Prosecution Insights
Last updated: July 17, 2026
Application No. 17/852,017

SYSTEMS AND METHODS FOR AUTOMATICALLY DEPLOYING SECURITY UPDATES IN AN OPERATIONS TECHNOLOGY NETWORK

Final Rejection §103
Filed
Jun 28, 2022
Examiner
MARTINEZ, TOMMY NMN
Art Unit
2496
Tech Center
2400 — Computer Networks
Assignee
Rockwell Automation Technologies Inc.
OA Round
4 (Final)
14%
Grant Probability
At Risk
5-6
OA Rounds
0m
Est. Remaining
-6%
With Interview

Examiner Intelligence

Grants only 14% of cases
14%
Career Allowance Rate
1 granted / 7 resolved
-43.7% vs TC avg
Minimal -20% lift
Without
With
+-20.0%
Interview Lift
resolved cases with interview
Typical timeline
2y 4m
Avg Prosecution
24 currently pending
Career history
39
Total Applications
across all art units

Statute-Specific Performance

§103
97.8%
+57.8% vs TC avg
§102
1.4%
-38.6% vs TC avg
§112
0.7%
-39.3% vs TC avg
Black line = Tech Center average estimate • Based on career data from 7 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant's arguments filed April 8, 2026 have been fully considered but they are not persuasive. In page 1 of the remarks, Applicant states that the Office Action (“OA”) has previously interpreted claim 6 under 112(f), and the amendments filed adds structure for claim 6, such as “an industrial control system configured to conduct functions within an automated process and control” and “wherein the industrial control system comprises an edge device comprising one or more processors and a memory, wherein the industrial control system […]”, and while the preamble recites the purpose of the invention, the statement that the industrial control system comprises an edge device, and Applicant requests that the 112(f) claim interpretation be withdrawn. Examiner states that as structure is recited in claim 6 based on the claim limitations also recited in claim 1, the claim interpretation under 112(f) of claim 6 has been withdrawn. In page 2 of the remarks, Applicant stated that the references used to reject the claims in the previous OA dated January 12, 2026, Examiner previously rejected claims 1-2 under 35 U.S.C. 103 (“103 rejection”) over the following claims: claims 1-2 over Smith, II et al. (US 10210333), hereinafter “Smith”, in view of Matthew et al. (US 20140282480), hereinafter “Matthew”; claim 3 over Smith in view of Matthew, further in view of Mallur et al. (US 20130139183), hereinafter “Mallur”; claim 4 over Smith in view of Matthew, further in view of Tateishi et al. (US 20200183674), hereinafter “Tateishi”; claims 6-13 over Smith in view of Matthew and Baillargeon (US 20230072358), further in view of Singh et al. (US 20200313925), hereinafter “Singh”; claims 14-15, 19-20, over Smith in view of Matthew, Baillargeon, Singh, and Sillifant et al. (US 20230237068), hereinafter “Sillifant”, further in view of Stronhmenger et al. (US 20210302923), hereinafter “Stronhmenger”, and claim 4 has been previously cancelled, along with claim 5 and claim 21. Applicant states that a prima facie case of obviousness falls on the Examiner, Ex parte Wolters and Kuypers, 214 U.S.P.Q. 735 (B.P.A.I. 1979), but that all the elements existing in the prior art is not proved obvious by simply demonstrating that each of its elements was, independently, known in the prior art, and that reasons would need to be provided as to why the combination of elements would be known to a person of ordinary skill in the art. KSR International Co. V. Teleflex Inc., 127 S.Ct. 1727, 1741 (2007). As stated in page 3, Applicant has amended the independent claims 1, 6, and 14 to include recitations of the subject matter discussed in the interview on March 25, 2026, and that the amendments would overcome the outstanding rejections. Applicant requests that the 103 rejections for claims 1-3, and 6-20 be rendered moot. Examiner states that, although the interview states that the amendments would overcome the outstanding rejections, in the Interview Summary dated April 1, 2026, Examiner states that “further search and consideration will be required to determine if the rejections will be maintained”, and cites Fig. 15 of Matthew as a possible analogous art in light of the amendments, which describes that updates that are pending, require a restart of the device, or are delayed, are described by Matthew in paragraph [0137]. First, the amendment of “wherein the industrial automation system is configured to conduct functions within an automated process” as stated in Smith’s [Col. 1, ll. 9-16] industrial control system includes industrial controller that controls the operation of the system, such as manufacturing, power generation, and transmission systems, where the industrial controller is the component that controls the automatic functions of the industrial control system for the purposes of manufacturing and power generation, as stated. Industrial controller corresponds to an industrial automation system in [Col. 1, ll. 21-22] “that may generally enable the industrial controller to control the operation of the industrial control system”. Furthermore, the amendments of “wherein the component is configured to perform one or more primary operations that support or contribute to the automated process and one or more background operations that are independent of the automated process, wherein the component is configured to determine a time period for implementation of the security update when the one or more primary operations are not being performed” is described in [0071] When an update is identified as a critical update, it will be installed automatically in 24 hours after the notification is displayed on the device, and in paragraph [0070], an indication of an update determines if a restart of the device is required, with paragraph [0070] describing an indication of an update requiring a restart of the device, and scheduling of automatic installation is stated in paragraph [0071]. The device includes system software such as an operating system (OS) for user operation, described in paragraph [0030], Fig. 1, and Fig. 15 is a background process automatically installing security updates that runs independently of the OS. Paragraph [0134] states that the process 1500 of Fig. 15, block 1525 determines if the device is restarting, and if “Yes”, proceeds to block 1550, where installation of the security updates occurs while the user operation in the operating system is not running, with the update process happening in the background during a reboot of the user device. A person of ordinary skill in the art would recognize the need to combine the teachings of Smith in view of Matthew to allow for crucial security updates to be performed on reboot of a device to patch security flaws, especially flaws that require urgency to be patched, as described in Matthew [0004]. As a result, Examiner maintains the rejections of claims 1-3, and 6-20 based on their respective references utilized, as described above. