CTFR 18/848,854 CTFR 92362 DETAILED ACTION Notice of Pre-AIA or AIA Status 07-03-aia AIA 15-10-aia The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA. Response to Amendment This office action is in reply to Applicant’s Response dated 02/27/2026. Claims 1, 3-4, 6-9, 11, 13 and 15-16 are amended. Claim 14 is canceled. Claims 1-13 and 15-16 remain pending in the application. Response to Arguments The Applicant argues (see page 7), with respect to the rejection under 35 U.S.C. 112(b) regarding the antecedent basis issues, that Applicant has made amendments to various of Claim 1-13, 15, and 16 to remedy any alleged antecedent basis issue. However, claim 11 still recites “ the first number of I/O modules” and claim 16 still recites “ the first number of I/O modules”. Therefore, the antecedent basis issue remains and claims 11 and 16 remain rejected under 35 U.S.C. 112(b). The Applicant argues (see page 7), with respect to the rejection under 35 U.S.C. 112(b) regarding the symbol “/”, that the symbol "/" in "actuator/sensor devices" recited in Claims 1, 4, 8, 15 and 16 means "actuator devices" or "sensor devices" or both and is understood in the art just as, for example, the symbol "/" in "I/0" is understood in the art.. In response to the Applicant’s argument, the Applicant has clarified that the limitation "actuator/sensor devices" means "actuator devices" or "sensor devices" or both. Therefore, the rejection has been withdrawn. The Applicant argues (see pages 8) with respect to the rejection of claim 1 under 35 U.S.C. 102 that the terms "cryptographic hash value" and "cryptographic checksum" do not appear in Choyi. While Choyi describes using a public key certificate and an attribute certificate, those utilizations do not describe, teach, or suggest a cryptographically protected attestation, which includes identification information that includes an authentication credential by way of a cryptographic hash value. In response to the Applicant’s argument, the rejection under 35 U.S.C. 102 has been withdrawn in view of the amendments made to the claims. However, upon further consideration, a new ground of rejection under 35 U.S.C. 103 as being unpatentable over Choyi et al. (U.S. PGPub 2016/0277391) in view of Callaghan et al. (U.S. PGPub 2007/0073850) is made. 07-30-03-h AIA Claim Interpretation 07-30-03 AIA The following is a quotation of 35 U.S.C. 112(f): (f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph: An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 07-30-05 The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked. As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph: (A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; (B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and (C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: “I/O module” in claims 1, 4-6, 8, 11, 13 and 15-16; “virtualized automation unit” in claims 1, 3, 5, 8, 10, 13 and 15-16; “providing unit” and “checking unit” in claims 11, 15 and 16. Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. A review of the specification shows that the following appears to be the corresponding structure described in the specification for the 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph limitation: "embodied as…a microprocessor or as an integrated circuit” (see paragraph 0052 of the specification as published (U.S. PGPub 2025/0217517)). If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. Claim Rejections - 35 USC § 112 07-30-02 AIA The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 11 and 16 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claims 11 and 16 recite “the first number of I/O modules”. There is insufficient antecedent basis for this limitation in the claims. Claim Rejections - 35 USC § 103 07-06 AIA 15-10-15 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 07-20-aia AIA The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 07-21-aia AIA Claim s 1-8, 10-12 and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Choyi et al. (U.S. PGPub 2016/0277391) in view of Callaghan et al. (U.S. PGPub 2007/0073850) . Regarding claims 1, 15 and 16, Choyi teaches A method for operating an automation system including I/O modules, actuator/sensor devices respectively coupled to the I/O modules, a computer system coupled to the I/O modules via a network, and the method comprising: (Choyi, see fig. 4 and 29; see paragraph 0239 where A M2M gateway 14 allows wireless M2M devices (e.g., cellular and non-cellular) as well as fixed network M2M devices (e.g., PLC) to communicate either through operator networks... M2M devices include...other actuator-based devices, security devices, and smart outlets...; see paragraph 0072 makes use of sensors, application