DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
2. This action is in response to the following communication: Non-provisional Application No. 18/277,702 filed on 08/17/2023.
3. Claims 1-23 have been cancelled.
Claims 24-45 are pending.
Claims 24 and 37 are independent claims.
Specification
4. The disclosure is objected to because it contains an embedded hyperlink and/or other form of browser-executable code (p. 6, para. [0122]). Applicant is required to delete the embedded hyperlink and/or other form of browser-executable code. See MPEP § 608.01.
5. The disclosure is objected to because of the following informalities: The disclosure consists of abbreviations which are not written out the first time they are used (e.g. XML, URI, MAC, ID, CPU, URL, OPC, UA). Abbreviations must be written out the first time they are used in the disclosure, again in the abstract, and again in the claims, as the intent of their meaning is likely to be changed over time.
Appropriate correction is required. The specification should be revised carefully in order to comply with 35 U.S.C. 112(a). 35 U.S.C. 132(a) states that no amendment shall introduce new matter into the disclosure of the invention. Any amendment to the disclosure must be supported by the disclosure as originally filed.
Claim Rejections - 35 USC § 112
6. The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
7. Claims 24-45 are rejected under 35 U.S.C. 112 (b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention.
Claims 24, 29, 37 and 40 recites the limitations “the origin”, “the interaction”, "the scope" in the claims. There is insufficient antecedent basis for these limitation in the claims.
Claims 25-28, 30-36, 38-39 and 41-45 are also rejected for being dependent on rejected base claims.
Claim Rejections - 35 USC § 102
8. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.
9. Claims 24, 25 and 37 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Lawson et al., US 20170103137 (hereinafter Lawson).
In regards to claim 24, Lawson teaches:
A system, comprising: an industrial facility comprising a first memory that stores first machine-executable components, and a first processor that is operatively coupled to the first memory, and Is designed to execute the first machine-executable components, wherein the first machine-executable components comprise a cloud connectivity component (Fig. 1, see Industrial Facility, Client Device 116, Cloud interface 11, Generic Internet, Cloud Platform 102, Industrial Application Provisioning System 104), (Fig. 2, Interface component 210, Cloud Interface 224, Cloud Interface 226), [0036], see “client device can access the industrial application provisioning system 104 and associated cloud-based services via a cloud interface 114, which can be internal to the client device 116 or a separate cloud gateway communicatively connected to the client device 116”), [0039], see “an interface component 210, in some embodiments, components 204, 206, 208, 210, 212, and 214 can comprise software instructions stored on memory 218 and executed by processor(s) 216”) and (p. 12, [0105], see “embodiments, systems, and components described herein, as well as industrial control systems and industrial automation environments in which various aspects set forth in the subject specification can be carried out, can include computer... Computers and servers include one or more processors—electronic integrated circuits that perform logic operations employing electric signals—configured to execute instructions stored in media such as random access memory (RAM), read only memory (ROM), a hard drives, as well as removable memory devices, which can include memory sticks, memory cards, flash drives, external hard drives, and so on”) (emphasis added). Such separate cloud interface is very much the same as such first machine-executable component.
a cloud platform comprising a second memory that stores second machine-executable components, and a second processor that is operatively coupled to the second memory, and is designed to execute the second machine-executable components (Fig. 1, see Industrial Facility, Client Device 116, Cloud interface 11, Generic Internet, Cloud Platform 102, Industrial Application Provisioning System 104), (Fig. 2, Industrial Application Provisioning System 202, Interface component 210, Cloud Interface 224, Cloud Interface 226), and (Abstract, see “a cloud-based industrial application provisioning system is provided…. A search engine allows a user to access the cloud platform and search for a desired industrial application. The library's hierarchical catalog allows the user to search for applications according to industry type, equipment in use, automation system type, or other suitable criteria”). Such Industrial Application Provisioning System is very much the same as such second machine-executable components comprise a management component.
the second machine-executable components comprise a management component that is part of an entity that produces one or more industrial devices that reside at the industrial facility (Fig. 2, Industrial Application Provisioning System 202, Interface component 210, Cloud Interface 224, Cloud Interface 226), (Fig. 1, see Industrial Facility, Client Device 116, Cloud interface 11, Generic Internet, Cloud Platform 102, Industrial Application Provisioning System 104), and (Abstract, see “a cloud-based industrial application provisioning system is provided…. A search engine allows a user to access the cloud platform and search for a desired industrial application. The library's hierarchical catalog allows the user to search for applications according to industry type, equipment in use, automation system type, or other suitable criteria”). Such Industrial Application Provisioning System is very much the same as such second machine-executable components comprise a management component.
the cloud connectivity component is designed to receive and store at least one computer program to be installed on the one or more industrial devices (Abstract, see “a cloud-based industrial application provisioning system is provided… Application developers can publish industrial applications to an application library on the cloud platform, where the application is cataloged within an industry-specific search hierarchy. A search engine allows a user to access the cloud platform and search for a desired industrial application”) and (p. 1, [0009], see “in one or more embodiments, the cloud-based provisioning system can download selected applications to an end user's local cloud-capable device”). Such “can publish industrial applications to an application library on the cloud platform” is very much the same as such cloud connectivity component is designed to receive and store at least one computer program.
the cloud connectivity component and the management component are designed to interact with one another (Fig. 1, see bi-directional process arrow flow from Industrial Application Provisioning System 104, Cloud Interface 114, Client device 116, Industrial Facility).
such that during the interaction the management component defines an allowed Installation context having rules to control which computer programs are allowed to be installed on the one or more industrial devices (p. 1, [0008], see “in another aspect, the industrial application provisioning system can search for or filter applications in the cloud-based library based on contextual data obtained from the client”), (p. 4, [0041], see “retrieval component 208 can retrieve the subset of industrial applications identified by the search component 206 and deliver the identified applications to the originator of the search request. This can include sending the industrial applications to the requesting client device 222 over the cloud platform, or sending only a set of indicators identifying the subset of industrial applications”) and (Abstract, see “a cloud-based industrial application provisioning system is provided. The industrial application provisioning system can reside on a cloud platform and be made available to developers and end users with access privileges to the cloud platform... the application is cataloged within an industry-specific search hierarchy... library's hierarchical catalog allows the user to search for applications according to industry type, equipment in use, automation system type, or other suitable criteria”) (emphasis added). It is noted that the only applications allowed are filtered applications, hence such filters are very much the same as such rules.
