POWER GRID ACCESS SECURITY SYSTEM AND METHOD FOR INTERMITTENT COMMUNICATION PORTS

§103 §112

DETAILED ACTION This is a non-final Office Action in response to communications received on 07/23/2024. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Priority or Provisional Priority to 10/31/2023 is recognized. Drawings The drawings filed on 07/23/2024 are acknowledged. Claim Objections Claims 1, 5 and 7 are objected to because of the following informalities: Claim 1 recite “….. to integrate and provide an interface for a network link and a security service, wherein the link manager checks whether a network link of an external device is established …”, is not clear if there are multiple network link, and which network link, the network link in the following step refers to. It is confusing and hard to follow. Appropriate corrections are required. Claim 7 carries the same issue, therefore same Objection applies to claim 7 as well. Appropriate corrections are required. Claim 5 recite “…..a module type which is inserted into a communication port of network relay equipment”, is not clear if a communication port, is the same as a communication port mentioned in claim 1 or it is a different communication port. It is confusing and hard to follow. Appropriate corrections are required. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claim 8 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claim 8, recite “wherein the operating in the interface standby state comprises….” which lacks antecedent basis and therefore makes the claims indefinite. Claim 8 depends on claim 5, and claim 5 does not define “an operating” in “an interface standby state”. Appropriate corrections are required. Claim Interpretation The following is a quotation of 35 U.S.C. 112(f): (f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph: An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked. As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph: (A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; (B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and (C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: each limitation using the language “unit” (e.g., “encryption unit”) in claim 4. The corresponding structure can be found in Para. [0053], “The encryption unit 440 may be applied by implementing a specially designed encryption algorithm or a block encryption-based encryption algorithm known to those skilled in the art”. Para. [0071], “machine language readable by a processor (CPU) of a computer through a device interface of the computer, so that the computer reads the program and executes the methods implemented as the program. Such a code may include a functional code associated with a function defining functions needed for executing the methods, and moreover, may include an execution procedure-related control code needed for executing the functions by using the processor of the computer on the basis of a predetermined procedure. Also, the code may further include additional information, needed for executing the functions by using the processor of the computer, or a memory reference-related code corresponding to a location (an address) of an internal or external memory of the computer, which is to be referred to by a media. Also, when the processor needs communication with a remote computer or server so as to execute the functions, the code may further include a communication-related code corresponding to a communication scheme needed for communication with the remote computer or server and information or a media to be transmitted or received in performing communication, by using a communication module of the computer”. Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-11 are rejected under 35 U.S.C. 103 over Kalenderidis (US 2020/0233984) in view of Stokes (US 2024/0386147). Regarding claim 1, Kalenderidis teaches the limitations of claim 1 as follows: A power grid access security system for intermittent communication ports, the power grid access security system comprising: (Kalenderidis, Paras. [0017]-[0018], [0020], and Figs. 1-2, computing device 100 includes … an accessory interface port 130. And disclosing a security system for controlling access to accessory interface port 130 (i.e., communication ports)). a link manager configured to manage and monitor a link of a communication port; (Kalenderidis, Paras. [0020]-[0024], and Figs. 1-2, “OS 122 relies on an evaluation performed by interface restriction engine 124 to determine whether accessory interface port 130 is in a restricted or unrestricted mode“, “engine 124 may evaluate a policy with respect to each port 130 individually …. engine 124 may determine that criteria for restricting access”, and “accessory stack 210 relies on accessory manager 212 to facilitate interfacing with interface restriction engine 124”. Therefore, these components monitor connection conditions and control communications through port 130 (i.e., a link manager)). a power source configured to supply needed for a function operation of the communication port; (Kalenderidis, Paras. [0018], [0020]-[0024], and Figs. 1-2, “accessory device 102 may also be configured to supply power to computing device 100”). wherein the link manager checks whether a network link of an external device is established, (Kalenderidis, Paras. [0019], [0021]-[0024], and Figs. 1-2, accessory interface port 130 detects the connection, and notifies OS 122 of the connection (i.e., whether a network link of an external device is established). Interface restriction engine 124 evaluates policy rules 222, and