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-2, and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Smith, II et al. (US 10,210,333 B2), hereafter Smith in view of Matthew et al. (US 20140282480 A1), hereafter Matthew. Regarding claim 1, Smith discloses “an industrial control system, comprising: an edge device associated with a plurality of components of an industrial automation system, wherein the industrial automation system is configured to conduct functions within an automated process, and wherein the edge device comprises one or more processors and a memory comprising instructions, that when executed by the one or more processors, cause the one or more processors to perform operations comprising” (Smith Fig. 1 Hardware Security Module 110, Processor 120, Encrypted Storage 130, Component 140, [Col. 1, ll. 9-16] industrial control system includes industrial controller that controls the operation of the system, such as manufacturing, power generation, and transmission systems. [Col. 1, ll. 20-21] “more, the industrial controller may execute instructions (e.g., firmware and/or applications)”, [Col. 1, ll. 21-22] “that may generally enable the industrial controller to control the operation of the industrial control system”): “receiving, from a network external to the industrial automation system, a security update for a component of the plurality of components of the industrial automation system” ([Smith Col. 11, ll. 47-53] “FIG . 9 illustrates network security services 900 according to some embodiments. A number of elements 910 may be associated with a network 950 including… a security manager… etc.”, [Smith Col. 5, ll. 35-51] “According to some embodiments, the industrial control system is a distributed industrial control system… security updates for the industrial control system might be deployed using package code signing tools that include signature information integrated with runtime signature verification mechanisms with appropriate public keys and correspond to private signing keys. In addition, security policies may be implemented to facilitate confidentiality, integrity, and availability of the industrial control system. In some cases, a security architecture may treat related information that shares a security policy as a uniform security domain.”); “wherein the operations comprise cryptographically signing the security update before transmitting… that the security update is available for implementation to the component”. ([Smith col. 13, ll. 10-46] “To facilitate security in an ICS component, it may be helpful to rapidly identify and update security vulnerabilities in the ICS platform software stack”; “Due to the large number of software packages available, security issues are identified on a daily basis with updates pushed to fix these vulnerabilities; “Assuming that the software updates are deemed stable and that security vulnerabilities warrant field deployment, then the newly packaged and signed software will be prepared for distribution and deployment on the fielded ICS devices and components.”, “In order to deploy the software updates on the target ICS platforms, the package code signing tools may include the signature information and integrate with the run - time signature verification mechanisms with appropriate public keys that correspond to the private signing keys.”) While Smith teach deployment (i.e. transmit the security update available to the component for implementation), and while Smith’s updates pushes are a form of implementation that a security update is available for implementation, Smith does not expressly disclose, transmitting an indication that a security update is available for implementation on a component, wherein the component is configured to perform one or more primary operations that support or contribute to the automated process and one or more background operations that are independent of the automated process, wherein the component is configured to determine a time period for implementation of the security update when the one or more primary operations are not being performed, based on operation data associated with the component, after receiving the indication that the security update is available, receiving a request for the security update from the component; wherein the component is configured to install the security update during the time period for implementation after receiving the security update. However in an analogous art, Matthew teaches: “transmitting an indication that a security update is available for implementation on a component, wherein the component is configured to perform one or more primary operations that support or contribute to the automated process and one or more background operations that are independent of the automated process, wherein the component is configured to determine a time period for implementation of the security update when the one or more primary operations are not being performed, based on operation data associated with the component, after receiving the indication that the security update is available” ([0097] “The user interface includes three different sections (or islands) 1115-1125 to display different types of available updates. Display section 1115 displays the security updates. As shown, there is currently one security update available.” [0071] When an update is identified as a critical update, it will be installed automatically in 24 hours after the notification is displayed on the device, and in paragraph [0070], an indication of an update determines if a restart of the device is required, based on metadata for the updates for the device, where operation data, that being the metadata of the update included in a list of system software installed in [0005] is associated with the component. Furthermore, paragraph [0070] describes an indication of an update requiring a restart of the device, and scheduling of automatic installation is stated in paragraph [0071]. The device includes system software such as an operating system (OS) for user operation, described in paragraph [0030], Fig. 1, and Fig. 15 is a background process automatically installing security updates that runs independently of the OS. Paragraph [0134] states that the process 1500 of Fig. 15, block 1525 determines if the device is restarting, and if “Yes”, proceeds to block 1550, where installation of the security updates occurs.); “receiving a request for the security update from the component” ([Matthew, 0054] “process sends (at 330) a request to the update server for the critical security software updates that the client device has determined to be applicable”); “and transmitting the security update to the component for implementation, wherein the component is configured to install the security update during the time period for implementation after receiving the security update” ([Matthew 0055] “The process then receives (at 335) and stores the requested updates...”, [Matthew, 0071] “…the update is identified as a critical update, which will be installed automatically in 24 hours after the notification is displayed on the device.”). Smith and Matthew are in similar fields of endeavor related to the technology of security updates over distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the control system of Smith to implement notification system and request updates and apply them within a pre-determined time period as in Matthew. Such an addition uses known methods (enforcing a