the rules comprising as conditions at least: a unique identifier of the at least one computer program and a unique identifier of the origin of the at least one computer program and a requested installation target Information for the at least one computer program (p. 4, [0041], see “this can include sending the industrial applications to the requesting client device 222 over the cloud platform, or sending only a set of indicators identifying the subset of industrial applications”), (p. 10, [0092], see “records in subscribers database 1106 can include, for example, a user identifier, an industrial application identifier, a preferred notification method (e.g., email, text message, voice message, etc.”), and any other suitable subscription information”) and (p. 9, [0083], see “the industrial application provisioning system can infer at least a portion of the application search criteria based in part on extrinsic data read from the user's existing control system. For example, certain control data structures, code segments, or HMI graphical elements may suggest that the user's existing system relates to a particular industry or type of industrial system, or may help to identify particular devices or equipment in use at the industrial facility”) (emphasis added). Such indicators identifying the subset of industrial applications is very much the same as such computer program identifier, such industrial application identifier is very much the same as such origin, and such identify particular devices or equipment is very much the same as such target information.
to authorize Installation of the at least one computer program on the one or more Industrial devices only within the scope of the allowed installation context (p. 1, [0008], see “in another aspect, the industrial application provisioning system can search for or filter applications in the cloud-based library based on contextual data obtained from the client”), (p. 4, [0041], see “retrieval component 208 can retrieve the subset of industrial applications identified by the search component 206 and deliver the identified applications to the originator of the search request. This can include sending the industrial applications to the requesting client device 222 over the cloud platform, or sending only a set of indicators identifying the subset of industrial applications”) and (Abstract, see “a cloud-based industrial application provisioning system is provided. The industrial application provisioning system can reside on a cloud platform and be made available to developers and end users with access privileges to the cloud platform... the application is cataloged within an industry-specific search hierarchy... library's hierarchical catalog allows the user to search for applications according to industry type, equipment in use, automation system type, or other suitable criteria”) (emphasis added). It is noted that the only applications allowed are filtered applications, hence such filters are very much the same as such rules.
the interaction excludes sending the at least one computer program to the management component (p. 4, [0041], see “retrieval component 208 can retrieve the subset of industrial applications identified by the search component 206 and deliver the identified applications to the originator of the search request. This can include sending the industrial applications to the requesting client device 222 over the cloud platform, or sending only a set of indicators identifying the subset of industrial applications”) (emphasis added). It is noted that this interaction includes sending the requested application to the client and excludes sending the application to the management component.
In regards to claim 25, Lawson teaches:
the management component is designed to define the allowed installation context in response to data associated with an intended installation context provided by the cloud connectivity component to the management component (Fig. 1, see “Cloud Platgform 102, Industrial Application Provisioning System 104”) and (p. 1, [0008], see “in another aspect, the industrial application provisioning system can search for or filter applications in the cloud-based library based on contextual data obtained from the client”) (emphasis added).
In regards to claim 37, Lawson teaches:
A method, comprising: receiving and storing, by a cloud connectivity component that resides at an industrial facility, at least one computer program to be installed on one or more industrial devices that reside at the industrial facility (Abstract, see “a cloud-based industrial application provisioning system is provided…. Application developers can publish industrial applications to an application library on the cloud platform, where the application is cataloged within an industry-specific search hierarchy. A search engine allows a user to access the cloud platform and search for a desired industrial application”) and (p. 1, [0009], see “in one or more embodiments, the cloud-based provisioning system can download selected applications to an end user's local cloud-capable device”). Such “can publish industrial applications to an application library on the cloud platform” is very much the same as such cloud connectivity component is designed to receive and store at least one computer program.
the cloud connectivity component interacting with a management component, which is part of an entity that produced the one or more industrial devices, such that during the interaction of the cloud connectivity component, the management component defines an allowed installation context comprising rules that control which computer programs are allowed to be installed on the one or more industrial devices (p. 1, [0008], see “in another aspect, the industrial application provisioning system can search for or filter applications in the cloud-based library based on contextual data obtained from the client”), (p. 4, [0041], see “retrieval component 208 can retrieve the subset of industrial applications identified by the search component 206 and deliver the identified applications to the originator of the search request. This can include sending the industrial applications to the requesting client device 222 over the cloud platform, or sending only a set of indicators identifying the subset of industrial applications”) and (Abstract, see “a cloud-based industrial application provisioning system is provided. The industrial application provisioning system can reside on a cloud platform and be made available to developers and end users with access privileges to the cloud platform... the application is cataloged within an industry-specific search hierarchy... library's hierarchical catalog allows the user to search for applications according to industry type, equipment in use, automation system type, or other suitable criteria”) (emphasis added). It is noted that the only applications allowed are filtered applications, hence such filters are very much the same as such rules.
the rules comprising as conditions at least: a unique identifier of the at least one computer program and a unique identifier of the origin of the at least one computer program and a requested installation target information for the at least one computer program (p. 4, [0041], see “this can include sending the industrial applications to the requesting client device 222 over the cloud platform, or sending only a set of indicators identifying the subset of industrial applications”), (p. 10, [0092], see “records in subscribers database 1106 can include, for example, a user identifier, an industrial application identifier, a preferred notification method (e.g., email, text message, voice message, etc.”), and any other suitable subscription information”) and (p. 9, [0083], see “the industrial application provisioning system can infer at least a portion of the application search criteria based in part on extrinsic data read from the user's existing control system. For example, certain control data structures, code segments, or HMI graphical elements may suggest that the user's existing system relates to a particular industry or type of industrial system, or may help to identify particular devices or equipment in use at the industrial facility”) (emphasis added). Such indicators identifying the subset of industrial applications is very much the same as such computer program identifier, such industrial application identifier is very much the same as such origin, and such identify particular devices or equipment is very much the same as such target information.
