DETAILED ACTION
Claims 17-18, 20-32 and 35 (filed 10/31/2022) have been considered in this action.  Claims 17 and 28-31 have been amended.  Claims 19 and 33-34 have been canceled.  Claims 18, 20-27, 32 and 35 have been presented in the same format as previously presented.  

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 10/31/2022 has been entered.
 
Response to Arguments
Applicant's arguments, see page 10 paragraph 2, filed 10/31/2022, with regards to rejection of claims 17-18 and 20-32 under 35 U.S.C. 102(a)(1) and 35 U.S.C. 102(a)(2) and rejection of claim 35 under 35 U.S.C. 103 have been fully considered but they are not persuasive.
Applicant has argued that Bush et al. (US20170214717) fails to teach the limitation “said engineering system aggregating ports which are currently sending/receiving data, aggregating configured IP addresses of the at least one automation component in the determined automation component description data and optimizing a resultant list of data by identifying communication relations and reducing a complexity of the resultant list”.  Specifically, applicant has argued that Bush is deficient in its teachings at paragraph [0076] because “This teaching fails to correspond to the aggregation of ports that are currently sending/receiving data, as called for by independent claim 17”.  The examiner disagrees because Bush teaches this limitation through the automatic discovery routine described in paragraph [0076].
Bush teaches “[0076] some or all of these asset-level attributes may be read automatically by the configuration system as part of a device auto-discovery routine (implemented by the device discovery component 210).... automatically discovered asset-level attributes are encoded in the model 216 together with the zone-level attributes.... Asset-level attributes may include.... port attributes that specify one or more mechanisms by which the asset communicates with other assets”.  These teachings suggest that Bush performs an automatic discovery routine which automatically determines which ports are currently sending/receiving data because the very act of automatic discovery performed by the discovery component means data is sent and received in order to discover the asset/automation component and its port, thus aggregating the port which is currently sending/receiving data because the very act of automatic discovery is a determination that a port sends and receives data (in order to determine its attributes).  This is further supported by Bush’s description of the discovery component 210 which is described by Bush as “[0051] Device discovery component 210 is an optional component that can be included in some embodiments, and can be configured to discover and identify devices on the plant network for which security is to be configured”.  Thus combining the teachings from [0051] and [0076] of Bush, it teaches to one of ordinary skill in the art that the device discovery component 210 performs an identification and discovery routine for identifying and discovering devices on the network, and included in that process is determining the ports that allows devices to communicate with other devices on the network.  Inherent to this discovery routine that discovers and identifies attributes including ports is the fact that a message is sent by the discovery routine and response received, thus the discovered device port is “which is currently sending/receiving data” and its performance by the discovery routine is an act of “aggregating” when determining its properties.   
Additionally, the examiner fails to finds support from the original disclosure that supports the newly amended feature of “said engineering system aggregating ports which are currently sending/receiving data”.  Applicant has alleged that “[page 10] No new matter has been added” without specifically pointing to the part of the original disclosure that supports this amended feature.  The examiner requests the applicant provide an explanation as to where support for the newly amended element is found.  See rejection under 35 U.S.C. 112(a) below for further explanation.  

It is further noted that the applicant has failed to respond to the examiner’s request in a previous office action for a marked up substitute specification as required by 37 CFR 1.125(b) and 37 CFR1.125(c).  While the examiner recognizes that a clean copy of the substitute specification was submitted on 07/12/2022, no marked up copy was provided showing where amendments to the specification were made in a format accepted by the USPTO.

Specification
The substitute specification filed 07/12/2022 has not been entered because it does not conform to 37 CFR 1.125(b) and (c) because: a marked-up copy of the substitute specification has not been supplied (in addition to the clean copy).

Claim Objections
Claim 31 is objected to because of the following informalities:  The final limitation contains a typographical error in that “and wherein the at least one automation component is in configured in an industrial automation project based on the determined functionality parameter settings and the determined security parameter settings” should be written “and wherein the at least one automation component is .  Appropriate correction is required.

Claim 30 is objected to because of the following informalities:  The claim uses improper antecedent basis in that the preamble claims “an automation component database” yet the first limitation recites “wherein the database is accessed when” and should be written “wherein the automation component database is accessed when”

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 17-18, 20-32 and 35 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Independent claims 17 and 28-31 each contain a form of the limitation “said engineering system aggregating ports which are currently sending/receiving data”.  The examiner fails to find support for this limitation in the original disclosure.  The provided original disclosure contains only two instances of a form of the word “aggregate” which are reproduced below:

“[page 17] As an example, the project engineering tool, the engineering system ES, aggregates active ports and the configured IP addresses of the components, the automation components Cl,...,Cn, in the solution, and can optimize the resulting list of data, e.g., by identifying communication relations and reducing the overall list's complexity. Those communication relations can then be enriched with security relevant data (encryption, security zones, ...) and can be automatically generated as communication graphs and shown on HMI systems to simplify security analysis and monitoring”

“[page 17] Furthermore, optimization can take into account the configuration of components that control the zone boundaries, such as firewalls, and that allow communication (based on IP addresses and ports) only when allowed by the configured firewall rules. For component security data that comprise security tests (descriptions of specific security tests to be performed on components), the optimization can be that the test cases are aggregated and chosen based on a security level or protection level assigned to the solution, zone, or component itself. This allows the optimization of the overall set of security tests (e.g., those that have to be performed later on during acceptance testing, or scheduled solution security verification during operation) to meet one or more given security levels”

It is noted that neither of these teachings suggest that the aggregating of ports is those ports which are “currently sending/receiving data” as the closest support that can be found relates to “active” ports.  As noted in the examiner’s advisory action dated 10/21/2022, a person having ordinary skill in the art would recognize that an active ports is not commensurate with those ports which are “currently sending/receiving data” because a port can still be active even when it’s not currently in the process of sending or receiving data.  
The examiner welcomes to the applicant to specifically show where in the original disclosure support for this amended limitation is found.  
Claims 18, 20-27, 32 and 35 are dependent upon one of claims 17 or 28-31, and thus inherit the rejection under 35 U.S.C. 112(a).

Claim 30 is rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Claim 30 recites:
wherein the database is accessed when:
...
aggregating, by an engineering system, ports which are currently sending/receiving data, aggregating configured IP addresses of the at least one automation component in the determined automation component description data and optimizing a resultant list of data by identifying communication relations and reducing a complexity of the resultant list;

The examiner can find no support for these limitations.  Specifically, the claim suggests to one of ordinary skill a timing/triggering of when a database is accessed, and this access is performed when an engineering system aggregates information.  Nowhere in the original disclosure is it suggested the database is accessed when the engineering system aggregates ports currently sending/receiving data, as the timing of this aggregation in relation to the database is not described.  Figures 6-8 make it clear that the engineering system and the automation component database are two separate entities.  The claim is directed towards limiting the timing of when the database is accessed, yet this timing is not explained nor described by the applicant.  The database is seemingly utilized by the system to store information such as security and functional parameter settings, yet is never explicitly recited to store the aggregated data, specifically aggregated ports and IP addresses.  The examiner welcomes the applicant to point to where in the original disclosure support is found for these limitations, specifically to how the timing of the accessing of the database occurs when the aggregating of ports is performed.  

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claim 28 and 31 are rejected under 35 U.S.C. 112(a) or pre-AIA  35 U.S.C. 112, first paragraph, as based on a disclosure which is not enabling.  The disclosure does not enable one of ordinary skill in the art to practice the invention without a processor and memory, which is/are critical or essential to the practice of the invention but not included in the claim(s). See In re Mayhew, 527 F.2d 1229, 188 USPQ 356 (CCPA 1976). 
The “engineering system” of claims 28 and 31 is claimed as a machine/system that performs acts of at least “determining”, “creating” or “aggregating”, yet no structure capable of performing these actions is claimed.  An “engineering system” is not a specific and known device or structure, and is such a broad term it can be considered under the broadest reasonable interpretation to be any system that performs engineering tasks, which includes structures that are not capable of performing these actions such as tools, vehicles, engines, machines, etc..  Without explicitly claiming that the engineering system comprises a processor and memory, the engineering system can broadly be considered to be systems which do not enable the functions of the engineering system.  Thus, the claimed “engineering system” is non-enabling.  

Claim 31 is rejected under 35 U.S.C. 112(a) or pre-AIA  35 U.S.C. 112, first paragraph, as based on a disclosure which is not enabling.  The disclosure does not enable one of ordinary skill in the art to practice the invention without a processor and memory, which is/are critical or essential to the practice of the invention but not included in the claim(s). See In re Mayhew, 527 F.2d 1229, 188 USPQ 356 (CCPA 1976). 
The “receiving tool” of claim 31 is claimed as a machine/system that performs acts of “determining” yet no structure capable of performing these actions is claimed.  A “receiving tool” is not a specific and known device or structure, and is such a broad term it can be considered under the broadest reasonable interpretation to be any tool that performs receiving tasks, which includes structures that are not capable of performing these actions such as hammers, screwdrivers, drills, network switches, routers, etc..  Without explicitly claiming that the receiving tool comprises a processor and memory, the receiving tool can broadly be considered to be systems which do not enable the functions of the receiving tool.  Thus, the claimed “receiving tool” is non-enabling.  

