SYSTEMS AND METHODS FOR AUTOMATICALLY DEPLOYING SECURITY UPDATES IN AN OPERATIONS TECHNOLOGY NETWORK

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant's arguments filed November 19, 2025 have been fully considered but they are not persuasive. On pages 2-3 of the remarks, the Applicant stated that “Applicant respectfully traverses this interpretation”. Applicant states that it “disagrees with the Examiner’s determination that ‘industrial control system’ invokes 35 U.S.C. § 112(f)”, and that submits that the interpretation is now moot. However, Applicant provided only conclusory assertions, without supporting explanation or analysis particularly pointing out why the amendment avoids interpretation under 112(f). As in MPEP 2181, instead of using "means" in such cases, a substitute term acts as a generic placeholder for the term "means" and would not be recognized by one of ordinary skill in the art as being sufficiently definite structure for performing the claimed function. "The standard is whether the words of the claim are understood by persons of ordinary skill in the art to have a sufficiently definite meaning as the name for structure." Williamson, 792 F.3d at 1349, 115 USPQ2d at 1111; see also Greenberg v. Ethicon Endo-Surgery, Inc., 91 F.3d 1580, 1583, 39 USPQ2d 1783, 1786 (Fed. Cir. 1996). In this case, “an industrial control system” still invokes 112(f), would not be recognized by one of ordinary skill in the art as being sufficiently definite structure for performing the claimed functions. In response to the Office action that finds that 35 U.S.C. 112(f) is invoked, if applicant does not want to have the claim limitation interpreted under 35 U.S.C. 112(f), applicant may: (1) present a sufficient showing to establish that the claim limitation recites sufficient structure to perform the claimed function so as to avoid interpretation under 35 U.S.C. 112(f); or (2) amend the claim limitation in a way that avoids interpretation under 35 U.S.C. 112(f) (e.g., by reciting sufficient structure to perform the claimed function). On pages 3-5 of the remarks, Applicant states that claims 1, 2, and 21 were rejected under 35 U.S.C. 103 as allegedly unpatentable over Smith, II et al. (US Patent No. 10210333), hereinafter Smith, in view of Matthew et al. (US PGPub No. 20140282480), hereinafter Matthew. Applicant states, in page 5 of the remarks, that neither Smith or Matthew teach, or otherwise suggest the limitation of "wherein the component is configured to determine a time period for implementation of the security update, based on operation data associated with the component after receiving the indication that the security update is available" as recited in independent claim 1. Examiner states that the reference of Matthew states, in paragraph [0071], that an update is identified as a critical update, installed automatically in 24 hours after the notification is displayed on a device. Metadata of the update included in a list of system software installed corresponds to operation data associated with the component, is recited in paragraph [0005] of Matthew as well. As a result, the reference of Matthew teaches the amended limitations, with Smith in view of Matthew teaching the limitations present in claim 1. As a result, Examiner maintains the grounds of rejections made in the previous Office Action. In pages 6-8 of the remarks, Applicant states that claims 6 and 14 were rejected under Smith, Matthew, Baillargeon (US PGPub No. 20230072358), and Singh (US PGPub No. 20200313925), and states that neither of the references teach or suggest the limitation of "wherein the OT component is configured to determine a time period for implementation of the security update, based on operation data associated with the OT component" as recited in amended independent claims 6 and 14. Examiner states that the reference of Matthew states, in paragraph [0071], that an update is identified as a critical update, installed automatically in 24 hours after the notification is displayed on a device. Metadata of the update included in a list of system software installed corresponds to operation data associated with the component, is recited in paragraph [0005] of Matthew as well. As a result, the reference of Matthew teaches the amended limitations, with Smith in view of Matthew, Baillargeon, and Singh teaching the limitations present in claim 6. As a result, Examiner maintains the grounds of rejections made in the previous Office Action. Claim Interpretation The following is a quotation of 35 U.S.C. 112(f): (f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph: An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked. As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph: (A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; (B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and (C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: ‘an industrial control system’ in claim 6. Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-2, and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Smith, II et al. (US 10,210,333 B2), hereafter Smith in view of Matthew et al. (US 20140282480 A1), hereafter Matthew. Regarding claim 1, Smith discloses “an industrial control system, comprising: an edge device associated with a plurality of components of an industrial automation system, wherein the edge device comprises one or more processors and a memory comprising instructions, that when executed by the one or more processors, cause the one or more processors to perform operations comprising” (Smith Fig. 1 Hardware Security Module 110, Processor 120, Encrypted Storage 130, Component 140, [Smith Col. 1, ll. 20-21] “more, the industrial controller may execute instructions (e.g., firmware and/or applications)”, [Smith Col. 1, ll. 21-22] “that may generally enable the industrial controller to control the operation of the industrial control system”): “receiving, from a network external to the industrial automation system, a security update for a component of the plurality of components of the industrial automation system” ([Smith Col. 11, ll. 47-53] “FIG . 