entities, and actuators...) virtualized automation units of the computer system, (Choyi, see fig. 4 and 29; see paragraph 0240 where The M2M service layer 22′ may be implemented by one or more nodes of the network, which may comprise servers, computers, devices, virtual machines …) the authenticated communication connection comprising an authenticated comprising an authenticated communication between the specified virtualized automation unit and the specified I/O module and at least one portion of the actuator/sensor devices coupled to the specified I/O module; and (Choyi, see fig. 13; see paragraphs 0140-0142 authentication of an Entity A's message by a DE on behalf of Entity N. Entity A sends a message 1 that also contains an Auth-Tag1 (e.g., DS or MAC)... has been successfully authenticated from E2E perspective...; see also paragraph 0022) checking the provided cryptographically protected attestation in order to determine authorization information depending on the access by the specified virtualized automation unit to the specified I/O module and/or to the at least one portion of the actuator/sensor devices coupled to the specified I/O module, said access being confirmed by the checked attestation. (Choyi, see fig. 13; see paragraphs 0140-0142 authentication of an Entity A's message by a DE on behalf of Entity N. Entity A sends a message 1 that also contains an Auth-Tag1 (e.g., DS or MAC)... has been successfully authenticated from E2E perspective...; see fig. 19; see paragraph 0164 verify the signature if it is present, and after verifying all the required checks may issue a digital certificate. CR may notify the AE1 when the certificate has been created and provision it to AE1...; see also paragraph 0184 authenticating the interim message originator IN-CSE, the RCSE2 sends a notification to AE4 including the message, meta-data, DS1 and H10. AE4 authenticates RCSE2 by verifying H10 and then begins to process the meta-data or the entire message and uses the information obtained during the subscription process to determine the security parameters as well the algorithms, credentials, etc.; see paragraph 0181 After performing relevant access control checks, wherein, the checks may be carried out by RCSE2 or RCSE1, then AE2 is provisioned with E2E credentials of AE1.) However, Choyi does not explicitly teach providing a cryptographically protected attestation including identification information with an authentication credential represented by a cryptographic hash value, for indicating an authenticated communication connection between a specified I/O module of the I/O modules and a specified virtualized automation unit of the virtualized automation unit, Callaghan teaches providing a cryptographically protected attestation including identification information with an authentication credential represented by a cryptographic hash value, for indicating an authenticated communication connection between a specified I/O module of the I/O modules and a specified virtualized automation unit of the virtualized automation unit, (Callaghan, see fig. 3; see paragraph 0038 where I/O module 320 may interface with a crucial portion of an industrial system...Security component 340 may be or implement a PIN, a cryptographic hash of a value (e.g. MD5, SHA1 . . . )...module 310, or other such device on network 330, may be required to transmit a PIN to module 320 before control or information requests will be accepted by module 320...send a hashed value that changes according to a predefined algorithm along with a timestamp to module 320. Module 320 will compare the hashed value sent from module 310 to security token and verify a match...) It would have been obvious to one of ordinary skill in the art, at the time the invention was filed, to combine Choyi and Callaghan to provide the technique of providing a cryptographically protected attestation including identification information with an authentication credential represented by a cryptographic hash value, for indicating an authenticated communication connection between a specified I/O module of the I/O modules and a specified virtualized automation unit of the virtualized automation unit of Callaghan in the system of Choyi in order to ensure that only authenticate and ensure that only particular modules or types thereof are connected to the network (Callaghan, see paragraph 0038). Regarding claim 2, Choyi-Callaghan teaches further comprising adapting the authorization information based on the checking of the provided cryptographically protected attestation. (Choyi, see fig. 13; see paragraphs 0140-0142 authentication of an Entity A's message by a DE on behalf of Entity N. Entity A sends a message 1 that also contains an Auth-Tag1 (e.g., DS or MAC)... has been successfully authenticated from E2E perspective...; see fig. 19; see paragraph 0164 verify the signature if it is present, and after verifying all the required checks may issue a digital certificate. CR may notify the AE1 when the certificate has been created and provision it to AE1...; see also paragraph 0184 authenticating the interim message originator IN-CSE, the RCSE2 sends a notification to AE4 including the message, meta-data, DS1 and H10. AE4 authenticates RCSE2 by verifying H10 and then begins to process the meta-data or the entire message and uses the information obtained during the subscription process to determine the security parameters as well the algorithms, credentials, etc.) Regarding claim 3, Choyi-Callaghan teaches wherein the adapting the authorization information comprises at least one of: registering the specified virtualized automation unit at the automation system; (Choyi, see fig. 15; see paragraph 0147 registering with a CSE wherein a Service Enablement and Security Configuration (SESC) function resides at the Registrar CSE (RCSE.) In step 0 an AE1 is provisioned with credentials that may be configured in order that it can be paired-up and then registered with a Registrar CSE (RCSE)...) enabling an issuing of a digital certificate for the specified virtualized automation unit; (Choyi, see fig. 19; see paragraph 0164 verify the signature if it is present, and after verifying all the required checks may issue a digital certificate. CR may notify the AE1 when the certificate has been created and provision it to AE1...) enabling an access for the specified virtualized automation unit, to a specified database of the automation system and/or to a specified backend system of the automation system. (Choyi, see fig. 19; see paragraph 0164 verify the signature if it is present, and after verifying all the required checks may issue a digital certificate. CR may notify the AE1 when the certificate has been created and provision it to AE1...) Regarding claim 4, Choyi-Callaghan teaches wherein: the I/O modules and the actuator/sensor devices are arranged in a control network for controlling automation components of the automation network; and (Choyi, see fig. 4 and 29; see paragraph 0239 where A M2M gateway 14 allows wireless M2M devices (e.g., cellular and non-cellular) as well as fixed network M2M devices (e.g., PLC) to communicate either through operator networks... M2M devices include...other actuator-based devices, security devices, and smart outlets...; see paragraph 0072 makes use of sensors, application entities, and actuators...) the computer system is arranged in a network superordinate to the control network. (Choyi, see fig. 4 and 29; see paragraph 0239 where A M2M gateway 14 allows wireless M2M devices (e.g., cellular and non-cellular) as well as fixed network M2M devices (e.g., PLC) to communicate either through operator networks... M2M devices include...other actuator-based devices, security devices, and smart outlets...; see paragraph 0072 makes use of sensors, application entities, and actuators...) Regarding claim 5, Choyi-Callaghan teaches wherein the cryptographically protected attestation comprises up-to-date status information for indicating an up-to-date status of the authenticated communication connection between the specified I/O module and the specified virtualized automation unit. (Choyi, see fig. 19; see paragraph 0164 verify the signature if it is present, and after verifying all the required checks may issue a digital certificate. CR may notify the AE1 when the certificate has been created and provision it to AE1...; see also paragraph 0184 authenticating the interim message originator IN-CSE, the RCSE2 sends a notification to AE4 including the message, meta-data, DS1 and H10. AE4 authenticates RCSE2 by verifying H10 and then begins to process the meta-data or the entire message and uses the information obtained during the subscription process to determine the security parameters as well the algorithms, credentials, etc.) Regarding claim 6, Choyi-Callaghan teaches wherein the providing the cryptographically protected attestation comprises: (Callaghan, see fig. 3; see paragraph 0038 where I/O module 320 may interface with a crucial portion of an industrial system...Security component 340 may be or implement a PIN, a cryptographic hash of a value (e.g. MD5, SHA1 . . . )...module 310, or other such device on network 330, may be required to transmit a PIN to module 320 before control or information requests will be accepted by module 320...send a hashed value that changes according to a predefined algorithm along with a timestamp to module 320. Module 320 will compare the hashed value sent from