DETAILED ACTION
This communication is in respond to application filed on September 16, 2020 and Applicant’s response to Restriction Requirement filed on November 11, 2022. Applicant elected claims 1-31 without traverse. Claims 32-88 have been withdrawn from consideration. 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 03/24/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Specification
Applicant is reminded of the proper language and format for an abstract of the disclosure.
The abstract should be in narrative form and generally limited to a single paragraph on a separate sheet within the range of 50 to 150 words in length. The abstract should describe the disclosure sufficiently to assist readers in deciding whether there is a need for consulting the full patent text for details.
The language should be clear and concise and should not repeat information given in the title. It should avoid using phrases which can be implied, such as, “The disclosure concerns,” “The disclosure defined by this invention,” “The disclosure describes,” etc.  In addition, the form and legal phraseology often used in patent claims, such as “means” and “said,” should be avoided.
The abstract of the disclosure is objected to because the content is over 150 words.  Correction is required.  See MPEP § 608.01(b).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-4, 8-12, 17, 19-20, and 23-31 are rejected under 35 U.S.C. 103 as being unpatentable over US PG-PUB No. 2018/0241719 A1 to Koniki et al. (hereinafter Koniki) in view of US PG-PUB No. 2018/0176186 A1 to Chao et al. (hereinafter Chao).
As per claim 1, Koniki disclosed a computer-implemented method of providing security in a process plant (Koniki, par 0008, using field device firewall for cyber protecting field devices), the method executed by one or more processors contained in a device associated with the process plant (Koniki, Fig. 2, FIREWALL 200) and programmed to perform the method, the method comprising: 
storing a whitelist of commands for a process control communication protocol (Koniki, par 0019, “The field device firewall has a stored list of known device types (e.g., device manufacturer id, device type id), and types of requests and commands.”, also par 0023, “A memory 200g shown as a device information store in FIG. 2 is responsible for storing appropriate device related information needed for validating against the whitelist configuration/rules.”); 
receiving a message at the device via a communication interface, wherein the message conforms to the process control communication protocol, extracting a command from the message, checking the extracted command against the stored whitelist of commands for the process control communication protocol (Koniki, par 0022-0023, “The control system 250 can be seen to be configured so that all field device communications on the communications network (serial, IP, cloud-based) always must pass through the field device firewall 200. The field device firewall 200 is shown comprising modules including a communications module (e.g., serial, or TCP/IP) 200a responsible for various types of network communications. A whitelist configuration/rules module 200b implements whitelisting, which as described above means accepting only known device types, requests or commands, and rejecting anything else. A deep packet analyzer module 200c employs a deep packet inspection (DPI) mechanism to check every field device communication sent for possible violation of configured rules.”, and par 0020, “Step 102 comprises after decoding the packet comparing the information in a received packet to the stored list.”), and 
allowing the message when the extracted command is contained in the whitelist of the commands for the process control communication protocol (Koniki, par 0020, “Step 103 comprises allowing transmission of the received packet to the field device if the comparing determines the information is on the stored list.”) and 
not allowing the message when the extracted command is not contained in the whitelist of commands for the process control communication protocol (Koniki, par 0020, “Step 104 comprises blocking transmission of the received packet to the field device if the comparing determines the information is not on the stored list.”);
Koniki does not explicitly disclose storing and comparing the “type” of command; however, in an analogous art in secure network communications, Chao disclosed implementing firewall filtering policy that determines whether to allow data packets to pass through based extracted information including command type (Chao, par 0029-0030, “Whitelisting policies includes a list or register that identifies data traffic that should be allowed to pass to its intended recipient. For example, the whitelisting policies identify data packets that should be allowed based on a source and/or destination computing node, IP address, command type, protocol type, etc.”); it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the system of Koniki to incorporate the whitelisting policy based on information including command type and protocol type as disclosed by Chao, such implementation would provide ability to establish filtering rule for a particular range or category of packets as disclosed by Chao (Chao, par 0020) .

As per claim 2, Koniki-Chao disclosed the method of claim 1, wherein receiving the message includes receiving the message at a process controller associated with a process control system within the process plant, wherein the process controller is communicatively coupled to one or more process control field devices and performs control functions with respect to the process plant (Koniki, par 0008, “The field device firewall includes a processor that runs a cyber-protection algorithm, and a memory storing a list of device types, requests and commands. The field device firewall is adapted for use in a communications network of a control system between a field network communication interface coupled to a field device and a process controller.”).

