DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Applicant's submission filed on 10/28/2024 has been entered. Claims 1-12 have been examined. Claims 13 -15 are cancelled.
Information Disclosure Statement
The information disclosure statements (IDSs) submitted on 10/28/2024 & 12/09/2025. The submissions are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements are being considered by the examiner.
Claim Objections
Claims 4, 6 are objected to because of the following informalities: Appropriate correction is required.
With regards to claim 4, the claim recites ” at an available hardening time”. Examiner suggests amending the claim to recite “the available hardening time” because the claim already recites “available hardening time”.
With regards to claim 6, the claim recites ” the program”. Examiner suggests amending the claim to recite “a program”.
With regards to claim 6, the claim recites ” the security policy”. Examiner suggests amending the claim to recite “a security policy”.
With regards to claim 6, the claim recites ” the password”. Examiner suggests amending the claim to recite “a password”.
CLAIM INTERPRETATION
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The claims 8-12 in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked.
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph:
(A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function;
(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function.
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function.
Claim limitations in this application that use the word “ module” are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitations are:
“a collection module to collect..” as recited in claim 8
“a first determination module to determine...." as recited in claim 8
“ a second determination module to determine….” as recited in claim 8
“ a third determination module to determine …” as recited in claim 8
“ a calculation module to calculate …” as recited in claim 8
“conduction module to conduct … “ as recited in claim 8
“ a calculation module to calculate …” as recited in claim 9
“ a calculation module to calculate …” as recited in claim 10
“ a calculation module to calculate …” as recited in claim 11
“ a determination module to determine…” as recited in claim 12
Because these claim limitations are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, They are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-5, 7-12 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
The claims 1, 8 recite “ (1) collecting communication traffic; (2) determining a status property of the assets … (3) determining roles of the assets …..; (4) determining asset work modes (5) calculating an asset criticality score in a time frame ; and (6) conducting a hardening plan.
The limitations of (2) determining , (3) determining, (4) determining , (5) calculating and (6) conducting as drafted are processes that under their broadest reasonable interpretation , cover performance of the limitations which can be practically performed in the human mind. These limitations encompass mental observation and evaluations ( e.g. computer programmer’s observing the data, making a determination (calculations and evaluations) and conducting a plan – Note: the Plan in the conducting limitation is not defined. ). Thus, These limitations recite a concept that falls into the “mental process group” , “a method of organizing human activity group” and “mathematical grouping” of abstract ideas,
The (1) collecting limitation represents mere data gathering. This limitation does not impose any meaningful limits on the claims. The limitation amounts to necessary data gathering.
Therefore, the claims are directed to an abstract idea.
This judicial exception is not integrated into a practical application. In particular, the claims 8 only recite additional elements–“ an apparatus comprising a collection module, determination modules , calculation module and conduction module,”
The additional elements recited as shown above at a high-level of generality such that it amounts no more than mere instructions to apply the exception using a generic components.
Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. The claims are directed to an abstract idea.
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements amount to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claims are not patent eligible.
With regards to claim 2,3,9,10, the claim recites 1) calculating the asset impact score …… The limitation of (1) calculating as drafted is process that under their broadest reasonable interpretation , cover performance of the limitation which can be practically performed in the human mind. This limitation encompasses mental observation and evaluations ( e.g. computer programmer’s observing the data, making a determination (calculations and evaluations. ). Thus, This limitations recites a concept that falls into the “mental process group” , “a method of organizing human activity group” and “mathematical grouping” of abstract ideas.
This judicial exception is not integrated into a practical application. In particular, the claims 9,10 only recite additional elements–“ an apparatus comprising calculation module”
The additional elements recited as shown above at a high-level of generality such that it amounts no more than mere instructions to apply the exception using a generic components.
Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. The claims are directed to an abstract idea.
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements amount to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claims are not patent eligible.
With regards to claim 4, 11 , the claim recites 1) calculating available hardening time.. The limitations of (1) calculating as drafted is process that under their broadest reasonable interpretation , cover performance of the limitation which can be practically performed in the human mind. This limitation encompasses mental observation and evaluations ( e.g. computer programmer’s observing the data, making a determination (calculations and evaluations. ). Thus, This limitations recites a concept that falls into the “mental process group” , “a method of organizing human activity group” and “mathematical grouping” of abstract ideas.
This judicial exception is not integrated into a practical application. In particular, the claim 11 only recite additional elements–“ an apparatus comprising calculation module”
The additional elements recited as shown above at a high-level of generality such that it amounts no more than mere instructions to apply the exception using a generic components.
Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. The claims are directed to an abstract idea.
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements amount to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claims are not patent eligible.