time limit) to produce a well-known result (ensuring that an update is applied within a time limit in particular the availability of applicable updates for critical security updates), and allow for crucial security updates to be performed on reboot of a device to patch security flaws, especially flaws that require urgency to be patched, as described in Matthew [0004]. Regarding claim 2, Smith in view of Matthew teach the industrial control system of claim 1. Smith also discloses “wherein the edge device comprises one or more computing nodes that are part of the container orchestration system” ([Smith Col. 3, ll. 48-51] “The industrial control system 150 function may be performed by a constellation of networked apparatuses, in a distributed processing or cloud-based architecture.”, [Smith Col 10, ll. 25-35] “…embodiments may use lightweight container (e.g., Docker and LXD) mechanisms to isolate, manage and enhance the portability of applications and services that run on top of the underlying OS. These container technologies may simplify and enhance development, portability, maintainability and security of applications on the OS.”). Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Smith in view of Matthew in further view of Mallur et al. (US 20130139183 A1), hereafter Mallur. Regarding claim 3, Smith in view of Matthew teach the industrial control system of claim 1. Smith and Matthew disclose the industrial control system of claim 1. Smith and Matthew do not expressly disclose the following taught in a similar art by Mallur: wherein the security update targets a first subset of operating code associated with the component but not a second subset of operating code associated with the component ([Mallur, 0134] “To address some of the problems mentioned above, notably the inability to update particular components (drivers and/or applications, including security patches and feature updates) on client devices without deploying a disk-image to each client device, several approaches are proposed. These approaches include managing of device drivers on client devices, e.g. for devices having a WES 7 thin client runtime image, adding deployment configuration file-based deployment support of third-party device drivers and applications (including security patches and feature updates) on client devices, and providing automatic updates of thin client components/applications.” [Mallur, 0135] “FIG. 10 illustrates an example of a process for automatically deploying a driver on a client device using a deployment configuration file. The process shown in FIG. 10 can be performed by an update agent module 812 of a client device, and in particular by a deployment module 816 and/or a driver deployment module 818 of the client device. The deployment configuration file includes deployment entries, and at least one deployment entry includes information for deployment of a driver on the client device. The process of FIG. 10 is generally performed in multiple client devices, as the process is repeated on each client device that a driver should be deployed onto. For example, the process may be repeated on each client device having a hardware platform associated with a driver identified in the deployment configuration file.”). Smith, Matthew, and Mallur are in similar fields of endeavor related to the technology of processing software updates on distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the control system of Smith to do a security patch instead of reimaging the entire system as is indicated in Mallur. Such an addition uses known methods (security patching specific software) to produce a well-known result (deploying an update without having to reimage the entire target system.). Claims 6-13 are rejected under 35 U.S.C. 103 as being unpatentable over Smith in view of Matthew in further view of Baillargeon (US 20230072358 A1), hereafter Baillargeon, in further view of Singh et al. (US 20200313925 A1), hereafter Singh. Regarding claim 6, Smith discloses “a system, comprising: a first computing node of a cluster of computing nodes that are part of a container orchestration system” ([Smith Col. 3, ll. 48-51] “The industrial control system 150 function may be performed by a constellation of networked apparatuses, in a distributed processing or cloud-based architecture.”, [Smith Col 10, ll. 25-35] “…embodiments may use lightweight container (e.g., Docker and LXD) mechanisms to isolate, manage and enhance the portability of applications and services that run on top of the underlying OS. These container technologies may simplify and enhance development, portability, maintainability and security of applications on the OS.”); “an industrial control system for controlling one or more operations of an operational technology (OT) component, wherein the industrial control system is communicatively coupled to the first computing node, and the industrial control system is communicatively coupled to the OT component” ([Smith fig. 1, col. 3, ll. 10-15] “The industrial control system 150 may, according to some embodiments, automatically access the encrypted storage 130 to execute a trusted Operating System (“OS”) to configure the components 140 for an industrial asset.”); Smith does not expressly teach: transmitting an indication that the security update is available for implementation to the OT component after determining that the security update is ready for implementation. However, in a similar art Matthew teaches: “transmitting an indication that the security update is available for implementation to the OT component after determining that the security update is ready for implementation, wherein the OT component is configured to determine a time period for implementation of the security update, based on operation data associated with the OT component, after receiving the indication that the security update is available” ([Matthew, 0097] “The user interface includes three different sections (or islands) 1115-1125 to display different types of available updates. Display section 1115 displays the security updates. As shown, there is currently one security update available.” [Matthew, 0071] When an update is identified as a critical update, it will be installed automatically in 24 hours after the notification is displayed on the device, based on metadata for the updates for the device, corresponding to the OT component determining a time period for implementation of a security update based on operation data, that being the metadata of the update included in a list of system software installed in [Matthew, 0005], associated with the component.). Smith and Matthew are in similar fields of endeavor related to the technology of security updates over distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the control system of Smith to implement notification system and request updates and apply them within a pre-determined time period as in Matthew. Such an addition uses known methods (enforcing a time limit) to produce a well-known result (ensuring that an update is applied within a time limit in particular the availability of applicable updates for critical security updates). Smith and Matthew do not expressly teach: a