DETAILED ACTION
This action is responsive to amendment filed on January 8th, 2026.
Claims 1~18 and 20 are examined.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments with respect to claims 1~18 and 20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claim 12 is rejected under 35 U.S.C. 102(a)(1) as being anticipated by Siddesh et al. hereinafter Siddesh (U.S 2015/0244697).
Regarding Claim 12,
Siddesh taught a method for enabling secure access to an industrial edge device of an industrial plant, the method comprising:
establishing communication between the industrial edge device and a user device [¶40, field device FD connected with a servicing device CU2];
transmitting, by the user device, a request to the industrial edge device, to access the industrial edge device [¶41, the servicing device CU2 requests interaction with the web server WS2 (FD)];
receiving, at the industrial edge device, the request [¶42, following receipt of the request by the web server WS (FD)];
in response to the request, transmitting, by an authentication processor associated with the industrial edge device, a graphical authentication task to the user device for the user device to execute to provide as a response thereto [¶11, the field device has a function for distinguishing computers from humans; ¶38]; and
verifying, by the authentication processor, the response provided by the user device to determine whether to grant the user device access to the industrial edge devices wherein verifying the response comprises comparing the response to a predetermined range of predetermined model responses to detect if the response falls within the predetermined range of predetermined model responses such that the authentication processor grants the user access to the industrial edge device in response to the response falling within the range of predetermined model responses [¶11, upon an accessing of the field device via the web server, the function for distinguishing computers from humans is executed, in order to assure that the accessing of the field device is being done by a human user]. Note: utilizing CAPTCHAs imply (and/or well-known) that responses are compared to prior responses that are converted into a score that comprises a range or threshold. A lower score would be more indicative of a user (and thus, granted access) while a higher score would indicate a machine (access denied).
Regarding Claims 13~17 and 20, the claims are similar in scope to claims 6~10 below and therefore, rejected under the same rationale.
Claim Rejections - 35 USC § 103
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claims 1~3 and 6~10 are rejected under 35 U.S.C. 103 as being unpatentable over Siddesh et al. hereinafter Siddesh (U.S 2015/0244697) in view of Yoo (U.S 2024/0422154).
Regarding Claim 1,
Siddesh taught an authentication system for an industrial plant, the authentication system comprising:
an industrial edge device configured for at least one of monitoring and controlling an operation within the industrial plant [¶2, industrial plants are field devices, which serve for determining and/or monitoring process variables];
a user device configured to communicate with the industrial edge device to request access to the industrial edge device [¶40, servicing device CU2]; and
an authentication processor associated with the industrial edge device, the authentication processor configured to communicate a graphical authentication task to the user device in response to the request for access [¶11, the field device has a function for distinguishing computers from humans; ¶38],
the authentication processor further configured to verify a response to the graphical authentication task from the user device for determining whether to grant the user device access to the industrial edge device [¶11, upon an accessing of the field device via the web server, the function for distinguishing computers from humans is executed, in order to assure that the accessing of the field device is being done by a human user].
While Siddesh taught in order to verify that the request is from a human and not a computer, before accessing the web server WS by the computing unit CU1 is permitted, a CAPTCHA query is performed. To this end, the web server WS sends, likewise via the Internet I1, a request 2 to a CAPTCHA server CS, the CAPTCHA server creates a CAPTCHA or retrieves a CAPTCHA from a database DB1 and sends the CAPTCHA as response 3 to the request 2 to the web server WS1 [¶35] however, did not specifically teach the authentication processor being integrated on at least one of a separate device on a central server of the industrial plant or a Supervisory Control and Data Acquisition (SCADA) system of the industrial plant.
Yoo taught the authentication processor being integrated on at least one of a separate device on a central server of the industrial plant or a Supervisory Control and Data Acquisition (SCADA) system of the industrial plant [¶75, user terminal 20 takes charge of managing and controlling the industrial control apparatus 10 provided by the central server 30; ¶77, the central server 30 may receive status information of the field equipment 40 collected by the industrial control apparatus 10; ¶78, Fig. 3, the central server 30 may include the OTAC verification server 31 for authentication of the industrial control apparatus 10]. Note: Since Siddesh teaches the web server sends a request to a CAPTCHA server, a person of ordinary creativity would have employed a CAPTCHA server in place of the OTAC verification server 31 to authenticate requests made by the user terminal 20 since the approach would have been a predictable variation of prior art elements according to their established functions.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention was made, to combine, Yoo’s teaching of limitations with the teachings of Siddesh, because the combination allows an industrial control apparatus to be protected from hacking risks and have a competitive advantage in cost, system-required specifications, etc. compared to existing authentication methods [¶57].