determines criteria for restricting unauthorized access to port 130, checking whether conditions for communication are satisfied). based on link setting information, (Kalenderidis, Paras. [0021], [0025]-[0028], and Figs. 1-2, policy rules 222 define criteria indicative that an authorized user (or an unauthorized user) has connected accessory device 102 to the accessory interface port 130 and is based on any suitable factors, such as elapsed time since previous connection, lock screen status, authentication state, and device connection history which are dynamically generated or altered based on analysis of the user behavior (i.e., link setting information)). when a condition for the network link is not satisfied, removes data received from the external device, (Kalenderidis, Paras. [0033], and Figs. 1-2, hub 202 prevents or allows the routing of traffic from port 130, and determines to drop any received flow from port 130 and/or destined to port 130 in order to prevent communication via port 130 (i.e., removing data)). based on the link setting information. (Kalenderidis, Paras. [0021], [0025]-[0029], and Figs. 1-2, policy rules 222 define criteria indicative that an authorized user (or an unauthorized user) has connected accessory device 102 to the accessory interface port 130 and is based on any suitable factors, such as elapsed time since previous connection, lock screen status, authentication state, and device connection history which are dynamically generated or altered based on analysis of the user behavior (i.e., link setting information)). Kalenderidis teaches monitoring a device connection and access control to a port, but does not explicitly disclose: a multi-interface configured to integrate and provide an interface for a network link and a security service, However, Stokes in the Same field of endeavor discloses: a multi-interface configured to integrate and provide an interface for a network link and a security service, (Stokes, Paras. [0019]-[0021], [0023]-[0024], as shown in Fig. 1, system 100 includes a device 102 and a host device 110 which utilizes authentication mechanism 114 to determine whether to allow or block the device 102 from communication through bus 118 to the port 120 (physical hardware interface). Multiple interfaces that work together to provide a host-device network communication (i.e., an interface for a network link), and an authentication mechanism using certificate verification (i.e., a security service)). Stokes is combinable with Kalenderidis, because both are from the same field of communication port access control. It would have been obvious to a person having ordinary skill in the art before the effective filling date of the invention to utilize an authentication mechanism, as taught by Stokes with Kalenderidis’s method in order to enhance security of communication ports used for connecting external devices. Regarding claim 2, Kalenderidis and Stokes teach the limitations of claim 1. Stokes teaches the limitations of claim 2 as follows: The power grid access security system of claim 1, wherein the multi-interface obtains information of the external device including at least one of identification information, an access allowance time, a link method, whether encryption is used or not, and an encryption key for the external device, and the link manager changes the link setting information, based on the information of the external device. (Stokes, Paras. [0019]-[0021], [0023]-[0024], [0026], [0030]-[0032], [0040]-[0044], the host device obtains authentication information associated with the device. Authentication information includes keys such as private keys, public keys, or symmetric keys (i.e., at least one of ……. identification information). Bus authentication operation utilizes transport layer security (TLS), and the host device receives a TLS hello message and verifies the TLS certificate (i.e., whether encryption is used). Keys are received from the device or retrieved from remote source over a network (i.e., an encryption key for the external device)). The same motivation to combine utilized in claim 1 is equally applicable in the instant claim. Regarding claim 3, Kalenderidis and Stokes teach the limitations of claims 1-2. Kalenderidis and Stokes teach the limitations of claim 3 as follows: The power grid access security system of claim 2, wherein, when the link setting information is satisfied, the link manager allows the network link of the external device (Kalenderidis, Paras. [0020]-[0021], [0025]-[0029], and Figs. 1-2, interface restriction engine evaluates policy rules 222 defining criteria for restricting access to the port. The operating system enables or disables the accessory interface port based on evaluation results (i.e., when the link setting is satisfied)). and when an event including at least one of a disallowed communication protocol sensing event, a link release event, and a link time elapse event of the network-linked external device is sensed, (Kalenderidis, Paras. [0016], [0020]-[0021], [0025]-[0029], and Figs. 1-2, discloses detecting conditions/factors that affect communication such as elapsed time since previous connection, lock screen status, and user authentication state corresponding to events related to the communication link (i.e., at least one of …….)). the link manager reports the event to the management device. (Stokes, Paras. [0026], [0030]-[0034], discloses performing authentication and obtaining authentication information through security controls or trusted services associated with the host device (from external sources