module 310 to security token and verify a match...) The motivation regarding to the obviousness to claim 1 is also applied to claim 6. issuing the attestation by way of the specified I/O module; and cryptographically protecting the issued attestation by way of the specified I/O module. (Choyi, see fig. 19; see paragraph 0164 verify the signature if it is present, and after verifying all the required checks may issue a digital certificate. CR may notify the AE1 when the certificate has been created and provision it to AE1...; see also paragraph 0184 authenticating the interim message originator IN-CSE, the RCSE2 sends a notification to AE4 including the message, meta-data, DS1 and H10. AE4 authenticates RCSE2 by verifying H10 and then begins to process the meta-data or the entire message and uses the information obtained during the subscription process to determine the security parameters as well the algorithms, credentials, etc.) Regarding claim 7, Choyi-Callaghan teaches wherein the providing the cryptographically protected attestation comprises: (Callaghan, see fig. 3; see paragraph 0038 where I/O module 320 may interface with a crucial portion of an industrial system...Security component 340 may be or implement a PIN, a cryptographic hash of a value (e.g. MD5, SHA1 . . . )...module 310, or other such device on network 330, may be required to transmit a PIN to module 320 before control or information requests will be accepted by module 320...send a hashed value that changes according to a predefined algorithm along with a timestamp to module 320. Module 320 will compare the hashed value sent from module 310 to security token and verify a match...) The motivation regarding to the obviousness to claim 1 is also applied to claim 7. issuing the attestation by way of a component, of the computer system; and (Choyi, see fig. 19; see paragraph 0164 verify the signature if it is present, and after verifying all the required checks may issue a digital certificate. CR may notify the AE1 when the certificate has been created and provision it to AE1...; see also paragraph 0184 authenticating the interim message originator IN-CSE, the RCSE2 sends a notification to AE4 including the message, meta-data, DS1 and H10. AE4 authenticates RCSE2 by verifying H10 and then begins to process the meta-data or the entire message and uses the information obtained during the subscription process to determine the security parameters as well the algorithms, credentials, etc.) cryptographically protecting the issued attestation by way of a component, of the computer system. (Choyi, see fig. 19; see paragraph 0164 verify the signature if it is present, and after verifying all the required checks may issue a digital certificate. CR may notify the AE1 when the certificate has been created and provision it to AE1...; see also paragraph 0184 authenticating the interim message originator IN-CSE, the RCSE2 sends a notification to AE4 including the message, meta-data, DS1 and H10. AE4 authenticates RCSE2 by verifying H10 and then begins to process the meta-data or the entire message and uses the information obtained during the subscription process to determine the security parameters as well the algorithms, credentials, etc.) Regarding claim 8, Choyi-Callaghan teaches wherein the checking the provided cryptographically protected attestation comprises checking a specified type of the access by the specified virtualized automation unit to the at least one portion of the actuator/sensor devices coupled to the specified I/O module. (Choyi, see paragraph 0117 authorization of the Entity N...check to verify if Entity N has been authorized to obtain the credentials associated with Entity A. If Entity N is successfully authenticated and has been deemed to be authorized, then Entity N is provisioned with Entity A's credentials, Context ID/URI, Port#, associated Key(s), scope and associated parameters...) Regarding claim 10, Choyi-Callaghan teaches wherein a start-up functionality of a machine of the automation system is controlled by the specified virtualized automation unit is enabled depending on the provided authorization information enabled exclusively when the authorization information is present. (Choyi, see paragraph 0117 authorization of the Entity N...check to verify if Entity N has been authorized to obtain the credentials associated with Entity A. If Entity N is successfully authenticated and has been deemed to be authorized, then Entity N is provisioned with Entity A's credentials, Context ID/URI, Port#, associated Key(s), scope and associated parameters...) Regarding claim 11, Choyi-Callaghan teaches wherein the checking the provided cryptographically protected attestation is carried out by a checking