With regards to claim 5, 12 , the claim recites 1) determining whether the assets are abnormal…includes monitoring at least one of a CPU state …2) modifying the asset impact score…3) generating a modified hardening plan.. . The limitations of (1) determining,2) modifying ,3) generating plan as drafted are processes that under their broadest reasonable interpretation , cover performance of the limitations which can be practically performed in the human mind. These limitations encompass mental observation and evaluations ( e.g. computer programmer’s observing the data, making a determination (calculations and evaluations) and conducting a plan – Note: the Plan in conducting limitation is not defined. ). Thus, These limitations recite a concept that falls into the “mental process group” , “a method of organizing human activity group” and “mathematical grouping” of abstract ideas,
The (1) monitoring limitation represents mere data gathering. This limitation does not impose any meaningful limits on the claims. The limitation amounts to necessary data gathering.
Therefore, the claims are directed to an abstract idea.
This judicial exception is not integrated into a practical application. In particular, the claims 12 only recite additional elements–“ an apparatus comprising determination module,”
The additional elements recited as shown above at a high-level of generality such that it amounts no more than mere instructions to apply the exception using a generic components.
Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. The claims are directed to an abstract idea.
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements amount to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claims are not patent eligible.
With regards to claim 7, the claim recites the asset is OT asset….” This limitation is just define what the assets are . Therefore, the claim is directed to an abstract idea.
This judicial exception is not integrated into a practical application. In particular, the claim 7 only recites additional elements–“assets are computer hardware, software or a combination of both,”
The additional elements recited as shown above at a high-level of generality such that it amounts no more than mere instructions to apply the exception using a generic components.
Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea.
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements amount to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claim is not patent eligible.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-12 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA the applicant regards as the invention.
With regards to claim 1, the claim recites ‘the determined work mode” It is unclear what the determined work mode is referring to because claim 1 recites “determining asset work modes”. Examiner suggests amending the claim to recite “the determined work modes” or “determining asset work mode”.
With regards to claim 6, the claim recites “wherein the hardening includes”. It is unclear what “ hardening” is referring to because claim 1 which claim 6 depends on recites “ hardening assets” and hardening plan”. Therefore, the examiner is unable to determine the metes and bounds of the claim language. For purpose of examination, the examiner will interpret the hardening as the hardening plan.
With regards to claim 7, the claim recites “ the asset” It is unclear what the asset is referring to because claim 1 recites “assets”. Therefore, the examiner is unable to determine the metes and bounds of the claim language.
The following claim elements that recite “module to ” limitations that invokes 35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for the claimed function.
MPEP 2181(II)(B) states in part,
the specification must sufficiently disclose an algorithm to transform a general purpose microprocessor to a special purpose computer so that a person of ordinary skill in the art can implement the disclosed algorithm to achieve the claimed function. Aristocrat, 521 F.3d at 1338, 86 USPQ2d at 1242."
Accordingly, a rejection under 35 U.S.C. 112(b) or pre-AIA 35 U.S.C. 112, second paragraph is appropriate if the specification discloses no corresponding algorithm associated with a computer or microprocessor. Aristocrat, 521 F.3d at 1337-38, 86 USPQ2d at 1242. For example, mere reference to a general purpose computer with appropriate programming without providing an explanation of the appropriate programming, or simply reciting "software" without providing detail about the means to accomplish a specific software function, would not be an adequate disclosure of the corresponding structure to satisfy the requirements of 35 U.S.C. 112(b) or pre-AIA 35 U.S.C. 112, second paragraph. Aristocrat, 521 F.3d at 1334, 86 USPQ2d at 1239; Finisar, 523 F.3d at 1340-41, 86 USPQ2d at 1623)
Regarding the claim limitation “a collection module to collect …”. - “The published specification (See Fig.3, ¶ 0024, ¶ 0065) does not define the structure to transform a general purpose computer to achieve the functions.
Regarding the claim limitation ““a first determination module to determine...." as recited in claim 8. The published specification (See Fig.3, ¶ 0030, ¶ 0065) does not define the structure to transform a general purpose computer to achieve the functions
Regarding the claim limitation “ a second determination module to determine….” as recited in claim 8. The published specification (See Fig.3, ¶ 0031, ¶ 0065) does not define the structure to transform a general purpose computer to achieve the functions.
Regarding the claim limitation “ a third determination module to determine …” as recited in claim 8. The published specification (See Fig.3, ¶ 0032, ¶ 0065) does not define the structure to transform a general purpose computer to achieve the functions
Regarding the claim limitation “ a calculation module to calculate …” as recited in claim 8. The published specification (See Fig.3, ¶ 0033, ¶ 0053, ¶ 0065) does not define the structure to transform a general purpose computer to achieve the functions.
Regarding the claim limitation “conduction module to conduct … “ as recited in claim 8. The published specification (See Fig.3, ¶ 0034, ¶ 0065) does not define the structure to transform a general purpose computer to achieve the functions.
Regarding the claim limitation “a calculation module to calculate …” as recited in claim 9,10,11. The published specification (See Fig.3, ¶ 0034, ¶ 0056- ¶ 0058,¶ 0063- ¶ 0065) do not define the structure to transform a general purpose computer to achieve the functions.