authorizes installation of the at least one computer program on the one or more industrial devices only within the scope of the allowed installation context (p. 1, [0008], see “in another aspect, the industrial application provisioning system can search for or filter applications in the cloud-based library based on contextual data obtained from the client”), (p. 4, [0041], see “retrieval component 208 can retrieve the subset of industrial applications identified by the search component 206 and deliver the identified applications to the originator of the search request. This can include sending the industrial applications to the requesting client device 222 over the cloud platform, or sending only a set of indicators identifying the subset of industrial applications”) and (Abstract, see “a cloud-based industrial application provisioning system is provided. The industrial application provisioning system can reside on a cloud platform and be made available to developers and end users with access privileges to the cloud platform... the application is cataloged within an industry-specific search hierarchy... library's hierarchical catalog allows the user to search for applications according to industry type, equipment in use, automation system type, or other suitable criteria”) (emphasis added). It is noted that the only applications allowed are filtered applications, hence such filters are very much the same as such rules.
the interaction excludes sending the at least one computer program to the management component (p. 4, [0041], see “retrieval component 208 can retrieve the subset of industrial applications identified by the search component 206 and deliver the identified applications to the originator of the search request. This can include sending the industrial applications to the requesting client device 222 over the cloud platform, or sending only a set of indicators identifying the subset of industrial applications”) (emphasis added). It is noted that this interaction includes sending the requested application to the client and excludes sending the application to the management component.
Claim Rejections - 35 USC § 103
10. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
11. Claims 26, 27, 29-33, 35, 36, 38, 39 and 41-45 are rejected under 35 U.S.C. 103 as being unpatentable over Lawson in view of Kravitz et al., US 20170279620 (hereinafter Kravitz) in view of Carbajal et al., U.S. Patent No. 6,560,706 (hereinafter Carbajal).
In regards to claims 24, the rejections above are incorporated respectively.
In regards to claim 26, Lawson teaches:
the cloud connectivity component is designed to control connectivity between the one or more industrial devices and the cloud-platform (p. 3, [0036], see “client device can access the industrial application provisioning system 104 and associated cloud-based services via a cloud interface 114, which can be internal to the client device 116 or a separate cloud gateway communicatively connected to the client device 116”).
generate metadata associated with the at least one computer program and with an intended installation of the at least one computer program on the one or more industrial devices (p. 1, [0006], see “a client interface for the provisioning system can allow the developer to associate metadata with the application that can be used by the provisioning system to categorize the application in the library for simplified searching and browsing. In some embodiments, this metadata can specify a particular industry, control system type, device, equipment type, or vendor to which the submitted application relates”) and (p. 1, [0009], see “in one or more embodiments, the cloud-based provisioning system can download selected applications to an end user's local cloud-capable device”).
the management component is designed to receive, at the cloud platform, the installation request from the cloud connectivity component (p. 4, [0043], see “one or more embodiments of the industrial application provisioning system 202 can allow users to subscribe to receive notifications or application updates relating to selected industrial applications or application categories. Accordingly, subscription component 212 can be configured to receive and manage subscription requests from remote clients, and notification component 214 can be configured to deliver notifications to the remote clients when new or updated industrial applications corresponding to the subscription requests become available”).
Lawson doesn’t explicitly teach:
sign the metadata with a first private key.
However, Kravitz teaches such use: (p. 8, [0067], see “a first digital certificate is issued to the devices, for example, by a trusted third party, such as an attribute authority (AA”), in block 904”).
receive, from the management component, authorized metadata that are signed with a second private key and are associated with the allowed Installation context of the at least one computer program.
However, Kravitz teaches such use: (p. 5, [0049], see “the security ecosystem verifies that the IoT device client of the… control unit provided an acceptable digital token confirming it uniquely has received the unique ID and /r public key certificate of devices to be trusted. The security ecosystem then creates a message confirming the correct key validation digitally signs it using the private key associated with the public to be trusted, and returns it to the IoT device client of the Brake Control Unit. The veracity of the signed confirmation is verified using the public key to be trusted and the confirmation is complete”).
verify the signed authorized metadata using a second public key, sign the at least one computer program with the second private key.
However, Kravitz teaches such use: (p. 5, [0049], see “the security ecosystem verifies that the IoT device client of the… control unit provided an acceptable digital token confirming it uniquely has received the unique ID and /r public key certificate of devices to be trusted. The security ecosystem then creates a message confirming the correct key validation digitally signs it using the private key associated with the public to be trusted, and returns it to the IoT device client of the Brake Control Unit. The veracity of the signed confirmation is verified using the public key to be trusted and the confirmation is complete”).
verify the signed metadata using a first public key, in response to the Installation request.
However, Kravitz teaches such use: (p. 5, [0049], see “the security ecosystem verifies that the IoT device client of the brake control unit provided an acceptable digital token confirming it uniquely has received the unique ID and /r public key certificate of devices to be trusted. The security ecosystem then creates a message confirming the correct key validation digitally signs it using the private key associated with the public to be trusted, and returns it to the IoT device client of the Brake Control Unit. The veracity of the signed confirmation is verified using the public key to be trusted and the confirmation is complete”).
based on the signed metadata, generate the authorized metadata, sign the authorized metadata using the second private key, and transmit the signed authorized metadata to the cloud connectivity component.
However, Lawson teaches such use: (p. 5, [0049], see “the security ecosystem verifies that the IoT device client of the brake control unit provided an acceptable digital token confirming it uniquely has received the unique ID and /r public key certificate of devices to be trusted. The security ecosystem then creates a message confirming the correct key validation digitally signs it using the private key associated with the public to be trusted, and returns it to the IoT device client of the Brake Control Unit. The veracity of the signed confirmation is verified using the public key to be trusted and the confirmation is complete”).
Lawson and Kravitz are analogous art because they are from the same field of endeavor, software installation.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Lawson and Kravitz before him or her, to modify the system of Lawson to include the teachings of Kravitz, as a system for security management, and accordingly it would enhance the system of Lawson, which is focused on a system for an industrial app store, because that would provide Lawson with the ability to protecting, controlling and managing the IoT devices which are typically manufactured by third-parties, as suggested by Kravitz (p. 2, [0022], p. 8, [0069]).
Lawson and Kravitz, in particular Lawson doesn’t explicitly teach:
send an installation request containing the signed metadata to the management component.
