DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after allowance or after an Office action under Ex Parte Quayle, 25 USPQ 74, 453 O.G. 213 (Comm'r Pat. 1935). Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, prosecution in this application has been reopened pursuant to 37 CFR 1.114. Applicant's submission filed on 03/23/2026 has been entered.
Response to Amendment
This action is in response to the communications and remarks filed on 02/16/2026. Claims 1, 12, 16, and 21 have been amended. Claims 6-7 and 17-20 have been cancelled. Claims 1-5, 8-16, and 21-25 have been examined and are pending.
Response to Arguments
Applicant’s Amendments necessitated anew ground of rejection; accordingly, Applicant’s arguments see pages 7-14 of remarks, filed 02/16/2026, with respect to amended independent claims 1 and 11 (Muddu) have been considered but are moot in view of the new ground of 102 rejection (Canedo) applied below.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claim(s) 1, 5, 12, and 21-25 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Canedo et al, hereinafter (“Canedo”), US PG Publication 20170034205 A1.
Regarding currently amended claims 1, 12 and 21, Canedo teaches a method comprising; and an apparatus comprising memory and one or more processors communicatively coupled to the memory, the one or more processors configured to perform operations comprising:
accessing performance data fromCanedo ¶0024 plurality of sensors 120 configured to sense behaviors associated with at least one hardware component 110; where sensors may include both: at least one controller sensor 122 and at least one side-channel sensor 124. The controller sensor 122 configured to detect and communicate measurements]
generating a set of production metrics associated with the physical component by analyzing the performance data, wherein the set of production metrics comprises at least one of a product throughput, a product volume, a process volume, or a product quality; [Canedo ¶0041 controller sensors gather measurements (such as for temperature, motion, pressure, flow rate, acceleration, vibration or other physical properties). Hence, Examiner interprets measurements described: …flow rate, acceleration, etc. as analogous to a production metric; for example a product throughput. ]
identifying, using cyber event data, a cyber event impacting the physical component of the processing system, the cyber event being associated with an operation of the physical component;[Canedo ¶0041 the controller 102 may be leveraged by the monitor system 112 to identify anomalies that may be associated with cyber-attacks. ¶0042 the monitor system may be configured to detect a possible cyberattack on the temperature sensor and/or the controller.]
determining a cyber-physical relationship between the set of production metrics and the cyber event by correlating the set of production metrics and the cyber event, wherein the correlation comprises determining whether the cyber event is associated with a physical change in operation of the physical component, the physical change being reflected in at least one of the set of production metrics, [Canedo ¶0031 sensors 120 may be configured to sense physical information associated with the hardware components (i.e., measurements of the hardware components themselves and/or of the process or system that is controlled via the hardware components). ¶¶0032-0034 monitor system may create fingerprints 150 that correspond to time-based behavior signatures from the sensor measurements and compare such created fingerprints to predetermined and classified fingerprints 152 (e.g., classified as wear related, failure related, normal activity, possible cyberattack and/or other behavior classifications for the particular hardware components and/or process being measured).], wherein the cyber-physical relationship is indicative of a physical change associated with the physical component that is caused by the cyber event; [Canedo ¶0034 the notification may include subject matter; physical behavior of the motor is not associated to wear and tear observed for the last two days with an average of 60 rpm”] and
performing one or more actions based on the cyber-physical relationship. [Canedo ¶0035 if such parameter(s) have been changed due to unauthorized user/cyberattack, a corrective actions may be taken to repair]
Regarding claim 5, the combination of Canedo and Muddu teach claim 1 as described above.
Canedo teaches further comprising outputting data for secondary analysis using external systems [Canedo ¶0023 a segregated monitor system includes one second processor 114].
Regarding claim 22, Canedo teaches claim 1 as described above.
Canedo teaches the physical change comprises at least one of a through-put change, a process volume change, a flow rate change, or a temperature change. [Canedo See ¶¶0031-0034]
Regarding claim 23, the combination of Canedo and Muddu teach claim 1 as described above.