Regarding the claim limitation “a determination module to determine …” as recited in claim 12. The published specification (See Fig.3, ¶ 0062 -¶ 0063) does not define the structure to transform a general purpose computer to achieve the functions.
Applicant may:
(a) Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112, sixth paragraph; or
(b) Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the claimed function without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either:
(a) Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or
(b) Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1,7,8 are rejected under 35 U.S.C. 103 as being unpatentable over Trivellato et al. Publication No. US 2020/0404502 A1 ( Trivellato hereinafter) in view of Martinez et al. Publication No. US 2014/0137257 A1 ( Martinez hereinafter)
Regarding claim 1,
Trivellato teaches a method for hardening assets in OT system, the method comprising:
collecting communication traffic among the assets to identify instruction property (Fig.3,¶0067 - The content of the communications sent toward a device may be used to determine the device type of a device sending one or more requests and the device type of a device receiving or responding to the requests. For example, if a device receives read requests, commands (e.g., over a certain OT protocol), or a combination thereof, the device may be a PLC. A device that sends read requests, commands (e.g., over a certain OT protocol), write configuration commands to a device reconfiguration commands, or a combination thereof, may be a SCADA device or an HMI device);
determining a status property of the assets according to configuration file of the assets (Fig.3, ¶ 0074 - one or more active scans are performed. The active scans performed may be customized, targeted, or tailored to the device based on information from previous scans (e.g., based on blocks 302-310). In some embodiments, one or more active scans are customized based on a vendor, model, or both associated with a device. The information gathered from the one or more passive scans (e.g., blocks 306-310) may be used to make specific queries for specific parameters to retrieve more detailed or specific information associated with the device. The more detailed information could be used for compliance checks, configurations checks, security checks).
determining roles of the assets according to the identified instruction property and the status property of the assetsFig.3, ¶ 0074 - one or more active scans are performed. The active scans performed may be customized, targeted, or tailored to the device based on information from previous scans (e.g., based on blocks 302-310). In some embodiments, one or more active scans are customized based on a vendor, model, or both associated with a device. The information gathered from the one or more passive scans (e.g., blocks 306-310) may be used to make specific queries for specific parameters to retrieve more detailed or specific information associated with the device. The more detailed information could be used for compliance checks, configurations checks, security checks – ¶ 0075 - the active scan may include sending a request that will trigger the device to send one or more communications ( e.g., packets) to another device which will include information that can be used to further determine properties for the device. For example, an active scan may include a request that will result in the device sending a communication with firmware or configuration information to another device which may then be observed (e.g., by network monitor device 280), extracted from the communication, and used for further classifying, identifying, and monitoring of the device).
determining asset work modes according to the identified instruction property from communication traffic among the assets (¶ 0072- based on previous blocks (e.g., blocks 306-308), information about an OT device with a device type of PLC may have been determined. If the device type is a PLC, then vendor being Rockwell may be determined based on the MAC address, and the model may be ControlLogix 1756. The model may be determined based on upon a specific byte or bytes in a specific message type over a protocol that the vendor is known to use).
calculating an asset criticality score in a time frame according to the determined asset work mode and the assets roles (¶ 0033 -network monitor device 102 is operable to perform visualization ( e.g., including tables or matrixes) of passive and active scanning, for instance, scanning progress and information gathered. Network monitor device 102 may further monitor network traffic over a period of time ( e.g., user configurable) to gather information passively, which may then be used to customize one or more active scans, as described herein – ¶ 0064 - The information determined from a passive scan can include, Criticality (e.g., 4),; and
conducting a hardening plan based on the asset criticality score and an asset impact of hardening the assets for production without affecting the production of the assets in the OT system (Fig.3, ¶ 0082 - At block 318, optionally, an action is taken based on the scan results. The action may include initiating a patching operation, closing one or more ports on the device, isolating or quarantining the device, updating the firmware of the device, sending or creating an alert, or other actions described herein. ¶ 0033 -network monitor device 102 is operable to perform visualization ( e.g., including tables or matrixes) of passive and active scanning, for instance, scanning progress and information gathered. Network monitor device 102 may further monitor network traffic over a period of time ( e.g., user configurable) to gather information passively, which may then be used to customize one or more active scans, as described herein – ¶ 0064 - The information determined from a passive scan can include, Criticality (e.g., 4), NERC CIP classifications ( e.g., low impact BES cyber systems), – ¶ 0086 - first active scan is performed. This active scan may be active scan that is generic with low impact (e.g., a small number of requests, requests that are spaced out over time, a combination thereof, etc.).
