DETAILED ACTION
1. A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 2/5/2026 has been entered.
.
2. Claims 1-21 are pending. Claims 1, 14 and 21 are independent. Claims 1, 3, 4, 8, 13-15, 17, 19 and 21 are currently amended. Amendments to the claims are entered.
Response to Arguments
3. Applicant's arguments have been fully considered; however, they are not persuasive.
Applicant alleged that
Huntley, however, does not disclose the feature of amended claim 1 of "cryptographic algorithm configuration indicating one or more allowed cryptographic algorithms and one or more cryptographic algorithms that are not allowed' (emphasis added). Huntley makes no mention of the notion of cryptographic algorithms that are not allowed.
Examiners respectfully disagree. Huntley discloses that some cryptographic technique may be used if a device and/or network supports the technique and other cryptographic technique cannot be used if the device and/or network does not support the technique based on available resources of the device and/or network [para. 50]. Therefore, Huntley discloses "cryptographic algorithm configuration indicating one or more allowed cryptographic algorithms and one or more cryptographic algorithms that are not allowed' as recited in amended claim 1.
Applicant also alleged that
Waterman discusses that its SA "can include the security parameters and information (e.g., cryptographic algorithm/mode) " (Para. 0024). This information, however, is specified in the SA information, and is not determined by "analyzing, while the packets are flowing along the data path, at least one packet of the accessed packets" as recited in amended claim 1. This feature is not taught or suggested by the cited combination of references.
Examiners respectfully disagree. Huntley discloses that analyzing the pack associated with the outgoing traffic 108 or the incoming traffic 110 includes identifying the associated SA using security parameters index included in the header of the packet [para. 24-25]. Therefore, Huntley discloses "analyzing, while the packets are flowing along the data path, at least one packet of the accessed packets" as recited in amended claim 1.
4. Examiners submit, since independent claims 14 and 21 include similar recitations to those recited and emphasized above with respect to independent claim 1, the rationales below explain how claim 1 unpatentable over Huntley, Rostami-Hesarsorkh and Waterman are likewise to be applicable to independent claims 14 and 21.
Claim Rejections - 35 USC § 103
5. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
6. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
7. Claims 1-21 are rejected under 35 U.S.C. 103 as being unpatentable over Waterman (US PG Pub. 2019/0260712) Huntley (US PG Pub. 2023/0058198) in view of Rostami-Hesarsorkh (US Patent 8,856,910).
As regarding claims 1, 14 and 21, Huntley discloses A method performed by a cryptographic algorithm firewall of an industrial control network implemented by one or more computers, wherein the method comprises:
receiving or determining a cryptographic algorithm configuration for determining which cryptographic algorithms are allowed, the cryptographic algorithm configuration indicating one or more allowed cryptographic algorithms and one or more cryptographic algorithms that are not allowed [para. 14 and 24; establishing a security associate used to determine cryptographic algorithm] [para. 50; determining cryptographic technique to be used based on determining information stored in policy table];
accessing [data] flowing along a data path of the industrial control network between a device of the industrial control network and a network component of an external secured network [para. 19; accessing data for negotiating to select cryptographic techniques];
causing one or more actions related to a flow of the at least one [data]'s flow and/or the network communication in response to determining the cryptographic algorithm used for the network communication is not allowed [para. 50].
Huntley does not explicitly disclose data in the form of packets; however, Rostami-Hesarsorkh discloses it [col. 6, lines 51-45].
It would have been obvious to one of ordinary skill in the art at the time the effective filing of the invention to modify Huntley’s data to data packets, as disclosed by Rostami-Hesarsorkh, in order to determine whether the traffic may be in violation of one or more firewall policies/rules [Rostami-Hesarsorkh col. 5, lines 12-16].
Huntley and Rostami-Hesarsorkh do not explicitly disclose accessing packet flowing along a data path of the industrial control network between a device of the industrial control network and a network component of an external secured network; and analyzing at least one packet of the accessed packets to determine a cryptographic algorithm that is being used for securing network communication between the device and the network component of an external secured network; and determining whether the cryptographic algorithm being used for the network communication is allowed based on the received cryptographic algorithm configuration; however, Waterman discloses it [para. 14, 40, 43 and 47; analyzing data packet received from the second device, e.g. from a computer external secured network [para. 53], to determine whether to allow or deny the packet based on security association in the rules].