second computing node of the cluster of computing nodes, wherein the second computing node is configured to transmit a pod to the first computing node, wherein the pod is configured to cause the first computing node to perform operations: However, in a similar art Baillargeon teaches: “a second computing node of the cluster of computing nodes, wherein the second computing node is configured to transmit a pod to the first computing node, wherein the pod is configured to cause the first computing node to perform operations” ([Baillargeon, 0158] “At step S322, optionally, TRO 30 alerts tenant 22 that changes are available, such as changes obtained from the analytical phase, and requests confirmation to proceed with the available changes. At step S324, tenant 22a optionally communicates to the TRO 30 that tenant 22a approves the changes. At step S326, TRO 30 optionally transmits a request to pod 150a1 in cluster 60a to stop an application. At step S328, pod 150a1 optionally responds to TRO 30 that the application has been stopped. At step S330, TRO 30 transmits an update pod deployment to server 90a, e.g., an API server, and, at step S332, the server 90a responds confirming the updated pod deployment. At step S334, server 90a creates a new pod 150a3, and, at Step S336, deletes old pod 150a1.”), Smith, Matthew, and Baillargeon are in similar fields of endeavor related to the technology of security updates over distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the control system of Smith to deploy pods as in Baillargeon. Such an addition uses known methods (transmitting pods in containerized applications) to produce a well-known result (distribute functionality across distributed systems). Smith, Matthew, Baillargeon do not expressly teach: comprising: deploying a container as a digital representation of the OT component; testing a security update on the digital representation of the OT component; determining that the security update is ready for implementation in the OT component in response to testing the security update on the digital representation of the OT component; However, in a similar art Singh teaches: “comprising: deploying a container as a digital representation of the OT component” ([Singh, 0087] “In some embodiments, the digital twin 600 may provide a virtual testing environment that is a replica of the local BBMD device 608 (or a portion of the local BBMD device 608), so that upgrades and patches (e.g., operating system updates, security patches, and/or the like) can first be applied and tested on the digital twin 600 before being applied to the actual local BBMD device 608.”). “testing a security update on the digital representation of the OT component” ([Singh, 0087] “…upgrades and patches (e.g., operating system updates, security patches, and/or the like) can first be applied and tested on the digital twin 600 before being applied to the actual local BBMD device 608.”); “determining that the security update is ready for implementation in the OT component in response to testing the security update on the digital representation of the OT component” ([Singh, 0087] “Thus, potential effects of the upgrades or patches on one or more functionalities or features of the local BBMD device 608 can first be tested and monitored for stability on the digital twin 600, before going live on the local BBMD device 608. Accordingly, in various embodiments, undesired downtime of a BAS due to issues or potential issues with the BBMD devices may be reduced or prevented…”); Smith, Matthew, Baillargeon, and Singh are in similar fields of endeavor related to the technology of security updates over distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the pods disclosed in Baillargeon to use the duplicate representation for testing the newly updated software. Such an addition uses known methods (making a backup for testing) to produce a well-known result (making sure new updates do not break the configuration). Moreover, Smith invokes such a procedure when it allows to roll back a bad configuration. See Smith col. 13, ll. 49-51, “According to some embodiments, the deployment of package updates may be transactional such that an update either succeeds completely or if it fails - rolls back to the original state prior to attempting to apply the update.” The difference being that now we are expressly utilizing the distributed container pods of Baillargeon to push the updates. Regarding claim 7, Smith, Matthew, Baillargeon, and Singh teach the system of claim 6. In addition Singh teaches: “wherein testing the security update on the digital representation of the OT component comprises implementing the security update against the digital representation of the OT component” ([Singh, 0087] “…so that upgrades and patches (e.g., operating system updates, security patches, and/or the like) can first be applied and tested on the digital twin 600 before being applied to the actual local BBMD device 608.”). Smith, Matthew, Baillargeon, and Singh are in similar fields of endeavor related to the technology of security updates over distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the test the update of Smith in the manner of Singh by testing the update against the duplicated digital representation as in Singh. Such an addition uses known methods (making a backup for testing) to produce a well-known result (making sure new updates do not break the configuration). Moreover, Smith invokes such a procedure when it allows to roll back a bad configuration. See Smith col. 13, ll. 49-51, “According to some embodiments, the deployment of package updates may be transactional such that an update either succeeds completely or if it fails - rolls back to the original state prior to attempting to apply the update.” The difference being that now we are expressly utilizing the distributed container pods of Baillargeon to push the updates. Regarding claim 8, Smith, Matthew, Baillargeon, and Singh teach the system of claim 6. “wherein determining that the security update is ready for implementation in the OT component comprises determining that a set of data associated with the digital representation of the OT component after implementing the security update against the digital representation of the OT component satisfies one or more data threshold ranges for implementing the security update on the OT component” ([Singh, 0087] Updates and patches are first applied and tested on digital twin 600 before being applied to the actual local BBMD device 608. These include potential effects of upgrades/patches on one or more functionalities, and can be used to prevent undesired downtime due to issues or potential issues with the BBMD device, such as with RAM, as shown in Table 1 in [Singh, 0095] displaying received health data of the BBMD device, which includes determining that the RAM satisfies performance in the real BBMD device based on performance on the digital twin 600.) Smith, Matthew, Baillargeon, and Singh are in similar fields of endeavor related to the technology of security updates over distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to display the digital representation of Baillargeon in the manner of