However, Trivellato does not explicitly teach
conducting a hardening plan based on the asset criticality score and an asset impact score of hardening the assets for production without affecting the production of the assets in the OT system
Martinez teaches
conducting a hardening plan based on the asset criticality score and an asset impact score of hardening the assets for production without affecting the production of the assets in the OT system (¶ 0154 The mapping engine module 1232 takes as input geospatial data from the geospatial data repository 1230 and the results from the risk analysis and creates a geospatial graphical representation of the critical assets on a map as well as near real-time feeds of risk, threat, vulnerability, and impact – ¶ 0156 - The live webcam feed area 1808 allows users to monitor the physical state of the critical infrastructure by using real-time webcam feeds, if available. The risk status area 1810 provides the users with visual feedback about the risk status associated with the critical asset. The risk status area 1810 provides the risk index and level, and a visual status for the risk level, a red circle for high risk level, a yellow circle for medium risk level, and a green circle for low risk level. The mitigation area 1812 allows users to view mitigation response patterns 1814 for high risk levels. The mitigation area 1812 also allows users to send 1816 the response patterns 1814 to emergency response teams 1240 and to social networks users 1242. The detailed information dialog box 1802 can provide further information about the risk analysis by allowing the users to click on specific components on the different areas on the dialog – ¶ 0242 - The customer can use the generated risk mitigation graphs to determine strategies to mitigate risk in his/her enterprise. However, it is recommended that the customers conduct a cost-benefit analysis, in addition to the VARM, to evaluate the feasibility of identified mitigation countermeasures).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Trivellato to include the teachings of Martinez. The motivation for doing so is to allow the system to assess a risk of one or more assets within an operational technology infrastructure (Martinez – ¶ 0002).
Regarding claim 7,
Trivellato further teaches
the asset is OT asset and the OT assets are computer hardware , computer software or a combination of both (¶ 0040 - Device 130 can include agent 140. The agent 140 may be a hardware component, software component, or some combination thereof configured to gather information associated with device 130 and send that information to network monitor device 102. The information can include the operating system, version, patch level, firmware version, serial number, vendor ( e.g., manufacturer), model, asset tag, software executing on an entity (e.g., anti-virus software, malware detection software, office applications, web browser( s ), communication applications, etc.), services that are active or configured on the entity, ports that are open or that the entity is configured to communicate with (e.g., associated with services running on the entity), media access control (MAC) address, processor utilization, unique identifiers, computer name, account access activity – ¶ 0030 - The devices 120 and 130 and network coupled devices l22a-b may be any of a variety of devices including, but not limited to, computing systems, laptops, smartphones, servers, Internet of Things (IoT) or smart devices, supervisory control and data acquisition (SCADA) devices, operational technology (OT) devices).
Regarding claim 8,
Trivellato teaches an apparatus for hardening assets in OT system, the apparatus comprising:
A collection module to collect communication traffic among the assets to identify instruction property (Fig.3, ¶ 0067 - The content of the communications sent toward a device may be used to determine the device type of a device sending one or more requests and the device type of a device receiving or responding to the requests. For example, if a device receives read requests, commands (e.g., over a certain OT protocol), or a combination thereof, the device may be a PLC. A device that sends read requests, commands (e.g., over a certain OT protocol), write configuration commands to a device reconfiguration commands, or a combination thereof, may be a SCADA device or an HMI device) ;
a first determination module to determine a status property of the assets according to configuration file of the assets (Fig.3, ¶ 0074 - one or more active scans are performed. The active scans performed may be customized, targeted, or tailored to the device based on information from previous scans (e.g., based on blocks 302-310). In some embodiments, one or more active scans are customized based on a vendor, model, or both associated with a device. The information gathered from the one or more passive scans (e.g., blocks 306-310) may be used to make specific queries for specific parameters to retrieve more detailed or specific information associated with the device. The more detailed information could be used for compliance checks, configurations checks, security checks).
a second determination module to determine roles of the assets according to the identified instruction property and the status property of the assets (Fig.3, ¶ 0074 - one or more active scans are performed. The active scans performed may be customized, targeted, or tailored to the device based on information from previous scans (e.g., based on blocks 302-310). In some embodiments, one or more active scans are customized based on a vendor, model, or both associated with a device. The information gathered from the one or more passive scans (e.g., blocks 306-310) may be used to make specific queries for specific parameters to retrieve more detailed or specific information associated with the device. The more detailed information could be used for compliance checks, configurations checks, security checks – ¶ 0075 - the active scan may include sending a request that will trigger the device to send one or more communications ( e.g., packets) to another device which will include information that can be used to further determine properties for the device. For example, an active scan may include a request that will result in the device sending a communication with firmware or configuration information to another device which may then be observed (e.g., by network monitor device 280), extracted from the communication, and used for further classifying, identifying, and monitoring of the device).
a third determination module to determine asset work modes according to the identified instruction property from communication traffic among the assets (¶ 0072- based on previous blocks (e.g., blocks 306-308), information about an OT device with a device type of PLC may have been determined. If the device type is a PLC, then vendor being Rockwell may be determined based on the MAC address, and the model may be ControlLogix 1756. The model may be determined based on upon a specific byte or bytes in a specific message type over a protocol that the vendor is known to use).