It would have been obvious to one of ordinary skill in the art at the time the effective filing of the invention to modify Huntley and Rostami-Hesarsorkh’s system to further comprise the missing limitations, as disclosed by Waterman, in order to establish secured communication between two devices based on an identity instead of an IP address [Waterman para. 12].
As regarding claim 2, Huntley, Rostami-Hesarsorkh and Waterman further disclose The method of claim 1, wherein the method further comprises providing a notification signal in response to determining the cryptographic algorithm is not an allowed cryptographic algorithm [Huntley para. 50; sending a response to indicate that the cryptographic technique is not supported].
As regarding claim 3, Huntley, Rostami-Hesarsorkh and Waterman further disclose The method of claim 2, wherein the method further comprises outputting a warning message responsive to the notification [Rostami-Hesarsorkh col. 4, lines 38-43].
As regarding claims 4 and 15, Huntley, Rostami-Hesarsorkh and Waterman further disclose The method of claim 1, wherein the one or more actions related to the flow of the at least one packet and/or the network communication include blocking, dropping, diverting, or otherwise preventing the at least one packet and/or one or more packets of the network communication from continuing to flow along the data path of the industrial control network to its intended destination in response to determining the cryptographic algorithm is not allowed [Rostami-Hesarsorkh col. 4, lines 18-37].
As regarding claim 5, Huntley, Rostami-Hesarsorkh and Waterman further disclose The method of claim 1, wherein the cryptographic algorithm configuration is provided by a user or external processing device [Huntley para. 18 and 25].
As regarding claim 6, Huntley, Rostami-Hesarsorkh and Waterman further disclose The method of claim 1, wherein the cryptographic algorithm configuration is learned and refined over time [Huntley para. 47].
As regarding claims 7 and 16, Huntley, Rostami-Hesarsorkh and Waterman further disclose The method of claim 1, wherein analyzing the at least one packet uses session layer inspection [Rostami-Hesarsorkh col. 3, lines 25-55].
As regarding claims 8 and 17, Huntley, Rostami-Hesarsorkh and Waterman further disclose The method of claim 7, wherein analyzing the at least one packet includes inspecting data payload of a security handshake that occurs when two parties negotiate cypher suites to use for the network communication [Rostami-Hesarsorkh col. 6, lines 51-54].
As regarding claims 9 and 18, Huntley, Rostami-Hesarsorkh and Waterman further disclose that the at least one packet is analyzed by a layer 3 firewall that performs network layer inspection in addition to being accessed by the cryptographic algorithm firewall [Waterman para. 12-15; analyzing IPsec packets received at Layer 3].
As regarding claims 10 and 19, Huntley, Rostami-Hesarsorkh and Waterman further disclose The method of claim 9, wherein the cryptographic algorithm firewall is integrated with or is coupled to a layer 3 firewall [Waterman para. 12-15; analyzing IPsec packets received at Layer 3].
As regarding claim 11, Huntley, Rostami-Hesarsorkh and Waterman further disclose The method of claim 1, wherein the cryptographic algorithm configuration is configured based on static features of the industrial control network [Huntley para. 14].
As regarding claims 12 and 20, Huntley, Rostami-Hesarsorkh and Waterman further disclose The method of claim 1, wherein the cryptographic algorithm configuration is updated based on information received during operation of the industrial control network [Huntley para. 14].
As regarding claim 13, Huntley, Rostami-Hesarsorkh and Waterman further disclose The method of claim 1, further comprising blocking, dropping, or diverting a particular packet of the at least one packet and/or of one or more packets of the network communication, or otherwise preventing a packet of the at least one packet or the one or more packets of the network communication from continuing to flow along the data path of the industrial control network to its intended destination, if the particular packet has a self-signed certificate or is not encrypted [Rostami-Hesarsorkh col. 4, lines 18-37 and col. 5, line 45 thru col. 6, line 9].
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THONG P TRUONG whose telephone number is (571)270-7905. The examiner can normally be reached on M-F 8:30AM - 5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 57127267986798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/THONG TRUONG/
Examiner, Art Unit 2433
/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433