As per claim 3, Koniki-Chao disclosed the method of claim 2, wherein allowing the message comprises enabling the process controller to forward the message to one or more of the process control field devices over a communication link (Koniki, par 0019-0020, “FIG. 1 is flow chart that shows steps in an example method 100 of cyber protecting a field device in a process control system including a process controller for controlling the field device which utilizes a communications network with a process communication protocol, according to an example embodiment. Step 101 positioning a field device firewall in the communications network between a field network communication interface and the process controller....allowing transmission of the received packet to the field device if the comparing determines the information is on the stored list”).

As per claim 4, Koniki-Chao disclosed the method of claim 2, wherein allowing the message comprises enabling one or more logic modules within the process controller to process the message (Koniki, par 0020, “Step 103 comprises allowing transmission of the received packet to the field device if the comparing determines the information is on the stored list.”, process of the message is implicitly disclosed).

As per claim 8, Koniki-Chao disclosed the method of claim 1, wherein not allowing the message comprises not forwarding the message over a communication network to another device to which the message is addressed (Koniki, par 0020, “Step 104 comprises blocking transmission of the received packet to the field device if the comparing determines the information is not on the stored list.”).

As per claim 9, Koniki-Chao disclosed the method of claim 1; Koniki does not explicitly disclose not allowing the message comprises sending a notification over a communication network that the message was not allowed; however, Chao disclosed the concept of sending authorized user notification in response to violation of whitelisting policy (Chao, par 0034-0035, “the policy generation module 116 may generate a whitelisting policy that includes each of the identified commands transmitted between the devices....The alert module 118 executes a remedial action in response to a violation of a policy. Example remedial actions include blocking network traffic, transmitting an alert message to a user for user intervention, as well as a proposing a modification to the whitelisting policy. A proposed modification to the whitelisting policy may be generated by the policy generation module 116 based on the violating data traffic. The user may include an administrator or other authorized user associated with the network security system 102. To transmit the alert message to the user, the alert module 118 transmits the alert message to a client device (e.g., computer, laptop, smartphone, etc.) of the user. For example, the alert module 118 transmits the alert message as a push notification, email, etc.”); it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the system of Koniki to incorporate the alert module implementation as disclosed by Chao, in order to prove authorized user means to take remedial action as suggested by Chao (Chao, par 0035).

As per claim 10, Koniki-Chao disclosed the method of claim 9, wherein sending the notification includes notifying one or more of a plant operator, a maintenance personnel, and a configuration engineer that the message was not allowed (Chao, par 0035, notification sent to authorized user; the reasons of obviousness have been noted in the rejection of claim 9 above and applicable herein).

As per claim 11, Koniki-Chao disclosed the method of claim 1, wherein the process control communication protocol is a highway addressable remote transmitter (HART) communication protocol (Koniki, par 0028, “HART is used in this Example. The disclosed field device firewall acts as a shield between device management software (generally at a work station) and HART communication nodes, such as between multiplexers that provide the communication interface and the device management software.”), wherein receiving the message at the device via a communication interface includes receiving a HART protocol message at the communication interface, wherein storing the whitelist of command types includes storing a whitelist of command types associated with the HART communication protocol (Koniki, par 0028, “The field device firewall works on principles similar to a security products analogous to application whitelisting software that recognizes only configured device types. Anything else is rejected. The field device firewall checks every HART command request packet sent on the network to either allow it to pass-through or reject the packet.”), and wherein checking the extracted command type against the whitelist of command types includes checking the extracted command type against the whitelist of HART communication protocol command types (Koniki, par 0029, “The field device firewall also validates the HART command in the request packet against the command details and against the whitelist/configuration rules. The firewall forwards the HART command request as-is if the command is a read command, and rejects the HART command request if it is not a read command.”).

As per claim 12, Koniki-Chao disclosed the method of claim 11, wherein the whitelist of HART communication protocol command types includes one or more of device specific read commands and common practice read commands (Koniki, par 0029, “The field device firewall also validates the HART command in the request packet against the command details and against the whitelist/configuration rules. The firewall forwards the HART command request as-is if the command is a read command, and rejects the HART command request if it is not a read command.”).