However, Carbajal teaches such use: (Abstract see “the… image is obtained via a network connection and is checked for integrity and authority to run on a particular platform”) and (column 6, lines 31-39, see “if the digital signature of the received updated request credential verifies using the Boot Object Authorization Certificate for the managed client platform, the update request is accepted. Otherwise, the update request is not accepted. The unique update token and the signed request credential combine to guard against attacks based on capturing and replaying an identical or altered update request to the same or different managed client platforms”).
Lawson, Kravitz and Carbajal are analogous art because they are from the same field of endeavor, software installation.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Lawson, Kravitz and Carbajal before him or her, to modify the system of Lawson and Kravitz, in particular Lawson to include the teachings of Carbajal, as an Interface for ensuring system boot image integrity, and accordingly it would enhance the system of Lawson, which is focused on a system for an industrial app store, to ensure integrity of a boot image by checking that the software is free from viruses or has not been tampered with before or during download as well as authenticity as suggested by Carbajal (column 6, lines 31-39, column 10, lines 53-59).
In regards to claim 27, Lawson teaches:
the cloud connectivity component is designed to transmit the signed at least one computer program and the signed authorized metadata to the one or more industrial devices, on which the at least one computer program is to be Installed (p. 4, [0046], see “the application libraries 310 can also store certified code (e.g., for safety-related industrial applications) and secure application code that has been digitally signed to ensure authenticity”) and (p. 1, [0009], see “in one or more embodiments, the cloud-based provisioning system can download selected applications to an end user's local cloud-capable device”).
Install the at least one computer program on the one or more industrial devices according to the allowed installation context (p. 1, [0008], see “in another aspect, the industrial application provisioning system can search for or filter applications in the cloud-based library based on contextual data obtained from the client”), (p. 4, [0041], see “retrieval component 208 can retrieve the subset of industrial applications identified by the search component 206 and deliver the identified applications to the originator of the search request. This can include sending the industrial applications to the requesting client device 222 over the cloud platform, or sending only a set of indicators identifying the subset of industrial applications”) and (Abstract, see “a cloud-based industrial application provisioning system is provided. The industrial application provisioning system can reside on a cloud platform and be made available to developers and end users with access privileges to the cloud platform... the application is cataloged within an industry-specific search hierarchy... library's hierarchical catalog allows the user to search for applications according to industry type, equipment in use, automation system type, or other suitable criteria”) (emphasis added). It is noted that the only applications allowed are filtered applications, hence such filters are very much the same as such rules.
In regards to claim 29, Lawson teaches:
the cloud connectivity component and the management component are designed to interact with one another such that during the interaction, the management component also defines an allowed runtime context of the at least one computer program (p. 1, [0008], see “in another aspect, the industrial application provisioning system can search for or filter applications in the cloud-based library based on contextual data obtained from the client”), (p. 4, [0041], see “retrieval component 208 can retrieve the subset of industrial applications identified by the search component 206 and deliver the identified applications to the originator of the search request. This can include sending the industrial applications to the requesting client device 222 over the cloud platform, or sending only a set of indicators identifying the subset of industrial applications”) and (Abstract, see “a cloud-based industrial application provisioning system is provided. The industrial application provisioning system can reside on a cloud platform and be made available to developers and end users with access privileges to the cloud platform... the application is cataloged within an industry-specific search hierarchy... library's hierarchical catalog allows the user to search for applications according to industry type, equipment in use, automation system type, or other suitable criteria”) (emphasis added). It is noted that the only applications allowed are filtered applications, hence such filters are very much the same as such rules.
authorizes execution of the at least one computer program on the one or more industrial devices only within the scope of the allowed runtime context (p. 1, [0008], see “in another aspect, the industrial application provisioning system can search for or filter applications in the cloud-based library based on contextual data obtained from the client”), (p. 4, [0041], see “retrieval component 208 can retrieve the subset of industrial applications identified by the search component 206 and deliver the identified applications to the originator of the search request. This can include sending the industrial applications to the requesting client device 222 over the cloud platform, or sending only a set of indicators identifying the subset of industrial applications”) and (Abstract, see “a cloud-based industrial application provisioning system is provided. The industrial application provisioning system can reside on a cloud platform and be made available to developers and end users with access privileges to the cloud platform... the application is cataloged within an industry-specific search hierarchy... library's hierarchical catalog allows the user to search for applications according to industry type, equipment in use, automation system type, or other suitable criteria”) (emphasis added). It is noted that the only applications allowed are filtered applications, hence such filters are very much the same as such rules.
In regards to claim 30, Lawson teaches:
the first machine-executable components comprise a runtime enforcement component designed to while the at least one computer program is executed on the one or more industrial devices, enforce the at least one computer program to adhere to the allowed runtime context (p. 1, [0008], see “in another aspect, the industrial application provisioning system can search for or filter applications in the cloud-based library based on contextual data obtained from the client”), (p. 4, [0041], see “retrieval component 208 can retrieve the subset of industrial applications identified by the search component 206 and deliver the identified applications to the originator of the search request. This can include sending the industrial applications to the requesting client device 222 over the cloud platform, or sending only a set of indicators identifying the subset of industrial applications”) and (Abstract, see “a cloud-based industrial application provisioning system is provided. The industrial application provisioning system can reside on a cloud platform and be made available to developers and end users with access privileges to the cloud platform... the application is cataloged within an industry-specific search hierarchy... library's hierarchical catalog allows the user to search for applications according to industry type, equipment in use, automation system type, or other suitable criteria”) (emphasis added). It is noted that the only applications allowed are filtered applications, hence such filters are very much the same as such rules.
In regards to claim 31, Lawson doesn’t explicitly teach:
the at least one computer program is signed by a third party's private key, said cloud connectivity component being designed to verify a signature of the at least one computer program using a third party's public key.
