DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In communications filed on 11/23/2022. Claims 1, 4, 9, 12, 14, and 16-18 are amended. Claim 3 cancelled. Claims 1-2, and 4-20 are pending in this examination.
 In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.   This examination is in response to US Patent Application No. 16/065,315.

Examiner Note
Applicant’s amendment to claim 9 obviates previously raised claim 9, 35 U.S.C .112(b) rejection. 
Applicant is encouraged to review the relevant references mentioned at the conclusion section of this office action.

Response to Argument
Applicant’s arguments with respect to the independent claims for newly added limitation have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-2, 4, 7- 8, 10-11, and 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over Bieneman et. al.  (U.S Patent Application Publication No. 20180038187 A1), hereinafter Bieneman, in view of Tunc et. al. (U.S Patent Application Publication No. 20160290119 A1), hereinafter Tunc and further in view of Overby et. al. (U.S Patent Application Publication No. 20190379683 A1), hereinafter Overby and further in view of Unagami et. al. (U.S Patent Application Publication No. 20110246783 A1), hereinafter Unagami and further in view of KIM YOUNG HONG (KR 101911429 B1), hereinafter Hong.
Regarding claim 1, Bieneman discloses A drilling system [¶19, Notably, the system 10 (e.g., a drilling system or a production system) facilitates accessing or extraction of a resource, such as oil or natural gas, from a well 12], comprising:  
a surface system [¶19, In one subsea drilling application, the surface equipment 14 includes a drilling rig above the surface of the water) comprising a control panel [¶20,, As will be appreciated, the surface equipment 14 can include a variety of devices and systems, such as pumps, power supplies, cable and hose reels, a rotary table, a top drive, control units, a gimbal, a spider, and the like, in addition to the drilling rig.)…[¶34, The main control unit module 38 further includes a control panel 80 that provides various switches, valves, and gauges, discussed in further detail below]; and 
an underwater system (Fig. 1A, Stack Equipment 18) comprising a pressure control equipment (Fig. 1A, Annular BOP 21) configured to be operatively coupled to the control panel [¶38, The functions on the control panel 80 are generally directed to the control and monitoring of the annular BOP (or pair of annular BOPs) of the stack equipment 18 of FIG. 1A. I].
Bieneman discloses a drilling system comprising a surface system having a control panel. Bieneman fails to disclose the control panel comprising at least one intrusion prevention enabled device.
However, Tunc teaches wherein the control panel comprises at least one intrusion prevention system (IPS) enabled device configured to provide for one or more IPS functions [¶42, For example, in some embodiments, the rig computing resource environment 105 (i.e. at least one IPS enabled device) may encrypt sensor data from different types of sensors and systems to produce a set of encrypted sensor data 146. Thus, the encrypted sensor data 146 may not be viewable by unauthorized user devices (either offsite or onsite user device) if such devices gain access to one or more networks of the drilling rig 102].  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Bieneman by incorporating the IPS enabled devices into the control panel as taught by Tunc. This will make the drilling system safe by preventing malicious activities. 
wherein the at least one IPS enabled device is configured to execute a secure operating system 
Overby further teaches wherein the at least one IPS enabled device [¶70, The IDPS 122 may include the security manager 232 and/or the communications manager 234.) is configured to execute a secure operating system [¶72, Like the communications manager 234, the security manager 232 may be implemented as a VM executing a secure, embedded system-specific operating system], and [¶74, the security manager 232 may include one or more instances of the threat detector 130, the threat manager 132, the packet analyzer 134, the cryptography engine 136, the notifier 138, the mode selector 140, the logger 1342, and the filter 144].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined teaching of Bieneman and Tunc in claim 1 by configuring the IPS enabled device to run a secure operating system as taught by Overby. Such modification makes the system secure since secure operating systems are focused on providing security, in contrast to general purpose operating systems.
configured to provide memory leak prevention, provide internet protocol (IP) address leak prevention, provide domain name server (DNS) leak prevention, or a combination thereof
 Bieneman and Tunc, and Overby do not explicitly disclose, however, Unagami discloses provide memory leak prevention [¶171, The protection control module 120 controls the operation of these functions and checks whether or not each of the applications has been analyzed by attackers. When an attack is detected, the protection control module 120 stops the operation of the application where the attack was detected and prevents confidential data leaks through such processes as clearing the memory areas used by the application, particularly the memory areas where the confidential data was recorded (i.e. filling such memory areas with zeroes].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Bieneman and Tunc, and Overby with the teaching of Unagami in order to implement a protection control module which distributes verification data among the detection modules disclosing only the information pertaining to the application decrypted by the protection control module. Thus, unnecessary disclosure of information to the detection modules (e.g. information pertaining to other applications) can be prevented [ ¶Unagami, ¶135].