9 illustrates network security services 900 according to some embodiments. A number of elements 910 may be associated with a network 950 including… a security manager… etc.”, [Smith Col. 5, ll. 35-51] “According to some embodiments, the industrial control system is a distributed industrial control system… security updates for the industrial control system might be deployed using package code signing tools that include signature information integrated with runtime signature verification mechanisms with appropriate public keys and correspond to private signing keys. In addition, security policies may be implemented to facilitate confidentiality, integrity, and availability of the industrial control system. In some cases, a security architecture may treat related information that shares a security policy as a uniform security domain.”); “wherein the operations comprise cryptographically signing the security update before transmitting… that the security update is available for implementation to the component”. ([Smith col. 13, ll. 10-46] “To facilitate security in an ICS component, it may be helpful to rapidly identify and update security vulnerabilities in the ICS platform software stack”; “Due to the large number of software packages available, security issues are identified on a daily basis with updates pushed to fix these vulnerabilities; “Assuming that the software updates are deemed stable and that security vulnerabilities warrant field deployment, then the newly packaged and signed software will be prepared for distribution and deployment on the fielded ICS devices and components.”, “In order to deploy the software updates on the target ICS platforms, the package code signing tools may include the signature information and integrate with the run - time signature verification mechanisms with appropriate public keys that correspond to the private signing keys.”) While Smith teach deployment (i.e. transmit the security update available to the component for implementation), and while Smith’s updates pushes are a form of implementation that a security update is available for implementation, Smith does not expressly disclose, transmitting an indication that the security update is available for implementation to the component, receiving a request for the security update from the component; wherein the component is configured to install the security update during the time period for implementation after receiving the security update. However in an analogous art, Matthew teaches: “transmitting an indication that a security update is available for implementation on a component, wherein the component is configured to determine a time period for implementation of the security update, based on operation data associated with the component, after receiving the indication that the security update is available” ([Matthew, 0097] “The user interface includes three different sections (or islands) 1115-1125 to display different types of available updates. Display section 1115 displays the security updates. As shown, there is currently one security update available.” [Matthew, 0071] “In this example, the update is identified as a critical update, which will be installed automatically in 24 hours after the notification is displayed on the device.” [Matthew, 0071] When an update is identified as a critical update, it will be installed automatically in 24 hours after the notification is displayed on the device, based on metadata for the updates for the device, where operation data, that being the metadata of the update included in a list of system software installed in [Matthew, 0005] is associated with the component.); “receiving a request for the security update from the component” ([Matthew, 0054] “process sends (at 330) a request to the update server for the critical security software updates that the client device has determined to be applicable”); “and transmitting the security update to the component for implementation, wherein the component is configured to install the security update during the time period for implementation after receiving the security update” ([Matthew 0055] “The process then receives (at 335) and stores the requested updates...”, [Matthew, 0071] “…the update is identified as a critical update, which will be installed automatically in 24 hours after the notification is displayed on the device.”). Smith and Matthew are in similar fields of endeavor related to the technology of security updates over distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the control system of Smith to implement notification system and request updates and apply them within a pre-determined time period as in Matthew. Such an addition uses known methods (enforcing a time limit) to produce a well-known result (ensuring that an update is applied within a time limit in particular the availability of applicable updates for critical security updates). Regarding claim 2, Smith in view of Matthew teach the industrial control system of claim 1. Smith also discloses “wherein the edge device comprises one or more computing nodes that are part of the container orchestration system” ([Smith Col. 3, ll. 48-51] “The industrial control system 150 function may be performed by a constellation of networked apparatuses, in a distributed processing or cloud-based architecture.”, [Smith Col 10, ll. 25-35] “…embodiments may use lightweight container (e.g., Docker and LXD) mechanisms to isolate, manage and enhance the portability of applications and services that run on top of the underlying OS. These container technologies may simplify and enhance development, portability, maintainability and security of applications on the OS.”). Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Smith in view of Matthew in further view of Mallur et al. (US 20130139183 A1), hereafter Mallur. Regarding claim 3, Smith in view of Matthew teach the industrial control system of claim 1. Smith and Matthew disclose the industrial control system of claim 1. Smith and Matthew do not expressly disclose the following taught in a similar art by Mallur: wherein the security update targets a first subset of operating code associated with the component but not a second subset of operating code associated with the component ([Mallur, 0134] “To address some of the problems mentioned above, notably the inability to update particular components (drivers and/or applications, including security patches and feature updates) on client devices without deploying a disk-image to each client device, several approaches are proposed. These approaches include managing of device drivers on client devices, e.g. for devices having a WES 7 thin client runtime image, adding deployment configuration file-based deployment support of third-party device drivers and applications (including security patches and feature updates) on client devices, and providing automatic updates of thin client components/applications.” [Mallur, 0135] “FIG. 10 illustrates an example of a process for automatically deploying a driver on a client device using a deployment configuration file. The process shown in FIG. 10 can be performed by an update agent module 812 of a client device, and in particular by a deployment module 816 and/or a driver deployment module 818 of the client device. The deployment configuration file includes deployment entries, and at least one deployment entry includes information for deployment of a driver on the client device. The process of FIG. 10 is generally performed in multiple client devices, as the process is repeated on each client device that a driver should be deployed onto. For example, the process may be repeated on each client device having a hardware platform associated with a driver identified in the deployment configuration file.”). Smith, Matthew, and Mallur are in similar fields of endeavor related to the technology of processing software updates on distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the control system of Smith to do a security patch instead of reimaging the entire system as is indicated in Mallur. Such an addition uses known methods (security patching specific software) to produce a well-known result (deploying an update without having to reimage the entire target system.). Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Smith in view of Matthew in further view of Tateishi et al. US 20200183674 A1 hereafter Tateishi. Regarding claim 4, Smith in view of Matthew teach the industrial control system of claim 1. Smith and Matthew disclose the industrial control system of claim 1. Smith and Matthew do not disclose the following disclosed in a similar art by Tateishi: wherein the component performs one or more background operations independent of a process provided by the industrial automation system during the time period for implementation and the component does not perform one or more primary operations associated with the process provided by the industrial automation system during the time period for implementation. ([Tateishi, 0064] “In the on-board update system according to Embodiment 2, the gateway 10 is configured to make a backup of the pre-update program 22a, in case of a failure in the update process of each ECU 2. The update process may fail, for example, if the level of the battery 5 drops critically during the update process, if the update program is lost due to a communication error between the gateway 10 and the ECU 2 during the update process, or if the ECU 2 stops its operation during the update process.”) Smith, Matthew, and Tateishi are in similar fields of endeavor related to the technology of processing software updates. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the control system of Smith to stop primary processing as in Tateishi while keeping background tasks (like applying the patch.). Such an addition uses known methods (stopping a primary operation while updating) to produce a well-known result (keeping the system from misbehaving in case of failure of the update.). Claims 6-13 are rejected under 35 U.S.C. 103 as being unpatentable over Smith in view of Matthew in further view of Baillargeon (US 20230072358 A1), hereafter Baillargeon, in further view of Singh et al. (US 20200313925 A1), hereafter Singh. Regarding claim 6, Smith discloses “a system, comprising: a first computing node of a cluster of computing nodes that are part of a container orchestration system” ([Smith Col. 3, ll. 48-51] “The industrial control system 150 function may be performed by a constellation of networked apparatuses, in a distributed processing or cloud-based architecture.”, [Smith Col 10, ll. 25-35] “…embodiments may use lightweight container (e.g., Docker and LXD) mechanisms to isolate, manage and enhance the portability of applications and services that run on top of the underlying OS. These container technologies may simplify and enhance development, portability, maintainability and security of applications on the OS.”); “an industrial control system for controlling one or more operations of an operational technology (OT) component, wherein the industrial control system is communicatively coupled to the first computing node, and the industrial control system is communicatively coupled to the OT component” ([Smith fig. 1, col. 3, ll. 10-15] “The industrial control system 150 may, according to some embodiments, automatically access the encrypted storage 130 to execute a trusted Operating System (“OS”) to configure the components 140 for an industrial asset.”); Smith does not expressly teach: transmitting an indication that the security update is available for implementation to the OT component after determining that the security update is ready for implementation. However, in a similar art Matthew teaches: “transmitting an indication that the security update is available for implementation to the OT component after determining that the security update is ready for implementation, wherein the OT component is configured to determine a time period for implementation of the security update, based on operation data associated with the OT component, after receiving the indication that the security update is available” ([Matthew, 0097] “The user interface includes three different sections (or islands) 1115-1125 to display different types of available updates. Display section 1115 displays the security updates. As shown, there is currently one security update available.” [Matthew, 0071] When an update is identified as a critical update, it will be installed automatically in 24 hours after the notification is displayed on the device, based on metadata for the updates for the device, corresponding to the OT component determining a time period for implementation of a security update based on operation data, that being the metadata of the update included in a list of system software installed in [Matthew, 0005], associated with the component.). Smith and Matthew are in similar fields of endeavor related to the technology of security updates over distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the control system of Smith to implement notification system and request updates and apply them within a pre-determined time period as in Matthew. Such an addition uses known methods (enforcing a time limit) to produce a well-known result (ensuring that an update is applied within a time limit in particular the availability of applicable updates for critical security updates). Smith and Matthew do not expressly teach: a second computing node of the cluster of computing nodes, wherein the second computing node is configured to transmit a pod to the first computing node, wherein the pod is configured to cause the first computing node to perform operations: However, in a similar art Baillargeon teaches: “a second computing node of the cluster of computing nodes, wherein the second computing node is configured to transmit a pod to the first computing node, wherein the pod is configured to cause the first computing node to perform operations” ([Baillargeon, 0158] “At step S322, optionally, TRO 30 alerts tenant 22 that changes are available, such as changes obtained from the analytical phase, and requests confirmation to proceed with the available changes. At step S324, tenant 22a optionally communicates to the TRO 30 that tenant 22a approves the changes. At step S326, TRO 30 optionally transmits a request to pod 150a1 in cluster 60a to stop an application. At step S328, pod 150a1 optionally responds to TRO 30 that the application has been stopped. At step S330, TRO 30 transmits an update pod deployment to server 90a, e.g., an API server, and, at step S332, the server 90a responds confirming the updated pod deployment. At step S334, server 90a creates