Singh. Such an addition uses known methods (determining that a set of data associated with the digital representation of the OT component satisfies one or more data threshold ranges) to produce a well-known result (determining that the security update is ready for implementation in the OT component). Regarding claim 9, Smith, Matthew, Baillargeon, and Singh teach the system of claim 6. In addition Singh teaches: “wherein the operations comprise transmitting the digital representation of the OT component to a display device for display” ([Singh, 0099] “In some embodiments, the configuration tool may display a list of the candidate digital twins so that the system administrator can select one or more of the candidate digital twins as the backup for the BBMD device.”). Smith, Matthew, Baillargeon, and Singh are in similar fields of endeavor related to the technology of security updates over distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to display the digital representation of Baillargeon in the manner of Singh. Such an addition uses known methods (sending output to a display) to produce a well-known result (allowing a user to view or interact with the digital representation). Regarding claim 10, Smith, Matthew, Baillargeon, and Singh teach the system of claim 6. In addition Matthew teaches: “wherein the operations comprise transmitting an additional indication that the security update is ready for implementation to a display device for display” ([Matthew, 0097] “The user interface includes three different sections (or islands) 1115-1125 to display different types of available updates. Display section 1115 displays the security updates. As shown, there is currently one security update available.”). The rationale to combine this limitation of Matthew is given above in claim 6. Regarding claim 11, Smith, Matthew, Baillargeon, and Singh teach the system of claim 6. In addition Singh teaches: “wherein the operations comprise: deploying a second container as a second digital representation of the OT component” ([Singh, 0086] “According to some embodiments, each of the BBMD devices 510 and 520 may have one or more digital twins (e.g. ,virtual devices ) assigned to it from among the pool of digital twins 508.” [Singh, 0087] “In some embodiments, the digital twin 600 may provide a virtual testing environment that is a replica of the local BBMD device 608 (or a portion of the local BBMD device 608), so that upgrades and patches (e.g., operating system updates, security patches, and/or the like) can first be applied and tested on the digital twin 600 before being applied to the actual local BBMD device 608.”); “testing a second security update on the second digital representation of the OT component” ([Singh 0087] “… upgrades and patches (e.g., operating system updates, security patches, and/or the like) can first be applied and tested on the digital twin 600 before being applied to the actual local BBMD device 608.”). Smith, Matthew, Baillargeon, and Singh are in similar fields of endeavor related to the technology of security updates over distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have a plurality of containers have a plurality of digital representations as in Singh. Such an addition uses known methods (adding the ability to duplicate every component with a digital representation) to produce a well-known result (being able to test a plurality of components). Regarding claim 12, Smith, Matthew, Baillargeon, and Singh teach the system of claim 6. In addition Singh teaches: “wherein the operations comprise: deploying a second container as a second digital representation of a second OT component” ([Singh 0086] “According to some embodiments, each of the BBMD devices 510 and 520 may have one or more digital twins (e.g. ,virtual devices ) assigned to it from among the pool of digital twins 508.” [Singh 0087] “In some embodiments, the digital twin 600 may provide a virtual testing environment that is a replica of the local BBMD device 608 (or a portion of the local BBMD device 608), so that upgrades and patches (e.g., operating system updates, security patches, and/or the like) can first be applied and tested on the digital twin 600 before being applied to the actual local BBMD device 608.”); and testing a second security update on the second digital representation of the second OT component ([Singh 0087] “… upgrades and patches (e.g., operating system updates, security patches, and/or the like) can first be applied and tested on the digital twin 600 before being applied to the actual local BBMD device 608.”). Smith, Matthew, Baillargeon, and Singh are in similar fields of endeavor related to the technology of security updates over distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have a plurality of containers have a plurality of digital representations as in Singh. Such an addition uses known methods (adding the ability to duplicate every component with a digital representation) to produce a well-known result (being able to test a plurality of components). Regarding claim 13, Smith, Matthew, Baillargeon, and Singh teach the system of claim 6. In addition Singh teaches: “wherein the operations comprise: receiving sensor data from one or more sensors associated with the OT component” ([Singh, 0070] “building subsystem integration layer 420 can receive sensor data and input signals from building subsystems 428 and provide output data and control signals to building subsystems 428.”); “updating the digital representation of the OT component based on the sensor data” (Singh 0036, “For example, in some embodiments, the digital twin can be periodically (or continually) updated based on RAM state and CPU status readings collected from the BBMD device.”). Smith, Matthew, Baillargeon, and Singh are in similar fields of endeavor related to the technology of security updates over distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the components of Smith with the sensor data collected from Singh. Such an addition uses known methods (adding data attributes to a digital representation) to produce a well-known result (making decisions on the component based on the sensor data). Claims 14-15 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Smith in view Matthew, further in view of Baillargeon and Singh. Regarding claim 14, Smith discloses “a method, comprising: receiving, via a first computing node (Smith Fig. 1, 150) of a cluster of computing nodes in a container orchestration system” ([Smith, Col. 3, ll. 48-51] “The industrial control system 150 function may be performed by a constellation of networked apparatuses, in a distributed processing or cloud-based architecture.”) “wherein the particular snapshot corresponds to a backup of the digital representation of the OT component before a change was implemented to the OT component of a plurality of OT components of an industrial component system” ([Smith col. 13, ll. 49-51] Fig. 1; “…the original state prior to attempting to apply the update.”), “wherein the OT component is configured to restore a historical state of the OT component based on the particular snapshot of the digital representation” ([Smith col. 13, ll. 49-51] “According to some embodiments, the deployment of package updates may be transactional such that an update either succeeds completely or if it fails - rolls back to the original state prior to attempting to apply the update.”). “receiving, from a network external to the industrial automation system, a security update for a component of the plurality of components of the industrial automation system” ([Smith Col . 