A calculation module to calculate an asset criticality score in a time frame according to the determined asset work mode and the assets roles (¶ 0033 -network monitor device 102 is operable to perform visualization ( e.g., including tables or matrixes) of passive and active scanning, for instance, scanning progress and information gathered. Network monitor device 102 may further monitor network traffic over a period of time ( e.g., user configurable) to gather information passively, which may then be used to customize one or more active scans, as described herein – ¶ 0064 - The information determined from a passive scan can include, Criticality (e.g., 4),; and
a conduction module to conduct a hardening plan based on the asset criticality score and an asset impact of hardening the assets for production without affecting the production of the assets in the OT system (Fig.3, ¶ 0082 - At block 318, optionally, an action is taken based on the scan results. The action may include initiating a patching operation, closing one or more ports on the device, isolating or quarantining the device, updating the firmware of the device, sending or creating an alert, or other actions described herein. ¶ 0033 -network monitor device 102 is operable to perform visualization ( e.g., including tables or matrixes) of passive and active scanning, for instance, scanning progress and information gathered. Network monitor device 102 may further monitor network traffic over a period of time ( e.g., user configurable) to gather information passively, which may then be used to customize one or more active scans, as described herein – ¶ 0064 - The information determined from a passive scan can include, Criticality (e.g., 4), NERC CIP classifications ( e.g., low impact BES cyber systems), – ¶ 0086 - first active scan is performed. This active scan may be active scan that is generic with low impact (e.g., a small number of requests, requests that are spaced out over time, a combination thereof, etc.).
However, Trivellato does not explicitly teach
conducting a hardening plan based on the asset criticality score and an asset impact score of hardening the assets for production without affecting the production of the assets in the OT system
Martinez teaches
conducting a hardening plan based on the asset criticality score and an asset impact score of hardening the assets for production without affecting the production of the assets in the OT system (¶ 0154 The mapping engine module 1232 takes as input geospatial data from the geospatial data repository 1230 and the results from the risk analysis and creates a geospatial graphical representation of the critical assets on a map as well as near real-time feeds of risk, threat, vulnerability, and impact – ¶ 0156 - The live webcam feed area 1808 allows users to monitor the physical state of the critical infrastructure by using real-time webcam feeds, if available. The risk status area 1810 provides the users with visual feedback about the risk status associated with the critical asset. The risk status area 1810 provides the risk index and level, and a visual status for the risk level, a red circle for high risk level, a yellow circle for medium risk level, and a green circle for low risk level. The mitigation area 1812 allows users to view mitigation response patterns 1814 for high risk levels. The mitigation area 1812 also allows users to send 1816 the response patterns 1814 to emergency response teams 1240 and to social networks users 1242. The detailed information dialog box 1802 can provide further information about the risk analysis by allowing the users to click on specific components on the different areas on the dialog – ¶ 0242 - The customer can use the generated risk mitigation graphs to determine strategies to mitigate risk in his/her enterprise. However, it is recommended that the customers conduct a cost-benefit analysis, in addition to the VARM, to evaluate the feasibility of identified mitigation countermeasures).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Trivellato to include the teachings of Martinez. The motivation for doing so is to allow the system to assess a risk of one or more assets within an operational technology infrastructure (Martinez – ¶ 0002).
Claims 2,9 are rejected under 35 U.S.C. 103 as being unpatentable over Trivellato in view of Martinez further in view of Zhen et al. Publication No. US 2023/0315864 A1 ( Zhen hereinafter)
Regarding claim 2,
Trivellato does not explicitly teach
wherein calculating the asset impact score of hardening the assets for production depends at least in part on whether hardening the assets requires a restart of an assets' operating system.
Zhen teaches
calculating the asset impact score of hardening the assets for production depends at least in part on whether hardening the assets requires a restart of an assets' operating system (¶ 0024 - an impact of repairing the vulnerability on the system is evaluated, and a system impact score corresponding to the vulnerability is obtained; wherein the system impact score is a preset system restart score, a preset system non-restart score, a preset service restart score or a preset service non-restart score, the preset system restart score is less than the preset system non-restart score, the preset service restart score is less than the preset service non-restart score, and the preset system restart score is less than the preset service restart score – ¶ 0048 - When repairing the vulnerability causes no system restart and no service restart, the system impact score corresponding to the vulnerability may be 10 points. When repairing the vulnerability causes a service restart and no system restart, the system impact score of the vulnerability may be 6 points – See ¶ 0086).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Trivellato to include the teachings of Zhen. The motivation for doing so is to allow the system to quickly identify a key vulnerability that needs to be repaired, thereby improving usability and efficiency, and reducing costs of manual analysis of vulnerabilities (Zhen – Abstract).