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.



Claims 17-18, 20-32 and 35 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Independent claims 17 and 28-31 each contain a form of the limitation “said engineering system aggregating ports which are currently sending/receiving data”.  The examiner fails to find support in the original disclosure for this limitation, thus no guidance has been provided on how this limitation should be interpreted.  The claim does not make it clear what target element is having its ports aggregated by the engineering system.  Is it the automation component?  Some other networked device?  The engineering system itself?  In fact, based on the broadest reasonable interpretation, the aggregation of ports that are currently sending/receiving data is disassociated with all other elements of the claim, as aside from being performed by the same “engineering system”, the claims do not explicitly or inherently integrate this functionality with any other element of the claims.  What does the system do with the aggregated ports?  Are the aggregated ports a part of the functionality parameter, the security parameter, the automation project?  The invention appears to be directed towards determining functionality parameters and security parameters for configuring an automation component, yet the claim in no way elicits how those parameters are affected by the aggregated ports. It is not clear from the provided disclosure what affect the aggregation of ports has on any part of the invention as a whole, as it appears decoupled from all other elements of the claim aside from being performed by the same engineering system.  For the sake of compact prosecution, the examiner shall consider that the aggregation of ports currently sending/receiving data to mean aggregating ports of devices on a network by an “engineering system” and does not necessarily require any link to the automation components.  
Claims 18, 20-27, 32 and 35 are dependent upon one of claims 17 or 28-31, and thus inherit the rejection under 35 U.S.C. 112(b).

Claims 17-18, 20-32 and 35 are further rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Independent claims 17 and 28-31 each contain a form of the limitation “said engineering system aggregating ports which are currently sending/receiving data”.  The term “currently” in claims 17 and 28-31 is a relative term which renders the claim indefinite. The term “currently” is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention.  The term “currently” implies that the sending/receiving of data is happening at the present time.  No other claimed limitation establishes what this timing is or when this process occurs in relation to the other limitations, such that a person having ordinary skill in the art would not be apprised to when this aggregating of ports actually occurs, thus making the term indefinite.  Does currently mean at the time the system is started?  At all times continuously? At the same time the determining of functionality and security parameters occurs?  When the aggregating configured IP addresses occurs?  None of the other limitations imply a certain timing or order of features, thus the relative nature of what it means to aggregate ports “currently” sending or receiving data is unclear.  For the sake of compact prosecution, the examiner shall consider the limitation “aggregating ports which are currently sending/receiving data” to mean that at any time ports which send or receive data are aggregated.  
Claims 18, 20-27, 32 and 35 are dependent upon one of claims 17 or 28-31, and thus inherit the rejection under 35 U.S.C. 112(b).

Claim 29 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 29 is directed towards an automation component comprising a processor and memory.  Claim 29 recites:
Wherein the processor is further configured to:
	Apply....
	wherein ports which are currently sending/receiving data are aggregated, configured IP addresses of the automation component in the determined automation component description data are aggregated by an engineering system and a resultant list of data is optimized by the engineering system by identifying communication relations and reducing a complexity of the resultant list; 

It is unclear from this claim language what specific device is aggregating the ports which are currently sending/receiving data.  From the claim language alone, it cannot be determined whether it is the automation component or the engineering system which is performing this step, and considering the above rejection under 35 U.S.C. 112(a) and the lack of support from the original disclosure for this feature, the meaning of this limitation is further obfuscated.  For the sake of compact prosecution, the examiner shall consider that either of the automation component or the engineering system is performing the aggregation of ports.  

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claims 17-18 and 20-32 are rejected under 35 U.S.C. 102(a)(1) and 35 U.S.C. 102(a)(2) as being anticipated by Bush et al. (US 20170214717, hereinafter Bush).

In regards to Claim 17, Bush teaches “A method for providing automation component configurations for at least one automation component of an industrial automation project, the method comprising: determining automation component description data comprising at least one functionality parameter for configuring functionality of the at least one automation component and determining at least one security parameter for configuring security functions of the at least one automation component;” ([0004]  a system for configuring security in an industrial environment is provided, comprising an interface component configured to receive zone configuration input that assigns respective industrial assets to selected security zones; an instruction translation component configured to generate one or more security configuration instructions directed to one or more of the industrial assets based on the zone configuration input, wherein the one or more security configuration instructions are configured to set respective asset-level security settings on the one or more of the industrial assets; [0053] The model-based security configuration system described herein allows a user to easily create a security model for their collection of networked industrial assets, which is then used by the system to generate device-specific security configuration instructions and set device security parameters for individual devices on the network [0054]  the security configuration system 202 described herein provides an intuitive interface with which the user can define these various trust relationships between their various industrial assets, and generates a suitable set of security configuration instructions for deployment to the user's industrial assets based on these defined trust relationships, thereby abstracting and simplifying the process of configuring the security parameters for each individual device; [0075] The system can also allow the user to set other security attributes for a defined zone (e.g., allowed cipher suites, verify expirations, or other such security attributes). The system can also allow the user to set a number of attributes for the zone that are not specifically security related (e.g., disable HTTP, etc.).[0076] In addition to zone-level attributes, the system also allows the user to set a number of asset-level attributes. These attributes are applied to specific industrial assets and devices. In some scenarios, some or all of these asset-level attributes may be read automatically by the configuration system as part of a device auto-discovery routine (implemented by the device discovery component 210). These manually provided or automatically discovered asset-level attributes are encoded in the model 216 together with the zone-level attributes. Asset-level attributes may include, for example, an asset type attribute used to classify the device and to render the device's capabilities in the model 216, port attributes that specify one or more mechanisms by which the asset communicates with other assets (e.g., specifying that the asset is to communicate via its Ethernet port, and setting an IP address for the device), or other such attributes) “determining, by an engineering system, based on the industrial automation project, a functionality parameter setting for the at least one functionality parameter and a security parameter setting for the at least one security parameter” (Fig. 2 and 14 and [0050] Instruction translation component 206 can be configured to read device, zone, and conduit information provided by the user (or automatically detected by the configuration system 202) and generate a set of security configuration instructions that, when implemented on respective industrial and/or networking devices, enforce the plant-wide security strategy defined by the user-provided device, zone, and conduit information. The instruction translation component 206 can generate these instructions based on a stored model 216 that describes the inventory of industrial and networking devices that make up the user's plant environment, as well as the networked connectivity between the devices. This model 216 includes vendor and model information for the various devices, allowing instruction translation component 206 to generate appropriate vendor- and model-specific security configuration instructions that will implement the user's desired security policies. Instruction translation component 206 can also generate these instructions based on defined business rules 218 that determine how security configuration conflicts are to be resolved for a given scenario; [0107] Once the security model has been completed and has been determined to comprise only enforceable security policies (NO at step 1414), the methodology proceeds to step 1416, where the system generates a set of device-level security instructions for implementation on one or more of the industrial assets. These security configuration instructions are generated based on an analysis of the security model, which in turn is generated based on the configuration input provided by the user. In one or more embodiments, the system that generated the interface at step 1402 maintains a translation engine capable of converting the security policy configuration information provided in previous steps into device- and vendor-specific security configuration instructions that, when executed on the individual target assets, will implement the plant-wide security strategy defined in previous steps) “said engineering system aggregating ports which are currently sending/receiving data, aggregating configured IP addresses of the at least one automation component in the determined automation component description data and optimizing a resultant list of data by identifying communication relations and reducing a complexity of the resultant list;” (Fig. 7A, 8A show list of data with identified communication relations in the form of assigned zone and [0056] the device discovery component 210 can access device identification information present on a networked device (if the device supports auto-discovery) and update the model 216 to include the discovered device. In some embodiments, the device discovery component 210 can also retrieve any current device configuration information on the device (e.g., network address, pre-existing security parameters, etc.) that may be required by the system in order to generate security configuration instructions for the device or for other devices that will be communicating with the device; [0074] Selecting IP Block security for a zone specifies that the selected zone contains industrial assets identified by individual IP addresses or a range of IP addresses. This type of security may be mixed with either CIP Security with Certificate or CIP Security with PSK in the same security zone. [0076] These manually provided or automatically discovered asset-level attributes are encoded in the model 216 together with the zone-level attributes. Asset-level attributes may include, for example, an asset type attribute used to classify the device and to render the device's capabilities in the model 216, port attributes that specify one or more mechanisms by which the asset communicates with other assets (e.g., specifying that the asset is to communicate via its Ethernet port, and setting an IP address for the device), or other such attributes; [0085] FIGS. 7A and 7B depict a security policy comprising two security zones and an asset-to-asset conduit, in which all assets comprise devices that support CIP security. FIG. 7A is a table illustrating configuration input provided to the security configuration system 202 by a user in order to implement the security policy. As noted above, this configuration input can be received via interaction with one or more user interface displays generated by the graphical interface component 204, where the interface displays can conform to any suitable format in accordance with various embodiments. In one or more embodiments, the graphical interface component 204 may display one or more tables similar in format to those depicted in FIG. 7A; [0092] FIGS. 8A and 8B illustrate another example security strategy that can be implemented by security configuration system 202. FIG. 8A is a table illustrating example user configuration input that can be provided to (or, in some cases, automatically discovered by) security configuration system 202, and FIG. 8B is a diagram representing the security policy. In this example, devices D2-D3 all support CIP security and are assigned to the same zone (Zone 1); wherein the optimizing the resultant list of identified communication relations is showing which devices are in the specific security zone assigned, and in accordance with Fig. 7A and 8A, the complexity is reduced because only those devices which are in the zone are included in each area of the display, while other devices not in the zone are not included, thus reducing complexity because a list of all devices intermixed by zone is considered complex while a list of only those in a zone is simplified) “creating at least one automation component configuration comprising the determined functionality parameter setting and the determined security parameter setting” (Fig. 14 and [0049] Graphical interface component 204 can be configured to generate a set of graphical user interface displays with which a user can interact in order to define security zones, assign industrial and networking devices to defined zones, define conduits between devices and/or zones, download or distribute security configuration instructions to appropriate devices that make up an industrial automation environment, and other such functions; [0107] Once the security model has been completed and has been determined to comprise only enforceable security policies (NO at step 1414), the methodology proceeds to step 1416, where the system generates a set of device-level security instructions for implementation on one or more of the industrial assets. These security configuration instructions are generated based on an analysis of the security model, which in turn is generated based on the configuration input provided by the user....The system's translation engine can include knowledge of the types and formats of security configuration instructions supported by a range of different device types and vendors, allowing the system to appropriately map the security policies defined by the model to a set of vendor- and model-specific device-level security configuration instructions in order to implement the defined security policy. At 1420, the security configuration instructions are sent to the appropriate industrial assets on the plant floor (e.g., via the plant network).) “and configuring the at least one automation component of the industrial automation project based on the determined functionality parameter settings and the determined security parameter settings” (Fig. 14 and [0046] The configuration system translates the defined security policy into device-level security configuration instructions that are then downloaded or otherwise sent to the appropriate devices (e.g., network infrastructure devices and/or industrial devices) in order to implement the defined security policy. This translation can be based on defined translation rules maintained by the configuration system. These translation rules can include vendor-specific rules capable of generating appropriate security configuration instructions for respective vendor-specific devices. In this way, the system hides or abstracts from the user the technical complexities associated with setting device-level security parameters; [0107] Once the security model has been completed and has been determined to comprise only enforceable security policies (NO at step 1414), the methodology proceeds to step 1416, where the system generates a set of device-level security instructions for implementation on one or more of the industrial assets. These security configuration instructions are generated based on an analysis of the security model, which in turn is generated based on the configuration input provided by the user....The system's translation engine can include knowledge of the types and formats of security configuration instructions supported by a range of different device types and vendors, allowing the system to appropriately map the security policies defined by the model to a set of vendor- and model-specific device-level security configuration instructions in order to implement the defined security policy. At 1420, the security configuration instructions are sent to the appropriate industrial assets on the plant floor (e.g., via the plant network)).