or services)). The same motivation to combine utilized in claim 1 is equally applicable in the instant claim. Regarding claim 4, Kalenderidis and Stokes teach the limitations of claims 1-3. Stokes teaches the limitations of claim 4 as follows: The power grid access security system of claim 3, further comprising an encryption unit configured to perform packet encryption and decryption on data transmitted or received to or from the network-linked external device. (Stokes, Paras. [0026], [0030]-[0034], [0039]-[0040], discloses encryption during device authentication operation using TLS protocol (i.e., encryption unit). The TLS certificate is verified, then a TLS handshake is complete (i.e., packet). The encrypted communication occurs for data transmitted between the host device and a connected external device connected through the port (i.e., network-linked external device)). The same motivation to combine utilized in claim 1 is equally applicable in the instant claim. Regarding claim 5, Kalenderidis and Stokes teach the limitations of claim 1. Kalenderidis and Stokes teach the limitations of claim 5 as follows: The power grid access security system of claim 1, wherein the power grid access security system is implemented as a module type (Kalenderidis, Paras. [0024]-[0029], and Figs. 1-2, discloses a system implemented in software and hardware modules controlling the communication through the port). which is inserted into a communication port of network relay equipment. (Stokes, Paras. [0021], [0026]-[0028], discloses port 120 as a physical hardware port to control the communication of an external device to a host device which uses network equipment). The same motivation to combine utilized in claim 1 is equally applicable in the instant claim. Regarding claim 6, Kalenderidis and Stokes teach the limitations of claim 1. Kalenderidis and Stokes teach the limitations of claim 6 as follows: The power grid access security system of claim 1, wherein the power grid access security system is implemented by printed circuit board (PCB) units of network relay equipment, or is implemented to be embedded in a network relay chipset as a system on chip (SoC) or system on package (SoP) type. (Stokes, Paras. [0024]-[0028], “The host device 310 may comprise a router (e.g., a CRSP router), a computing device, network equipment, cellular equipment, an IoT device, a system on chip (SoC), or any other type of electronic device that has a port and/or a bus over which devices can communicate” (i.e., by printed circuit board …… or ….)). The same motivation to combine utilized in claim 1 is equally applicable in the instant claim. Regarding claim 7, Kalenderidis teaches the limitations of claim 7 as follows: A power grid access security method for intermittent communication ports, performed by a power grid access security system for intermittent communication ports, the power grid access security method comprising: (Kalenderidis, Paras. [0017]-[0018], [0020], and Figs. 1-2, computing device 100 includes … an accessory interface port 130. And disclosing a security system for controlling access to accessory interface port 130 (i.e., communication ports)). as power is applied, maintaining a network link disconnection state; (Kalenderidis, Paras. [0017]-[0018], [0020], and Figs. 1-2, the operating system determines whether the accessory interface port should be in a restricted or unrestricted mode (i.e., disconnection state)). as a configuration of link setting information for the network link is completed, operating in an interface standby state; (Kalenderidis, Paras. [0019]-[0020], and Figs. 1-2, port 130 detects the connection of an accessory device and indicates the connection to the operating system. Prior to device detection, the interface is in idle mode (i.e., standby)). as an attempt to establish a network link of an external device is sensed, (Kalenderidis, Paras. [0019]-[0020], and Figs. 1-2, port 130 detects the connection of an accessory device 102). determining whether to allow a network link, (Kalenderidis, Paras. [0020]-[0021], and Figs. 1-2, “OS 122 relies on an evaluation performed by interface restriction engine 124 to determine whether accessory interface port 130 is in a restricted or unrestricted mode“, “engine 124 may evaluate a policy with respect to each port 130 individually …. engine 124 may determine that criteria for restricting access”). based on the link setting information; (Kalenderidis, Paras. [0021], [0025]-[0029], and Figs. 1-2, policy rules 222 define criteria indicative that an authorized user (or an unauthorized user) has connected accessory device 102 to the accessory interface port 130 and is based on any suitable factors, such as elapsed time since previous connection, lock screen status, authentication state, and device connection history which are dynamically generated or altered based on analysis of the user behavior (i.e., link setting information)). when the link setting information is not satisfied, removing data received from the external device. (Kalenderidis, Paras. [0033], and Figs. 1-2, hub 202 prevents or allows the routing of traffic from port 130, and determines to drop any received flow from port 130 and/or destined to port 130 in order to prevent communication via port 130 (i.e., removing data)). Kalenderidis teaches monitoring a device connection and access control to a port, but does not explicitly disclose: an access security system for intermittent communication ports, However, Stokes in the Same field of endeavor discloses: an access security system for intermittent