11, ll. 47-53] “FIG . 9 illustrates network security services 900 according to some embodiments. A number of elements 910 may be associated with a network 950 including… a security manager… etc.” [Smith Col. 5, ll. 35-51] “According to some embodiments , the industrial control system is a distributed industrial control system … security updates for the industrial control system might be deployed using package code signing tools that include signature information integrated with runtime signature verification mechanisms with appropriate public keys and correspond to private signing keys. In addition, security policies may be implemented to facilitate confidentiality, integrity, and availability of the industrial control system. In some cases, a security architecture may treat related information that shares a security policy as a uniform security domain.”); cryptographically signing the security update before transmitting… that the security update is available for implementation to the component”. ([Smith col. 13, ll. 10-46] “To facilitate security in an ICS component, it may be helpful to rapidly identify and update security vulnerabilities in the ICS platform software stack”; “Due to the large number of software packages available, security issues are identified on a daily basis with updates pushed to fix these vulnerabilities; “Assuming that the software updates are deemed stable and that security vulnerabilities warrant field deployment, then the newly packaged and signed software will be prepared for distribution and deployment on the fielded ICS devices and components.”, “In order to deploy the software updates on the target ICS platforms, the package code signing tools may include the signature information and integrate with the run - time signature verification mechanisms with appropriate public keys that correspond to the private signing keys.”). While Smith teach deployment (i.e. transmit …that the security update available for implementation to the OT component), and while Smith’s updates pushes are a form of implementation that a security update is available for implementation, Smith does not expressly disclose, transmitting an indication that the security update is available for implementation to the component, wherein the component is configured to install the security update during the time period for implementation after receiving the security update. However, in an analogous art, Matthew teaches: transmitting an indication that a security update is available for implementation on a component, wherein the component is configured to determine a time period for implementation of the security update, based on operation data associated with the component, after receiving the indication that the security update is available ([Matthew, 0097] “The user interface includes three different sections (or islands) 1115-1125 to display different types of available updates. Display section 1115 displays the security updates. As shown, there is currently one security update available.” [Matthew, 0071] “In this example, the update is identified as a critical update, which will be installed automatically in 24 hours after the notification is displayed on the device.” [Matthew, 0071] When an update is identified as a critical update, it will be installed automatically in 24 hours after the notification is displayed on the device, based on metadata for the updates for the device, where operation data, that being the metadata of the update included in a list of system software installed in [Matthew, 0005], is associated with the component.); Smith and Matthew are in similar fields of endeavor related to the technology of security updates over distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the control system of Smith to implement notification system and request updates and apply them within a pre-determined time period as in Matthew. Such an addition uses known methods (enforcing a time limit) to produce a well-known result (ensuring that an update is applied within a time limit in particular the availability of applicable updates for critical security updates). Smith, in the above combination, does not expressly show: a pod from a second computing node in the cluster of computing nodes; However in a similar art Baillargeon teaches: a pod from a second computing node in the cluster of computing nodes; (Baillargeon 0158 “At step S322, optionally, TRO 30 alerts tenant 22 that changes are available, such as changes obtained from the analytical phase, and requests confirmation to proceed with the available changes. At step S324, tenant 22a optionally communicates to the TRO 30 that tenant 22a approves the changes. At step S326, TRO 30 optionally transmits a request to pod 150a1 in cluster 60a to stop an application. At step S328, pod 150a1 optionally responds to TRO 30 that the application has been stopped. At step S330, TRO 30 transmits an update pod deployment to server 90a, e.g., an API server, and, at step S332, the server 90a responds confirming the updated pod deployment. At step S334, server 90a creates a new pod 150a3, and, at Step S336, deletes old pod 150a1.”) Smith and Baillargeon are in similar fields of endeavor related to the technology of security updates over distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the container enabled control system of Smith to deploy pods as in Baillargeon. Such an addition uses known methods (transmitting pods in containerized applications) to produce a well-known result (distribute functionality across distributed systems). Smith and Baillargeon do not expressly disclose: deploying, via the first computing node, a container as a digital representation of an operational technology (OT) component; generating, via the first computing node, one or more snapshots of the digital representation of the OT component; receiving, via the first computing node, a request for a particular snapshot of the one or more snapshots of the digital representation of the OT component, wherein the particular snapshot corresponds to a backup of the digital representation of the OT component before a change was implemented to the OT component; and transmitting, via the first computing node to the OT component, the particular snapshot of the digital representation, wherein the OT component is configured to restore a historical state of the OT component based on the particular snapshot of the digital representation. However, in a similar art Singh teaches: deploying, via the first computing node, a container as a digital representation of an operational technology (OT) component; ( Singh 0087“In some embodiments, the digital twin 600 may provide a virtual testing environment that is a replica of the local BBMD device 608 (or a portion of the local BBMD device 