In regard to Claim 18, Bush discloses “The method according to claim 17, wherein said determining automation component description data further comprises: retrieving at least one of (i) a default functionality parameter setting and (ii) a default security parameter setting; said determining the functionality parameter setting being further based on at least one of (i) the default functionality parameter setting and (ii) the default security parameter setting” ([0056] For embodiments that include a device discovery component 210, the configuration system 202 can poll plant network 406 for industrial devices present on the network. In such embodiments, the device discovery component 210 can access device identification information present on a networked device (if the device supports auto-discovery) and update the model 216 to include the discovered device. In some embodiments, the device discovery component 210 can also retrieve any current device configuration information on the device (e.g., network address, pre-existing security parameters, etc.) that may be required by the system in order to generate security configuration instructions for the device or for other devices that will be communicating with the device.).

In regards to Claim 20, Bush discloses “The method according to claim 17, further comprising: combining the determined security parameter settings to a set of project-level security data for the automation project” (Fig. 4 and [0045] one or more embodiments of the present disclosure relate to a model-based security policy configuration system for industrial automation devices and assets. In one or more embodiments, the configuration system can maintain a model of an industrial environment that inventories industrial devices and network infrastructure devices distributed throughout a plant environment, as well as networked interconnections and relationships between the various devices; wherein a plant is considered a project, as it is an interrelated set of devices all functioning towards the same goal (i.e. operating the plant) [0086] A Device Definition table 704 may include information defining the inventory of industrial assets and devices for which the plant-wide security strategy is to be implemented).  

In regards to Claim 21, Bush discloses “The method according to claim 17, further comprising: providing at least one of (i) the automation component configurations and (ii) project-level security data to a receiving tool” ([0056] For embodiments that include a device discovery component 210, the configuration system 202 can poll plant network 406 for industrial devices present on the network. In such embodiments, the device discovery component 210 can access device identification information present on a networked device (if the device supports auto-discovery) and update the model 216 to include the discovered device. In some embodiments, the device discovery component 210 can also retrieve any current device configuration information on the device (e.g., network address, pre-existing security parameters, etc.) that may be required by the system in order to generate security configuration instructions for the device or for other devices that will be communicating with the device; [0083] business rules may also identify potential conflicts between enforcement solutions before or after such solutions are deployed. In such embodiments, the system may perform real-time monitoring of the devices involved in the security policy to ensure that subsequent re-configurations of the devices do not conflict with a previously established security policy. For example, after deployment of a security strategy by the system, whereby secure communication between two devices is established, a user may use an independent configuration tool to re-configure a network infrastructure device (e.g., a firewall) in such a way as to block communications between the two devices, inadvertently conflicting with the security policy previously established by the security configuration system. Based on the model and the business rules, the system may detect such re-configurations, determine that the re-configuration conflicts with the previously defined security policy, and perform an action in response to this determination. The action may comprise, for example, delivering a notification message to one or more personnel responsible for administering the security strategy, automatically returning the affected device to its previously configured security settings (i.e., over-riding the re-configuration), or other such actions. In this way, the modeling tool and business rules can enforce defined security policies in real-time, easily identifying policy conflicts that would otherwise be difficult to track). 

In regards to Claim 22, Bush discloses “The method according to claim 21, wherein the receiving tool comprises at least one of a verification tool and a monitoring tool” ([[0083] business rules may also identify potential conflicts between enforcement solutions before or after such solutions are deployed. In such embodiments, the system may perform real-time monitoring of the devices involved in the security policy to ensure that subsequent re-configurations of the devices do not conflict with a previously established security policy. For example, after deployment of a security strategy by the system, whereby secure communication between two devices is established, a user may use an independent configuration tool to re-configure a network infrastructure device (e.g., a firewall) in such a way as to block communications between the two devices, inadvertently conflicting with the security policy previously established by the security configuration system. Based on the model and the business rules, the system may detect such re-configurations, determine that the re-configuration conflicts with the previously defined security policy, and perform an action in response to this determination. The action may comprise, for example, delivering a notification message to one or more personnel responsible for administering the security strategy, automatically returning the affected device to its previously configured security settings (i.e., over-riding the re-configuration), or other such actions. In this way, the modeling tool and business rules can enforce defined security policies in real-time, easily identifying policy conflicts that would otherwise be difficult to track; [0039] The industrial controllers 118 can also store persisted data values that can be referenced by the control program and used for control decisions, including but not limited to measured or calculated values representing operational states of a controlled machine or process (e.g., tank levels, positions, alarms, etc.) or captured time series data that is collected during operation of the automation system (e.g., status information for multiple points in time, diagnostic occurrences, etc.).

In regards to Claim 23, Bush discloses “The method according to claim 17, further comprising: providing an automation component configuration for one of (i) each automation component and (ii) each group of related automation components” ([0046] Once all necessary devices of an automation system or plant environment have been added to respective security zones and any desired conduits are defined, the configuration system can implement a system-wide security policy based on the zone and conduit information defined by the user, as well as the system model. The configuration system translates the defined security policy into device-level security configuration instructions that are then downloaded or otherwise sent to the appropriate devices (e.g., network infrastructure devices and/or industrial devices) in order to implement the defined security policy; wherein a zone is a group of related automation components).

In regards to Claim 24, Bush discloses “The method according to claim 17, further comprising: evaluating a set of project-level security data of the automation project in accordance with definable security criteria” ([0083] business rules may also identify potential conflicts between enforcement solutions before or after such solutions are deployed. In such embodiments, the system may perform real-time monitoring of the devices involved in the security policy to ensure that subsequent re-configurations of the devices do not conflict with a previously established security policy. For example, after deployment of a security strategy by the system, whereby secure communication between two devices is established, a user may use an independent configuration tool to re-configure a network infrastructure device (e.g., a firewall) in such a way as to block communications between the two devices, inadvertently conflicting with the security policy previously established by the security configuration system. Based on the model and the business rules, the system may detect such re-configurations, determine that the re-configuration conflicts with the previously defined security policy, and perform an action in response to this determination. The action may comprise, for example, delivering a notification message to one or more personnel responsible for administering the security strategy, automatically returning the affected device to its previously configured security settings (i.e., over-riding the re-configuration), or other such actions. In this way, the modeling tool and business rules can enforce defined security policies in real-time, easily identifying policy conflicts that would otherwise be difficult to track).