Bieneman and Tunc, Overby, and Unagami do not explicitly disclose, however, Hong discloses provide internet protocol (IP) address leak prevention[Abstract, The present invention relates to an integrated network sharing system with a security function, capable of preventing an IP address of an actual network group with a private IP address from being exposed by responding to an attack pattern, measured traffic of a preset attach level or more, the download of malware, attack, or an access to unpermitted data from an internal network or an external network with a virtual network IP address], and  [DESCRIPTION-OF-EMBODIMENTS:  The present invention provides a method and system for accessing unauthorized data from an internal network or an external network, attacking or downloading malware, or measuring traffic in response to a virtual network IP address against an attack pattern, To an integrated network sharing system including a security function capable of preventing the exposure of an IP address of an actual network group having an address], and 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Bieneman and Tunc, Overby, and Unagami with the teaching of Hong in order to implement an integrated network sharing system with a security function, capable of preventing an IP address of an actual network group with a private IP address from being exposed by responding to an attack pattern, measured traffic of a preset attach level or more, the download of malware, attack, or an access to unpermitted data from an internal network or an external network with a virtual network IP address[ Hong, Abstract].
Regarding claim 2, Bieneman and Tunc, Overby, and Hong do not explicitly disclose however, Unagami discloses wherein the one or more IPS functions comprise applying a rule to specify which application is allowed to execute on the at least one IPS enabled device [¶171, The protection control module 120 controls the operation of these functions and checks whether or not each of the applications has been analyzed by attackers. When an attack is detected, the protection control module 120 stops the operation of the application where the attack was detected and prevents confidential data leaks through such processes as clearing the memory areas used by the application, particularly the memory areas where the confidential data was recorded (i.e. filling such memory areas with zeroes].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Bieneman and Tunc, Overby, and Hong with the teaching of Unagami in order to implement a protection control module which distributes verification data among the detection modules disclosing only the information pertaining to the application decrypted by the protection control module. Thus, unnecessary disclosure of information to the detection modules (e.g. information pertaining to other applications) can be prevented [ ¶Unagami, ¶135].
Regarding claim 4, Bieneman and Tunc, Unagami, and Hong Hong do not explicitly disclose, however, Overby discloses wherein the secure operating system (Note: the secure operating system is established in claim 3 as being the security manager 232. Overby further teaches the security manager 232 including a cryptography engine 136 ), [¶74, the security manager 232 may include one or more instances of the threat detector 130, the threat manager 132, the packet analyzer 134, the cryptography engine 136, the notifier 138, the mode selector 140, the logger 1342, and the filter 144]; and  is configured to provide at least one of  secure compartmentalization to isolate certain processes from each other, encrypted data storage and retrieval,  and encrypted data transmission [¶55, he threat detector 130 may determine whether traffic is encrypted when it is supposed to be. The threat detector 130 may ensure that a packet is encrypted using an authorized cryptographic policy], and [¶97-98, The logs(storage) may include statistics and scan results. All of the data may be encrypted by the cryptography engine 136 to prevent un-authorized access. The method 300, at block B320, includes encrypting the message if needed. For example, the thread may use the cryptography engine 136 to encrypt the network communication if the network communication is unencrypted (e.g., using a known key)]. 
Regarding claim 7, Bieneman  discloses wherein the control panel comprises a tool pusher control panel (TCP), a driller control panel (DCP), a supervisor control panel (SCP), a hydraulic pressure unit (HPU)/diverter control panel, a communications panel, or a combination thereof [¶38, The control panel 80 also includes hydraulic supply flowmeter gauges 94, for maintaining a view of the flow of hydraulic fluid to the annular BOPs, as well as a hydraulic return flowmeter gauge 95, for maintaining a view of the hydraulic fluid return line].  