608), so that upgrades and patches (e.g., operating system updates, security patches, and/or the like) can first be applied and tested on the digital twin 600 before being applied to the actual local BBMD device 608.”) generating, via the first computing node, one or more snapshots of the digital representation of the OT component ([Singh 0086] “According to some embodiments, each of the BBMD devices 510 and 520 may have one or more digital twins (e.g., virtual devices) assigned to it from among the pool of digital twins 508. [Singh 0087] “In some embodiments, the digital twin 600 may provide a virtual testing environment that is a replica of the local BBMD device 608 (or a portion of the local BBMD device 608), so that upgrades and patches (e.g., operating system updates, security patches, and/or the like) can first be applied and tested on the digital twin 600 before being applied to the actual local BBMD device 608.”); receiving, via the first computing node, a request for a particular snapshot of the one or more snapshots of the digital representation of the OT component, wherein the particular snapshot corresponds to a backup of the digital representation of the OT component before a change was implemented to the OT component ([Singh 0086] “In some embodiments, the assigned digital twin (s) are a backup or passive BBMD for a corresponding subnet 504 and 506. For example, in some embodiments, if the BBMD device (e.g., 510 or 520) for the subnet (e.g., 504 or 506) fails or malfunctions, the corresponding digital twin assumes an active role of the BBMD for that subnet.”); and transmitting, via the first computing node to the OT component, the particular snapshot of the digital representation, wherein the OT component is configured to restore a historical state of the OT component based on the particular snapshot of the digital representation. ([Singh, 0099] “the selection process for selecting the digital twin for the BBMD device may be performed (or executed) when the BBMD device is initialized or configured. In other embodiments, the selection process may be performed (or executed) in response to detecting a failure or potential failure of the BBMD device.”) Smith, Baillargeon, and Singh are in similar fields of endeavor related to the technology of security updates over distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the pods disclosed in Baillargeon to use the duplicate digital representation of multiple components for testing the newly updated software. Such an addition uses known methods (making a backup for testing) to produce a well-known result (making sure new updates do not break the configuration). Moreover, Smith invokes such a procedure when it allows to roll back a bad configuration. See Smith col. 13, ll. 49-51, “According to some embodiments, the deployment of package updates may be transactional such that an update either succeeds completely or if it fails - rolls back to the original state prior to attempting to apply the update.” The difference being that now we are expressly utilizing the distributed container pods of Baillargeon to push the updates. Regarding claim 15, Smith, Matthew, Baillargeon, and Singh teach the method of claim 14. In addition, Smith discloses: wherein the change comprises a security update to the OT component. ([Smith Col. 5, ll. 35-51] “According to some embodiments, the industrial control system is a distributed industrial control system… security updates for the industrial control system might be deployed using package code signing tools that include signature information integrated with runtime signature verification mechanisms with appropriate public keys and correspond to private signing keys. In addition, security policies may be implemented to facilitate confidentiality, integrity, and availability of the industrial control system. In some cases, a security architecture may treat related information that shares a security policy as a uniform security domain.”). Regarding claim 19, Smith, Matthew, Baillargeon, and Singh teach the method of claim 14. In addition, Singh discloses comprising: receiving, via the first computing node, sensor data from one or more sensors associated with the OT component ([Singh, 0070] “building subsystem integration layer 420 can receive sensor data and input signals from building subsystems 428 and provide output data and control signals to building subsystems 428.”); updating, via the first computing node, the digital representation of the OT component based on the sensor data ([Singh, 0036] “For example, in some embodiments, the digital twin can be periodically (or continually) updated based on RAM state and CPU status readings collected from the BBMD device.”), wherein the operations comprise: receiving sensor data from one or more sensors associated with the OT component ([Singh, 0070] “building subsystem integration layer 420 can receive sensor data and input signals from building subsystems 428 and provide output data and control signals to building subsystems 428.”); updating the digital representation of the OT component based on the sensor data. ([Singh, 0036] “For example, in some embodiments, the digital twin can be periodically (or continually) updated based on RAM state and CPU status readings collected from the BBMD device.”). Smith, Baillargeon, and Singh are in similar fields of endeavor related to the technology of security updates over distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the components of Smith with the sensor data collected from Singh. Such an addition uses known methods (adding data attributes to a digital representation) to produce a well-known result (making decisions on the component based on the sensor data). Regarding claim 20, Smith, Matthew, Baillargeon, and Singh teach the method of claim 14. In addition, Singh teaches: wherein the one or more snapshots of the digital representation of the OT component comprise respective configuration data associated with the OT component, operational data associated with the OT component, security data associated with the OT component, or a combination thereof. ([Singh 0093] “In some embodiments, memory 620 includes a message handler 625, a status checker 630, a fault detector 635, a BDT storage container 640 for storing BDT data, a FDT storage container 645 for storing FDT data (e.g., if applicable), a configuration data storage container 650 for storing configuration data (e.g., IP address of the local BBMD device 608), and a historical data storage container 655 for storing historical operational data associated with the local BBMD device 608 and/or the larger network (e.g., the BAS network 500).”). Smith, Matthew, Baillargeon, and Singh are in similar fields of endeavor related to the technology of security updates over distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the duplicate representation disclosed by Singh to contain configuration data as disclosed in Singh. Such an addition uses known methods (associating configuration data) to produce a well-known result (having digital twin access that configuration data when it is restored). Claims 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over