In regards to Claim 25, Bush discloses “The method according to claim 17, further comprising: optimizing a set of project-level security data in accordance with at least one of (i) a definable project security level and (ii) definable security zones” (Fig. 6D and [0049] Graphical interface component 204 can be configured to generate a set of graphical user interface displays with which a user can interact in order to define security zones, assign industrial and networking devices to defined zones, define conduits between devices and/or zones, download or distribute security configuration instructions to appropriate devices that make up an industrial automation environment, and other such functions; [0050] Instruction translation component 206 can be configured to read device, zone, and conduit information provided by the user (or automatically detected by the configuration system 202) and generate a set of security configuration instructions that, when implemented on respective industrial and/or networking devices, enforce the plant-wide security strategy defined by the user-provided device, zone, and conduit information; [0060] Through interaction with the Security Zones node 604, a user can create any number of security zones. As shown in FIG. 6B, devices can then be added to each zone by invoking a pop-up menu 608 for a selected zone (e.g., by right-clicking on the selected zone's icon) and selecting a Add Device option, which can invoke a list of available devices that make up the set of industrial assets 408. The user can associate one or more devices with a zone by selecting the desired devices from this device list. Menu 608 also allows the user to assign a defined certificate authority to each zone, as well as to set other zone-level security attributes and properties for the zone. Zone-level attributes configured in this manner will be applied to all devices assigned to the zone).

In regards to Claim 26, Bush discloses “The method according to claim 17, further comprising: structuring the automation component description data in accordance with a format comprising at least functionality data and security data” (Fig. 7A, 8A, 9A, 10A, 11A, 12A and 13A all show a format of data in the form of a table that comprises all functional and security data; [0085] FIG. 7A is a table illustrating configuration input provided to the security configuration system 202 by a user in order to implement the security policy. As noted above, this configuration input can be received via interaction with one or more user interface displays generated by the graphical interface component 204, where the interface displays can conform to any suitable format in accordance with various embodiments. In one or more embodiments, the graphical interface component 204 may display one or more tables similar in format to those depicted in FIG. 7A. For example, the graphical interface component 204 may generate and display a Zone Definition table 702 for entry of zone definition information, and a Conduit Definition table 706 for entry of conduit definition information. The Zone Definition table 702 may include fields for assigning a zone name to a new zone, selecting a type of security to be used within each zone (e.g., user certificate, PSK, whitelist, etc.), indicating whether I/O and/or messaging within the zone is to be secure, and other such zone-level definitions).

In regards to Claim 27, Bush discloses “The method according to claim 17, further comprising: enriching the automation component description data with at least parts of the automation component configurations” ([0056] Security configuration using the security configuration system 202 is driven in part by model 216, which models the collection of industrial assets 408 and the networked connectivity between the devices. Model 216 can be generating using one or both of manual configuration or automatic device detection. To allow devices to be added to model 216, some embodiments of security configuration system 202 can maintain a database of industrial device definitions that can be manually or automatically selected and added to the model as needed. For manual configuration, the graphical interface component 204 may generate and display one or more device selection screens that allow the user to browse a stored database of devices according to one or more of device vendor, device model, device type, firmware revision, or other device identification information. For embodiments that include a device discovery component 210, the configuration system 202 can poll plant network 406 for industrial devices present on the network. In such embodiments, the device discovery component 210 can access device identification information present on a networked device (if the device supports auto-discovery) and update the model 216 to include the discovered device; [0057] Model 216 represents this configuration of devices, and comprises a set of information identifying the industrial devices and network infrastructure devices that make up the collected set of industrial assets 408. An example model 216 may define each device in terms of the device vendor and model, the device's current software or firmware revisions, current network settings (e.g., network addresses), current security settings, and other relevant information.; [0077] As the industrial assets 408 are defined and grouped into security zones (and any desired conduits between devices and/or zones are defined), the model 216 is updated to record the set of industrial assets and the security relationships therebetween, as defined by the zones, conduits, channels, and any other zone-level and/or asset-level security attributes set by the user).

In regards to Claim 28, Bush discloses “An engineering system for providing at least one automation component configurations for an industrial automation project, the engineering system being configured to: determine automation component description data comprising at least one functionality parameter for configuring functionality of the at least one automation component and at least one security parameter for configuring security functions of the at least one automation component” (Fig. 2 item 202 and [0004]  a system for configuring security in an industrial environment is provided, comprising an interface component configured to receive zone configuration input that assigns respective industrial assets to selected security zones; an instruction translation component configured to generate one or more security configuration instructions directed to one or more of the industrial assets based on the zone configuration input, wherein the one or more security configuration instructions are configured to set respective asset-level security settings on the one or more of the industrial assets; [0053] The model-based security configuration system described herein allows a user to easily create a security model for their collection of networked industrial assets, which is then used by the system to generate device-specific security configuration instructions and set device security parameters for individual devices on the network [0054]  the security configuration system 202 described herein provides an intuitive interface with which the user can define these various trust relationships between their various industrial assets, and generates a suitable set of security configuration instructions for deployment to the user's industrial assets based on these defined trust relationships, thereby abstracting and simplifying the process of configuring the security parameters for each individual device; [0075] The system can also allow the user to set other security attributes for a defined zone (e.g., allowed cipher suites, verify expirations, or other such security attributes). The system can also allow the user to set a number of attributes for the zone that are not specifically security related (e.g., disable HTTP, etc.).[0076] In addition to zone-level attributes, the system also allows the user to set a number of asset-level attributes. These attributes are applied to specific industrial assets and devices. In some scenarios, some or all of these asset-level attributes may be read automatically by the configuration system as part of a device auto-discovery routine (implemented by the device discovery component 210). These manually provided or automatically discovered asset-level attributes are encoded in the model 216 together with the zone-level attributes. Asset-level attributes may include, for example, an asset type attribute used to classify the device and to render the device's capabilities in the model 216, port attributes that specify one or more mechanisms by which the asset communicates with other assets (e.g., specifying that the asset is to communicate via its Ethernet port, and setting an IP address for the device), or other such attributes) “determine, based on the industrial automation project, a functionality parameter setting for the at least one functionality parameter and a security parameter setting for the at least one security parameter” (Fig. 2 and 14 and [0050] Instruction translation component 206 can be configured to read device, zone, and conduit information provided by the user (or automatically detected by the configuration system 202) and generate a set of security configuration instructions that, when implemented on respective industrial and/or networking devices, enforce the plant-wide security strategy defined by the user-provided device, zone, and conduit information. The instruction translation component 206 can generate these instructions based on a stored model 216 that describes the inventory of industrial and networking devices that make up the user's plant environment, as well as the networked connectivity between the devices. This model 216 includes vendor and model information for the various devices, allowing instruction translation component 206 to generate appropriate vendor- and model-specific security configuration instructions that will implement the user's desired security policies. Instruction translation component 206 can also generate these instructions based on defined business rules 218 that determine how security configuration conflicts are to be resolved for a given scenario; [0107] Once the security model has been completed and has been determined to comprise only enforceable security policies (NO at step 1414), the methodology proceeds to step 1416, where the system generates a set of device-level security instructions for implementation on one or more of the industrial assets. These security configuration instructions are generated based on an analysis of the security model, which in turn is generated based on the configuration input provided by the user. In one or more embodiments, the system that generated the interface at step 1402 maintains a translation engine capable of converting the security policy configuration information provided in previous steps into device- and vendor-specific security configuration instructions that, when executed on the individual target assets, will implement the plant-wide security strategy defined in previous steps) “create at least one automation component configuration comprising the determined functionality parameter settings and the determined security parameter settings;” (Fig. 14 and [0049] Graphical interface component 204 can be configured to generate a set of graphical user interface displays with which a user can interact in order to define security zones, assign industrial and networking devices to defined zones, define conduits between devices and/or zones, download or distribute security configuration instructions to appropriate devices that make up an industrial automation environment, and other such functions; [0107] Once the security model has been completed and has been determined to comprise only enforceable security policies (NO at step 1414), the methodology proceeds to step 1416, where the system generates a set of device-level security instructions for implementation on one or more of the industrial assets. These security configuration instructions are generated based on an analysis of the security model, which in turn is generated based on the configuration input provided by the user....The system's translation engine can include knowledge of the types and formats of security configuration instructions supported by a range of different device types and vendors, allowing the system to appropriately map the security policies defined by the model to a set of vendor- and model-specific device-level security configuration instructions in order to implement the defined security policy. At 1420, the security configuration instructions are sent to the appropriate industrial assets on the plant floor (e.g., via the plant network)) “aggregating ports which are currently sending/receiving data, aggregating configured IP addresses of the automation component in the determined automation component description data and optimizing a resultant list of data by identifying communication relations and reducing a complexity of the resultant list;” (Fig. 7A, 8A show list of data with identified communication relations in the form of assigned zone and [0056] the device discovery component 210 can access device identification information present on a networked device (if the device supports auto-discovery) and update the model 216 to include the discovered device. In some embodiments, the device discovery component 210 can also retrieve any current device configuration information on the device (e.g., network address, pre-existing security parameters, etc.) that may be required by the system in order to generate security configuration instructions for the device or for other devices that will be communicating with the device; [0074] Selecting IP Block security for a zone specifies that the selected zone contains industrial assets identified by individual IP addresses or a range of IP addresses. This type of security may be mixed with either CIP Security with Certificate or CIP Security with PSK in the same security zone. [0076] These manually provided or automatically discovered asset-level attributes are encoded in the model 216 together with the zone-level attributes. Asset-level attributes may include, for example, an asset type attribute used to classify the device and to render the device's capabilities in the model 216, port attributes that specify one or more mechanisms by which the asset communicates with other assets (e.g., specifying that the asset is to communicate via its Ethernet port, and setting an IP address for the device), or other such attributes; [0085] FIGS. 7A and 7B depict a security policy comprising two security zones and an asset-to-asset conduit, in which all assets comprise devices that support CIP security. FIG. 7A is a table illustrating configuration input provided to the security configuration system 202 by a user in order to implement the security policy. As noted above, this configuration input can be received via interaction with one or more user interface displays generated by the graphical interface component 204, where the interface displays can conform to any suitable format in accordance with various embodiments. In one or more embodiments, the graphical interface component 204 may display one or more tables similar in format to those depicted in FIG. 7A; [0092] FIGS. 8A and 8B illustrate another example security strategy that can be implemented by security configuration system 202. FIG. 8A is a table illustrating example user configuration input that can be provided to (or, in some cases, automatically discovered by) security configuration system 202, and FIG. 8B is a diagram representing the security policy. In this example, devices D2-D3 all support CIP security and are assigned to the same zone (Zone 1); wherein the optimizing the resultant list of identified communication relations is showing which devices are in the specific security zone assigned, and in accordance with Fig. 7A and 8A, the complexity is reduced because only those devices which are in the zone are included in each area of the display, while other devices not in the zone are not included, thus reducing complexity because a list of all devices intermixed by zone is considered complex while a list of only those in a zone is simplified) “and configuring the at least one automation component of the industrial automation project based on the determined functionality parameter settings and the determined security parameter settings” (Fig. 14 and [0046] The configuration system translates the defined security policy into device-level security configuration instructions that are then downloaded or otherwise sent to the appropriate devices (e.g., network infrastructure devices and/or industrial devices) in order to implement the defined security policy. This translation can be based on defined translation rules maintained by the configuration system. These translation rules can include vendor-specific rules capable of generating appropriate security configuration instructions for respective vendor-specific devices. In this way, the system hides or abstracts from the user the technical complexities associated with setting device-level security parameters; [0107] Once the security model has been completed and has been determined to comprise only enforceable security policies (NO at step 1414), the methodology proceeds to step 1416, where the system generates a set of device-level security instructions for implementation on one or more of the industrial assets. These security configuration instructions are generated based on an analysis of the security model, which in turn is generated based on the configuration input provided by the user....The system's translation engine can include knowledge of the types and formats of security configuration instructions supported by a range of different device types and vendors, allowing the system to appropriately map the security policies defined by the model to a set of vendor- and model-specific device-level security configuration instructions in order to implement the defined security policy. At 1420, the security configuration instructions are sent to the appropriate industrial assets on the plant floor (e.g., via the plant network)).