Regarding claim 8, Bieneman discloses wherein the pressure control equipment comprise a blowout preventer (BOP) [¶21, an example of the BOP stack 18 is shown in greater detail in FIG. 2. The BOP stack 18 typically can include multiple types of sealing elements, with the various elements typically having different pressure ratings, and often performing their sealing function in different ways from one another].  
Regarding claim 10, Bieneman, Overby, Unagami, and Hong do not explicitly disclose, however, Tunc teaches, comprising a central security monitoring platform (FIG. 3B, system 300) communicatively coupled to the control panel and configured to receive human machine interface (HMI) data from the control panel [¶74, system 300 include a terminal or human-machine interface 324. The terminal 324 may allow for a user to view data acquired by the sensors of the various subsystems controlled by the rig control system 302. The terminal 324 may also allow for modifying certain operating parameters of the subsystems by interaction with the rig control system 302]; and  and to analyze the HMI data to derive a security breach [¶74, The HMI 324 may form part of the middle layer 301(1) in certain embodiments, such that commands received therefrom may be checked (i.e. analyze) for safety (i.e. security breach) and/or coordinated among one or more subsystems, e.g., using the control unit 320 and/or one or more of the supervisor controllers 314, 316, 318]. 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Bieneman, Overby, Unagami, and Hong using the HMI interface communicatively coupled to a central security monitoring platform as taught by Tunc. Such modifications allow for an interactive system wherein the rig operator can provide input to the system [Tunc, ¶74].
Regarding claim 11, Bieneman , Overby, and Unagami , and Hong do not explicitly disclose, however, Tunc teaches wherein the at least one IPS enabled device comprises a computing system, a firewall, a network switch, a programmable logic controller (PLC), an input/output system, or a combination thereof [¶43, In some embodiments, the encrypted sensor data 148 may be provided in real-time to offsite user devices 120 (i.e. output system) such that offsite personnel may view real-time status of the drilling rig 102 and provide feedback based on the real-time sensor data (i.e. input system)].
Regarding claim 16, Bieneman discloses A drilling system [¶19, Notably, the system 10 (e.g., a drilling system or a production system) facilitates accessing or extraction of a resource, such as oil or natural gas, from a well 12]; and, comprising: 
a control panel configured to control one or more drilling operations [¶38, The functions on the control panel 80 are generally directed to the control and monitoring of the annular BOP (or pair of annular BOPs) of the stack equipment 18 of FIG. 1A. I).); and 
a pressure control equipment (Fig. 1A, Annular BOP 21) configured to be operatively coupled to the control panel (Par. [0038], The functions on the control panel 80 are generally directed to the control and monitoring of the annular BOP (or pair of annular BOPs) of the stack equipment 18 of FIG. 1A. I).), 
Bieneman discloses a drilling system comprising a surface system having a control panel. Bieneman fails to disclose the control panel comprising at least one intrusion prevention enabled device.
However, Tunc teaches wherein the control panel comprises at least one intrusion prevention system (IPS) enabled device configured to provide for one or more IPS functions [¶42, For example, in some embodiments, the rig computing resource environment 105 (i.e. at least one IPS enabled device) may encrypt sensor data from different types of sensors and systems to produce a set of encrypted sensor data 146. Thus, the encrypted sensor data 146 may not be viewable by unauthorized user devices (either offsite or onsite user device) if such devices gain access to one or more networks of the drilling rig 102].  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Bieneman by incorporating the IPS enabled devices into the control panel as taught by Tunc. This will make the drilling system safe by preventing malicious activities.
wherein the at least one IPS enabled device is configured to execute a secure operating system 
Bieneman , and Tunc do not explicitly disclose however, Overby discloses wherein the at least one IPS enabled device [¶70, The IDPS 122 may include the security manager 232 and/or the communications manager 234.) is configured to execute a secure operating system [¶72, Like the communications manager 234, the security manager 232 may be implemented as a VM executing a secure, embedded system-specific operating system], and [¶74, the security manager 232 may include one or more instances of the threat detector 130, the threat manager 132, the packet analyzer 134, the cryptography engine 136, the notifier 138, the mode selector 140, the logger 1342, and the filter 144].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined teaching of Bieneman and Tunc in claim 1 by configuring the IPS enabled device to run a secure operating system as taught by Overby. Such modification makes the system secure since secure operating systems are focused on providing security, in contrast to general purpose operating systems.