a new pod 150a3, and, at Step S336, deletes old pod 150a1.”), Smith, Matthew, and Baillargeon are in similar fields of endeavor related to the technology of security updates over distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the control system of Smith to deploy pods as in Baillargeon. Such an addition uses known methods (transmitting pods in containerized applications) to produce a well-known result (distribute functionality across distributed systems). Smith, Matthew, Baillargeon do not expressly teach: comprising: deploying a container as a digital representation of the OT component; testing a security update on the digital representation of the OT component; determining that the security update is ready for implementation in the OT component in response to testing the security update on the digital representation of the OT component; However, in a similar art Singh teaches: “comprising: deploying a container as a digital representation of the OT component” ([Singh, 0087] “In some embodiments, the digital twin 600 may provide a virtual testing environment that is a replica of the local BBMD device 608 (or a portion of the local BBMD device 608), so that upgrades and patches (e.g., operating system updates, security patches, and/or the like) can first be applied and tested on the digital twin 600 before being applied to the actual local BBMD device 608.”). “testing a security update on the digital representation of the OT component” ([Singh, 0087] “…upgrades and patches (e.g., operating system updates, security patches, and/or the like) can first be applied and tested on the digital twin 600 before being applied to the actual local BBMD device 608.”); “determining that the security update is ready for implementation in the OT component in response to testing the security update on the digital representation of the OT component” ([Singh, 0087] “Thus, potential effects of the upgrades or patches on one or more functionalities or features of the local BBMD device 608 can first be tested and monitored for stability on the digital twin 600, before going live on the local BBMD device 608. Accordingly, in various embodiments, undesired downtime of a BAS due to issues or potential issues with the BBMD devices may be reduced or prevented…”); Smith, Matthew, Baillargeon, and Singh are in similar fields of endeavor related to the technology of security updates over distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the pods disclosed in Baillargeon to use the duplicate representation for testing the newly updated software. Such an addition uses known methods (making a backup for testing) to produce a well-known result (making sure new updates do not break the configuration). Moreover, Smith invokes such a procedure when it allows to roll back a bad configuration. See Smith col. 13, ll. 49-51, “According to some embodiments, the deployment of package updates may be transactional such that an update either succeeds completely or if it fails - rolls back to the original state prior to attempting to apply the update.” The difference being that now we are expressly utilizing the distributed container pods of Baillargeon to push the updates. Regarding claim 7, Smith, Matthew, Baillargeon, and Singh teach the system of claim 6. In addition Singh teaches: “wherein testing the security update on the digital representation of the OT component comprises implementing the security update against the digital representation of the OT component” ([Singh, 0087] “…so that upgrades and patches (e.g., operating system updates, security patches, and/or the like) can first be applied and tested on the digital twin 600 before being applied to the actual local BBMD device 608.”). Smith, Matthew, Baillargeon, and Singh are in similar fields of endeavor related to the technology of security updates over distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the test the update of Smith in the manner of Singh by testing the update against the duplicated digital representation as in Singh. Such an addition uses known methods (making a backup for testing) to produce a well-known result (making sure new updates do not break the configuration). Moreover, Smith invokes such a procedure when it allows to roll back a bad configuration. See Smith col. 13, ll. 49-51, “According to some embodiments, the deployment of package updates may be transactional such that an update either succeeds completely or if it fails - rolls back to the original state prior to attempting to apply the update.” The difference being that now we are expressly utilizing the distributed container pods of Baillargeon to push the updates. Regarding claim 8, Smith, Matthew, Baillargeon, and Singh teach the system of claim 6. “wherein determining that the security update is ready for implementation in the OT component comprises determining that a set of data associated with the digital representation of the OT component after implementing the security update against the digital representation of the OT component satisfies one or more data threshold ranges for implementing the security update on the OT component” ([Singh, 0087] Updates and patches are first applied and tested on digital twin 600 before being applied to the actual local BBMD device 608. These include potential effects of upgrades/patches on one or more functionalities, and can be used to prevent undesired downtime due to issues or potential issues with the BBMD device, such as with RAM, as shown in Table 1 in [Singh, 0095] displaying received health data of the BBMD device, which includes determining that the RAM satisfies performance in the real BBMD device based on performance on the digital twin 600.) Smith, Matthew, Baillargeon, and Singh are in similar fields of endeavor related to the technology of security updates over distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to display the digital representation of Baillargeon in the manner of Singh. Such an addition uses known methods (determining that a set of data associated with the digital representation of the OT component satisfies one or more data threshold ranges) to produce a well-known result (determining that the security update is ready for implementation in the OT component). Regarding claim 9, Smith, Matthew, Baillargeon, and Singh teach the system of claim 6. In addition Singh teaches: “wherein the operations comprise transmitting the digital representation of the OT component to a display device for display” ([Singh, 0099] “In some embodiments, the configuration tool may display a list of the candidate digital twins so that the system administrator can select one or more of the candidate digital twins as the backup for the BBMD device.”). Smith, Matthew, Baillargeon, and Singh are in similar fields of endeavor related to the technology of security updates over distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to display the digital representation of