As per claim 17, Koniki-Chao disclosed the method of claim 1, wherein receiving the message includes receiving the message at a gateway device associated with a process control system, storing the whitelist of command types for a process control communication protocol includes storing the whitelist of command types for the process control communication protocol in the gateway device, and wherein allowing the message when the extracted command type is contained in the whitelist of the command types for the process control communication protocol includes allowing the gateway device to process and act on the message and wherein not allowing the message when the extracted command type is not contained in the whitelist of command types for the process control communication protocol includes not allowing the gateway device to process and act on the message (Koniki, par 0022-0023, “The control system 250 can be seen to be configured so that all field device communications on the communications network (serial, IP, cloud-based) always must pass through the field device firewall 200. The field device firewall 200 is shown comprising modules including a communications module (e.g., serial, or TCP/IP) 200a responsible for various types of network communications. A whitelist configuration/rules module 200b implements whitelisting, which as described above means accepting only known device types, requests or commands, and rejecting anything else. A deep packet analyzer module 200c employs a deep packet inspection (DPI) mechanism to check every field device communication sent for possible violation of configured rules.”, and par 0020, “Step 102 comprises after decoding the packet comparing the information in a received packet to the stored list.”, and par 0020, “Step 102 comprises after decoding the packet comparing the information in a received packet to the stored list. Step 103 comprises allowing transmission of the received packet to the field device if the comparing determines the information is on the stored list. Step 104 comprises blocking transmission of the received packet to the field device if the comparing determines the information is not on the stored list.”, and par 0024, filed device firewall implemented as “part of an edge gateway node 315 serving as a device security module in the control system 350”).

Claims 19-20 recite substantially the same limitations as claims 1-2, respectively, in the form of a process control device implementing the corresponding method, therefore, they are rejected under the same rationale.

As per claim 23, Koniki-Chao disclosed the process control device of claim 19, wherein the process control device is a gateway device coupled between two process control communication networks in the process plant (Koniki, par 0024, filed device firewall implemented as “part of an edge gateway node 315 serving as a device security module in the control system 350”).

As per claim 24, Koniki-Chao disclosed the process control device of claim 19, wherein the whitelisting routine allows the message by forwarding the message to one or more other devices to which the message is addressed via a communication network (Koniki, par 0019-0020, “FIG. 1 is flow chart that shows steps in an example method 100 of cyber protecting a field device in a process control system including a process controller for controlling the field device which utilizes a communications network with a process communication protocol, according to an example embodiment. Step 101 positioning a field device firewall in the communications network between a field network communication interface and the process controller....allowing transmission of the received packet to the field device if the comparing determines the information is on the stored list”) and does not allow the message by not forwarding the message to one or more other devices to which the message is addressed via any communication network (Koniki, par 0020, “Step 104 comprises blocking transmission of the received packet to the field device if the comparing determines the information is not on the stored list.”).

As per claim 25, Koniki-Chao disclosed the process control device of claim 19, further including one or more logic modules stored in the memory and wherein the whitelist routine allows the message by enabling the one or more logic modules to execute on the processor to process the message (Koniki, par 0020, “Step 103 comprises allowing transmission of the received packet to the field device if the comparing determines the information is on the stored list.”, process of the message is implicitly disclosed) and does not allow the message by not allowing the one or more logic modules to execute on the processor to process the message (Koniki, par 0020, “Step 104 comprises blocking transmission of the received packet to the field device if the comparing determines the information is not on the stored list.”).

Claims 26-31 recite substantially the same limitations as claims 9-14, respectively, in the form of a process control device implementing the corresponding method, therefore, they are rejected under the same rationale.