Smith in view of Mathew, Baillargeon, Singh and in further view of Sillifant et al. (US 20230237068 A1), hereafter Sillifant and Strohmenger et al. (US 20210302923 A1), hereafter Strohmenger. Regarding claim 16, Smith, Matthew, Baillargeon, and Singh teach the method of claim 14. The references of Smith, Matthew, Baillargeon, and Singh do not expressly show: wherein the one or more snapshots of the digital representation comprises a plurality of snapshots of the digital representation, and wherein each snapshot of the plurality of snapshots is associated with a respective time period in which the snapshot was generated by the first computing node. However in a similar art Sillifant teaches: wherein the one or more snapshots of the digital representation comprises a plurality of snapshots of the digital representation, ([Sillifant 0323] In a related example, object A and object B may be snapshots of a dataset or volume X. In this example, source storage system 1101 may generate periodic snapshots (A, B, C, etc.) of volume X, such) Smith, Matthew, Baillargeon, Singh, and Sillifant are in similar fields of endeavor related to the technology of distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the digital representations in Singh to be duplicated to create various backup snapshots. Such an addition uses known methods (making backup snapshots) to produce a well-known result (being able to restore to a certain previous snapshot). Moreover, Smith invokes such a procedure when it allows to roll back a bad configuration. See Smith col. 13, ll. 49-51, “According to some embodiments, the deployment of package updates may be transactional such that an update either succeeds completely or if it fails - rolls back to the original state prior to attempting to apply the update.” Smith, Matthew, Baillargeon, and Singh do not expressly show: and wherein each snapshot of the plurality of snapshots is associated with a respective time period in which the snapshot was generated by the first computing node. However in a similar art Strohmenger teaches: and wherein each snapshot of the plurality of snapshots is associated with a respective time period in which the snapshot was generated by the first computing node. ([Strohmenger 0126] “In some embodiments, the cloud gateway component 808 of FIG. 8 or cloud gateway component 908 of FIG. 9 can tag the collected industrial data (e.g., 814 or 914) with contextual metadata prior to pushing the data as cloud data (e.g., 804 or 904) to the cloud platform. Such contextual metadata can include, for example, a time stamp, a location of the device at the time the data was generated, or other contextual information.”) Smith, Matthew, Baillargeon, Singh, Sillifant, and Strohmenger are in similar fields of endeavor related to the technology of distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the digital representations in Singh to be duplicated to create various backup snapshots and have them time stamped. Such an addition uses known methods (making backup snapshots with a time stamp) to produce a well-known result (being able to restore to a certain previous snapshot). Moreover, Smith invokes such a procedure when it allows to roll back a bad configuration. See Smith col. 13, ll. 49-51, “According to some embodiments, the deployment of package updates may be transactional such that an update either succeeds completely or if it fails - rolls back to the original state prior to attempting to apply the update.” Regarding claim 17, Smith, Matthew, Baillargeon, Singh, Sillifant and Strohmenger disclose the method of claim 14 and the OT component. In addition, Sillifant teaches: comprising generating a table ([Sillifant, 0161] “As an example of one type of application that may be supported by the storage systems describe herein, the storage system 306 may be useful in supporting artificial intelligence (‘AI’) applications, database applications,”) that associates the plurality of snapshots with the OT component based on the respective time periods associated with the plurality of snapshots. (“For example, the storage systems described above may be configured to examine each backup to avoid restoring the storage system to an undesirable state…” [Sillifant, 0158] … “In such an example, software resources 314 within the storage system may be configured to detect the presence of ransomware and may be further configured to restore the storage system to a point-in-time, using the retained backups,”). Smith, Matthew, Baillargeon, Singh, Sillifant, and Strohmenger are in similar fields of endeavor related to the technology of distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the digital representations in Singh to be stored in the database (i.e. “table”) of Sillifant. Such an addition uses known methods (using a database) to produce a well-known result (being able to query on data in the database such as a time stamp). Moreover, Smith invokes such a procedure when it allows to roll back a bad configuration. Regarding claim 18, Smith, Matthew, Baillargeon, Singh, Sillifant and Strohmenger disclose the method of claim 14 and the OT component. In addition Sillifant teaches: comprising identifying the particular snapshot of the digital representation to transmit to the OT component based on the table. ([Sillifant 0157] “In such an example, the storage system may restore itself from a backup that does not include the malware—or at least not restore the portions of a backup that contained the malware.”) Smith, Matthew, Baillargeon, Singh, Sillifant, and Strohmenger are in similar fields of endeavor related to the technology of distributed systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the digital representations in Singh to be restorable from the database (i.e. “table”) of Sillifant. Such an addition uses known methods (using a database) to produce a well-known result (being able to query on data in the database such as a time stamp to ultimately transmit the queried data). Moreover, Smith invokes such a procedure when it allows to roll back a bad configuration. Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to TOMMY MARTINEZ whose telephone number is (703)756-5651. The examiner can normally be reached Monday thru Friday 8AM-4PM ET. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado can be reached at (571) 272-7624 on Monday thru Friday 7AM-7PM ET. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /T.M./Examiner, Art Unit 2496 /JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496
Read full office action

Prosecution Timeline

Show 8 earlier events
Oct 13, 2025
Examiner Interview Summary
Nov 19, 2025
Request for Continued Examination
Nov 28, 2025
Response after Non-Final Action
Jan 12, 2026
Non-Final Rejection mailed — §103
Mar 25, 2026
Examiner Interview Summary
Mar 25, 2026
Applicant Interview (Telephonic)
Apr 08, 2026
Response Filed
May 29, 2026
Final Rejection mailed — §103 (current)

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

5-6
Expected OA Rounds
14%
Grant Probability
-6%
With Interview (-20.0%)
2y 4m (~0m remaining)
Median Time to Grant
High
PTA Risk
Based on 7 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month