Baillargeon in the manner of Singh. Such an addition uses known methods (sending output to a display) to produce a well-known result (allowing a user to view or interact with the digital representation). Regarding claim 10, Smith, Matthew, Baillargeon, and Singh teach the system of claim 6. In addition Matthew teaches: “wherein the operations comprise transmitting an indication that the security update is ready for implementation to a display device for display” ([Matthew, 0097] “The user interface includes three different sections (or islands) 1115-1125 to display different types of available updates. Display section 1115 displays the security updates. As shown, there is currently one security update available.”). The rationale to combine this limitation of Matthew is given above in claim 6. Regarding claim 11, Smith, Matthew, Baillargeon, and Singh teach the system of claim 6. In addition Singh teaches: “wherein the operations comprise: deploying a second container as a second digital representation of the OT component” ([Singh, 0086] “According to some embodiments, each of the BBMD devices 510 and 520 may have one or more digital twins (e.g. ,virtual devices ) assigned to it from among the pool of digital twins 508.” [Singh, 0087] “In some embodiments, the digital twin 600 may provide a virtual testing environment that is a replica of the local BBMD device 608 (or a portion of the local BBMD device 608), so that upgrades and patches (e.g., operating system updates, security patches, and/or the like) can first be applied and tested on the digital twin 600 before being applied to the actual local BBMD device 608.”); “testing a second security update on the second digital representation of the OT component” ([Singh 0087] “… upgrades and patches (e.g., operating system updates, security patches, and/or the like) can first be applied and tested on the digital twin 600 before being applied to the actual local BBMD device 608.”). Smith, Matthew, Baillargeon, and Singh are in similar fields of endeavor related to the technology of security updates over distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have a plurality of containers have a plurality of digital representations as in Singh. Such an addition uses known methods (adding the ability to duplicate every component with a digital representation) to produce a well-known result (being able to test a plurality of components). Regarding claim 12, Smith, Matthew, Baillargeon, and Singh teach the system of claim 6. In addition Singh teaches: “wherein the operations comprise: deploying a second container as a second digital representation of a second OT component” ([Singh 0086] “According to some embodiments, each of the BBMD devices 510 and 520 may have one or more digital twins (e.g. ,virtual devices ) assigned to it from among the pool of digital twins 508.” [Singh 0087] “In some embodiments, the digital twin 600 may provide a virtual testing environment that is a replica of the local BBMD device 608 (or a portion of the local BBMD device 608), so that upgrades and patches (e.g., operating system updates, security patches, and/or the like) can first be applied and tested on the digital twin 600 before being applied to the actual local BBMD device 608.”); and testing a second security update on the second digital representation of the second OT component ([Singh 0087] “… upgrades and patches (e.g., operating system updates, security patches, and/or the like) can first be applied and tested on the digital twin 600 before being applied to the actual local BBMD device 608.”). Smith, Matthew, Baillargeon, and Singh are in similar fields of endeavor related to the technology of security updates over distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have a plurality of containers have a plurality of digital representations as in Singh. Such an addition uses known methods (adding the ability to duplicate every component with a digital representation) to produce a well-known result (being able to test a plurality of components). Regarding claim 13, Smith, Matthew, Baillargeon, and Singh teach the system of claim 6. In addition Singh teaches: “wherein the operations comprise: receiving sensor data from one or more sensors associated with the OT component” ([Singh, 0070] “building subsystem integration layer 420 can receive sensor data and input signals from building subsystems 428 and provide output data and control signals to building subsystems 428.”); “updating the digital representation of the OT component based on the sensor data” (Singh 0036, “For example, in some embodiments, the digital twin can be periodically (or continually) updated based on RAM state and CPU status readings collected from the BBMD device.”). Smith, Matthew, Baillargeon, and Singh are in similar fields of endeavor related to the technology of security updates over distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the components of Smith with the sensor data collected from Singh. Such an addition uses known methods (adding data attributes to a digital representation) to produce a well-known result (making decisions on the component based on the sensor data). Claims 14-15 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Smith in view Matthew, further in view of Baillargeon and Singh. Regarding claim 14, Smith discloses “a method, comprising: receiving, via a first computing node (Smith Fig. 1, 150) of a cluster of computing nodes in a container orchestration system” ([Smith, Col. 3, ll. 48-51] “The industrial control system 150 function may be performed by a constellation of networked apparatuses, in a distributed processing or cloud-based architecture.”) “wherein the particular snapshot corresponds to a backup of the digital representation of the OT component before a change was implemented to the OT component of a plurality of OT components of an industrial component system” ([Smith col. 13, ll. 49-51] Fig. 1; “…the original state prior to attempting to apply the update.”), “wherein the OT component is configured to restore a historical state of the OT component based on the particular snapshot of the digital representation” ([Smith col. 13, ll. 49-51] “According to some embodiments, the deployment of package updates may be transactional such that an update either succeeds completely or if it fails - rolls back to the original state prior to attempting to apply the update.”). “receiving, from a network external to the industrial automation system, a security update for a component of the plurality of components of the industrial automation system” ([Smith Col . 11, ll. 47-53] “FIG . 