a Meter Data Cloud Server , which may represent any of servers 424 , 524 , 530 , 630 , etc . , for communicating with and receiving data from a plurality of devices 702 e . g . , IEDs 410 , 412 , 414 , 410 , 512 , 514 , 610 , 612 , 614 .” Therefore, plurality of IEDs is possible.) and 
a proxy device communicatively coupled to each IED of the plurality of IEDs … wherein the proxy device is configured to perform operations comprising ([Koval ¶0172] “The system of FIG . 10 includes a Meter Data Cloud Server , which may represent any of servers 424 , 524 , 530 , 630 , etc . , for communicating with and receiving data from a plurality of devices 702 e . g . , IEDs 410 , 412 , 414 , 410 , 512 , 514 , 610 , 612 , 614.” Therefore, a proxy device or Meter Data Cloud Server can be coupled with each IED of plurality of IEDs.): 
receiving permissions data; ([Koval ¶0273] “Referring to FIG . 13B, one example may be a meter ' s programmable settings may be updated by User A ( e . g . , client 428 / 528 / 628) posting Message A , which contains the settings to be changed , along with the update programmable settings com mand , to the Message Queue A 1006 on server 424 / 524 , ( step 1012 )”  [Koval ¶0193] “One improvement to the production registration of meters 702 would be to provide a unique key , generated by the Meter Data Cloud server 424 / 524 during registration , to the customer that purchased the meter 702 .” Thus one of the clients post the message containing data related to a key (permission data) for first authentication.)
processing the permissions data to map a plurality of allowable behavior functions to the permissions data; ([Koval ¶0234] “a unique identifier which is associated with all meter information , here called a UID , i . e . , unique identifier .” [Koval ¶0238] “Such UID 's may be improved by configuring server 424 / 524 to associate UID ' s with each other , thereby allowing UID' s that are associated to access each other ' s data . One example may be for User A to be associated with Customer A , and Customer A to be associated with Meter A , B , and C , whereby User A would have access to Meter A , B , and C ' s data . Another example may be for User B and User C to be associated with Customer B , and User B to be associated with Meter D , E , and F . In such an example User B would have access to Meter D , E , and F , but not to User C .” Therefore, the permissions data (UID’s) are processed to be mapped to different meters (say A, B, C, etc.) to permit a given user for access particular meters (the allowable behavior functions).) 
receiving a request to perform an action associated with an IED of the plurality of IEDs; ([Koval ¶0193] “Such a key may then be used by the customer to add the meter 702 to the list of meters they own in the Meter Data Cloud server 424 / 524” Thus, the first data is to be processed by the meter data cloud 424/524 to determine the action if plurality of meters (702) is valid for registration.)  
determining whether the action is authorized based on the plurality of allowable behavior functions mapped to the permissions data; ([Koval ¶0186] “One problem created by allowing meters 702 to self - register is that without a user entering the registration information , the server 424 / 524 cannot verify that the meter 702 being registered is valid. One embodiment of registration verification is to keep a list of all valid devices 702 in the Meter Data Cloud 424 / 524. The list of valid devices may be stored along with the list of active devices in list 706 ( i . e . , a database ) . Such a list 706 may be used to verify each meter 702 as it attempts to be registered” Thus, the meter data cloud processes the data (key values) to valid the registration for IED device (meter).)and 
transmitting data to the IED … link in response to determining that the action is authorized. ([Koval ¶0186] “One example may be when a valid meter 702 attempts to register with the Cloud Server 424 / 524 (i . e, a processor or communication module sends a registration request 704 to server 424 / 524), the server 424 / 524 checks the serial number of the meter 702 against the list of valid devices 706 , and finding the meter 702 to be valid , allows the meter 702 to continue registration.” [Koval ¶0273] “In step 1014, a processor and / or communication module of the Meter A would read Message A , and update Meter A ' s settings …” Thus, on the process of continuation of registration validated by meter cloud server 424/524, the Message A posted by the user to 424/524 server is transmitted to IED meter to be read.)
But Koval fails to disclose:
… via a respective Media Access Control (MACsec) communication link…
… via a corresponding MACsec communication link … 
However, Coyle teaches:
… via a respective Media Access Control (MACsec) communication link…([Coyle ¶0020] “Each authenticated dual - mode peer device 102a 102N establishes a plurality of secured data links 104 between one another , which allows for the exchange of secured user data such as , for example , 802.1X EAPOL and MACsec secured user data . The collection of data links 104 defines a group connectivity association ( CA ) 106 of service access points secured by a shared group key to form a local area network ( LAN ) 108 such as , for example , a LAN cloud network . In one or more embodiments , the group CA 106 operates according to IEEE 802.1X and MACsec protocols .” Thus, the devices can communicate through each other by using datalink with MACsec protocols.)
… via a corresponding MACsec communication link … ([Coyle ¶0020] “Each authenticated dual - mode peer device 102a 102N establishes a plurality of secured data links 104 between one another , which allows for the exchange of secured user data such as , for example , 802.1X EAPOL and MACsec secured user data . The collection of data links 104 defines a group connectivity association ( CA ) 106 of service access points secured by a shared group key to form a local area network ( LAN ) 108 such as , for example , a LAN cloud network . In one or more embodiments , the group CA 106 operates according to IEEE 802.1X and MACsec protocols .” Thus, the devices can communicate through each other by using datalink with MACsec protocols.)
Therefore, before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Koval’s system of configuring, collecting, viewing and analyzing the meter data by enhancing Koval’s system by including MACsec protocol as taught by Coyle for continuously protecting the Layer 2 (data link) user data through an authenticator module with MACsec protocol (Coyle ¶0017)
The motivation is to improve Koval’s system of configuring, collecting, viewing and analyzing the meter data by further including the MACsec protocol for continuously protecting the Layer 2 (data link) user data through an authenticator module with MACsec protocol (Coyle ¶0017).
 