Regarding claim 9,
Trivellato does not explicitly teach
a calculation module to calculate the asset impact score of hardening the assets for production based on whether hardening the assets needs to restart the assets' operating system.
Zhen teaches
a calculation module to calculate the asset impact score of hardening the assets for production based on whether hardening the assets needs to restart the assets' operating system (¶ 0024 - an impact of repairing the vulnerability on the system is evaluated, and a system impact score corresponding to the vulnerability is obtained; wherein the system impact score is a preset system restart score, a preset system non-restart score, a preset service restart score or a preset service non-restart score, the preset system restart score is less than the preset system non-restart score, the preset service restart score is less than the preset service non-restart score, and the preset system restart score is less than the preset service restart score – ¶ 0048 - When repairing the vulnerability
causes no system restart and no service restart, the system impact score corresponding to the vulnerability may be 10 points. When repairing the vulnerability causes a service restart and no system restart, the system impact score of the vulnerability may be 6 points – See ¶ 0086).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Trivellato to include the teachings of Zhen. The motivation for doing so is to allow the system to quickly identify a key vulnerability that needs to be repaired, thereby improving usability and efficiency, and reducing costs of manual analysis of vulnerabilities (Zhen – Abstract).
Claims 3,4,10,11 are rejected under 35 U.S.C. 103 as being unpatentable over Trivellato in view of Martinez further in view of Pfleger de Aguiar et al. Publication No. US 2018/0136921 (Pfleger de Aguiar hereinafter)
Regarding claim 3,
Trivellato does not explicitly teach
wherein calculating the asset impact score of hardening the assets for production depends at least in part on a time required to the assets
However, Pfleger de Aguiar teaches
calculating the asset impact score of hardening the assets for production depends at least in part on a time required to the assets (¶ 0031 - the criticality and exposure are ranked. For criticality, the scope, confidentiality, integrity, and/or availability (i.e., how badly can the vulnerability affect a given system) are identified. For exposure or exploitability, the attack vector, attack complexity, privileges required, and/or user interaction (e.g., how easy to exploit the vulnerability) are identified. Whether the vulnerability is weaponized - ¶ 0052 - Layer 0 corresponds to basic metrics obtained from CVSS score inputs (vulnerability criticality and/or exploitability scores). Other acquired information may be included, such as external knowledge ( e.g., average time to disclosure, average time to weaponization, average time to patch, and/or other statistical information about the asset, vulnerability, or patching. The asset exposure and/or asset criticality information may be acquired. Additional, different, or less information may be acquired – See ¶ 0081).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Trivellato to include the teachings of Pfleger de Aguiar. The motivation for doing so is to allow the system to help manage patching of the industrial control system, allowing better balancing of risk with manufacturing burden (Pfleger de Aguiar – Abstract).
Regarding claim 4,
Trivellato does not explicitly teach
wherein calculating available hardening time depends at least in part on the time required to harden the asset , and the asset criticality score and the method further comprising hardening the assets at an available hardening time
However, Pfleger de Aguiar teaches
calculating available hardening time depends at least in part on the time required to harden the asset , and the asset criticality score and the method further comprising hardening the assets at an available hardening time (¶ 0005 - Predicted temporal evolution of risk due to vulnerabilities is provided to industrial control system maintenance operators to help prioritize and schedule patching – ¶ 0021 - For patch management, a Markov model is parameterized through measurements. In a first class, the model accounts for the vulnerability lifecycle and captures how risks evolve over time. In a second class, information about the asset owner's patch management practices are incorporated into the model to be able to compute metrics such as the accumulated risk before a patch is typically applied. By assessing the risk as a function of external historical data about vulnerabilities and internal data regarding patch policies, patching strategies may be revised and fine-tuned towards a closed loop between vulnerability rating and patch installation metrics - ¶ 0031 - the criticality and exposure are ranked. For criticality, the scope, confidentiality, integrity, and/or availability (i.e., how badly can the vulnerability affect a given system) are identified. For exposure or exploitability, the attack vector, attack complexity, privileges required, and/or user interaction (e.g., how easy to exploit the vulnerability) are identified. Whether the vulnerability is weaponized - ¶ 0052 - Layer 0 corresponds to basic metrics obtained from CVSS score inputs (vulnerability criticality and/or exploitability scores). Other acquired information may be included, such as external knowledge ( e.g., average time to disclosure, average time to weaponization, average time to patch, and/or other statistical information about the asset, vulnerability, or patching. The asset exposure and/or asset criticality information may be acquired. Additional, different, or less information may be acquired – See ¶ 0081, ¶ 0036).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Trivellato to include the teachings of Pfleger de Aguiar. The motivation for doing so is to allow the system to help manage patching of the industrial control system, allowing better balancing of risk with manufacturing burden (Pfleger de Aguiar – Abstract).