9 illustrates network security services 900 according to some embodiments. A number of elements 910 may be associated with a network 950 including… a security manager… etc.” [Smith Col. 5, ll. 35-51] “According to some embodiments , the industrial control system is a distributed industrial control system … security updates for the industrial control system might be deployed using package code signing tools that include signature information integrated with runtime signature verification mechanisms with appropriate public keys and correspond to private signing keys. In addition, security policies may be implemented to facilitate confidentiality, integrity, and availability of the industrial control system. In some cases, a security architecture may treat related information that shares a security policy as a uniform security domain.”); cryptographically signing the security update before transmitting… that the security update is available for implementation to the component”. ([Smith col. 13, ll. 10-46] “To facilitate security in an ICS component, it may be helpful to rapidly identify and update security vulnerabilities in the ICS platform software stack”; “Due to the large number of software packages available, security issues are identified on a daily basis with updates pushed to fix these vulnerabilities; “Assuming that the software updates are deemed stable and that security vulnerabilities warrant field deployment, then the newly packaged and signed software will be prepared for distribution and deployment on the fielded ICS devices and components.”, “In order to deploy the software updates on the target ICS platforms, the package code signing tools may include the signature information and integrate with the run - time signature verification mechanisms with appropriate public keys that correspond to the private signing keys.”). While Smith teach deployment (i.e. transmit …that the security update available for implementation to the OT component), and while Smith’s updates pushes are a form of implementation that a security update is available for implementation, Smith does not expressly disclose, transmitting an indication that the security update is available for implementation to the component, wherein the component is configured to install the security update during the time period for implementation after receiving the security update. However, in an analogous art, Matthew teaches: transmitting an indication that a security update is available for implementation on a component, wherein the component is configured to determine a time period for implementation of the security update, based on operation data associated with the component, after receiving the indication that the security update is available ([Matthew, 0097] “The user interface includes three different sections (or islands) 1115-1125 to display different types of available updates. Display section 1115 displays the security updates. As shown, there is currently one security update available.” [Matthew, 0071] “In this example, the update is identified as a critical update, which will be installed automatically in 24 hours after the notification is displayed on the device.” [Matthew, 0071] When an update is identified as a critical update, it will be installed automatically in 24 hours after the notification is displayed on the device, based on metadata for the updates for the device, where operation data, that being the metadata of the update included in a list of system software installed in [Matthew, 0005], is associated with the component.); Smith and Matthew are in similar fields of endeavor related to the technology of security updates over distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the control system of Smith to implement notification system and request updates and apply them within a pre-determined time period as in Matthew. Such an addition uses known methods (enforcing a time limit) to produce a well-known result (ensuring that an update is applied within a time limit in particular the availability of applicable updates for critical security updates). Smith, in the above combination, does not expressly show: a pod from a second computing node in the cluster of computing nodes; However in a similar art Baillargeon teaches: a pod from a second computing node in the cluster of computing nodes; (Baillargeon 0158 “At step S322, optionally, TRO 30 alerts tenant 22 that changes are available, such as changes obtained from the analytical phase, and requests confirmation to proceed with the available changes. At step S324, tenant 22a optionally communicates to the TRO 30 that tenant 22a approves the changes. At step S326, TRO 30 optionally transmits a request to pod 150a1 in cluster 60a to stop an application. At step S328, pod 150a1 optionally responds to TRO 30 that the application has been stopped. At step S330, TRO 30 transmits an update pod deployment to server 90a, e.g., an API server, and, at step S332, the server 90a responds confirming the updated pod deployment. At step S334, server 90a creates a new pod 150a3, and, at Step S336, deletes old pod 150a1.”) Smith and Baillargeon are in similar fields of endeavor related to the technology of security updates over distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the container enabled control system of Smith to deploy pods as in Baillargeon. Such an addition uses known methods (transmitting pods in containerized applications) to produce a well-known result (distribute functionality across distributed systems). Smith and Baillargeon do not expressly disclose: deploying, via the first computing node, a container as a digital representation of an operational technology (OT) component; generating, via the first computing node, one or more snapshots of the digital representation of the OT component; receiving, via the first computing node, a request for a particular snapshot of the one or more snapshots of the digital representation of the OT component, wherein the particular snapshot corresponds to a backup of the digital representation of the OT component before a change was implemented to the OT component; and transmitting, via the first computing node to the OT component, the particular snapshot of the digital representation, wherein the OT component is configured to restore a historical state of the OT component based on the particular snapshot of the digital representation. However, in a similar art Singh teaches: deploying, via the first computing node, a container as a digital representation of an operational technology (OT) component; ( Singh 0087“In some embodiments, the digital twin 600 may provide a virtual testing environment that is a replica of the local BBMD device 608 (or a portion of the local BBMD device 608), so that upgrades and patches (e.g., operating system updates, security patches, and/or the like) can first be applied and tested on the digital twin 600 before being applied to the actual local BBMD device 608.”) generating, via the first computing node, one or more snapshots of the digital representation of the OT component ([Singh 0086] “According to some embodiments, each of the BBMD devices 510 and 520 may have one or more digital twins (e.g., virtual devices) assigned to it from among the pool of digital