configured to provide memory leak prevention, provide internet protocol (IP) address leak prevention, provide domain name server (DNS) leak prevention, or a combination thereof
 Bieneman and Tunc, and Overby do not explicitly disclose, however, Unagami discloses provide memory leak prevention [¶171, The protection control module 120 controls the operation of these functions and checks whether or not each of the applications has been analyzed by attackers. When an attack is detected, the protection control module 120 stops the operation of the application where the attack was detected and prevents confidential data leaks through such processes as clearing the memory areas used by the application, particularly the memory areas where the confidential data was recorded (i.e. filling such memory areas with zeroes].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Bieneman and Tunc, and Overby with the teaching of Unagami in order to implement a protection control module which distributes verification data among the detection modules disclosing only the information pertaining to the application decrypted by the protection control module. Thus, unnecessary disclosure of information to the detection modules (e.g. information pertaining to other applications) can be prevented [ ¶Unagami, ¶135].
Bieneman and Tunc, Overby, and Unagami do not explicitly disclose, however, Hong discloses provide internet protocol (IP) address leak prevention[Abstract, The present invention relates to an integrated network sharing system with a security function, capable of preventing an IP address of an actual network group with a private IP address from being exposed by responding to an attack pattern, measured traffic of a preset attach level or more, the download of malware, attack, or an access to unpermitted data from an internal network or an external network with a virtual network IP address], and  [DESCRIPTION-OF-EMBODIMENTS: The present invention provides a method and system for accessing unauthorized data from an internal network or an external network, attacking or downloading malware, or measuring traffic in response to a virtual network IP address against an attack pattern, To an integrated network sharing system including a security function capable of preventing the exposure of an IP address of an actual network group having an address], and 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Bieneman and Tunc, Overby, and Unagami with the teaching of Hong in order to implement an integrated network sharing system with a security function, capable of preventing an IP address of an actual network group with a private IP address from being exposed by responding to an attack pattern, measured traffic of a preset attach level or more, the download of malware, attack, or an access to unpermitted data from an internal network or an external network with a virtual network IP address[ Hong, Abstract].
Regarding claim 17, Bieneman, Tunc, Overby , and Hong do not explicitly disclose, however, Unagami discloses wherein the one or more IPS functions comprise applying a rule to specify which application is allowed to execute on the Page 19 of 21IS19.1111-US-NP cyber secure device wherein the one or more IPS functions comprise applying a rule to specify which application is allowed to execute on the at least one IPS enabled device [¶171, The protection control module 120 controls the operation of these functions and checks whether or not each of the applications has been analyzed by attackers. When an attack is detected, the protection control module 120 stops the operation of the application where the attack was detected and prevents confidential data leaks through such processes as clearing the memory areas used by the application, particularly the memory areas where the confidential data was recorded (i.e. filling such memory areas with zeroes].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of, Bieneman and Tunc, Overby, and Hong with the teaching of Unagami in order to implement a protection control module which distributes verification data among the detection modules disclosing only the information pertaining to the application decrypted by the protection control module. Thus, unnecessary disclosure of information to the detection modules (e.g. information pertaining to other applications) can be prevented [ ¶Unagami, ¶135].
System claim 18 is similar to system claims 4. Therefore, system claim 18 is rejected for the same reason of obviousness as claims 4 above.

Claims 5, 6, 19 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Bieneman et. al.  (U.S Patent Application Publication No. 20180038187 A1), hereinafter Bieneman and in view of Tunc et. al. (U.S Patent Application Publication No. 20160290119 A1), hereinafter Tunc and further in view of Overby et. al. (U.S Patent Application Publication No. 20190379683 A1), hereinafter Overby and further in view of Unagami et. al. (U.S Patent Application Publication No. 20110246783 A1), hereinafter Unagami and further in view of KIM YOUNG HONG (KR 101911429 B1), hereinafter Hong and further in view of Miller (U.S Patent Application Publication No. 20180173182 A1).