However, Kravitz teaches such use: (p. 2, [0022], see “the security ecosystem of the disclosed invention provides many of the above mentioned capabilities through the use of a central server configured with one or more of an attribute authority (AA”) acting as a trusted third party mediating service provider by using one or more of a public key infrastructure (PKI”), including one or more of a certification authority, registration authority, hardware security module (HSM”), validation authority (VA, possibly by online certificate status protocol, OCSP, or certificate revocation list, CRL”), a privilege management infrastructure (PMI”), virtual network protocol (VPN”) technology, device-side client applications, cloud hosting, authentication and light active directory access protocol (LADP)” and (p. 5, [0049], see “the security ecosystem verifies that the IoT device client of the brake control unit provided an acceptable digital token confirming it uniquely has received the unique ID and /r public key certificate of devices to be trusted. The security ecosystem then creates a message confirming the correct key validation digitally signs it using the private key associated with the public to be trusted, and returns it to the IoT device client of the Brake Control Unit. The veracity of the signed confirmation is verified using the public key to be trusted and the confirmation is complete”).
Lawson and Kravitz are analogous art because they are from the same field of endeavor, software installation.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Lawson and Kravitz before him or her, to modify the system of Lawson to include the teachings of Kravitz, as a system for security management, and accordingly it would enhance the system of Lawson, which is focused on a system for an industrial app store, because that would provide Lawson with the ability to protecting, controlling and managing the IoT devices which are typically manufactured by third-parties, as suggested by Kravitz (p. 2, [0022], p. 8, [0069]).
In regards to claim 32, Lawson teaches:
the cloud connectivity component is designed to store the at least one computer program in the first memory (Abstract, see “a cloud-based industrial application provisioning system is provided…. Application developers can publish industrial applications to an application library on the cloud platform, where the application is cataloged within an industry-specific search hierarchy. A search engine allows a user to access the cloud platform and search for a desired industrial application”) and (p. 1, [0009], see “in one or more embodiments, the cloud-based provisioning system can download selected applications to an end user's local cloud-capable device”). Such “can publish industrial applications to an application library on the cloud platform” is very much the same as such cloud connectivity component is designed to receive and store at least one computer program.
In regards to claim 33, Lawson teaches:
a cloud agent device, said cloud connectivity component being designed as a software component that resides at the cloud agent device (Abstract, see “a cloud-based industrial application provisioning system is provided…. Application developers can publish industrial applications to an application library on the cloud platform, where the application is cataloged within an industry-specific search hierarchy. A search engine allows a user to access the cloud platform and search for a desired industrial application”) and (p. 1, [0009], see “in one or more embodiments, the cloud-based provisioning system can download selected applications to an end user's local cloud-capable device”). Such “can publish industrial applications to an application library on the cloud platform” is very much the same as such cloud connectivity component is designed to receive and store at least one computer program.
In regards to claim 35, Lawson teaches:
the management component is designed to store the allowed installation context (p. 1, [0008], see “in another aspect, the industrial application provisioning system can search for or filter applications in the cloud-based library based on contextual data obtained from the client”), (p. 4, [0041], see “retrieval component 208 can retrieve the subset of industrial applications identified by the search component 206 and deliver the identified applications to the originator of the search request. This can include sending the industrial applications to the requesting client device 222 over the cloud platform, or sending only a set of indicators identifying the subset of industrial applications”) and (Abstract, see “a cloud-based industrial application provisioning system is provided. The industrial application provisioning system can reside on a cloud platform and be made available to developers and end users with access privileges to the cloud platform... the application is cataloged within an industry-specific search hierarchy... library's hierarchical catalog allows the user to search for applications according to industry type, equipment in use, automation system type, or other suitable criteria”) (emphasis added). It is noted that the only applications allowed are filtered applications, hence such filters are very much the same as such rules.
In regards to claim 36, Lawson doesn’t explicitly teach:
the at least one computer program is signed by a third party's private key and the cloud connectivity component is designed to verify the signature of the at least one computer program using a third party's public key.
However, Kravitz teaches such use: (p. 2, [0022], see “the security ecosystem of the disclosed invention provides many of the above mentioned capabilities through the use of a central server configured with one or more of an attribute authority (AA”) acting as a trusted third party mediating service provider by using one or more of a public key infrastructure (PKI”), including one or more of a certification authority, registration authority, hardware security module (HSM”), validation authority (VA, possibly by online certificate status protocol, OCSP, or certificate revocation list, CRL”), a privilege management infrastructure (PMI”), virtual network protocol (VPN”) technology, device-side client applications, cloud hosting, authentication and light active directory access protocol (LADP)” and (p. 5, [0049], see “the security ecosystem verifies that the IoT device client of the brake control unit provided an acceptable digital token confirming it uniquely has received the unique ID and /r public key certificate of devices to be trusted. The security ecosystem then creates a message confirming the correct key validation digitally signs it using the private key associated with the public to be trusted, and returns it to the IoT device client of the Brake Control Unit. The veracity of the signed confirmation is verified using the public key to be trusted and the confirmation is complete”).
Lawson and Kravitz are analogous art because they are from the same field of endeavor, software installation.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Lawson and Kravitz before him or her, to modify the system of Lawson to include the teachings of Kravitz, as a system for security management, and accordingly it would enhance the system of Lawson, which is focused on a system for an industrial app store, because that would provide Lawson with the ability to protecting, controlling and managing the IoT devices which are typically manufactured by third-parties, as suggested by Kravitz (p. 2, [0022], p. 8, [0069]).
In regards to claim 38, Lawson teaches:
the interacting comprises (p. 3, [0036], see “client device can access the industrial application provisioning system 104 and associated cloud-based services via a cloud interface 114, which can be internal to the client device 116 or a separate cloud gateway communicatively connected to the client device 116”).
generating, by the cloud connectivity component, metadata associated with the at least one computer program and the installation on the one or more industrial devices (p. 1, [0006], see “a client interface for the provisioning system can allow the developer to associate metadata with the application that can be used by the provisioning system to categorize the application in the library for simplified searching and browsing. In some embodiments, this metadata can specify a particular industry, control system type, device, equipment type, or vendor to which the submitted application relates”) and (p. 1, [0009], see “in one or more embodiments, the cloud-based provisioning system can download selected applications to an end user's local cloud-capable device”).
receiving from the management component, by the cloud connectivity component, the signed authorized metadata (p. 4, [0046], see “the application libraries 310 can also store certified code (e.g., for safety-related industrial applications) and secure application code that has been digitally signed to ensure authenticity”) and (p. 1, [0009], see “in one or more embodiments, the cloud-based provisioning system can download selected applications to an end user's local cloud-capable device”).