Regarding Claim 17: Koval in view of Coyle teaches the system of claim 16, Koval teaches wherein the plurality of allowable behavior functions comprises a respective set of authorized actions associated with each IED of the plurality of IEDs. ([Koval ¶0234] “a unique identifier which is associated with all meter information , here called a UID , i . e . , unique identifier .” [Koval ¶0238] “Such UID 's may be improved by configuring server 424 / 524 to associate UID ' s with each other , thereby allowing UID' s that are associated to access each other ' s data . One example may be for User A to be associated with Customer A , and Customer A to be associated with Meter A , B , and C , whereby User A would have access to Meter A , B , and C ' s data . Another example may be for User B and User C to be associated with Customer B , and User B to be associated with Meter D , E , and F . In such an example User B would have access to Meter D , E , and F , but not to User C .” Therefore, the allowable behavior functions (say first allowable behavior function is accessing of meter IED A, second allowable behavior function is accessing of Meter IDE B, etc.) are related to the set of plurality of IED meters A, B, C, etc.). 
 
Regarding Claim 18: Koval in view of Coyle teaches the system of claim 16, Koval teaches comprising a server configured to generate the permissions data to be received by the proxy device. ([Koval ¶0203] “In one embodiment , the intermediary device 530 may be a server which retrieves data point logs from meters ( e . g . , 510 , 512 , 514 ) which do not have the ability to push their own data points to the Meter Data Cloud server 424 / 524 . Such an intermediary device or server 520 would then subsequently push the data point logs up to the Meter Data Cloud server 424 / 524 for the meters , e . g . , IED 510 , 512 , 514” Thus, the server 530 is configured to retrieve the data points from IED meters pushed the data to Meter data Cloud server (acted as proxy) by another server 520.) 
 
Regarding Claim 19: Koval in view of Coyle teaches the system of claim 18, Koval teaches wherein the server is configured to perform operations comprising: receiving user credentials; and generating the permissions data based on the user credentials. ([Koval ¶0214] “server 530 , which supports all the same commands as the Meter Data Cloud server , and which replicates many of the same internal features as the Meter Data Cloud server , such as , but not limited to , storing meter data points , accepting registration of meters , allowing users to log in , and responding to meter data point requests .” Therefore, the server 530 is capable to handle user log in data.)
  
Regarding Claim 20: Koval in view of Coyle teaches the system of claim 16, Koval teaches wherein the proxy device is configured to transmit data between a set of IEDs of the plurality of IEDs. ([Koval ¶0181] “One example may be a user that has 100 enabled meters 702 , and during automatic subscription renewal , if the credit card on file is rejected , all the meters 702 are disabled by server 424 / 524 until the payment is amended .” Therefore, the proxy device (server 424 / 524) helps all the enabled meter IEDs 702 with credit card data communicated among themselves at the time of automatic subscription renewal.)

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ARIF KHAN whose telephone number is (571)272-6528. The examiner can normally be reached Monday - Friday: 8:30 am - 5:30 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok B Patel can be reached on (571)272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/A.K./Examiner, Art Unit 2491                                                                                                                                                                                                        

/DANIEL B POTRATZ/Primary Examiner, Art Unit 2491