DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendments
This is a Final office action in response to applicant’s amendment filed on 1/16/2026.
Claims 1-2, 5-6, 8-10 are amended. Claims 3-4, 7 are cancelled. Claims 11-18 are added. Claims 1-2, 5-6, 8-18 are pending and considered.
The objection to Drawings has been withdrawn in lights of applicant’s submitted Replacement Sheet on 1/16/2026.
The objection to Specification has been withdrawn in lights of applicant’s submitted Specification on 1/16/2026.
The objections to claims 1-2, 4-8, 10 due to informalities has been withdrawn in light of applicant’s amendment to the claims and cancellation of claims 4, 7. See updated Claim Objections below.
The rejections of claims 1-8 under 35 USC 112(b) as being indefinite has been withdrawn in light of applicant’s amendment to the claims and cancellation of claims 3-4, 7.
The rejection of claim 10 under 35 USC 101 as being directed to non-statutory subject matter has been withdrawn in light of applicant’s amendment to the claim.
Response to Arguments
Applicant’s argument, see pages 15-18 of the Remarks filed 1/16/2026 with respect to claims rejected under 35 USC 102/103 over prior arts of record has been fully considered. Examiner acknowledges applicant has amended independent claims 1, 9-10, respectively. However, examiner asserts applicant’s amendment fails to overcome Ginter. See the updated Claims Rejections below.
Applicant is encouraged to include innovative features into the independent claims to advance the case.
Claim Objections
Claims 8, 14, 17-18 are objected to because of following informalities:
Claim 8 line 3, “transmit all or a part of received commands” may read “transmit all or a part of received commands from the server”.
Similarly, for claim 14 line 2; claim 18 line 3.
Claim 17 line 5, claim 18 line 3 each recites “a control target”. It appears applicant may intend to recite “the control target”.
Appropriate correction is suggested.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 2, 15 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 2 line 8, recite “the external network”. There is insufficient antecedent basis for this limitation in the claim.
Similarly claim 15 line 6.
Examiner Notes
Examiner cites particular paragraphs, columns and line numbers in the references as applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant fully consider the references in entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the examiner.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1-2, 5-6, 9-13 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Ginter et al (US20050015624A1-IDS, hereinafter, “Ginter”).
Regarding claim 1, Ginter teaches:
An information processing equipment in an edge connected to a server via a network, the edge being connected to a control target and a sensor (Ginter, discloses techniques of monitoring performance, security and health of a system used in an industrial application with threat thermostat controller determining a threat level used to control connectivity of a network used in the industrial application, see [Abstract]. e.g., Fig. 3, Controller 122, Device Sensors 130 and Watch Server 50, etc (i.e., information processing equipment in an edge). Examiner further notes, the claim recites “server” without specifying where the “server” is in the network and how the “server” is related to the information processing equipment), comprising:
a subprogram storage memory configured to store a first subprogram for storing
sensor data from the sensor into a memory and for transmitting an instruction to the
control target without a command from the server ([0065] The agents 132a-132d report information about the system upon which they are executing to another system, such as the Watch server 50. The different types of agents that may be included in an embodiment, as well as a particular architecture of each of the agents, are described in more detail elsewhere herein. In addition to each of the agents reporting information to the Watch server 50, other data gathering components may include an SNMP component, such as 112a-112c (i.e., subprogram storage memory), which also interact and report data to the Watch server 50. Each of the SNMP components may be used in gathering data about the different network devices upon which the SNMP component resides. Examiner further notes, the claim recites “server” but does not specify what the “server” does except does not);
an anomaly detector configured to detect an anomaly state of the edge according
to a certain rule from a communication situation of the network (e.g., [0063] The Watch server 50 may be used in connection with monitoring, detecting, and when appropriate, notifying a user in accordance with particular conditions detected. The Watch server 50 may include a Watch module which is included in an appliance. And refer to Fig. 4A, [0151] An embodiment of the threat thermostat controller 218 may automatically determine a firewall rule set and threat indicator 410 in accordance with one or more inputs 402, 406 and/or 408 and 220. Inputs 402, 404, 406 and 408 may be characterized as selection input which provides for selection of one of the firewall settings from 220. As an output, the threat thermostat controller 218 may automatically send the selected firewall settings from 220 and a threat indicator level as a signal or signals 410. Inputs 402 may come from external data sources with respect to the industrial network 14);