Claims 5-7 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Koniki in view of Chao as applied to claim 1 above, and further in view of US PG-PUB No. 2004/0148513 A1 to Scott et al. (hereinafter Scott).
As per claim 5, Koniki-Chao disclosed the method of claim 1; Koniki does not explicitly disclose receiving the message includes receiving the message at a safety logic solver associated with a process control system in the process plant, wherein the safety logic solver is communicatively coupled to one or more safety field devices and performs safety control functions with respect to the process plant; however, in an analogous art in process plant security, Scott disclosed integrated safety system and process control system (Scott, Abstract), and further receiving the message includes receiving the message at a safety logic solver associated with a process control system in the process plant, wherein the safety logic solver is communicatively coupled to one or more safety field devices and performs safety control functions with respect to the process plant (Scott, par 0042, “...the applications 80, 82 and 85 may send separate configuration, diagnostic and other signals to and may receive data from each of the process controllers 24 and 26 as well as from each of the safety system logic solvers 50-56. These signals may include process-level messages related to controlling the operational parameters of the process control-related field devices 40 and 42, may include safety-level messages related to controlling the operational parameters of the safety-related field devices 60 and 62 and may include device level messages related to the particulars of devices, both process control system devices and safety system devices.”); it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the system of Koniki to incorporate the integrated safety system with control system in process plant as disclosed by Scott, such implementation “enables the safety system and the process control system to use common communication, configuration, diagnostic and display hardware and software within the process plant while still providing fictional isolation between the safety system controllers and the process control system controllers” as suggested by Scott (Scott, par 0014).

As per claim 6, Koniki-Chao-Scott disclosed the method of claim 5, wherein allowing the message comprises enabling the safety logic solver to forward the message to one or more of the safety field devices over a communication link (Koniki, par 0020, “Step 103 comprises allowing transmission of the received packet to the field device if the comparing determines the information is on the stored list.”, and Scott, par 0042, “...the applications 80, 82 and 85 may send separate configuration, diagnostic and other signals to and may receive data from each of the process controllers 24 and 26 as well as from each of the safety system logic solvers 50-56. These signals may include process-level messages related to controlling the operational parameters of the process control-related field devices 40 and 42, may include safety-level messages related to controlling the operational parameters of the safety-related field devices 60 and 62 and may include device level messages related to the particulars of devices, both process control system devices and safety system devices.”).

As per claim 7, Koniki-Chao-Scott disclosed the method of claim 5, wherein allowing the message comprises enabling one or more logic modules within the safety logic solver to process the message (Koniki, par 0020, “Step 103 comprises allowing transmission of the received packet to the field device if the comparing determines the information is on the stored list.”; and Scott, par 0042, “...the applications 80, 82 and 85 may send separate configuration, diagnostic and other signals to and may receive data from each of the process controllers 24 and 26 as well as from each of the safety system logic solvers 50-56. These signals may include process-level messages related to controlling the operational parameters of the process control-related field devices 40 and 42, may include safety-level messages related to controlling the operational parameters of the safety-related field devices 60 and 62 and may include device level messages related to the particulars of devices, both process control system devices and safety system devices.”).

As per claim 21, Koniki-Chao-Scott disclosed the process control device of claim 19, wherein process control device is a safety logic solver that is communicatively coupled to one or more safety related process control field devices and performs safety related control functions with respect to a process plant (Scott, par 0042, “...the applications 80, 82 and 85 may send separate configuration, diagnostic and other signals to and may receive data from each of the process controllers 24 and 26 as well as from each of the safety system logic solvers 50-56. These signals may include process-level messages related to controlling the operational parameters of the process control-related field devices 40 and 42, may include safety-level messages related to controlling the operational parameters of the safety-related field devices 60 and 62 and may include device level messages related to the particulars of devices, both process control system devices and safety system devices.”; the reasons of obviousness have been noted in the rejection of claim 5 above and applicable herein).

Claims 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over Koniki in view of Chao as applied to claim 1 above, and further in view of US PG-PUB No. 2014/0208107 A1 to Kelly et al. (hereinafter Kelly).
As per claim 13, Koniki-Chao disclosed the method of claim 1; Koniki does not explicitly disclose  storing a plurality of whitelists of command types for the process control communication protocol, and wherein checking the extracted command type against a whitelist of command types for the process control communication protocol includes selecting one of the stored whitelists of command types for the process control communication protocol as the whitelist of command types for use in comparing the extracted command type; however, in an analogous art in system security based on whitelist, Kelly disclosed the concept of generating and storing a plurality of whitelists based on different security levels (Kelly, par 0043, “In one embodiment, the encrypted white-list 240 may be partitioned. In one embodiment, the encrypted white-list 240 has at least two partitions. For example, a first partition of the encrypted white-list 240 may have executable programs 260 with a minimal level of security requirement ....A second partition of the encrypted white-list 240 may have executable programs 260 with a higher-level of security.... In a multiple partitioned white-list, each partition may reference the type of application control device 300 used to encrypt the partition”); it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the system of Koniki to incorporate the concept of partitioned whitelists as disclosed by Kelly, in order to process request with different security levels as suggested by Kelly (Kelly, par 0043).