communication ports, (Stokes, Paras. [0019]-[0021], [0023]-[0024], as shown in Fig. 1, system 100 includes a device 102 and a host device 110 which utilizes authentication mechanism 114 to determine whether to allow or block the device 102 from communication through bus 118 to the port 120 (physical hardware interface)). Stokes is combinable with Kalenderidis, because both are from the same field of communication port access control. It would have been obvious to a person having ordinary skill in the art before the effective filling date of the invention to utilize an authentication mechanism, as taught by Stokes with Kalenderidis’s method in order to enhance security of communication ports used for connecting external devices. Regarding claim 8, Kalenderidis and Stokes teach the limitations of claims 1 and 5. Stokes teaches the limitations of claim 8 as follows: The power grid access security method of claim 5, wherein the operating in the interface standby state comprises: obtaining information of the external device including at least one of identification information, an access allowance time, a link method, whether encryption is used or not, and an encryption key for the external device; and changing the link setting information, based on the information of the external device. (Stokes, Paras. [0019]-[0021], [0023]-[0024], [0026], [0030]-[0032], [0040]-[0044], the host device obtains authentication information associated with the device. Authentication information includes keys such as private keys, public keys, or symmetric keys (i.e., at least one of ……. identification information). Bus authentication operation utilizes transport layer security (TLS), and the host device receives a TLS hello message and verifies the TLS certificate (i.e., whether encryption is used). Keys are received from the device or retrieved from remote source over a network (i.e., an encryption key for the external device)). The same motivation to combine utilized in claim 1 is equally applicable in the instant claim. Regarding claim 9, Kalenderidis and Stokes teach the limitations of claims 1 and 6. Kalenderidis and Stokes teach the limitations of claim 9 as follows: The power grid access security method of claim 6, further comprising: when the link setting information is satisfied, allowing the network link of the external device; (Kalenderidis, Paras. [0020]-[0021], [0025]-[0029], and Figs. 1-2, interface restriction engine evaluates policy rules 222 defining criteria for restricting access to the port. The operating system enables or disables the accessory interface port based on evaluation results (i.e., when the link setting is satisfied)). when an event including at least one of a disallowed communication protocol sensing event, a link release event, and a link time elapse event of the network-linked external device is sensed, (Kalenderidis, Paras. [0016], [0020]-[0021], [0025]-[0029], and Figs. 1-2, discloses detecting conditions/factors that affect communication such as elapsed time since previous connection, lock screen status, and user authentication state corresponding to events related to the communication link (i.e., at least one of …….)). reporting the event to a management device. (Stokes, Paras. [0026], [0030]-[0034], discloses performing authentication and obtaining authentication information through security controls or trusted services associated with the host device (from external sources or services)). The same motivation to combine utilized in claim 1 is equally applicable in the instant claim. Regarding claim 10, Kalenderidis and Stokes teach the limitations of claims 1, 6 and 9. Stokes teaches the limitations of claim 10 as follows: The power grid access security method of claim 9, further comprising performing packet encryption and decryption on data transmitted or received to or from the network-linked external device. (Stokes, Paras. [0026], [0030]-[0034], [0039]-[0040], discloses encryption during device authentication operation using TLS protocol (i.e., encryption unit). The TLS certificate is verified, then a TLS handshake is complete (i.e., packet). The encrypted communication occurs for data transmitted between the host device and a connected external device connected through the port (i.e., network-linked external device)). The same motivation to combine utilized in claim 1 is equally applicable in the instant claim. References Considered But Not Relied Upon Al-Yousef (US 2018/0308302) discloses securing SCADA network access from a remote terminal unit. Cook (US 8,176,532) discloses a secure access point for SCADA devices. McColgan (US 2010/0262809) discloses smartphones wirelessly communicate with a base station to transfer data such as images/videos. Conclusion Accordingly, claims 1-10 are rejected. Any inquiry concerning this communication or earlier communications from the examiner should be directed to PEGAH BARZEGAR whose telephone number is (703)756-4755. The examiner can normally be reached M-F, 9:00 - 5:30. Examiner interviews are available via telephone using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on 571-272-3787. The fax phone number for the Application/Control Number: 17/470,067 Page 17 Art Unit: 2438 organization where this application or proceeding is assigned is 571-273- 8300. Application/Control Number: 17/386,076 Page 25 Art Unit: 2438 Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patentcenter for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272- 1000. /P.B./Examiner, Art Unit 2438 /TAGHI T ARANI/Supervisory Patent Examiner, Art Unit 2438