a network connection/disconnection part configured to disconnect a communication with the network when the anomaly detector detects the anomaly state of the edge; a response part configured to instruct execution of the first subprogram when the network connection/disconnection part disconnects the communication with the network ([0007] A firewall configuration associated with a highest threat level indicator may provide for disconnecting said network from all other less-trusted networks. The disconnecting may include physically disconnecting said network from other networks. And [0139] Actions taken in response to a threat level indicator produced by the threat thermostat controller 218 may include physically disconnecting the industrial network 14 from all other external connections. And [0153] The threat thermostat controller 218 may also produce an output signal 411 used in connection with automatically controlling the operation of a connecting/ disconnecting the industrial network from the corporate network in accordance with the threat indicator); and
a subprogram execution part configured to execute the first subprogram (e.g., [0008] A firewall configuration associated with a highest threat level indicator may provide for disconnecting said network from all other less-trusted networks. The code that disconnects may include physically disconnecting said network from other networks. And [0140] In the event that the highest or third level of threat is determined by the threat thermostat controller 218, what may be characterized as an air gap response may be triggered leaving all less trusted networks physically disconnected until the threat(s) have been addressed).
Regarding claim 9, claim 9 is a method claim that encompasses limitations similar to those limitations of the information processing equipment of claim 1. Therefore, claim 9 is rejected with the same rationale as applied against claim 1. In addition, Ginter teaches an information processing method for an edge connected to a server via a network, the edge being connected to a control target and a sensor (Ginter, discloses techniques of monitoring performance, security and health of a system used in an industrial application with threat thermostat controller determining a threat level used to control connectivity of a network used in the industrial application, see [Abstract]. e.g., Fig. 3, Controller 122, Device Sensors 130 and Watch Server 50, etc (i.e., information processing equipment in an edge)).
Regarding claim 10, claim 10 is a computer-readable recording medium claim that encompasses limitations similar to those limitations of the information processing equipment of claim 1. Therefore, claim 10 is rejected with the same rationale as applied against claim 1. In addition, Ginter teaches A non-transitory computer-readable recording medium (Ginter, discloses techniques of monitoring performance, security and health of a system used in an industrial application with threat thermostat controller determining a threat level used to control connectivity of a network used in the industrial application, see [Abstract]. e.g., Fig. 3, Controller 122, Device Sensors 130 and Watch Server 50, etc (i.e., information processing equipment in an edge). And [Claim 13] computer program product).
Regarding claim 2, similarly claim 11, claim 15, Ginter teaches the information processing equipment of claim 1, the information processing method of claim 9, the non-transitory computer-readable recording medium of claim 10,
Ginter further teaches: further comprising: a recovery detector configured to detect recovery from the anomaly state of the edge to a normal state of the edge according to the certain rule from the communication situation of the network ([0008] The code that disconnects may include physically disconnecting said network from other networks. The network may be reconnected to said less trusted networks when a current threat level is a level other than said highest threat level indicator. And Refer to Fig. 10, and [0251] With reference to line 658, in the event that the system is in the second level of alarm and acknowledgement of this alarm has been received, when the input value or range drops to the normal range between 0 and 100, the level of the current state decreases to level 1 and the alarm condition is cleared (i.e., recovery, which means perform process of clear alarm), wherein the subprogram storage memory is further configured to store a second subprogram for reading the sensor data from the memory and for transmitting the read sensor data to the external network; the network connection/disconnection part is further configured to reopen the communication with the network when the recovery detector detects the recovery; the response part is further configured to instruct execution of the second subprogram when the network connection/disconnection part reopens the communication with the network; and the subprogram execution part is further configured to execute the second subprogram (See the teachings of Ginter shown in claim 1. The claim lists (sub)programs, procedures that performs those actions similar as in claim 1. In this case, “reopen” is interpreted as reconnect).