unit separate from the first number of I/O modules and from the computer system. (Choyi, see fig. 13; see paragraphs 0140-0142 authentication of an Entity A's message by a DE on behalf of Entity N. Entity A sends a message 1 that also contains an Auth-Tag1 (e.g., DS or MAC)... has been successfully authenticated from E2E perspective...; see fig. 19; see paragraph 0164 verify the signature if it is present, and after verifying all the required checks may issue a digital certificate. CR may notify the AE1 when the certificate has been created and provision it to AE1...; see also paragraph 0184 authenticating the interim message originator IN-CSE, the RCSE2 sends a notification to AE4 including the message, meta-data, DS1 and H10. AE4 authenticates RCSE2 by verifying H10 and then begins to process the meta-data or the entire message and uses the information obtained during the subscription process to determine the security parameters as well the algorithms, credentials, etc.; see paragraph 0181 After performing relevant access control checks, wherein, the checks may be carried out by RCSE2 or RCSE1, then AE2 is provisioned with E2E credentials of AE1.) Regarding claim 12, Choyi-Callaghan teaches wherein: the attestation comprises an independent data structure protected by a cryptographic checksum; or the attestation comprises a verifiable credential or a verifiable presentation. (Choyi, see fig. 19; see paragraph 0164 verify the signature if it is present, and after verifying all the required checks may issue a digital certificate. CR may notify the AE1 when the certificate has been created and provision it to AE1...; see also paragraph 0184 authenticating the interim message originator IN-CSE, the RCSE2 sends a notification to AE4 including the message, meta-data, DS1 and H10. AE4 authenticates RCSE2 by verifying H10 and then begins to process the meta-data or the entire message and uses the information obtained during the subscription process to determine the security parameters as well the algorithms, credentials, etc.) 07-21-aia AIA Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Choyi-Callaghan in view of Li (U.S. PGPub 2019/0370467) . Regarding claim 9, Choyi-Callaghan teaches all of the features of claim 1. However, Choyi-Callaghan does not explicitly teach wherein the checking the provided cryptographically protected attestation is carried out repeatedly during ongoing operative operation of the automation system. Li teaches wherein the checking the provided cryptographically protected attestation is carried out repeatedly during ongoing operative operation of the automation system. (Li, see fig. 2; see paragraph 0022 where attestation is performed for each VM deployment (repeated for each VM deployment)…; see paragraph 0028-0029 local attestation has two prerequisites... generation and verification...attestation involves: on each existing VM VM.sub.i (repeat for each VM), the cloud customer sends MRENCLAVE along with the COLLECT request to its TEE application....) It would have been obvious to one of ordinary skill in the art, at the time the invention was filed, to combine Choyi-Callaghan and Li to provide the technique of repeatedly checking the provided cryptographically protected attestation of Li in the system of Choyi-Callaghan in order to provide reliable verification or attestation result and enhance system security (Li, see paragraph 0014) . 07-21-aia AIA Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Choyi-Callaghan in view of Hamilton et al. (U.S. PGPub 2009/0249061) . Regarding claim 13, Choyi-Callaghan teaches all of the features of claim 1. However, Choyi-Callaghan does not explicitly teach wherein: the providing the cryptographically protected attestation is carried out for a multiplicity of authenticated communication connections between a respective I/O module and a respective virtualized automation unit for providing a multiplicity of cryptographically protected attestations, the multiplicity of provided cryptographically protected attestations stored in a database; and the checking the provided cryptographically protected attestation checking is carried out using checking routines, the checking routines being formed by a stored procedure of the database or by a smart contract of a distributed cryptographically protected transaction database. Hamilton teaches wherein: : the providing the cryptographically protected attestation is carried out for a multiplicity of authenticated communication connections between a respective I/O module and a respective virtualized automation unit for providing a multiplicity of cryptographically protected attestations, (Hamilton, see fig. 2; see paragraph 0023 a secured connection may be established