Regarding claim 10,
Trivellato does not explicitly teach
a calculation module to calculating the asset impact score of hardening the assets for production based on duration of hardening the asset.
However, Pfleger de Aguiar teaches
a calculation module to calculating the asset impact score of hardening the assets for production based on duration of hardening the asset. (¶ 0031 - the criticality and exposure are ranked. For criticality, the scope, confidentiality, integrity, and/or availability (i.e., how badly can the vulnerability affect a given system) are identified. For exposure or exploitability, the attack vector, attack complexity, privileges required, and/or user interaction (e.g., how easy to exploit the vulnerability) are identified. Whether the vulnerability is weaponized - ¶ 0052 - Layer 0 corresponds to basic metrics obtained from CVSS score inputs (vulnerability criticality and/or exploitability scores). Other acquired information may be included, such as external knowledge ( e.g., average time to disclosure, average time to weaponization, average time to patch, and/or other statistical information about the asset, vulnerability, or patching. The asset exposure and/or asset criticality information may be acquired. Additional, different, or less information may be acquired – See ¶ 0081).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Trivellato to include the teachings of Pfleger de Aguiar. The motivation for doing so is to allow the system to help manage patching of the industrial control system, allowing better balancing of risk with manufacturing burden (Pfleger de Aguiar – Abstract).
Regarding claim 11,
Trivellato does not explicitly teach
a calculation module to calculate available hardening time based on the duration of hardening the assets , and the asset criticality score and the hardening the assets at an available hardening time
However, Pfleger de Aguiar teaches
a calculation module to calculate available hardening time based on the duration of hardening the assets , and the asset criticality score and the hardening the assets at an available hardening time (¶ 0005 - Predicted temporal evolution of risk due to vulnerabilities is provided to industrial control system maintenance operators to help prioritize and schedule patching – ¶ 0021 - For patch management, a Markov model is parameterized through measurements. In a first class, the model accounts for the vulnerability lifecycle and captures how risks evolve over time. In a second class, information about the asset owner's patch management practices are incorporated into the model to be able to compute metrics such as the accumulated risk before a patch is typically applied. By assessing the risk as a function of external historical data about vulnerabilities and internal data regarding patch policies, patching strategies may be revised and fine-tuned towards a closed loop between vulnerability rating and patch installation metrics - ¶ 0031 - the criticality and exposure are ranked. For criticality, the scope, confidentiality, integrity, and/or availability (i.e., how badly can the vulnerability affect a given system) are identified. For exposure or exploitability, the attack vector, attack complexity, privileges required, and/or user interaction (e.g., how easy to exploit the vulnerability) are identified. Whether the vulnerability is weaponized - ¶ 0052 - Layer 0 corresponds to basic metrics obtained from CVSS score inputs (vulnerability criticality and/or exploitability scores). Other acquired information may be included, such as external knowledge ( e.g., average time to disclosure, average time to weaponization, average time to patch, and/or other statistical information about the asset, vulnerability, or patching. The asset exposure and/or asset criticality information may be acquired. Additional, different, or less information may be acquired – See ¶ 0081, ¶ 0036).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Trivellato to include the teachings of Pfleger de Aguiar. The motivation for doing so is to allow the system to help manage patching of the industrial control system, allowing better balancing of risk with manufacturing burden (Pfleger de Aguiar – Abstract).
Claims 5,12 are rejected under 35 U.S.C. 103 as being unpatentable over Trivellato in view of Martinez further in view of Bulut et al. Publication No. US 2022/0129560 A1 ( Bulut hereinafter) further in view of Fukuzumi et al. Publication No.US 2017/0017549 A1 ( Fukuzumi hereinafter)
Regarding claim 5,
Trivellato does not explicitly teach
determining whether the assets are abnormal includes monitoring at least one of a CPU state, a memory occupancy state, and a communication state of the assets after hardening the assets; modifying the asset impact score of hardening the assets for production in response to the assets being abnormal; and generating a modified hardening plan.
However, Bulut teaches
determining whether the assets are abnormal [..]; modifying the asset impact score of hardening the assets for production in response to the assets being abnormal; and generating a modified hardening plan (Abstract - a baseline component that can generate a baseline health-check risk score that corresponds to non-compliance of a computing asset with a stipulated control. In various aspects, the system can further comprise an adjustment component that can adjust the baseline health-check risk score based on a weakness factor of the stipulated control. In some cases, the weakness factor can be based on a magnitude by which a state of the computing asset deviates from the stipulated control. In various embodiments, the adjustment component can further adjust the baseline health-check risk score based on an environmental factor of the computing asset. In various cases, the environmental factor can be based on
security mechanisms or security protocols associated with the computing asset – ¶ 0066 -the maturity component 122 can generate and/or calculate a maturity factor, which can be based on a difference and/or deviation between the stipulated
control 108 and a recommended control (e.g., a best practice and/or industry standard).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Trivellato to include the teachings of Bulut. The motivation for doing so is to allow the system to facilitate automated health check risk assessment of computing assets (Bulut – Abstract).