In regards to Claim 29, Bush discloses “Automation component comprising: a processor; and memory;” ([0039] Industrial controllers 118 may communicatively interface with industrial devices 120 over hardwired or networked connections. For example, industrial controllers 118 can be equipped with native hardwired inputs and outputs that communicate with the industrial devices 120 to effect control of the devices; [0047] FIG. 2 is a block diagram of an example model-based security configuration system 202 according to one or more embodiments of this disclosure; [0048] Model-based security configuration system 302 can include a graphical interface component 204, an instruction translation component 206, a communication component 208, a device discovery component 210, one or more processors 212, and memory 214;) “wherein the processor is configured to: at least one of (i) receive and (ii) retrieve automation component configurations by receiving: determined automation component description data comprising at least one functionality parameter for configuring functionality of the automation component; and determined at least one security parameter for configuring security functions of the automation component” ([0004]  a system for configuring security in an industrial environment is provided, comprising an interface component configured to receive zone configuration input that assigns respective industrial assets to selected security zones; an instruction translation component configured to generate one or more security configuration instructions directed to one or more of the industrial assets based on the zone configuration input, wherein the one or more security configuration instructions are configured to set respective asset-level security settings on the one or more of the industrial assets; [0053] The model-based security configuration system described herein allows a user to easily create a security model for their collection of networked industrial assets, which is then used by the system to generate device-specific security configuration instructions and set device security parameters for individual devices on the network [0049] Graphical interface component 204 can be configured to generate a set of graphical user interface displays with which a user can interact in order to define security zones, assign industrial and networking devices to defined zones, define conduits between devices and/or zones, download or distribute security configuration instructions to appropriate devices that make up an industrial automation environment, and other such functions; [0054] the security configuration system 202 described herein provides an intuitive interface with which the user can define these various trust relationships between their various industrial assets, and generates a suitable set of security configuration instructions for deployment to the user's industrial assets based on these defined trust relationships, thereby abstracting and simplifying the process of configuring the security parameters for each individual device; [0075] The system can also allow the user to set other security attributes for a defined zone (e.g., allowed cipher suites, verify expirations, or other such security attributes). The system can also allow the user to set a number of attributes for the zone that are not specifically security related (e.g., disable HTTP, etc.).[0076] In addition to zone-level attributes, the system also allows the user to set a number of asset-level attributes. These attributes are applied to specific industrial assets and devices. In some scenarios, some or all of these asset-level attributes may be read automatically by the configuration system as part of a device auto-discovery routine (implemented by the device discovery component 210). These manually provided or automatically discovered asset-level attributes are encoded in the model 216 together with the zone-level attributes. Asset-level attributes may include, for example, an asset type attribute used to classify the device and to render the device's capabilities in the model 216, port attributes that specify one or more mechanisms by which the asset communicates with other assets (e.g., specifying that the asset is to communicate via its Ethernet port, and setting an IP address for the device), or other such attributes) “and provided at least one automation component configuration comprising a determined functionality parameter settings and determined security parameter settings” (Fig. 14 and [0049] Graphical interface component 204 can be configured to generate a set of graphical user interface displays with which a user can interact in order to define security zones, assign industrial and networking devices to defined zones, define conduits between devices and/or zones, download or distribute security configuration instructions to appropriate devices that make up an industrial automation environment, and other such functions;[0107] The system's translation engine can include knowledge of the types and formats of security configuration instructions supported by a range of different device types and vendors, allowing the system to appropriately map the security policies defined by the model to a set of vendor- and model-specific device-level security configuration instructions in order to implement the defined security policy. At 1420, the security configuration instructions are sent to the appropriate industrial assets on the plant floor (e.g., via the plant network)) “and wherein the processor is configured to: apply functionality parameter settings and security parameter settings obtained from at least one of the (i) received and (ii) retrieved automation component configurations” ([0060] The user can associate one or more devices with a zone by selecting the desired devices from this device list. Menu 608 also allows the user to assign a defined certificate authority to each zone, as well as to set other zone-level security attributes and properties for the zone. Zone-level attributes configured in this manner will be applied to all devices assigned to the zone; [0071] Once one or more security zones have been defined, the graphical interface component 204 allows the user to define various zone-level security attributes for each zone. The configuration system will apply these zone-level security attributes to all devices within the zone) “wherein ports which are currently sending/receiving data are aggregated, configured IP addresses of the automation component in the determined automation component description data are aggregated by an engineering system and a resultant list of data is optimized by the engineering system by identifying communication relations and reducing a complexity of the resultant list;” (Fig. 2 shows engineer system, 7A, 8A show list of data with identified communication relations in the form of assigned zone and [0056] the device discovery component 210 can access device identification information present on a networked device (if the device supports auto-discovery) and update the model 216 to include the discovered device. In some embodiments, the device discovery component 210 can also retrieve any current device configuration information on the device (e.g., network address, pre-existing security parameters, etc.) that may be required by the system in order to generate security configuration instructions for the device or for other devices that will be communicating with the device; [0074] Selecting IP Block security for a zone specifies that the selected zone contains industrial assets identified by individual IP addresses or a range of IP addresses. This type of security may be mixed with either CIP Security with Certificate or CIP Security with PSK in the same security zone. [0076] These manually provided or automatically discovered asset-level attributes are encoded in the model 216 together with the zone-level attributes. Asset-level attributes may include, for example, an asset type attribute used to classify the device and to render the device's capabilities in the model 216, port attributes that specify one or more mechanisms by which the asset communicates with other assets (e.g., specifying that the asset is to communicate via its Ethernet port, and setting an IP address for the device), or other such attributes; [0085] FIGS. 7A and 7B depict a security policy comprising two security zones and an asset-to-asset conduit, in which all assets comprise devices that support CIP security. FIG. 7A is a table illustrating configuration input provided to the security configuration system 202 by a user in order to implement the security policy. As noted above, this configuration input can be received via interaction with one or more user interface displays generated by the graphical interface component 204, where the interface displays can conform to any suitable format in accordance with various embodiments. In one or more embodiments, the graphical interface component 204 may display one or more tables similar in format to those depicted in FIG. 7A; [0092] FIGS. 8A and 8B illustrate another example security strategy that can be implemented by security configuration system 202. FIG. 8A is a table illustrating example user configuration input that can be provided to (or, in some cases, automatically discovered by) security configuration system 202, and FIG. 8B is a diagram representing the security policy. In this example, devices D2-D3 all support CIP security and are assigned to the same zone (Zone 1); wherein the optimizing the resultant list of identified communication relations is showing which devices are in the specific security zone assigned, and in accordance with Fig. 7A and 8A, the complexity is reduced because only those devices which are in the zone are included in each area of the display, while other devices not in the zone are not included, thus reducing complexity because a list of all devices intermixed by zone is considered complex while a list of only those in a zone is simplified) “and wherein the automation component is configured in an industrial automation project based on the determined functionality parameter settings and the determined security parameter settings” (Fig. 14 and [0046] The configuration system translates the defined security policy into device-level security configuration instructions that are then downloaded or otherwise sent to the appropriate devices (e.g., network infrastructure devices and/or industrial devices) in order to implement the defined security policy. This translation can be based on defined translation rules maintained by the configuration system. These translation rules can include vendor-specific rules capable of generating appropriate security configuration instructions for respective vendor-specific devices. In this way, the system hides or abstracts from the user the technical complexities associated with setting device-level security parameters; [0107] Once the security model has been completed and has been determined to comprise only enforceable security policies (NO at step 1414), the methodology proceeds to step 1416, where the system generates a set of device-level security instructions for implementation on one or more of the industrial assets. These security configuration instructions are generated based on an analysis of the security model, which in turn is generated based on the configuration input provided by the user....The system's translation engine can include knowledge of the types and formats of security configuration instructions supported by a range of different device types and vendors, allowing the system to appropriately map the security policies defined by the model to a set of vendor- and model-specific device-level security configuration instructions in order to implement the defined security policy. At 1420, the security configuration instructions are sent to the appropriate industrial assets on the plant floor (e.g., via the plant network)).