Regarding Claim 2,
Siddesh taught wherein the industrial edge device comprises one of a remote terminal unit (RTU), programmable logic controller (PLC), programmable automation controller (PAC), sensor, instrument, data radio, and modem [¶2, field devices include all equipment used in a plant].
Regarding Claim 3,
Siddesh-Nixon taught wherein the user device comprises a personal device or a shared device [¶40, the servicing device CU2 can also be a PC, or a mobile device, i.e., a smart phone or a tablet].
Regarding Claim 6,
Siddesh taught wherein the graphical authentication task comprises at least one of a graphical puzzle task, a Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) task, and a drawing task [Fig. 4, CAPTCHA].
Regarding Claim 7,
Siddesh taught wherein the graphical authentication task comprises at least one of a static image and video image [¶45, CAPTCHA in the form of distorted pictures].
Regarding Claim 8,
Siddesh taught wherein the authentication processor is further configured to communicate one or more additional authentication tasks to the user device in response to the request for access and to verify an additional response to the one or more additional authentication tasks for determining whether to grant the user device access to the industrial edge device [¶46, login page to input username/password followed by CAPTCHA].
Regarding Claim 9,
Siddesh taught wherein at least one of the one or more additional authentication tasks comprises a credentials-based authentication task [¶46, login page to input username/password].
Regarding Claim 10,
Siddesh taught wherein the authentication processor is configured to execute processor-executable instructions to generate the graphical authentication task [¶54, low power microprocessor used in field devices].
Claims 4 and 5 are rejected under 35 U.S.C. 103 as being unpatentable over Siddesh and Yoo in view of Nixon et al. hereinafter Nixon (U.S 2022/0078267).
Regarding Claim 4,
Siddesh-Yoo-Nixon taught wherein the user device communicates with the industrial edge device using a Transmission Control Protocol/Internet (TCP/IP) protocol [¶50, different external devices, hosts or servers connected to the field device 10 via the communication interface 20 that conform to any desired standard communication protocol, such as an IP or packet-based protocol such as TCP, UDP].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention was made, to combine, Nixon’s teaching of limitations with the teachings of Siddesh, because the combination enables communication connections between the field device 10 and external client devices to be established independently of one another [¶52].
Regarding Claim 5,
Siddesh-Yoo-Nixon taught wherein the user device communicates with the industrial edge device using a User Datagram Protocol (UDP) [¶50, different external devices, hosts or servers connected to the field device 10 via the communication interface 20 that conform to any desired standard communication protocol, such as an IP or packet-based protocol such as TCP, UDP]. The rationale to combine as discussed in claim 4, applies here as well.
Claims 11 and 18 is rejected under 35 U.S.C. 103 as being unpatentable over Siddesh and Yoo in view of Shimizu et al. hereinafter Shimizu (U.S 2023/0280724).
Regarding Claims 11 and 18,
Siddesh-Yoo-Shimizu taught wherein the authentication processor comprises the Supervisory Control and Data Acquisition (SCADA) system of the industrial plant, and wherein the SCADA system is configured to generate the graphical authentication task [¶53, SCADA Web HMI System includes HMI server device 2 and HMI client device 3. Note: since Siddesh’s field devices has a web server that allows access by servicing devices, the combination with Shimizu’s SCADA system reads on the claim].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention was made, to combine, Shimizu’s teaching of limitations with the teachings of Siddesh and Yoo, because the combination enables real-time system monitoring, process control, and data collection [¶3].
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HEE SOO KIM whose telephone number is (571)270-3229. The examiner can normally be reached M-F 9AM-5PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas Taylor can be reached on (571) 272-3889. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/HEE SOO KIM/Primary Examiner, Art Unit 2443