Lawson doesn’t explicitly teach:
signing, by the cloud connectivity component, the metadata with a first private key.
However, Kravitz teaches such use: (p. 8, [0067], see “a first digital certificate is issued to the devices, for example, by a trusted third party, such as an attribute authority (AA”), in block 904”).
verifying, by the management component, the signed metadata using a first public key.
However, Kravitz teaches such use: (p. 5, [0049], see “the security ecosystem verifies that the IoT device client of the brake control unit provided an acceptable digital token confirming it uniquely has received the unique ID and /r public key certificate of devices to be trusted. The security ecosystem then creates a message confirming the correct key validation digitally signs it using the private key associated with the public to be trusted, and returns it to the IoT device client of the Brake Control Unit. The veracity of the signed confirmation is verified using the public key to be trusted and the confirmation is complete”).
in response to the installation request and based on the signed metadata, generating, by the management component, authorized metadata associated with the allowed installation context of the at least one computer program.
However, Kravitz teaches such use: (p. 5, [0049], see “the security ecosystem verifies that the IoT device client of the brake control unit provided an acceptable digital token confirming it uniquely has received the unique ID and /r public key certificate of devices to be trusted. The security ecosystem then creates a message confirming the correct key validation digitally signs it using the private key associated with the public to be trusted, and returns it to the IoT device client of the Brake Control Unit. The veracity of the signed confirmation is verified using the public key to be trusted and the confirmation is complete”).
signing, by the management component, the authorized metadata with a second private key.
However, Kravitz teaches such use: (p. 5, [0049], see “the security ecosystem verifies that the IoT device client of the… control unit provided an acceptable digital token confirming it uniquely has received the unique ID and /r public key certificate of devices to be trusted. The security ecosystem then creates a message confirming the correct key validation digitally signs it using the private key associated with the public to be trusted, and returns it to the IoT device client of the Brake Control Unit. The veracity of the signed confirmation is verified using the public key to be trusted and the confirmation is complete”).
transmitting, by the management component, the signed authorized metadata to the cloud connectivity component.
However, Kravitz teaches such use: (p. 5, [0049], see “the security ecosystem verifies that the IoT device client of the brake control unit provided an acceptable digital token confirming it uniquely has received the unique ID and /r public key certificate of devices to be trusted. The security ecosystem then creates a message confirming the correct key validation digitally signs it using the private key associated with the public to be trusted, and returns it to the IoT device client of the Brake Control Unit. The veracity of the signed confirmation is verified using the public key to be trusted and the confirmation is complete”).
verifying, by the cloud connectivity component, the signed authorized metadata using a second public key, and signing, by the cloud connectivity component, the at least one computer program with the second private key.
However, Kravitz teaches such use: (p. 5, [0049], see “the security ecosystem verifies that the IoT device client of the… control unit provided an acceptable digital token confirming it uniquely has received the unique ID and /r public key certificate of devices to be trusted. The security ecosystem then creates a message confirming the correct key validation digitally signs it using the private key associated with the public to be trusted, and returns it to the IoT device client of the Brake Control Unit. The veracity of the signed confirmation is verified using the public key to be trusted and the confirmation is complete”).
Lawson and Kravitz are analogous art because they are from the same field of endeavor, software installation.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Lawson and Kravitz before him or her, to modify the system of Lawson to include the teachings of Kravitz, as a system for security management, and accordingly it would enhance the system of Lawson, which is focused on a system for an industrial app store, because that would provide Lawson with the ability to protecting, controlling and managing the IoT devices which are typically manufactured by third-parties, as suggested by Kravitz (p. 2, [0022], p. 8, [0069]).
Lawson and Kravitz, in particular Lawson doesn’t explicitly teach:
sending, by the cloud connectivity component, to the management component an installation request which contains the signed metadata, receiving, by the management component, the installation request from the cloud connectivity component.
However, Carbajal teaches such use: (Abstract see “the… image is obtained via a network connection and is checked for integrity and authority to run on a particular platform”) and (column 6, lines 31-39, see “if the digital signature of the received updated request credential verifies using the Boot Object Authorization Certificate for the managed client platform, the update request is accepted. Otherwise, the update request is not accepted. The unique update token and the signed request credential combine to guard against attacks based on capturing and replaying an identical or altered update request to the same or different managed client platforms”).
Lawson, Kravitz and Carbajal are analogous art because they are from the same field of endeavor, software installation.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Lawson, Kravitz and Carbajal before him or her, to modify the system of Lawson and Kravitz, in particular Lawson to include the teachings of Carbajal, as an Interface for ensuring system boot image integrity, and accordingly it would enhance the system of Lawson, which is focused on a system for an industrial app store, to ensure integrity of a boot image by checking that the software is free from viruses or has not been tampered with before or during download as well as authenticity as suggested by Carbajal (column 6, lines 31-39, column 10, lines 53-59).
In regards to claim 39, Lawson teaches:
transmitting, by the cloud connectivity component, the signed at least one computer program and the signed authorized metadata to the one or more industrial devices, on which the at least one computer program is to be installed (p. 4, [0046], see “the application libraries 310 can also store certified code (e.g., for safety-related industrial applications) and secure application code that has been digitally signed to ensure authenticity”) and (p. 1, [0009], see “in one or more embodiments, the cloud-based provisioning system can download selected applications to an end user's local cloud-capable device”).