twins 508. [Singh 0087] “In some embodiments, the digital twin 600 may provide a virtual testing environment that is a replica of the local BBMD device 608 (or a portion of the local BBMD device 608), so that upgrades and patches (e.g., operating system updates, security patches, and/or the like) can first be applied and tested on the digital twin 600 before being applied to the actual local BBMD device 608.”); receiving, via the first computing node, a request for a particular snapshot of the one or more snapshots of the digital representation of the OT component, wherein the particular snapshot corresponds to a backup of the digital representation of the OT component before a change was implemented to the OT component ([Singh 0086] “In some embodiments, the assigned digital twin (s) are a backup or passive BBMD for a corresponding subnet 504 and 506. For example, in some embodiments, if the BBMD device (e.g., 510 or 520) for the subnet (e.g., 504 or 506) fails or malfunctions, the corresponding digital twin assumes an active role of the BBMD for that subnet.”); and transmitting, via the first computing node to the OT component, the particular snapshot of the digital representation, wherein the OT component is configured to restore a historical state of the OT component based on the particular snapshot of the digital representation. ([Singh, 0099] “the selection process for selecting the digital twin for the BBMD device may be performed (or executed) when the BBMD device is initialized or configured. In other embodiments, the selection process may be performed (or executed) in response to detecting a failure or potential failure of the BBMD device.”) Smith, Baillargeon, and Singh are in similar fields of endeavor related to the technology of security updates over distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the pods disclosed in Baillargeon to use the duplicate digital representation of multiple components for testing the newly updated software. Such an addition uses known methods (making a backup for testing) to produce a well-known result (making sure new updates do not break the configuration). Moreover, Smith invokes such a procedure when it allows to roll back a bad configuration. See Smith col. 13, ll. 49-51, “According to some embodiments, the deployment of package updates may be transactional such that an update either succeeds completely or if it fails - rolls back to the original state prior to attempting to apply the update.” The difference being that now we are expressly utilizing the distributed container pods of Baillargeon to push the updates. Regarding claim 15, Smith, Matthew, Baillargeon, and Singh teach the method of claim 14. In addition, Smith discloses: wherein the change comprises a security update to the OT component. ([Smith Col. 5, ll. 35-51] “According to some embodiments, the industrial control system is a distributed industrial control system… security updates for the industrial control system might be deployed using package code signing tools that include signature information integrated with runtime signature verification mechanisms with appropriate public keys and correspond to private signing keys. In addition, security policies may be implemented to facilitate confidentiality, integrity, and availability of the industrial control system. In some cases, a security architecture may treat related information that shares a security policy as a uniform security domain.”). Regarding claim 19, Smith, Matthew, Baillargeon, and Singh teach the method of claim 14. In addition, Singh discloses comprising: receiving, via the first computing node, sensor data from one or more sensors associated with the OT component ([Singh, 0070] “building subsystem integration layer 420 can receive sensor data and input signals from building subsystems 428 and provide output data and control signals to building subsystems 428.”); updating, via the first computing node, the digital representation of the OT component based on the sensor data ([Singh, 0036] “For example, in some embodiments, the digital twin can be periodically (or continually) updated based on RAM state and CPU status readings collected from the BBMD device.”), wherein the operations comprise: receiving sensor data from one or more sensors associated with the OT component ([Singh, 0070] “building subsystem integration layer 420 can receive sensor data and input signals from building subsystems 428 and provide output data and control signals to building subsystems 428.”); updating the digital representation of the OT component based on the sensor data. ([Singh, 0036] “For example, in some embodiments, the digital twin can be periodically (or continually) updated based on RAM state and CPU status readings collected from the BBMD device.”). Smith, Baillargeon, and Singh are in similar fields of endeavor related to the technology of security updates over distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the components of Smith with the sensor data collected from Singh. Such an addition uses known methods (adding data attributes to a digital representation) to produce a well-known result (making decisions on the component based on the sensor data). Regarding claim 20, Smith, Matthew, Baillargeon, and Singh teach the method of claim 14. In addition, Singh teaches: wherein the one or more snapshots of the digital representation of the OT component comprise respective configuration data associated with the OT component, operational data associated with the OT component, security data associated with the OT component, or a combination thereof. ([Singh 0093] “In some embodiments, memory 620 includes a message handler 625, a status checker 630, a fault detector 635, a BDT storage container 640 for storing BDT data, a FDT storage container 645 for storing FDT data (e.g., if applicable), a configuration data storage container 650 for storing configuration data (e.g., IP address of the local BBMD device 608), and a historical data storage container 655 for storing historical operational data associated with the local BBMD device 608 and/or the larger network (e.g., the BAS network 500).”). Smith, Matthew, Baillargeon, and Singh are in similar fields of endeavor related to the technology of security updates over distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the duplicate representation disclosed by Singh to contain configuration data as disclosed in Singh. Such an addition uses known methods (associating configuration data) to produce a well-known result (having digital twin access that configuration data when it is restored). Claims 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over Smith in view of Mathew, Baillargeon, Singh and in further view of Sillifant et al. (US 20230237068 A1), hereafter Sillifant and Strohmenger et al. (US 20210302923 A1), hereafter Strohmenger. Regarding claim 16, Smith, Matthew, Baillargeon, and Singh teach the method of