Regarding claim 5, Bieneman, Tunc, Overby, Unagami, and Hong do not explicitly disclose, however, Miller teaches wherein the at least one IPS enabled device comprises a control panel device that has been upgraded in situ into the at least one IPS enabled device [¶71, FIG. 4 is a flow diagram of a process of operating an update/upgrade agent to provide update/upgrade instructions for a control system in an uninterrupted manner (i.e. in situ) and to provide in-situ validation of the update/upgrade instructions executing).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined teaching of Bieneman and Tunc, Overby, Unagami, and Hong in claim 1 by enabling in situ upgrade of the IPS enabled device.  Such modification allows for an uninterrupted upgrade of control systems without the need to take the system offline (Miller ¶71].
Regarding claim 6, Bieneman, Tunc, Overby, Unagami, and Hong do not explicitly disclose, however, Miller discloses wherein the control panel device has been upgraded by upgrading an operating system of the control panel device, by adding an application whitelist that lists applications that are allowed to execute in the control panel device, or by a combination thereof [¶72 , Referring still to FIG. 4, the update/upgrade agent 100 is shown transmitting (412) the second instructions 116 (with update/upgraded firmware, operating system, and/or control application code) to the real-time embedded control system 102 to be executed by the second set of processor cores 110.).  
System claim 19 is similar to system claim 5. Therefore, system claim 19 is rejected for the same reason of obviousness as claims 5 above.
System claim 20 is similar to system claims 6. Therefore, system claim 20 is rejected for the same reason of obviousness as claims 6 above.

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Bieneman et. al.  (U.S Patent Application Publication No. 20180038187 A1), hereinafter Bieneman and in view of Tunc et. al. (U.S Patent Application Publication No. 20160290119 A1), hereinafter Tunc and further in view of Overby et. al. (U.S Patent Application Publication No. 20190379683 A1), hereinafter Overby and further in view of Unagami et. al. (U.S Patent Application Publication No. 20110246783 A1), hereinafter Unagami and further in view of KIM YOUNG HONG (KR 101911429 B1), hereinafter Hong and further in view of Klass et. al. (U.S Patent Application Publication No. 20120176251 A1), hereinafter Klass.
Regarding claim 9, Bieneman, Tunc, Overby, Unagami, and Hong do not explicitly disclose, however, Klass further teaches comprising an event logger (Fig.1, data logger 10) configured to provide for at least one of the one or more IPS functions [¶140, The data logger can backup data to a backup file for safety and security.) and to log a drilling event [¶140, At end of shift or end of hole, data logged in the data logger (drilling and shift related data including consumables) can be transferred to a memory device).  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of claim 1 using the event logger taught by Klass, doing so will enable secure and progressive recording or drilling events, and provide an upgrade to the traditional manual recording of drilling data (Klass, ¶20]).

Claims 12-14 are rejected under 35 U.S.C. 103 as being unpatentable over over Martinez et. al. (U.S Patent Application Publication No. 20140137257 A1), hereinafter Martinez and in view of Bieneman et. al.  (U.S Patent Application Publication No. 20180038187 A1), hereinafter Bieneman and in view of Tunc et. al. (U.S Patent Application Publication No. 20160290119 A1), hereinafter Tunc and further in view of Overby et. al. (U.S Patent Application Publication No. 20190379683 A1), hereinafter Overby and further in view of Unagami et. al. (U.S Patent Application Publication No. 20110246783 A1), hereinafter Unagami and further in view of KIM YOUNG HONG (KR 101911429 B1), hereinafter Hong.
Regarding claim 12, Martinez discloses A method of security enhancing a drilling system (Par. [0008], The present invention provides semi-automated, quantitative processes for conducting cyber security risk assessments to identify and prioritize critical assets), the method comprising: 
deriving one or more threat agents (Fig. 1, step 2 (block 104));
deriving a vulnerability (Fig. 1, step 3 (block 106));
deriving an adverse impact of the vulnerability (Fig. 1, block 110);
deriving an organizational risk based on an adverse impact of vulnerability (Fig. 1, step 4 (block 108));
provide for one or more IPS functions based on the adverse impact of the vulnerability, based on the organizational risk, or a combination thereof (Par. [0135], With respect to identifying and evaluating strategies, treatments, or security countermeasures in order reduce or eliminate risk in block 1010, strategies, treatments, or countermeasures that could mitigate or eliminate the identified risks are provided. Risks can be managed by one of four distinct methods: Risk acceptance, Risk avoidance, Risk control, Risk transfer [14].).  