Regarding claim 5, similarly claim 12, claim 16, Ginter teaches the information processing equipment of claim 2, the information processing method of claim 11, the non-transitory computer-readable recording medium of claim 15,
Ginter further teaches: wherein the network connection/disconnection part is further configured to: activate an operation to pass a certain packet alone when the anomaly detector
detects the anomaly state of the edge; and deactivate the operation to pass the certain packet alone when the recovery detector detects the recovery (e.g., [0140] When the threat level as generated or determined by the threat thermostat controller 218 increases, the second set of firewall rule settings from 220 may be used which provide for a more restrictive flow of communication with a critical network such as the industrial network 14. For example, corporate may notify the industrial network that a particular virus is circulating on the corporate network 12, that a Homeland Security alert status has increased, and the like. Using these different inputs, the second set of rules may be selected and allow critical data only to be exchanged with less trusted networks and also disable remote log in capabilities).
Regarding claim 6, similarly claim 13, claim 17, Ginter teaches the information processing equipment of claim 1, the information processing method of claim 9, the non-transitory computer-readable recording medium of claim 10,
Ginter further teaches: wherein the subprogram storage memory is further configured to store a third subprogram for transmitting the sensor data to the server, for receiving a command from the server, and for transmitting an instruction based on the received command to the control target; the response part is further configured to instruct execution of the third subprogram when the anomaly detector does not detect the anomaly state of the edge; and the subprogram execution part is further configured to execute the third subprogram ([0059] The SCADA (Supervisory Control and Data Acquisition) server 118 may be used in remotely monitoring and controlling different components within the control network 104 and the I/O network 106. Note also that the SCADA server included in FIG. 2 generally refers to a control system, such as a distributed control system (DCS). Additionally, the SCADA server 118 may also be responsible for controlling and monitoring components included in other I/O networks 124a and 124a. For example, the SCADA server 118 may issue one or more commands to the controller 122 in connection with controlling the devices 130a-130n within the I/O network 106. See the teachings of Ginter shown in claim 1 for execution of the third subprogram similarly as for the first subprogram).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 8, 14, 18 are rejected under 35 U.S.C. 103 as being unpatentable over Ginter as applied above to claim 6, 13, 17 respectively, in view of Haller et al (US20080046463A1, hereinafter, “Haller”).
Regarding claim 8, similarly claim 14, claim 18, Ginter teaches the information processing equipment of claim 6, the information processing method of claim 13, the non-transitory computer-readable recording medium of claim 17,
Ginter further teaches: wherein the first subprogram is further configured to:
transmit all or a part of received commands to the control target ([0059] Additionally, the SCADA server 118 may also be responsible for controlling and monitoring components included in other I/O networks 124a and 124a. For example, the SCADA server 118 may issue one or more commands to the controller 122 in connection with controlling the devices 130a-130n within the I/O network 106);
Ginter does not appear to teach the following, in the similar field of endeavor Haller teaches:
and transmit all or a part of actuator operation command according to a certain rule to
the control target (Haller, discloses methods and apparatus for real-time data transfer between sensor or actuator devices and higher-level applications, see [Abstract] an integration engine receives a set of rules from an external application... the integration engine receives from the external application configuration data for controlling an actuator device. The integration engine converts the configuration data to a format compatible with the actuator device. Also see [Claims 1 and 4] receiving data at the engine from the sensor; applying the rule to the data based on executing the rule at the engine; and transmitting a command from the engine to the actuator based on the affected behavior… transmitting a command from the engine to the actuator further comprises writing a command that controls an actuator associated with an air conditioning unit to an off setting).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Haller in the event monitoring and management of Ginter by transmitting command from engine to actuator to control the actuator in response to the applied rule at the engine . This would have been obvious because the person having ordinary skill in the art would have been motivated to furnish the converted configuration data in real time to the actuator device (Haller, [Abstract]).
Citation of References
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following references are cited but not been replied upon for this office action:
McLean (US11973774B2) discloses multi-stage anomaly detector analyzing an anomalous process chain in real time and rapidly determines whether the process chain is indicative of a cyber threat on an endpoint computing device in a multi-host environment.
Lefebvre et al (US20170310697A1) discloses methods and systems for determining network related anomaly scores by generating a network map including at least a plurality of network nodes and a plurality of edges that indicate communications paths between the plurality of network nodes.
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL M LEE whose telephone number is (571)272-1975. The examiner can normally be reached on M-F: 8:30AM - 5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MICHAEL M LEE/Primary Examiner, Art Unit 2436