Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This is the initial office action has been issued in response to patent application, 17/101190, filed on 23 November 2020 with a foreign priority date of 25 November 2019.  Claims 1-13, as originally filed, are currently pending and have been considered below.  

Information Disclosure Statement
The information disclosure statement filed 11/23/2020 complies with the provisions of 37 CFR 1.97, 1.98 and MPEP § 609 and the information referred to therein has been considered as to the merits.  



Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-13:
Claims 1-13 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) determining a stipulated security level, identifying a user, starting a query, comparing the actual setting, outputting to the user an electronic report, storing the electronic report, performing at least one step for adapting the setting, and repeating the query.  
The limitations of determining a stipulated security level, identifying a user, starting a query, comparing the actual setting, performing at least one step for adapting the setting, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting “a field device”, nothing in the claim element precludes the step from practically being performed in the mind. 
This judicial exception is not integrated into a practical application because the claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements are generic computer components claimed to perform their basic functions of determining, identifying, query, comparing, outputting, storing, adapting data. Taking the elements both individually and as a combination, the computer components at each step of the management process perform purely generic computer functions. The claim as a whole does not amount to significantly more than the abstract idea itself.  Accordingly, the claim recites an abstract idea. 
The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because with respect to integration of the abstract idea into a practical application, the additional element of using “a field device” to perform both the determining, identifying, query, comparing steps amount to no more than mere instructions using a generic computer component which cannot provide an inventive concept.  The claim is not patent eligible.



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.



The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-13 are rejected under 35 U.S.C. 103 as being unpatentable over Yan (US2005/0044410 A1, publish date 02/24/2005) in view of Takahashi (US2008/0301814 A1, publish date 12/04/2008).

Claim 1:
With respect to claim 1, Yan discloses a method for checking a setting of predefined security functions of a field device in process and automation technology (Figure 1), wherein the predefined security functions relate to an access to at least one function of the field device (The server retrieves the user's security settings at step 160 from data store 165. These security settings may be settings that the user established or default security settings established by the financial institution, 0026) by an unauthorized person (hackers and other malevolent users may attempt to use a non-secure protocol to request account functions that are not allowed based on the protocol, 0036) (hackers or malicious user, 0043), the method comprising:
determining a security level at a measuring point and at the field device, the security level defining a target setting of the predefined security functions of the field device (The server retrieves the user's security settings at step 160 from data store 165. These security settings may be settings that the user established or default security settings established by the financial institution, 0026) (the account functions allowed for a registered address using the given protocol (e.g., HTTPS, HTTP, WAP, etc.) are retrieved from security settings data store 350, 0033, Figure 3, 330) (retrieve account functions allowed by the user, display/List allowed account functions on Users device, Figure 2, 260, 275);
identifying a user by means of an authentication protocol (to establish a session between a user's device and the financial institution's server. Processing commences at 200 whereupon the financial institution's server receives the user's login identifier (i.e., user id) and password, 0029) (Login ID, password from user, Authenticate User, Figure 2, 210, 225, 235);
starting a query by the user regarding an actual setting of the security functions of the field device at the measuring point (the user selects an account function by selecting a displayed action, the financial institution's server receives the user's request and the request is processed, 0032) (receive user request, Figure 2, 280);
comparing the actual setting of the predefined security functions with the target setting of the predefined security functions defined by the security level (determination is made as to whether the account function being requested is allowed given the protocol being used by the user's device, whereupon a determination is made as to whether the request is to change the user's security settings, 0036-0037) (Figure 4, 420, 440);
outputting to the user an electronic report about a match or deviation between the actual setting and the target setting of the predefined security functions of the field device (a screen layout showing security settings, Figure 6) (after the user is finished making security selections and registering or removing registered addresses, he or she either selects "save" command button 680 to save the changes that were made and exit, 0049);
storing the electronic report when the actual setting of the predefined security functions matches the target setting of the predefined security functions (save changed security setting to data store, Figure 5, 550);
performing at least one step for adapting the setting to the target setting of the predefined security functions of the field device by the user when the actual setting of the predefined security functions deviates from the target setting of the predefined security functions (change security setting, Figure 4, 450) (save changed security setting to data store, Figure 5, 550, 570); and
repeating the query on the setting of the predefined security functions of the field device by the user (The next request is received from the user at step 475 and processing loops back to process the next received request, 0038)(Figure 4, 475).

Yan does not disclose a stipulated security level; comparing the actual setting of the predefined security functions with the target setting of the predefined security functions defined by the security level as claimed.

However, Takahashi teaches an information processing apparatus includes a table which describes a relationship between security strength, the changed values of the security function items are reported to user on another scree (for example, HIGH, MIDDLE, or LOW) of a computer system of the information processing apparatus and values (for example, ON or OFF) of security function items that stipulate security functions in the information processing apparatus. (abstract) (security settings, Figures 3, 4, 5), a stipulated security level (the setting change controlling component 7 is in the application layer. The setting change controlling component 7 controls changing a value of a security setting item in each security function component, The value of the security function item stipulates behavior (ON or OFF) of the security function item, and the security strength is a degree of countermeasures against the vulnerability of the computer system or a degree of countermeasures against a threat from the outside to the system (0066) (Figures 1 and 2); comparing the actual setting of the predefined security functions with the target setting of the predefined security functions defined by the security level (the values of the corresponding security function items can be easily obtained by referring to the definition table T1 or T2, when a value of a security function item is changed from ON to OFF, it is determined whether the security strength is changed; when the security strength is lowered, a warning is displayed. Therefore, unintentionally lowering the security strength due to an operating error of the user can be prevented, 0081-0082).