claim 14. The references of Smith, Matthew, Baillargeon, and Singh do not expressly show: wherein the one or more snapshots of the digital representation comprises a plurality of snapshots of the digital representation, and wherein each snapshot of the plurality of snapshots is associated with a respective time period in which the snapshot was generated by the first computing node. However in a similar art Sillifant teaches: wherein the one or more snapshots of the digital representation comprises a plurality of snapshots of the digital representation, ([Sillifant 0323] In a related example, object A and object B may be snapshots of a dataset or volume X. In this example, source storage system 1101 may generate periodic snapshots (A, B, C, etc.) of volume X, such) Smith, Matthew, Baillargeon, Singh, and Sillifant are in similar fields of endeavor related to the technology of distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the digital representations in Singh to be duplicated to create various backup snapshots. Such an addition uses known methods (making backup snapshots) to produce a well-known result (being able to restore to a certain previous snapshot). Moreover, Smith invokes such a procedure when it allows to roll back a bad configuration. See Smith col. 13, ll. 49-51, “According to some embodiments, the deployment of package updates may be transactional such that an update either succeeds completely or if it fails - rolls back to the original state prior to attempting to apply the update.” Smith, Matthew, Baillargeon, and Singh do not expressly show: and wherein each snapshot of the plurality of snapshots is associated with a respective time period in which the snapshot was generated by the first computing node. However in a similar art Strohmenger teaches: and wherein each snapshot of the plurality of snapshots is associated with a respective time period in which the snapshot was generated by the first computing node. ([Strohmenger 0126] “In some embodiments, the cloud gateway component 808 of FIG. 8 or cloud gateway component 908 of FIG. 9 can tag the collected industrial data (e.g., 814 or 914) with contextual metadata prior to pushing the data as cloud data (e.g., 804 or 904) to the cloud platform. Such contextual metadata can include, for example, a time stamp, a location of the device at the time the data was generated, or other contextual information.”) Smith, Matthew, Baillargeon, Singh, Sillifant, and Strohmenger are in similar fields of endeavor related to the technology of distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the digital representations in Singh to be duplicated to create various backup snapshots and have them time stamped. Such an addition uses known methods (making backup snapshots with a time stamp) to produce a well-known result (being able to restore to a certain previous snapshot). Moreover, Smith invokes such a procedure when it allows to roll back a bad configuration. See Smith col. 13, ll. 49-51, “According to some embodiments, the deployment of package updates may be transactional such that an update either succeeds completely or if it fails - rolls back to the original state prior to attempting to apply the update.” Regarding claim 17, Smith, Matthew, Baillargeon, Singh, Sillifant and Strohmenger disclose the method of claim 14 and the OT component. In addition, Sillifant teaches: comprising generating a table ([Sillifant, 0161] “As an example of one type of application that may be supported by the storage systems describe herein, the storage system 306 may be useful in supporting artificial intelligence (‘AI’) applications, database applications,”) that associates the plurality of snapshots with the OT component based on the respective time periods associated with the plurality of snapshots. (“For example, the storage systems described above may be configured to examine each backup to avoid restoring the storage system to an undesirable state…” [Sillifant, 0158] … “In such an example, software resources 314 within the storage system may be configured to detect the presence of ransomware and may be further configured to restore the storage system to a point-in-time, using the retained backups,”). Smith, Matthew, Baillargeon, Singh, Sillifant, and Strohmenger are in similar fields of endeavor related to the technology of distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the digital representations in Singh to be stored in the database (i.e. “table”) of Sillifant. Such an addition uses known methods (using a database) to produce a well-known result (being able to query on data in the database such as a time stamp). Moreover, Smith invokes such a procedure when it allows to roll back a bad configuration. Regarding claim 18, Smith, Matthew, Baillargeon, Singh, Sillifant and Strohmenger disclose the method of claim 14 and the OT component. In addition Sillifant teaches: comprising identifying the particular snapshot of the digital representation to transmit to the OT component based on the table. ([Sillifant 0157] “In such an example, the storage system may restore itself from a backup that does not include the malware—or at least not restore the portions of a backup that contained the malware.”) Smith, Matthew, Baillargeon, Singh, Sillifant, and Strohmenger are in similar fields of endeavor related to the technology of distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the digital representations in Singh to be restorable from the database (i.e. “table”) of Sillifant. Such an addition uses known methods (using a database) to produce a well-known result (being able to query on data in the database such as a time stamp to ultimately transmit the queried data). Moreover, Smith invokes such a procedure when it allows to roll back a bad configuration. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Biernat et al. (US 11513877 B2, “Updating Operational Technology Devices Using Container Orchestration Systems”) Barraclough et al. (US 20080010381 A1, “Rule-based Caching For Packet-based Data Transfer”) Mehrotra et al. (US 20220100173 A1, “Non-transitory Computer-readable Medium For Implementing Common Data Pipeline, Consists Of Set Of Instructions For Rearranging Order Of Portions Of Data, And Causing Characterized And Rearranged Data To Be Sent To Electronic Device”) Visoky et al. (US 20230421615 A1, “SYSTEMS AND METHODS FOR AUTOMATICALLY DEPLOYING SECURITY UPDATES IN AN OPERATIONS TECHNOLOGY NETWORK”) Any inquiry concerning this communication or earlier communications from the examiner should be directed to TOMMY MARTINEZ whose telephone number is (703)756-5651. The examiner can normally be reached Monday thru Friday 8AM-5PM ET. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado can be reached at (571) 272-7624 on Monday thru Friday, 7AM-7PM ET. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /T.M./ Examiner, Art Unit 2496 /SHAHRIAR ZARRINEH/ Primary Examiner, Art Unit 2496