As per claim 14, Koniki-Chao-Kelly disclosed the method of claim 13, wherein selecting one of the stored whitelists includes selecting the one of the stored whitelists based on a security level associated with the device associated with the process plant (Kelly, par 0043, whitelist partitioned based on level of security; the reasons of obviousness have been noted in the rejection of claim 13 above and applicable herein).

Claim(s) 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Koniki in view of Chao and Kelly as applied to claim 14 above, and further in view of US PG-PUB No. 2014/0137190 A1 to Carey et al. (hereinafter Carey).
As per claim 15, Koniki-Chao-Kelly disclosed the method of claim 14; Koniki-Chao-Kelly does not explicitly disclose determining the security level associated with the device associated with the process plant by determining a hardware security setting of the device associated with the process plant; however, in an analogous art in computing system security, Carey disclosed determining security level of a computing device based on collected information of the device including hardware configuration and/or software configuration (Carey, par 0035, 0046-0047, “security tool can be operable to collect information on the target computing device. The information collected can include information related to a software configuration, a hardware configuration, or both a software and a hardware configuration of the target computing device. The information can then be used to determine the security level, which can indicate whether the target computing device may be susceptible attacks and how severe these vulnerabilities are.”); it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the system of Koniki to further incorporate the determining a security level based on information including hardware configuration and software configuration as disclosed by Carey, in order to accurately identify the vulnerability of the computing device as suggested by Carey (Carey, par 0046) .

As per claim 16, Koniki-Chao-Kelly-Carey disclosed the method of claim 14, further including determining the security level associated with the device associated with the process plant by determining a software stored security setting of the device associated with the process plant (Carey, par 0035, 0046-0047, determining security level based on hardware configuration and/or software configuration; the reasons of obviousness have been noted in the rejection of claim 15 above and applicable herein).

Claims 18 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Koniki in view of Chao as applied to claim 1 above, and further in view of US PG-PUB No. 2012/0078896 A1 to Nixon et al. (hereinafter Nixon).
As per claim 18, Nixon disclosed the method of claim 1; Nixon does not explicitly disclose receiving the message includes receiving the message at an input/output device coupled between a process controller device and one or more field devices associated with a process control system within the process plant, wherein storing the whitelist of command types for a process control communication protocol includes storing the whitelist of command types for the process control communication protocol in the input/output device, and wherein allowing the message when the extracted command type is contained in the whitelist of the command types for the process control communication protocol includes forwarding the message to another device to which the message is addressed and wherein not allowing the message when the extracted command type is not contained in the whitelist of command types for the process control communication protocol includes not forwarding the message to another device to which the message is addressed; however, in an analogous art in process control system, Nixon disclosed a process control system with field devices that include input/output devices (Nixon, par 0027, “The process control subsystem 114 may include any number of field devices (e.g., input and/or output devices). The field devices may include any type of process control component that is capable of receiving inputs, generating outputs, and/or controlling a process. For example, the field devices may include input devices such as, for example, valves, pumps, fans, heaters, coolers, and/or mixers to control a process. Additionally, the field devices may include output devices such as, for example, thermometers, pressure gauges, concentration gauges, fluid level meters, flow meters, and/or vapor sensors to measure portions of a process. The input devices may receive instructions from the controller 116 to execute a specified command and cause a change to the process.”); it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to expand the whitelisting implementation of Koniki to the process control system with field devices including input/output devices disclosed by Nixon, to provide the same type of security management to the system of Nixon.

As per claim 22, Koniki-Chao-Nixon disclosed the process control device of claim 19, wherein process control device is an input/output device communicatively coupled between a process controller and a field device within a process plant (Nixon, par 0027, process control system implementing input/output devices; the reasons of obviousness have been noted in the rejection of claim 18 above and applicable herein).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Toepke et al. (US PG-PUB No. 2018/0027071 A1) disclosed a method and system implementing a process control messaging service.
Spiegel (US PG-PUB No. 2018/0352436 A1) disclosed a method and system for secure communication with a field measuring device of process technology.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Linglan Edwards whose telephone number is (571)270-5440. The examiner can normally be reached 9:00am - 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok B Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/LINGLAN EDWARDS/Primary Examiner, Art Unit 2491