Canedo teaches wherein the one or more actions comprises: causing a firewall level of a firewall between the physical component and a second physical component to be increased. [Canedo ¶0016 cybersecurity systems 144 including firewalls and antivirus software may be employed to detect and deter cyberattacks.]
Regarding claim 24, the combination of Canedo and Muddu teach claim 1 as described above.
Canedo teaches wherein the one or more actions comprises: causing a connection between the physical component and a second physical component to be terminated. [Canedo ¶0035 corrective actions may be taken to stop any ongoing malicious activity]
Regarding new claim 25, Canedo teaches claim 1 as described above.
Canedo teaches wherein the physical component comprises an actuator. [Canedo ¶0021and actuators]
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 2-4 and 8-10 are rejected under 35 U.S.C. 103 as being unpatentable over Canedo et al, hereinafter (“Canedo”), US PG Publication 20170034205 A1, in view of Muddu et al, hereinafter (“Muddu”), US PG Publication 20170063888 A1.
Regarding claim 2, Canedo teaches claim 1 as described above.
However, Canedo fails to explicitly teach but Muddu teaches wherein at least one of the set of production metrics or the cyber event data is contextually enriched using one or more of a security information and event management platform, asset inventory tools, geolocation tools, third party threat intelligence databases, software components of a distributed control system, or machine learning algorithms[Muddu ¶0135 SIEM. ¶¶0159-0160 FIG. 3 shows a high-level conceptual view of the processing within security platform 102 enrichment/enriched event data]
Canedo teach all the features of claim 1 not wherein at least one of the set of production metrics or the cyber event data is contextually enriched using one or more of a security information and event management platform, asset inventory tools, geolocation tools, third party threat intelligence databases, software components of a distributed control system, or machine learning algorithms. Muddu teaches malware communications detection. Because both Canedo and Muddu are from the same field of endeavor of monitoring or testing data switching networks, it would have been obvious to one skilled in the art before the effective filing date of the claimed invention was made to use a SIEM platform to obtain contextually enriched production metrics [Muddu ¶0135]
Regarding claim 3, the combination of Canedo and Muddu teach claim 2 as described above.
However, Canedo fails to explicitly teach but Muddu teaches wherein the contextual enrichment comprises accessing additional performance data for a set of physical component class and comparing the additional performance data with a class of cyber event. [Muddu ¶¶0250-0251 object-oriented classes can be stored in a library; for example, Java™ class loader].
Canedo teach all the features of claim 1 not wherein the contextual enrichment comprises accessing additional performance data for a set of physical component class and comparing the additional performance data with a class of cyber event. Muddu teaches malware communications detection. Because both Canedo and Muddu are from the same field of endeavor of monitoring or testing data switching networks, it would have been obvious to one skilled in the art before the effective filing date of the claimed invention was made to use a SIEM platform to obtain contextually enriched production metrics [Muddu ¶0135]
Regarding claim 4, the combination of Canedo and Muddu teach claim 2 as described above.
However, Canedo fails to explicitly teach but Muddu teaches further comprising normalizing the cyber-physical relationship to a common cyber-physical relationship model. [Muddu ¶¶0430-04310 composite relationship graphs, machine learning models are for data from a common projection range and corresponding to a common time range].
Canedo teach all the features of claim 1 not further comprising normalizing the cyber-physical relationship to a common cyber-physical relationship model. Muddu teaches malware communications detection. Because both Canedo and Muddu are from the same field of endeavor of monitoring or testing data switching networks, it would have been obvious to one skilled in the art before the effective filing date of the claimed invention was made to use a SIEM platform to obtain contextually enriched production metrics [Muddu ¶0135]
Regarding claim 8, the combination of Canedo and Muddu teach claim 4 as described above.