Martinez discloses the steps of deriving an organization risk based on threat assessment and disposing a risk control action. Martinez discloses in Par. [0008], that the methods can be used for cyber security assessment in a number of industrial applications, but fails to explicitly disclose the drilling system elements claimed.
Martinez does not explicitly disclose however, Bieneman discloses a control panel included in a drilling system [¶20, As will be appreciated, the surface equipment 14 can include a variety of devices and systems, such as pumps, power supplies, cable and hose reels, a rotary table, a top drive, control units, a gimbal, a spider, and the like, in addition to the drilling rig.)…[¶34, The main control unit module 38 further includes a control panel 80 that provides various switches, valves, and gauges, discussed in further detail below.) wherein the control panel is configured to be operatively coupled to a pressure control equipment (Par. [0038], The functions on the control panel 80 are generally directed to the control and monitoring of the annular BOP (or pair of annular BOPs) of the stack equipment 18 of FIG. 1A. I);
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Martinez using the control panel included in a drilling system as taught by Bieneman. Such modification will allow to utilize the steps disclosed by Martinez into a real world cyber critical application such as a drilling system.
The combination of Martinez and Bieneman teaches the steps of risk assessment and control in a drilling system. Martinez in the combination taches a risk control as one of the actions to be taken based on the level of risk. The combination fails to explicitly teach disposing an IPS enabled device as part of the risk control.
However, Tunc teaches at least one intrusion prevention system (IPS) enabled device in the control panel, wherein the at least one IPS enabled device is Page 18 of 21IS19.1111-US-NP configured to provide for one or more IPS functions  (Par. [0042], For example, in some embodiments, the rig computing resource environment 105 ( i.e. at least one IPS enabled device) may encrypt sensor data from different types of sensors and systems to produce a set of encrypted sensor data 146. Thus, the encrypted sensor data 146 may not be viewable by unauthorized user devices (either offsite or onsite user device) if such devices gain access to one or more networks of the drilling rig 102.).  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Martinez and Bieneman by incorporating the IPS enabled devices into the control panel as taught by Tunc. This will make the drilling system safe by preventing malicious activities.
wherein the at least one IPS enabled device is configured to execute a secure operating system 
Martinez and Bieneman ,and Tunc do not explicitly disclose, however, Overby discloses wherein the at least one IPS enabled device [¶70, The IDPS 122 may include the security manager 232 and/or the communications manager 234[; and  is configured to execute a secure operating system [¶72, Like the communications manager 234, the security manager 232 may be implemented as a VM executing a secure, embedded system-specific operating system], and [¶74, the security manager 232 may include one or more instances of the threat detector 130, the threat manager 132, the packet analyzer 134, the cryptography engine 136, the notifier 138, the mode selector 140, the logger 1342, and the filter 144].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined teaching of Martinez, Bieneman, and Tunc in claim 1 by configuring the IPS enabled device to run a secure operating system as taught by Overby. Such modification makes the system secure since secure operating systems are focused on providing security, in contrast to general purpose operating systems.
configured to provide memory leak prevention, provide internet protocol (IP) address leak prevention, provide domain name server (DNS) leak prevention, or a combination thereof
Martinez, Bieneman and Tunc, and Overby do not explicitly disclose, however, Unagami discloses provide memory leak prevention [¶171, The protection control module 120 controls the operation of these functions and checks whether or not each of the applications has been analyzed by attackers. When an attack is detected, the protection control module 120 stops the operation of the application where the attack was detected and prevents confidential data leaks through such processes as clearing the memory areas used by the application, particularly the memory areas where the confidential data was recorded (i.e. filling such memory areas with zeroes].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Martinez, Bieneman and Tunc, and Overby with the teaching of Unagami in order to implement a protection control module which distributes verification data among the detection modules disclosing only the information pertaining to the application decrypted by the protection control module. Thus, unnecessary disclosure of information to the detection modules (e.g. information pertaining to other applications) can be prevented [ ¶Unagami, ¶135].