In regards to Claim 30, Bush discloses “An automation component database providing at least one of (i) automation component description data, (ii) default functionality parameters and (iii) default security parameters” (Fig. 2 memory 214 and [0056] To allow devices to be added to model 216, some embodiments of security configuration system 202 can maintain a database of industrial device definitions that can be manually or automatically selected and added to the model as needed; [0086] A Device Definition table 704 may include information defining the inventory of industrial assets and devices for which the plant-wide security strategy is to be implemented. For embodiments that support auto-discovery, at least some of this device information may be discovered automatically by the device discovery component 210, including but not limited to asset catalog numbers and current IP addresses, and indications as to whether each device supports CIP security) “wherein the database is accessed when: determining automation component description data comprising at least one functionality parameter for configuring functionality of at least one automation component and determining at least one security parameter for configuring security functions of the at least one automation component;” (Fig. 2 and 4 and [0004]  a system for configuring security in an industrial environment is provided, comprising an interface component configured to receive zone configuration input that assigns respective industrial assets to selected security zones; an instruction translation component configured to generate one or more security configuration instructions directed to one or more of the industrial assets based on the zone configuration input, wherein the one or more security configuration instructions are configured to set respective asset-level security settings on the one or more of the industrial assets; [0053] The model-based security configuration system described herein allows a user to easily create a security model for their collection of networked industrial assets, which is then used by the system to generate device-specific security configuration instructions and set device security parameters for individual devices on the network [0054]  the security configuration system 202 described herein provides an intuitive interface with which the user can define these various trust relationships between their various industrial assets, and generates a suitable set of security configuration instructions for deployment to the user's industrial assets based on these defined trust relationships, thereby abstracting and simplifying the process of configuring the security parameters for each individual device; [0075] The system can also allow the user to set other security attributes for a defined zone (e.g., allowed cipher suites, verify expirations, or other such security attributes). The system can also allow the user to set a number of attributes for the zone that are not specifically security related (e.g., disable HTTP, etc.).[0076] In addition to zone-level attributes, the system also allows the user to set a number of asset-level attributes. These attributes are applied to specific industrial assets and devices. In some scenarios, some or all of these asset-level attributes may be read automatically by the configuration system as part of a device auto-discovery routine (implemented by the device discovery component 210). These manually provided or automatically discovered asset-level attributes are encoded in the model 216 together with the zone-level attributes. Asset-level attributes may include, for example, an asset type attribute used to classify the device and to render the device's capabilities in the model 216, port attributes that specify one or more mechanisms by which the asset communicates with other assets (e.g., specifying that the asset is to communicate via its Ethernet port, and setting an IP address for the device), or other such attributes) “determining, by an engineering system, based on an industrial automation project, a functionality parameter setting for the at least one functionality parameter and a security parameter setting for the at least one security parameter;” (Fig. 2, 4 and [0050] Instruction translation component 206 can be configured to read device, zone, and conduit information provided by the user (or automatically detected by the configuration system 202) and generate a set of security configuration instructions that, when implemented on respective industrial and/or networking devices, enforce the plant-wide security strategy defined by the user-provided device, zone, and conduit information. The instruction translation component 206 can generate these instructions based on a stored model 216 that describes the inventory of industrial and networking devices that make up the user's plant environment, as well as the networked connectivity between the devices. This model 216 includes vendor and model information for the various devices, allowing instruction translation component 206 to generate appropriate vendor- and model-specific security configuration instructions that will implement the user's desired security policies. Instruction translation component 206 can also generate these instructions based on defined business rules 218 that determine how security configuration conflicts are to be resolved for a given scenario; [0107] Once the security model has been completed and has been determined to comprise only enforceable security policies (NO at step 1414), the methodology proceeds to step 1416, where the system generates a set of device-level security instructions for implementation on one or more of the industrial assets. These security configuration instructions are generated based on an analysis of the security model, which in turn is generated based on the configuration input provided by the user. In one or more embodiments, the system that generated the interface at step 1402 maintains a translation engine capable of converting the security policy configuration information provided in previous steps into device- and vendor-specific security configuration instructions that, when executed on the individual target assets, will implement the plant-wide security strategy defined in previous steps) “providing at least one automation component configuration comprising the determined functionality parameter settings and the determined security parameter settings” (Fig. 14 and [0049] Graphical interface component 204 can be configured to generate a set of graphical user interface displays with which a user can interact in order to define security zones, assign industrial and networking devices to defined zones, define conduits between devices and/or zones, download or distribute security configuration instructions to appropriate devices that make up an industrial automation environment, and other such functions;[0107] The system's translation engine can include knowledge of the types and formats of security configuration instructions supported by a range of different device types and vendors, allowing the system to appropriately map the security policies defined by the model to a set of vendor- and model-specific device-level security configuration instructions in order to implement the defined security policy. At 1420, the security configuration instructions are sent to the appropriate industrial assets on the plant floor (e.g., via the plant network)) “aggregating, by an engineering system, ports which are currently sending/receiving data, aggregating configured IP addresses of the automation component in the determined automation component description data and optimizing a resultant list of data by identifying communication relations and reducing a complexity of the resultant list;” (Fig. 7A, 8A show list of data with identified communication relations in the form of assigned zone and [0056] the device discovery component 210 can access device identification information present on a networked device (if the device supports auto-discovery) and update the model 216 to include the discovered device. In some embodiments, the device discovery component 210 can also retrieve any current device configuration information on the device (e.g., network address, pre-existing security parameters, etc.) that may be required by the system in order to generate security configuration instructions for the device or for other devices that will be communicating with the device; [0074] Selecting IP Block security for a zone specifies that the selected zone contains industrial assets identified by individual IP addresses or a range of IP addresses. This type of security may be mixed with either CIP Security with Certificate or CIP Security with PSK in the same security zone. [0076] These manually provided or automatically discovered asset-level attributes are encoded in the model 216 together with the zone-level attributes. Asset-level attributes may include, for example, an asset type attribute used to classify the device and to render the device's capabilities in the model 216, port attributes that specify one or more mechanisms by which the asset communicates with other assets (e.g., specifying that the asset is to communicate via its Ethernet port, and setting an IP address for the device), or other such attributes; [0085] FIGS. 7A and 7B depict a security policy comprising two security zones and an asset-to-asset conduit, in which all assets comprise devices that support CIP security. FIG. 7A is a table illustrating configuration input provided to the security configuration system 202 by a user in order to implement the security policy. As noted above, this configuration input can be received via interaction with one or more user interface displays generated by the graphical interface component 204, where the interface displays can conform to any suitable format in accordance with various embodiments. In one or more embodiments, the graphical interface component 204 may display one or more tables similar in format to those depicted in FIG. 7A; [0092] FIGS. 8A and 8B illustrate another example security strategy that can be implemented by security configuration system 202. FIG. 8A is a table illustrating example user configuration input that can be provided to (or, in some cases, automatically discovered by) security configuration system 202, and FIG. 8B is a diagram representing the security policy. In this example, devices D2-D3 all support CIP security and are assigned to the same zone (Zone 1); wherein the optimizing the resultant list of identified communication relations is showing which devices are in the specific security zone assigned, and in accordance with Fig. 7A and 8A, the complexity is reduced because only those devices which are in the zone are included in each area of the display, while other devices not in the zone are not included, thus reducing complexity because a list of all devices intermixed by zone is considered complex while a list of only those in a zone is simplified) “and configuring the at least one automation component of the industrial automation project based on the determined functionality parameter settings and the determined security parameter settings” (Fig. 14 and [0046] The configuration system translates the defined security policy into device-level security configuration instructions that are then downloaded or otherwise sent to the appropriate devices (e.g., network infrastructure devices and/or industrial devices) in order to implement the defined security policy. This translation can be based on defined translation rules maintained by the configuration system. These translation rules can include vendor-specific rules capable of generating appropriate security configuration instructions for respective vendor-specific devices. In this way, the system hides or abstracts from the user the technical complexities associated with setting device-level security parameters; [0107] Once the security model has been completed and has been determined to comprise only enforceable security policies (NO at step 1414), the methodology proceeds to step 1416, where the system generates a set of device-level security instructions for implementation on one or more of the industrial assets. These security configuration instructions are generated based on an analysis of the security model, which in turn is generated based on the configuration input provided by the user....The system's translation engine can include knowledge of the types and formats of security configuration instructions supported by a range of different device types and vendors, allowing the system to appropriately map the security policies defined by the model to a set of vendor- and model-specific device-level security configuration instructions in order to implement the defined security policy. At 1420, the security configuration instructions are sent to the appropriate industrial assets on the plant floor (e.g., via the plant network)).