However, Canedo fails to explicitly teach but Muddu teaches wherein the cyber event data is collected from network infrastructure associated with the processing system using pre-existing event logging mechanisms [Muddu ¶¶0261 and 0263 session tracking implemented in the data intake and preparation stage; a process thread starts to automatically look for any preexisting session in the session database that can be linked with the information...¶0571 the machine learning model 6300 can identify the usage relationships 6330 as login events indicative of the users logging into the network devices]
Canedo teach all the features of claim 1 not wherein the cyber event data is collected from network infrastructure associated with the processing system using pre-existing event logging mechanisms. Muddu teaches malware communications detection. Because both Canedo and Muddu are from the same field of endeavor of monitoring or testing data switching networks, it would have been obvious to one skilled in the art before the effective filing date of the claimed invention was made to use a SIEM platform to obtain contextually enriched production metrics [Muddu ¶0135]
Regarding claim 9, the combination of Canedo and Muddu teach claim 8 as described above.
However, Canedo fails to explicitly teach but Muddu teaches wherein the cyber event data: comprises one or more items of data indicative of at least one of an illicit access including installation of malware and illicit control of processing equipment, an attempted identification of a missing or outdated antivirus software missing or outdated antivirus software, misconfigured security setting, a misconfigured firewall, or an illicit change. [Muddu ¶0137 behavioral analytics techniques introduced here enable the security platform to detect advanced, hidden and insider threats]
Canedo teach all the features of claim 1 not wherein the cyber event data: comprises one or more items of data indicative of at least one of an illicit access including installation of malware and illicit control of processing equipment, an attempted identification of a missing or outdated antivirus software missing or outdated antivirus software, misconfigured security setting, a misconfigured firewall, or an illicit change. Muddu teaches malware communications detection. Because both Canedo and Muddu are from the same field of endeavor of monitoring or testing data switching networks, it would have been obvious to one skilled in the art before the effective filing date of the claimed invention was made to use a SIEM platform to obtain contextually enriched production metrics [Muddu ¶0135]
Regarding claim 10, the combination of Canedo and Muddu teach claim 4 as described above.
Canedo teaches further comprising identifying cyber-physical threats based on the performance data and the cyber event data [Canedo See ¶¶0031-0034 and 0039-0044].
Claim(s) 11 is rejected under 35 U.S.C. 103 as being unpatentable over Canedo et al, hereinafter (“Canedo”), US PG Publication 20170034205 A1, in view of in view Muddu et al, hereinafter (“Muddu”), US PG Publication (20170063888 A1), Cella et al, hereinafter (“Cella”), US PG Publication (20210133670 A1).
Regarding currently amended claim 11, the combination of Canedo and Muddu teach claim 10 as described above.
However, the combination of Canedo and Muddu fail to explicitly teach but Cella teaches further comprising diagnosing a cyber-physical event based on an identified cyber-physical threat and real-time data collected from a digital twin of the physical component of the processing system. [Cella et al 20210133670 A1 ¶0441 Platform 604 include, integrate, integrate with, manage, control, coordinate with a wide variety of digital twins 1700. Each of these may have characteristics of digital twins described throughout this disclosure, such as mirroring or reflecting changes in states of associated physical objects …enabling simulations, providing indications of status, and many others.].
The combination of Canedo and Muddu teach all the features of claim 11 not further comprising diagnosing a cyber-physical event based on an identified cyber-physical threat and real-time data collected from a digital twin of the physical component of the processing system. Cella teaches machine learning/artificial intelligence managing sensor and the camera feeds into digital twin of Cella. Because Muddu, Canedo and Cella teach cyber-physical events and cyber-physical threats, it would have been obvious to one skilled in the art before the effective filing date of the claimed invention was made to use the IMPACT platform to incorporating a value chain network management platform to correlate characteristics and events with a collection of performance and event data [Cella ¶¶0362 0364 and 0366]
Claim(s) 12 and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Canedo et al, hereinafter (“Canedo”), US PG Publication 20170034205 A1, in view, Khalili et al, hereinafter (“Khalili”), US PG Publication (20130055404 A1).