between the (second) virtual entity 28 and verifying unit 40. Security unit 42 may secure the connection by, e.g., cryptography…; see paragraph 0026 verification process 200 enables the second virtual entity 28 to establish a secured communication (as represented by communication link 308) to check with certificate administration center 16 to verify the symbol and certificate administration center 16 may communicate the verification result...) the multiplicity of provided cryptographically protected attestations stored in a database; and (Hamilton, see paragraph 0019 a verifying process 200...certifying may be initiated by a user 12 of the (first) virtual entity 30 or another authorized user 12 to register/apply for certification before certifying unit 38. Certifying unit 38 may then independently check information of the (first) virtual entity...All the information of the certification may also be communicated to/saved...; see paragraph 0024 comparing the received information of the (third) virtual entity 30 to be checked with the saved information of the certified (first) virtual entities 30. If the received information of the (third) virtual entity 30 matches the saved information of a (first) virtual entity, the symbol under checking will be treated as representing a valid certificate....) the checking the provided cryptographically protected attestation checking is carried out using checking routines, the checking routines being formed by a stored procedure of the database or by a smart contract of a distributed cryptographically protected transaction database. (Hamilton, see paragraph 0019 a verifying process 200...certifying may be initiated by a user 12 of the (first) virtual entity 30 or another authorized user 12 to register/apply for certification before certifying unit 38. Certifying unit 38 may then independently check information of the (first) virtual entity...All the information of the certification may also be communicated to/saved...; see paragraph 0024 comparing the received information of the (third) virtual entity 30 to be checked with the saved information of the certified (first) virtual entities 30. If the received information of the (third) virtual entity 30 matches the saved information of a (first) virtual entity, the symbol under checking will be treated as representing a valid certificate....) It would have been obvious to one of ordinary skill in the art, at the time the invention was filed, to combine Choyi-Callaghan and Hamilton to provide the technique of the providing the cryptographically protected attestation is carried out for a multiplicity of authenticated communication connections between a respective I/O module and a respective virtualized automation unit for providing a multiplicity of cryptographically protected attestations, the multiplicity of provided cryptographically protected attestations stored in a database, and the checking the provided cryptographically protected attestation checking is carried out using checking routines, the checking routines being formed by a stored procedure of the database or by a smart contract of a distributed cryptographically protected transaction database of Hamilton in the system of Choyi-Callaghan in order to provide protection against fraudulent behaviors (Hamilton, see paragraph 0003). Conclusion 07-40 AIA Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL . See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MENG VANG whose telephone number is (571)270-7023. The examiner can normally be reached M-F 8AM-2PM, 3PM-5PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, NICHOLAS TAYLOR can be reached at (571) 272-3889. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /MENG VANG/Primary Examiner, Art Unit 2443 Application/Control Number: 18/848,854 Page 2 Art Unit: 2443 Application/Control Number: 18/848,854 Page 3 Art Unit: 2443 Application/Control Number: 18/848,854 Page 4 Art Unit: 2443 Application/Control Number: 18/848,854 Page 5 Art Unit: 2443 Application/Control Number: 18/848,854 Page 6 Art Unit: 2443 Application/Control Number: 18/848,854 Page 8 Art Unit: 2443 Application/Control Number: 18/848,854 Page 9 Art Unit: 2443 Application/Control Number: 18/848,854 Page 11 Art Unit: 2443 Application/Control Number: 18/848,854 Page 13 Art Unit: 2443 Application/Control Number: 18/848,854 Page 14 Art Unit: 2443 Application/Control Number: 18/848,854 Page 15 Art Unit: 2443 Application/Control Number: 18/848,854 Page 16 Art Unit: 2443 Application/Control Number: 18/848,854 Page 18 Art Unit: 2443 Application/Control Number: 18/848,854 Page 19 Art Unit: 2443 Application/Control Number: 18/848,854 Page 20 Art Unit: 2443 Application/Control Number: 18/848,854 Page 21 Art Unit: 2443