In regards to Claim 31, Bush discloses “A receiving tool operative to at least one of receive and retrieve at least one of (i) automation component configurations and (ii) project-level security data provided by: determining automation component description data comprising at least one functionality parameter for configuring functionality of at least one automation component and determining at least one security parameter for configuring security functions of the at least one automation component;” (Fig. 2 and 14 and [0056] For manual configuration, the graphical interface component 204 may generate and display one or more device selection screens that allow the user to browse a stored database of devices according to one or more of device vendor, device model, device type, firmware revision, or other device identification information. For embodiments that include a device discovery component 210, the configuration system 202 can poll plant network 406 for industrial devices present on the network. In such embodiments, the device discovery component 210 can access device identification information present on a networked device (if the device supports auto-discovery) and update the model 216 to include the discovered device. In some embodiments, the device discovery component 210 can also retrieve any current device configuration information on the device (e.g., network address, pre-existing security parameters, etc.) that may be required by the system in order to generate security configuration instructions for the device or for other devices that will be communicating with the device; [0058]once the model 216 is configured to reflect the collection of industrial assets, the graphical interface component 204 can generate one or more trust definition screens that allow the user to further refine the model by defining a plant-wide security strategy for the device. In particular, the trust definitions screens provide an intuitive interface that allows the user to group the devices and assets into security zones, and define any desired channels and/or conduits between devices and zones, thereby defining high-level security policies for the collection of industrial assets 408. The graphical interface component 204 can render these security policy definition displays in any format suitable for receiving the user-defined security definition information; [0075] The system can also allow the user to set other security attributes for a defined zone (e.g., allowed cipher suites, verify expirations, or other such security attributes). The system can also allow the user to set a number of attributes for the zone that are not specifically security related (e.g., disable HTTP, etc.).[0076] In addition to zone-level attributes, the system also allows the user to set a number of asset-level attributes. These attributes are applied to specific industrial assets and devices. In some scenarios, some or all of these asset-level attributes may be read automatically by the configuration system as part of a device auto-discovery routine (implemented by the device discovery component 210). These manually provided or automatically discovered asset-level attributes are encoded in the model 216 together with the zone-level attributes. Asset-level attributes may include, for example, an asset type attribute used to classify the device and to render the device's capabilities in the model 216, port attributes that specify one or more mechanisms by which the asset communicates with other assets (e.g., specifying that the asset is to communicate via its Ethernet port, and setting an IP address for the device), or other such attributes) “determining, by an engineering system, based on the industrial automation project, a functionality parameter setting for the at least one functionality parameter (FP) and a security parameter setting for the at least one security parameter” (Fig. 2 and [0050] Instruction translation component 206 can be configured to read device, zone, and conduit information provided by the user (or automatically detected by the configuration system 202) and generate a set of security configuration instructions that, when implemented on respective industrial and/or networking devices, enforce the plant-wide security strategy defined by the user-provided device, zone, and conduit information. The instruction translation component 206 can generate these instructions based on a stored model 216 that describes the inventory of industrial and networking devices that make up the user's plant environment, as well as the networked connectivity between the devices. This model 216 includes vendor and model information for the various devices, allowing instruction translation component 206 to generate appropriate vendor- and model-specific security configuration instructions that will implement the user's desired security policies. Instruction translation component 206 can also generate these instructions based on defined business rules 218 that determine how security configuration conflicts are to be resolved for a given scenario; [0107] Once the security model has been completed and has been determined to comprise only enforceable security policies (NO at step 1414), the methodology proceeds to step 1416, where the system generates a set of device-level security instructions for implementation on one or more of the industrial assets. These security configuration instructions are generated based on an analysis of the security model, which in turn is generated based on the configuration input provided by the user. In one or more embodiments, the system that generated the interface at step 1402 maintains a translation engine capable of converting the security policy configuration information provided in previous steps into device- and vendor-specific security configuration instructions that, when executed on the individual target assets, will implement the plant-wide security strategy defined in previous steps) “said engineering system aggregating ports which are actively sending/receiving data, aggregating configured IP addresses of the automation component in the determined automation component description data and optimizing a resultant list of data by identifying communication relations and reducing a complexity of the resultant list;” (Fig. 7A, 8A show list of data with identified communication relations in the form of assigned zone and [0056] the device discovery component 210 can access device identification information present on a networked device (if the device supports auto-discovery) and update the model 216 to include the discovered device. In some embodiments, the device discovery component 210 can also retrieve any current device configuration information on the device (e.g., network address, pre-existing security parameters, etc.) that may be required by the system in order to generate security configuration instructions for the device or for other devices that will be communicating with the device; [0074] Selecting IP Block security for a zone specifies that the selected zone contains industrial assets identified by individual IP addresses or a range of IP addresses. This type of security may be mixed with either CIP Security with Certificate or CIP Security with PSK in the same security zone. [0076] These manually provided or automatically discovered asset-level attributes are encoded in the model 216 together with the zone-level attributes. Asset-level attributes may include, for example, an asset type attribute used to classify the device and to render the device's capabilities in the model 216, port attributes that specify one or more mechanisms by which the asset communicates with other assets (e.g., specifying that the asset is to communicate via its Ethernet port, and setting an IP address for the device), or other such attributes; [0085] FIGS. 7A and 7B depict a security policy comprising two security zones and an asset-to-asset conduit, in which all assets comprise devices that support CIP security. FIG. 7A is a table illustrating configuration input provided to the security configuration system 202 by a user in order to implement the security policy. As noted above, this configuration input can be received via interaction with one or more user interface displays generated by the graphical interface component 204, where the interface displays can conform to any suitable format in accordance with various embodiments. In one or more embodiments, the graphical interface component 204 may display one or more tables similar in format to those depicted in FIG. 7A; [0092] FIGS. 8A and 8B illustrate another example security strategy that can be implemented by security configuration system 202. FIG. 8A is a table illustrating example user configuration input that can be provided to (or, in some cases, automatically discovered by) security configuration system 202, and FIG. 8B is a diagram representing the security policy. In this example, devices D2-D3 all support CIP security and are assigned to the same zone (Zone 1); wherein the optimizing the resultant list of identified communication relations is showing which devices are in the specific security zone assigned, and in accordance with Fig. 7A and 8A, the complexity is reduced because only those devices which are in the zone are included in each area of the display, while other devices not in the zone are not included, thus reducing complexity because a list of all devices intermixed by zone is considered complex while a list of only those in a zone is simplified) “and providing at least one automation component configuration comprising the determined functionality parameter settings and the determined security parameter settings” (Fig. 14 and [0049] Graphical interface component 204 can be configured to generate a set of graphical user interface displays with which a user can interact in order to define security zones, assign industrial and networking devices to defined zones, define conduits between devices and/or zones, download or distribute security configuration instructions to appropriate devices that make up an industrial automation environment, and other such functions;[0107] The system's translation engine can include knowledge of the types and formats of security configuration instructions supported by a range of different device types and vendors, allowing the system to appropriately map the security policies defined by the model to a set of vendor- and model-specific device-level security configuration instructions in order to implement the defined security policy. At 1420, the security configuration instructions are sent to the appropriate industrial assets on the plant floor (e.g., via the plant network); [0076] In addition to zone-level attributes, the system also allows the user to set a number of asset-level attributes. These attributes are applied to specific industrial assets and devices. In some scenarios, some or all of these asset-level attributes may be read automatically by the configuration system as part of a device auto-discovery routine (implemented by the device discovery component 210). These manually provided or automatically discovered asset-level attributes are encoded in the model 216 together with the zone-level attributes.) “and wherein the receiving tool is further configured to process at least one of (i) the automation component configurations and (ii) project-level security data” ([0071] Once one or more security zones have been defined, the graphical interface component 204 allows the user to define various zone-level security attributes for each zone. The configuration system will apply these zone-level security attributes to all devices within the zone. For example, the user may define the type of security to be used within each security zone. Example security types that may be configured for a zone include, but are not limited to, common industrial protocol (CIP) Security with Certificate, CIP Security with Pre-Shared Key (PSK), IP Block security, firewall rules, etc.; [0077] The instruction translation component 206 translates the high-level, user-defined security policies—as defined by the zone, channel, and conduit definitions—into security configuration data 404 that can be sent to individual assets and devices to facilitate implementing the plant-wide security strategy.) “and configuring the at least one automation component of the industrial automation project based on the determined functionality parameter settings and the determined security parameter settings” (Fig. 14 and [0046] The configuration system translates the defined security policy into device-level security configuration instructions that are then downloaded or otherwise sent to the appropriate devices (e.g., network infrastructure devices and/or industrial devices) in order to implement the defined security policy. This translation can be based on defined translation rules maintained by the configuration system. These translation rules can include vendor-specific rules capable of generating appropriate security configuration instructions for respective vendor-specific devices. In this way, the system hides or abstracts from the user the technical complexities associated with setting device-level security parameters; [0107] Once the security model has been completed and has been determined to comprise only enforceable security policies (NO at step 1414), the methodology proceeds to step 1416, where the system generates a set of device-level security instructions for implementation on one or more of the industrial assets. These security configuration instructions are generated based on an analysis of the security model, which in turn is generated based on the configuration input provided by the user....The system's translation engine can include knowledge of the types and formats of security configuration instructions supported by a range of different device types and vendors, allowing the system to appropriately map the security policies defined by the model to a set of vendor- and model-specific device-level security configuration instructions in order to implement the defined security policy. At 1420, the security configuration instructions are sent to the appropriate industrial assets on the plant floor (e.g., via the plant network)).