In regards to claim 41, Lawson teaches:
interacting, by the cloud connectivity component, with a management component such that during the interaction, the management component also defines an allowed runtime context of the at least one computer program (p. 1, [0008], see “in another aspect, the industrial application provisioning system can search for or filter applications in the cloud-based library based on contextual data obtained from the client”), (p. 4, [0041], see “retrieval component 208 can retrieve the subset of industrial applications identified by the search component 206 and deliver the identified applications to the originator of the search request. This can include sending the industrial applications to the requesting client device 222 over the cloud platform, or sending only a set of indicators identifying the subset of industrial applications”) and (Abstract, see “a cloud-based industrial application provisioning system is provided. The industrial application provisioning system can reside on a cloud platform and be made available to developers and end users with access privileges to the cloud platform... the application is cataloged within an industry-specific search hierarchy... library's hierarchical catalog allows the user to search for applications according to industry type, equipment in use, automation system type, or other suitable criteria”) (emphasis added). It is noted that the only applications allowed are filtered applications, hence such filters are very much the same as such rules.
authorizes execution of the at least one computer program on the one or more industrial devices only within the scope of the allowed runtime context (p. 1, [0008], see “in another aspect, the industrial application provisioning system can search for or filter applications in the cloud-based library based on contextual data obtained from the client”), (p. 4, [0041], see “retrieval component 208 can retrieve the subset of industrial applications identified by the search component 206 and deliver the identified applications to the originator of the search request. This can include sending the industrial applications to the requesting client device 222 over the cloud platform, or sending only a set of indicators identifying the subset of industrial applications”) and (Abstract, see “a cloud-based industrial application provisioning system is provided. The industrial application provisioning system can reside on a cloud platform and be made available to developers and end users with access privileges to the cloud platform... the application is cataloged within an industry-specific search hierarchy... library's hierarchical catalog allows the user to search for applications according to industry type, equipment in use, automation system type, or other suitable criteria”) (emphasis added). It is noted that the only applications allowed are filtered applications, hence such filters are very much the same as such rules.
In regards to claim 42, Lawson teaches:
while the at least one computer program is executed on the one or more industrial devices, forcing, by a runtime enforcement component that resides at the industrial facility, the at least one computer program to adhere to the allowed runtime context (p. 1, [0008], see “in another aspect, the industrial application provisioning system can search for or filter applications in the cloud-based library based on contextual data obtained from the client”), (p. 4, [0041], see “retrieval component 208 can retrieve the subset of industrial applications identified by the search component 206 and deliver the identified applications to the originator of the search request. This can include sending the industrial applications to the requesting client device 222 over the cloud platform, or sending only a set of indicators identifying the subset of industrial applications”) and (Abstract, see “a cloud-based industrial application provisioning system is provided. The industrial application provisioning system can reside on a cloud platform and be made available to developers and end users with access privileges to the cloud platform... the application is cataloged within an industry-specific search hierarchy... library's hierarchical catalog allows the user to search for applications according to industry type, equipment in use, automation system type, or other suitable criteria”) (emphasis added). It is noted that the only applications allowed are filtered applications, hence such filters are very much the same as such rules.
In regards to claim 43, Lawson teaches:
storing, by the management component, the allowed installation context at the cloud platform (Fig. 1, see “Cloud Platgform 102, Industrial Application Provisioning System 104”) and (p. 1, [0008], see “in another aspect, the industrial application provisioning system can search for or filter applications in the cloud-based library based on contextual data obtained from the client”) (emphasis added).
In regards to claim 44, Lawson teaches:
storing, by the management component, the allowed runtime context or the allowed installation context, or both, at the cloud platform (p. 1, [0008], see “in another aspect, the industrial application provisioning system can search for or filter applications in the cloud-based library based on contextual data obtained from the client”), (p. 4, [0041], see “retrieval component 208 can retrieve the subset of industrial applications identified by the search component 206 and deliver the identified applications to the originator of the search request. This can include sending the industrial applications to the requesting client device 222 over the cloud platform, or sending only a set of indicators identifying the subset of industrial applications”) and (Abstract, see “a cloud-based industrial application provisioning system is provided. The industrial application provisioning system can reside on a cloud platform and be made available to developers and end users with access privileges to the cloud platform... the application is cataloged within an industry-specific search hierarchy... library's hierarchical catalog allows the user to search for applications according to industry type, equipment in use, automation system type, or other suitable criteria”) (emphasis added). It is noted that the only applications allowed are filtered applications, hence such filters are very much the same as such rules.
In regards to claim 45, Lawson doesn’t explicitly teach:
signing, by a third party's component that resides neither at the industrial facility nor at the cloud platform, the at least one computer program with a third party's private key, verifying, by the cloud connectivity component, the signature of the at least one computer program using a third party's public key.
However, Kravitz teaches such use: (p. 2, [0022], see “the security ecosystem of the disclosed invention provides many of the above mentioned capabilities through the use of a central server configured with one or more of an attribute authority (AA”) acting as a trusted third party mediating service provider by using one or more of a public key infrastructure (PKI”), including one or more of a certification authority, registration authority, hardware security module (HSM”), validation authority (VA, possibly by online certificate status protocol, OCSP, or certificate revocation list, CRL”), a privilege management infrastructure (PMI”), virtual network protocol (VPN”) technology, device-side client applications, cloud hosting, authentication and light active directory access protocol (LADP)” and (p. 5, [0049], see “the security ecosystem verifies that the IoT device client of the brake control unit provided an acceptable digital token confirming it uniquely has received the unique ID and /r public key certificate of devices to be trusted. The security ecosystem then creates a message confirming the correct key validation digitally signs it using the private key associated with the public to be trusted, and returns it to the IoT device client of the Brake Control Unit. The veracity of the signed confirmation is verified using the public key to be trusted and the confirmation is complete”).
Lawson and Kravitz are analogous art because they are from the same field of endeavor, software installation.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Lawson and Kravitz before him or her, to modify the system of Lawson to include the teachings of Kravitz, as a system for security management, and accordingly it would enhance the system of Lawson, which is focused on a system for an industrial app store, because that would provide Lawson with the ability to protecting, controlling and managing the IoT devices which are typically manufactured by third-parties, as suggested by Kravitz (p. 2, [0022], p. 8, [0069]).
12. Claim 34 is rejected under 35 U.S.C. 103 as being unpatentable over Lawson in view of Lawson et al., US 20130211546 (hereinafter Lawson2)
In regards to claim 24, the rejections above are incorporated respectively.
In regards to claim 34, Lawson doesn’t explicitly teach:
the cloud agent device comprises a non-volatile memory designed to store the at least one computer program.