Martinez, Bieneman and Tunc, Overby, and Unagami do not explicitly disclose, however, Hong discloses provide internet protocol (IP) address leak prevention[Abstract, The present invention relates to an integrated network sharing system with a security function, capable of preventing an IP address of an actual network group with a private IP address from being exposed by responding to an attack pattern, measured traffic of a preset attach level or more, the download of malware, attack, or an access to unpermitted data from an internal network or an external network with a virtual network IP address], and  [DESCRIPTION-OF-EMBODIMENTS: The present invention provides a method and system for accessing unauthorized data from an internal network or an external network, attacking or downloading malware, or measuring traffic in response to a virtual network IP address against an attack pattern, To an integrated network sharing system including a security function capable of preventing the exposure of an IP address of an actual network group having an address], and 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Bieneman and Tunc, Overby, and Unagami with the teaching of Hong in order to implement an integrated network sharing system with a security function, capable of preventing an IP address of an actual network group with a private IP address from being exposed by responding to an attack pattern, measured traffic of a preset attach level or more, the download of malware, attack, or an access to unpermitted data from an internal network or an external network with a virtual network IP address[ Hong, Abstract].
Regarding claim 13, Martinez, Bieneman and Tunc, Overby, and Hong do not explicitly disclose however, Unagami discloses wherein the one or more IPS functions comprise applying a rule to specify which application is allowed to execute on the at least one IPS enabled device [¶171, The protection control module 120 controls the operation of these functions and checks whether or not each of the applications has been analyzed by attackers. When an attack is detected, the protection control module 120 stops the operation of the application where the attack was detected and prevents confidential data leaks through such processes as clearing the memory areas used by the application, particularly the memory areas where the confidential data was recorded (i.e. filling such memory areas with zeroes].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Martinez, Bieneman and Tunc, and Overby with the teaching of Unagami in order to implement a protection control module which distributes verification data among the detection modules disclosing only the information pertaining to the application decrypted by the protection control module. Thus, unnecessary disclosure of information to the detection modules (e.g. information pertaining to other applications) can be prevented [ ¶Unagami, ¶135].

Regarding claim 14, Martinez, Bieneman and Tunc, Unagami, and Hong Hong do not explicitly disclose, however, Overby discloses wherein the secure operating system (Note: the secure operating system is established in claim 3 as being the security manager 232. Overby further teaches the security manager 232 including a cryptography engine 136 [¶74, the security manager 232 may include one or more instances of the threat detector 130, the threat manager 132, the packet analyzer 134, the cryptography engine 136, the notifier 138, the mode selector 140, the logger 1342, and the filter 144] ; and  is configured to provide at least one of  secure compartmentalization to isolate certain processes from each other, encrypted data storage and retrieval,  and encrypted data transmission [¶55, he threat detector 130 may determine whether traffic is encrypted when it is supposed to be. The threat detector 130 may ensure that a packet is encrypted using an authorized cryptographic policy], and [¶¶97-98, The logs may include statistics and scan results. All of the data may be encrypted by the cryptography engine 136 to prevent un-authorized access. The method 300, at block B320, includes encrypting the message if needed. For example, the thread may use the cryptography engine 136 to encrypt the network communication if the network communication is unencrypted (e.g., using a known key)]. 

Claims 15 is rejected under 35 U.S.C. 103 as being unpatentable over Martinez et. al. (U.S Patent Application Publication No. 20140137257 A1), hereinafter Martinez and in view of Bieneman et. al.  (U.S Patent Application Publication No. 20180038187 A1), hereinafter Bieneman and in view of Tunc et. al. (U.S Patent Application Publication No. 20160290119 A1), hereinafter Tunc and further in view of Overby et. al. (U.S Patent Application Publication No. 20190379683 A1), hereinafter Overby and further in view of Unagami et. al. (U.S Patent Application Publication No. 20110246783 A1), hereinafter Unagami and further in view of KIM YOUNG HONG (KR 101911429 B1), hereinafter Hong and further in view of Miller (U.S Patent Application Publication No. 20180173182 A1).
Regarding claim 15, Martinez, Bieneman and Tunc, Overby, Unagami, and Hong do not explicitly disclose, however, Miller discloses wherein disposing the at least one or more IPS enabled device comprises upgrading an existing control panel device in situ by upgrading an operating system of the control panel device, by adding an application whitelist that lists applications that are allowed to execute in the control panel device, or by a combination thereof[¶71, FIG. 4 is a flow diagram of a process of operating an update/upgrade agent to provide update/upgrade instructions for a control system in an uninterrupted manner (i.e. in situ) and to provide in-situ validation of the update/upgrade instructions executing], and  [¶72 , Referring still to FIG. 4, the update/upgrade agent 100 is shown transmitting (412) the second instructions 116 (with update/upgraded firmware, operating system, and/or control application code) to the real-time embedded control system 102 to be executed by the second set of processor cores 110].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined teaching of Martinez, Bieneman and Tunc, Overby, Unagami, and Hong in claim 12 by enabling in situ upgrade of the IPS enabled device.  Such modification allows for an uninterrupted upgrade of control systems without the need to take the system offline [Miller ¶71].