Regarding currently amended claim 12, Canedo teaches a method of assessing cyber-physical risk comprising:
accessing performance data from
generating a set of production metrics associated with the physical component by analyzing the performance data;[Canedo See claim 1]
identifying, using cyber event data, a cyber event impacting the physical component of the processing system;[Canedo See claim 1]
determining a cyber-physical relationship between the set of production metrics and the cyber event by correlating the set of production metrics and the cyber event, wherein the cyber- physical relationship is indicative of a physical change associated with the physical component that is caused by the cyber event;[Canedo See claim 1]
identifying a cyber-physical]
determining a likelihood of a cyber-physical incident based on the identified cyber- physical threat;[Canedo See claim 1]
However, Canedo fails to explicitly teach but Muddu teaches generating a digital object model of the physical component of the processing system;¶0138 generated security-related information can then be sent to a security information and event management (SIEM) application, such as the Splunk® App for Enterprise Security. Examiner broadly interpreted that it is well known in the art that virtualization inherent in SIEM management applications and platforms; as such analogous to a digital object model being a virtual representation spanning the life cycle of the physical asset (specification 0008).]
Canedo teaches all the features of claim 12 not performing, using the digital object model, a simulation to predict a failure event associated with the physical component of the processing system; measuring a simulated physical consequence of the failure event; generating a cyber-physical event risk by comparing the physical consequences of the failure event with the likelihood of a cyber-physical incident; and performing one or more actions based on the cyber-physical event risk. Muddu teaches malware communication detection. Because Canedo and Muddu are from the same endeavor of vulnerability analysis, it would have been obvious to one skilled in the art before the effective filing date of the claimed invention was made to use SPLUNK Apps taught by Khalili to generate a DOM [Muddu ¶0138].
While Muddu teaches a cyber-physical [Muddu et al 20170063888 A1 ¶0135 security-related anomaly and threat detection. See ¶¶0193-0194, 0202, 0206-0207, and 0214-0215]; however, the combination of Canedo and Muddu fail to explicitly teach performing, using the digital object model, a simulation to predict a failure event associated with the physical component of the processing system; [Khalili 20130055404 A1 ¶0012 IMPACT provides Level III is prediction. ¶0041 IMPACT may perform two types of analyses, a network analysis and a business analysis; the network analysis simulates an attack on the IT infrastructure, and identifies its weak and tactically significant points.]
measuring a simulated physical consequence of the failure event; [Khalili 20130055404 A1 ¶0018 IMPACT simulates penetration testing in its network model to identify vulnerabilities. ¶0038 correlation model 130 may be used in the business analysis algorithm 125 to check which business resources and procedures are affected by cyber attacks or other IT failures]
generating a cyber-physical event risk by comparing the physical consequences of the failure event with the likelihood of a cyber-physical incident; [Khalili 20130055404 A1 ¶¶0041-0046 Both models may assess the risk of a current cyber attack to the organization's mission, by first finding the vulnerabilities the attacker may exploit in the network model 110, and then assessing the impact of their unavailability in the business model 120. The analysis is to check reachable IT resources, gather their configurations and vulnerabilities, and compare them to currently available tools (e.g., exploits or other capabilities), and determine whether all the requirements to exploit a particular vulnerability exist.] and
performing one or more actions based on the cyber-physical event risk.[Khalili 20130055404 A1 ¶¶0058-0059 as a result of analyses described above, an organization gains cyber awareness and may be applied as a planning tool ahead of any incidents or in situ as a decision aid ¶0066 decision aid to evaluate potential action under an attack.]
The combination of Canedo and Muddu teach all the features of claim 12 not performing, using the digital object model, a simulation to predict a failure event associated with the physical component of the processing system; measuring a simulated physical consequence of the failure event; generating a cyber-physical event risk by comparing the physical consequences of the failure event with the likelihood of a cyber-physical incident; and performing one or more actions based on the cyber-physical event risk. Khalili teaches a system and method For providing impact modeling and prediction of attacks on cyber targets. Because Muddu, Canedo and Khalil are from the same endeavor of vulnerability analysis, it would have been obvious to one skilled in the art before the effective filing date of the claimed invention was made to use the IMPACT platform to perform simulations to identify vulnerabilities and assess risks of cyber attacks taught by Khalili to improve cyber situational awareness and mission assurance by connecting information on cyber assets with their role in an organization's mission, in the same manner set forth in Khalili [Khalili ¶¶0005 and 0012].