In regards to Claim 32, Bush discloses “The receiving tool according to claim 31, wherein the receiving tool is further operative to provide a result of processing at least one of the (i) automation component configuration and (ii) project-level security data to an engineering system” ([0083] business rules may also identify potential conflicts between enforcement solutions before or after such solutions are deployed. In such embodiments, the system may perform real-time monitoring of the devices involved in the security policy to ensure that subsequent re-configurations of the devices do not conflict with a previously established security policy. For example, after deployment of a security strategy by the system, whereby secure communication between two devices is established, a user may use an independent configuration tool to re-configure a network infrastructure device (e.g., a firewall) in such a way as to block communications between the two devices, inadvertently conflicting with the security policy previously established by the security configuration system. Based on the model and the business rules, the system may detect such re-configurations, determine that the re-configuration conflicts with the previously defined security policy, and perform an action in response to this determination. The action may comprise, for example, delivering a notification message to one or more personnel responsible for administering the security strategy, automatically returning the affected device to its previously configured security settings (i.e., over-riding the re-configuration), or other such actions. In this way, the modeling tool and business rules can enforce defined security policies in real-time, easily identifying policy conflicts that would otherwise be difficult to track).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claim 35 is rejected under 35 U.S.C. 103 as being unpatentable over Bush as applied to claim 17 above, and further in view of Dutta et al. (US 20170359222, hereinafter Dutta).

In regards to Claim 35, Bush teaches the method of configuring an automation component with functional and security parameters as incorporated by claim 17 above.
Bush further teaches “The method according to claim 17, wherein the identified communication relations are enriched with security relevant data and automatically generated as communication graphs...” ([0089] FIG. 7B is a diagram depicting the security strategy implemented by the system in accordance with the user-provided configuration input depicted in FIG. 7A. In this example, the industrial assets comprise six devices D1-D6 that are grouped into two zones Z1 and Z2 (as indicated in the Device Definition section of FIG. 7A). The devices all support CIP security, and so are capable of exchanging data securely. In accordance with the zone groupings defined by the user, the instruction translation component 206 generates and deploys any device-level security configuration instructions necessary to allow devices D1-D3 to securely exchange data with one another in accordance with their Zone 1 designation, and to allow devise D4-D6 to securely exchange data with one another in accordance with their Zone 2 designation; [0092] FIG. 8B is a diagram representing the security policy. In this example, devices D2-D3 all support CIP security and are assigned to the same zone (Zone 1). Device D4, assigned to Zone 2, is a legacy product that does not support CIP security. An asset-to-asset conduit has been defined to allow communication between device D1 and legacy device D4. Since devices D1-D3 support CIP security, data exchange between these devices is performed securely. Since device D4 does not support CIP security, data exchange between D1 and D4 is permitted by virtue of the defined conduit between those two devices, but is not secure; wherein the indication of CIP security zone versus non-CIP security zone is considered ‘security relevant data’, and likewise the use of different security zones by different devices, including those that can exist in multiple zones like those of Fig. 9B).
Bush fails to teach “The method according to claim 17, wherein the identified communication relations are enriched with security relevant data and automatically generated as communication graphs illustrated on HMI systems to provide simplified security analysis and monitoring”.
Dutta teaches “The method according to claim 17, wherein the identified communication relations are enriched with security relevant data and automatically generated as communication graphs illustrated on HMI systems to provide simplified security analysis and monitoring” (Fig. 3 and [0030] The data agents block 110 can use the following steps described below relative to method 200 to discover and store the network topology including all the nodes present and their interconnection for any target C&I system (say DCS 105a) in the IF105, or for all C&I systems in IF105. FIG. 2A is a flow chart for an example method 200 of network topology determination for at least one C&I system in an IF, according to an example embodiment; [0032] For example, EXPERION information can be extracted from databases referred to as EMDB and ERDB of the C&I systems (that are generally stored in a memory of a server in the respective C&I systems) at a server node, and then a query of those devices based on the list of devices extracted from the server enables further information to be obtained that generally differs from node to node. [0039] FIG. 3 shows a simplified example C&I network topology drawing 300 that can be determined by a disclosed ANTD system 100 which automatically discovers all the nodes present in C&I system and connection details (including signal flow) between the nodes to automatically determine the network topology drawing 300. C&I network topology drawing 300 includes the network type, all its nodes and interconnecting networking devices, connectivity information including network relationships between the nodes and the interconnecting networking devices).
It would have been obvious to a person having ordinary skill in the art before the effective file date of the claimed invention to have modified the system that creates security zones and configuration information for configuring the network connections and security between automation devices, including the ability to understand how a communication graph would be created with security relevant data such as that shown in 7A and 7B, with the ability to display said graph on an HMI as taught by Dutta because it would offer the intrinsic benefit of allowing a user to more easily digest and understand the network security zones and how devices are allowed or disallowed from communicating with one another.  Additionally, the incorporation of the features of Dutta into Bush would offer the stated benefits noted by Dutta in [0006]-[0010], as Dutta notes that “[0010] The complete network topology diagram is highly useful as it provides a full view of control network(s) in the IF with the networking devices and the signal flow shown. The network topology diagram can be used to perform impact assessment or resolve network issues including in the case of overloading/packet loss or a network outage.”.  Both Bush and Dutta relate to automation system and the networking environment that exists for a particular automation system, making them in similar fields of use.  Based upon the provided disclosures, Bush teaches that network node maps/graphs like those made by Dutta can be created like those in figures 7B and 8B (and others) but does not explicitly say that an actual HMI presented to a user is created to show these relationship.  Dutta teaches a system that creates these network node maps/graphs and shows these to users.  It is therefore a simple task for Bush to create an HMI for presentation to a user like those shown in figures 7B and 8B using procedures utilized by Dutta.  Dutta also teaches that “signal flow” can be shown thus assisting in determining packet loss and network outage, thus providing ‘simplified security analysis and monitoring.  For example, the databases shown in Fig. 7A and 8A can be parsed in the way Dutta does to discover these security and communication relationships and create an HMI like that of Dutta using the information from Bush along with the additional data gathered by Dutta.  It would be understood by a person having ordinary skill in the art that once the networking information is known, putting it into a display graph for a user is trivial as the use of computer graphics for representing information is well-known.  By combining these elements, it can be considered taking the known system that uses a database of networking connectivity and security information to create security zones and configure the devices to operate in those zones as taught by Bush, with the known ability to create a network map/graph from a database of network connectivity information for display to a user to create a system wherein a database of networking connectivity and security information to create security zones and configure the devices to operate in those zones is then utilized to build an HMI displaying said information graphically to a user.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JONATHAN M SKRZYCKI whose telephone number is (571)272-0933. The examiner can normally be reached M-F 7:30-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kenneth Lo can be reached on (571) 272-9774. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/JONATHAN MICHAEL SKRZYCKI/           Examiner, Art Unit 2116                                                                                                                                                                                             

/KENNETH M LO/           Supervisory Patent Examiner, Art Unit 2116