However, Lawson2 teaches such use: (Fig. 2, see Cloud-aware smart device 202, Cloud Interface component 212, Memory 218), (Abstract, see “a cloud-aware smart device that facilitates automated configuration and integration of the device within an automation system is provided. Upon installation within the automation system, the smart device determines its geographical location, identifies other devices on the system, and determines its role within the system. The smart device then establishes communication with a cloud platform running one or more cloud-based applications or services and sends a device profile containing the gathered information to the cloud platform. The device profile can be used to automatically configure the device for operation within the system or to add the smart device to an existing cloud-based application”) and (p. 13, [0106], see the system memory 1516 includes volatile memory 1520 and nonvolatile memory 1522... By way of illustration, and not limitation, nonvolatile “memory 1522 can include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable PROM (EEPROM), or flash memory”).
Lawson and Lawson2 are analogous art because they are from the same field of endeavor, software installation.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Lawson and Lawson2 before him or her, to modify the system of Lawson to include the teachings of Lawson2, as a smart device for industrial automation, and accordingly it would enhance the system of Lawson, which is focused on a system for an industrial app store, because that would provide Lawson with the ability to send identification and configuration information to the cloud platform to facilitate simplified and automated integration with the larger system as suggested by Lawson2 (p. 13, [0106], p. 14, [0115]).
13. Claims 28 and 40 are rejected under 35 U.S.C. 103 as being unpatentable over Lawson in view of Kravitz et al., US 20170279620 (hereinafter Kravitz) in view of Carbajal in view of Oh et al., U.S. Patent No. 10,872,155 (hereinafter Oh).
In regards to claims 24, 26, 37 and 38 the rejections above are incorporated accordingly.
In regards to claim 28, Lawson, Kravitz and Carbajal, in particular Lawson doesn’t explicitly teach:
the first machine-executable components comprise a deployment component designed to verify the signed at least one computer program and the signed authorized metadata using the second public key.
However, Oh teaches such use: (column 20, lines 43-54, see “if the second signature SIG2 is successfully verified, operation S850 is performed. In operation S850, the update manager 31_1 may verify the third signature SIG3 of the third certificate element CER3 of the signed firmware image S_FIMG, by using the second public keys PUBK2 included in the second certificate element CER2 of the signed firmware image S_FIMG”).
Lawson, Kravitz, Carbajal and Oh are analogous art because they are from the same field of endeavor, software installation.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Lawson, Kravitz, Carbajal and Oh before him or her, to modify the system of Lawson, , Kravitz and Carbajal, in particular Lawson to include the teachings of Oh, as a system for managing firmware, and accordingly it would enhance the system of Lawson, which is focused on a system for an industrial app store, because that would provide Lawson with the ability to increase security when a firmware image is encrypted by using a hardware security module, as suggested by Oh (column 20, lines 43-54, column 21, lines 25-29).
In regards to claim 40, Lawson teaches:
installing and executing, by the deployment component, the at least one computer program on the one or more industrial devices according to the allowed installation context (p. 1, [0008], see “in another aspect, the industrial application provisioning system can search for or filter applications in the cloud-based library based on contextual data obtained from the client”), (p. 4, [0041], see “retrieval component 208 can retrieve the subset of industrial applications identified by the search component 206 and deliver the identified applications to the originator of the search request. This can include sending the industrial applications to the requesting client device 222 over the cloud platform, or sending only a set of indicators identifying the subset of industrial applications”) and (Abstract, see “a cloud-based industrial application provisioning system is provided. The industrial application provisioning system can reside on a cloud platform and be made available to developers and end users with access privileges to the cloud platform... the application is cataloged within an industry-specific search hierarchy... library's hierarchical catalog allows the user to search for applications according to industry type, equipment in use, automation system type, or other suitable criteria”) (emphasis added). It is noted that the only applications allowed are filtered applications, hence such filters are very much the same as such rules.
Lawson, Kravitz and Carbajal, in particular Lawson doesn’t explicitly teach:
verifying, by a deployment component that resides at the industrial facility, the signed at least one computer program and the signed authorized metadata using the second public key.
However, Oh teaches such use: (column 20, lines 43-54, see “if the second signature SIG2 is successfully verified, operation S850 is performed. In operation S850, the update manager 31_1 may verify the third signature SIG3 of the third certificate element CER3 of the signed firmware image S_FIMG, by using the second public keys PUBK2 included in the second certificate element CER2 of the signed firmware image S_FIMG”).
Lawson, Kravitz, Carbajal and Oh are analogous art because they are from the same field of endeavor, software installation.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Lawson, Kravitz, Carbajal and Oh before him or her, to modify the system of Lawson, , Kravitz and Carbajal, in particular Lawson to include the teachings of Oh, as a system for managing firmware, and accordingly it would enhance the system of Lawson, which is focused on a system for an industrial app store, because that would provide Lawson with the ability to increase security when a firmware image is encrypted by using a hardware security module, as suggested by Oh (column 20, lines 43-54, column 21, lines 25-29).
Conclusion
14. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US Patent Application Publications
Shah 20230393555 teaches A cloud-based edge-as-as-service (EaaS) system allows edge gateways to be easily configured and deployed on the cloud for collection, contextualization, and egress of industrial data to downstream applications, including analytic applications, work order management systems, or visualization systems. The EaaS system uses predefined device profiles to automatically discover relevant data items on plant floor devices and present these data items to a user.
Wu 20240118668 teaches a method is provided for customizing orchestration of an industrial system infrastructure. The method includes receiving hardware user selections defining a plurality of hardware components of the industrial system infrastructure as a complete system, receiving application user selections defining applications to be deployed on the plurality of hardware components, receiving policy user selections defining rules for deployment of the plurality of hardware components and applications, and causing generation of logic that defines a plan for deployment of the applications on the plurality of hardware components in compliance with the rules for deployment.
15. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Evral Bodden whose telephone number is 571-272-3455. The examiner can normally be reached on Monday to Friday from 9am to 5pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Cha Do, can be reached at telephone number 571-272-3721. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from Patent Center and the Private Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from Patent Center or Private PAIR. Status information for unpublished applications is available through Patent Center and Private PAIR to authorized users only. Should you have questions about access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) Form at https://www.uspto.gov/patents/uspto-automatedinterview-request-air-form.
/EVRAL E BODDEN/Primary Examiner, Art Unit 2193