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Rojas (US2020/0277847) [ SYSTEM AND METHOD FOR AUTOMATED DRILLING NETWORK, drilling system, vulnerability map, blowout preventer, pressure control device].
 KR 20170079880 A [ In the secure communication method according to the embodiments of the present invention, the system on chip and the mobile system performing the security communication method, an IP layer and a Media Access Control layer (MAC) layer among the TCP / IP communication protocol layer are executed by the security operating system 440 (TEE), and performing a verification operation (e.g., IP address and port number identification, security DNS service provisioning, etc.) in the security environment TEE, thereby preventing a pharming attack and improving security performance ].
WO 2017018377 A1 the predetermined time Δ means the shortest time until the OS of the Web server 1 reuses the same PID for different processes. Normally, the Web server 1 operates in a mode called “Preform” to prevent a memory leak. In the Preform mode, a process is assigned to each HTTP request, and a plurality of HTTP requests are not processed simultaneously by one process. Therefore, each HTTP request can be identified by the PID within the predetermined time Δ.

Chen (US20190230120) [ Abstract, A computer network endpoint is secured to prevent information leak or other compromise by instantiating in memory first, second and third security zones. With respect to an authorized user, the first zone is readable and writable, the second zone is read-only, and the third zone is neither readable nor writable. System information (e.g., applications, libraries, policies, etc.) are deployed into the first zone from the second zone. When sensitive data is generated in the first zone, e.g., when a secure communication session is established using a cryptographic key, the sensitive data is transferred from the first zone to the third zone, wherein it is immune from information leak or other compromise. The sensitive information is transferable from the third zone to one or more external having a need to know that information. Because information does not pass directly from the first security zone to the external systems, the endpoint is secured against information leak or other attack.
Williams (US2017/0142138) [ [0082] As explained with respect to FIG. 3, when the instrumented application 230 executes, sensors installed in the application 230 generate events 315 whenever an instrumented method is invoked. Once generated, events 315 are passed to the tracking module 240, which stores the received events in database 605 (and/or a local memory data store) for further analysis using the correlation module 604. In some implementations, database 605 is a weak reference database that tracks objects in memory only until they are garbage-collected. Using a weak reference scheme ensures that data is not tracked for longer than necessary to complete its work, which conserves system resources and prevents memory leaks].
GUNDERSEN (U.S Patent Application Publication No. 20210115776 A1) teaches a control system for a drilling system providing IPS functions such as encrypted data storage.
Karr (U.S Patent Application Publication No. 20080208475 A1) teaches a method of facilitating collaboration between users at an oil site and securing the information. 
Natal (U.S Patent No. US 20210119993 A1) teaches a method of provisioning and sharing a segmentation tag key used to authenticate devices to a segmented virtual network and add new members.

Applicants are encouraged to take advantage of the After Final Consideration Pilot 2.0 (AFCP 2.0) which authorizes non-production time for consideration of responses filed after a final rejection. The purpose of the pilot is to compact prosecution of the case. The request must include 1) A signed AFCP request form (PTO/SB/434 or equivalent) that includes a statement that applicant is requesting consideration under the AFCP; 2) An amendment to at least one independent claim that does not broaden the scope of the independent claim in any aspect; and 3) A statement that applicant is willing and available to participate in any interview initiated by the examiner concerning the present response.  In the limited amount of non-production time if the examiner’s consideration of a proper AFCP 2.0 request and response does not result in a determination that all pending claims are in condition for allowance, the examiner will request an interview with the applicant to discuss the response. For more info, please visit http://www.uspto.gov/patent/initiatives/after-final-consideration-pilot-20
                                                                                                                                                                                                        
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207. The examiner can normally be reached Monday-Friday, 8:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHAHRIAR ZARRINEH/Examiner, Art Unit 2496