Regarding currently amended claim 15, the combination of Muddu, Canedo, and Khalili teach claim 12 as described above.
Muddu teaches wherein accessing the performance data includes collecting data related to performance metrics, operational alarms, and process control events in the processing system. [Muddu et al 20170063888 A1 ¶0171 operator feedback information (e.g. whether an alarm is accurate or false). ¶0645 determine whether they are a threat and raise an alarm if they are one].
Regarding claim 16, the combination of Muddu, Canedo, and Khalili teach claim 12 as described above.
Muddu teaches wherein at least one of the set of production metrics or the cyber event data is contextually enriched using one or more of a security information and event management platform, , asset inventory tools, geolocation tools, third party threat intelligence databases, software components of a distributed control system, or machine learning algorithms [Muddu et al 20170063888 A1 ¶¶0159-0160 Pre-processing within security platform 102 as shown in Fig. 2 by adding data and/or metadata to the event data (…enrichment or annotation herein); enriched event data from the ETL block 204 is then provided to a real-time analyzer 210 over a real-time processing path 212 for detecting anomalies, threat indicators and threats.].
Claim(s) 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over Canedo et al, hereinafter (“Canedo”), US PG Publication 20170034205 A1, in view, Khalili et al, hereinafter (“Khalili”), US PG Publication (20130055404 A1), in view of Maury et al, hereinafter (“Maury”), US PG Publication (20220019204 A1).
Regarding claim 13, the combination of Canedo and Khalili teach claim 12 as described above.
However, the combination of Canedo and Khalili fail to explicitly teach but Maury teaches wherein one or more of the model is a virtual representation of the physical component component component. [Maury ¶¶0025 0037 and 0043 The manufacturing lifecycle is becoming shorter due to by the use of advanced engineering and design methods in conjunction with virtual manufacturing techniques to simulate workflows and quality control; rapidly emerging to enable the ratification of intelligent objects that can take form in hardware and software. Using proven and certified methods to ratify the digital objects; where manufacturing and assembly machinery collect data from components to be analyzed in real-time and compared to historical data].
The combination of Canedo and Khalili teach all the features of claim 13 not wherein one or more of the digital object model is a virtual representation of the physical component that spans a lifecycle of the physical component and is updated from real-time data collected at the physical component. Maury teaches an intelligent data object model for distributed product manufacturing, assembly and facility infrastructure. Because Maury provides a systems digital imprint and assembly work processes where digital characterization and object data model captures all facility element infrastructure with detailed build measurements, manufacturing and assembly configurations (features, options), it would have been obvious to one skilled in the art before the effective filing date of the claimed invention obvious to try a manufacturing model and lifecycle that enables new scalable techniques to virtualize distributed manufacturing and assembly facilities [Maury ¶¶0025].
Regarding currently amended claim 14, the combination of Canedo, Khalili and Maury teach claim 13 as described above.
However, the combination of Canedo, and Khalili fail to explicitly teach but Maury teaches wherein the simulated physical consequence of the failure event is measured in real time based on the real-time data collected at the physical component Maury ¶0043… in the area of predictive failure analysis. Manufacturing and assembly machinery have operating ranges, data collected from these components is analyzed in real-time and compared to historical data captured on the edge].
The combination of Muddu, Canedo, and Khalili teach all the features of claim 13 not wherein the simulated physical consequence of the failure event is measured in real time based on the real-time data collected at the physical component .
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Datta Ray et al 9628501 B2 teaches Pervasive, domain and situational-aware, adaptive, automated, and coordinated analysis and control of enterprise-wide computers, networks, and applications for mitigation of business and operational risks and enhancement of cyber security.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAKINAH WHITE-TAYLOR whose telephone number is (571)270-0682. The examiner can normally be reached Monday-Friday, 10:45a-6:45p.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, CATHERINE THIAW can be reached at 571-270-1138. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
SAKINAH WHITE-TAYLOR
Primary Examiner
Art Unit 2407
/Sakinah White-Taylor/Primary Examiner, Art Unit 2407
Prosecution Insights