Yan and Takahashi are analogous art because they are from the same field of endeavor of security functions of device.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Takahashi in Yan for a stipulated security level; comparing the actual setting of the predefined security functions with the target setting of the predefined security functions defined by the security level as claimed for purposes of security function items can be easily changed when a user designates to change security strength of a computer system of the information processing apparatus and the values of the security function items can be easily changed when the security strength is designated without changing the existing program (software). (see Takahashi 0009-0010).

Claim 2:
With respect to claim 2, Yan discloses wherein when the actual setting deviates from the target setting of the predefined security functions of the field device, the method further comprises:
suggesting at least one measure for adjusting the actual setting of at least one predefined security function of the field device to the target setting (a screen layout showing security settings that can be selected, Figure 6) (after the user is finished making security selections and registering or removing registered addresses, he or she either selects "save" command button 680 to save the changes that were made and exit, 0049).

Claim 3:
With respect to claim 3, Yan discloses wherein the predefined security functions of the field device relate to an access to at least one parameter of the field device and/or to a communication of the field device with an external device (functions he or she wishes to be made available when the user is using a device , 0043, Figure 6, change security setting, functions, registered addresses).

Claim 4:
With respect to claim 4, the combination of Yan and Takahashi discloses the limitations of claim 1, as addressed.  

Takahashi teaches the value of the security function item stipulates behavior (ON or OFF) of the security function item, and the security strength is a degree of countermeasures against the vulnerability of the computer system or a degree of countermeasures against a threat from the outside to the system (0066), wherein reaching or not reaching the stipulated security level by the actual setting of the security functions of the field device is indicated in the electronic report (Since the user authentication is changed from "ON" to "OFF" in the fifth screen "e", it is determined that the security strength is lowered, and a warning "SECURITY STRENGTH IS CHANGED" is displayed on the sixth screen "f". With this, a security strength determining and reporting unit is realized. As described above, in the embodiment of the present invention, when a value of a security function item is changed from ON to OFF, it is determined whether the security strength is changed; when the security strength is lowered, a warning is displayed, 0082)



Claim 5:
With respect to claim 5, the combination of Yan and Takahashi discloses the limitations of claim 1, as addressed.  

Takahashi teaches wherein there is at least one stipulated security level, wherein each security level is defined independently of the measurement point and field device, wherein the target setting of the predefined security functions of the field device is defined for each security level (the value of the security function item stipulates behavior (ON or OFF) of the security function item, and the security strength is a degree of countermeasures against the vulnerability of the computer system or a degree of countermeasures against a threat from the outside to the system (0066).

Claim 6:
With respect to claim 6, Yan discloses wherein the authentication protocol includes an input of a password or a check on the user on the basis of at least one biometric characteristic, wherein the user is identified when the password or the biometric characteristic matches previously stored data (receive Login ID and password, authenticates user based on Login ID/password, Figure 2, 210, 225) (he financial institution's server authenticates the user by checking the login identifier and password with authentication data 230 that was previously stored, 0029).


Claim 7:
With respect to claim 7, Yan discloses wherein the authentication protocol includes a multifactor authentication. (receive Login ID and password, authenticates user based on Login ID/password, Figure 2, 210, 225).

Claim 8:
With respect to claim 8, Yan discloses wherein the at least one measure for adjusting the actual setting of the security functions of the field device relates to a change in the parameters of the field device (a screen layout showing security settings that can be selected, Figure 6) (after the user is finished making security selections and registering or removing registered addresses, he or she either selects "save" command button 680 to save the changes that were made and exit, 0049), wherein the change in the parameters by an unauthenticated user is prevented, or wherein the parameters of the field device are only visible to the authenticated user (hackers and other malevolent users may attempt to use a non-secure protocol to request account functions that are not allowed based on the protocol, 0036) (hackers or malicious user, 0043).

Claim 9:
With respect to claim 9, Yan discloses wherein the at least one measure for adjusting the actual setting of the security functions of the field device relates to at least one communication interface of the field device, wherein the communication interface is switched off (a screen layout showing security settings that can be selected, Figure 6) ( banking account functions/banking account functions he or she wishes to be made available when the user is using a device he or she wishes to be made available when the user is using a device, 0043). 

Claim 10:
With respect to claim 10, Yan discloses wherein a Bluetooth and/or WLAN and/or Ethernet interface is used as the communication interface (to connect computer system 901 to an ISP to connect to the Internet using a telephone line connection, modem 975 is connected to serial port 964 and PCI-to-ISA Bridge 935, 0064)

Claim 11:
With respect to claim 11, Yan discloses wherein the electronic report is output on a display unit of the field device and/or of a control unit which is provided for operating the field device (a screen layout showing security settings, Figure 6).

Claim 12:
With respect to claim 12, Yan discloses wherein the electronic report is stored in the field device and/or in the control unit which is provided for operating the field device (save changed security setting to data store, Figure 5, 550, 570) (data store 165, Figure 1).



Claim 13:
With respect to claim 13, Yan discloses wherein the method is carried out in the field device and/or in a control unit which is provided for operating the field device (first/second device, server, Figure 1).


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure, (see PTO Form 892).

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Helai Salehi whose telephone number is 571-270-7468.  The examiner can normally be reached on Monday - Friday from 9 am to 5 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jeff Pwu, can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/HELAI SALEHI/           Examiner, Art Unit 2433   

/JEFFREY C PWU/           Supervisory Patent Examiner, Art Unit 2433