Trivellato in view of Bulut does not explicitly teach
monitoring at least one of a CPU state, a memory occupancy state, and a communication state of the assets after hardening the assets
However, Fukuzumi teaches
monitoring at least one of a CPU state, a memory occupancy state, and a communication state of the assets after hardening the assets (¶ 0032 - In the case where a request transmitted to the building block #1 in which the failure occurs has timed out, the processing monitoring time of the CPU may also time out, and even in a normally operable state, the building block #0 may go down. For example, in the case where timeout of a request occurs multiple times and requests for a response are accumulated, resources within the CPU 112 may run out, and a normal node may slow down and turn into an abnormal node.
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Trivellato in view of Bulut to include the teachings of Fukuzumi. The motivation for doing so is to allow the system to monitor resources (CPU) within the device in order to determine if the device is abnormal (Fukuzumi – ¶ 0032).
Regarding claim 12,
Trivellato does not explicitly teach
determination module to determine whether the assets are abnormal includes monitoring at least one of a CPU state, a memory occupancy state, and a communication state of the assets after hardening the assets; modifying the asset impact score of hardening the assets for production in response to the assets being abnormal; and generating a modified hardening plan.
However, Bulut teaches
determination module to determine determining whether the assets are abnormal[..] ; modifying the asset impact score of hardening the assets for production in response to the assets being abnormal; and generating a modified hardening plan (Abstract - a baseline component that can generate a baseline health-check risk score that corresponds to non-compliance of a computing asset with a stipulated control. In various aspects, the system can further comprise an adjustment component that can adjust the baseline health-check risk score based on a weakness factor of the stipulated control. In some cases, the weakness factor can be based on a magnitude by which a state of the computing asset deviates from the stipulated control. In various embodiments, the adjustment component can further adjust the baseline health-check risk score based on an environmental factor of the computing asset. In various cases, the environmental factor can be based on security mechanisms or security protocols associated with the computing asset – ¶ 0066 -the maturity component 122 can generate and/or calculate a maturity factor, which can be based on a difference and/or deviation between the stipulated control 108 and a recommended control (e.g., a best practice and/or industry standard).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Trivellato to include the teachings of Bulut. The motivation for doing so is to allow the system to facilitate automated health check risk assessment of computing assets (Bulut – Abstract).
Trivellato in view of Bulut does not explicitly teach
monitoring at least one of a CPU state, a memory occupancy state, and a communication state of the assets after hardening the assets
Fukuzumi teaches
monitoring at least one of a CPU state, a memory occupancy state, and a communication state of the assets after hardening the assets (¶ 0032 - In the case where a request transmitted to the building block #1 in which the failure occurs has timed out, the processing monitoring time of the CPU may also time out, and even in a normally operable state, the building block #0 may go down. For example, in the case where timeout of a request occurs multiple times and requests for a response are accumulated, resources within the CPU 112 may run out, and a normal node may slow down and turn into an abnormal node).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Trivellato in view of Bulut to include the teachings of Fukuzumi. The motivation for doing so is to allow the system to monitor resources (CPU) within the device in order to determine if the is device is abnormal (Fukuzumi – ¶ 0032).
Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Trivellato in view of Martinez further in view of Friedmaan et al. Publication No. US 2019/0155838 A1 ( Friedmann hereinafter)
Regarding claim 6,
Trivellato further teaches
The hardening includes update of the program in the assets , update of the security policy [..] of the assets , account manager of the assets and port manager of the assets (¶ 0105 -0106 Policy component 518 is operable for initiating or triggering one or more remediation actions or security actions according to one or more policies, e.g., based on one or more device attributes, as described herein. Policy component 518 may further be configured to perform other operations including checking compliance status, finding open ports, etc. Policy component 518 may restrict network access, signal a patch system or service, signal an update system or service, etc., as described herein. The policy component 518 may thus, among other things, invoke automatically patching, automatically updating, and automatically restrict network access of an entity ( e.g., that has out-of-date software or based on access rule violation or attempted violation)
However, Trivellato does not explicitly teach update of the security policy of the password of the assets
Friedmann teaches
update of the security policy of the password of the assets (¶ 0072 - The IT administrator can use the password policy module 478 to update the password policy by, for example, updating a list of pre-specified forbidden passwords and their symbolic equivalents. The IT administrator can also remotely update the password policy of the communications devices by communicating with the password approval module 138 over the network 200 and updating a local copy of the list of pre-specified forbidden passwords and the list of symbolic equivalents. The local copies of these lists can be stored in local storage 108 of the communications device 100. Accordingly, the password policy can be maintained centrally and then communicated to various communications devices 100 using a suitable wireless communication infrastructure such as that described herein. In some embodiments, the wireless communication infrastructure includes a transport stack that contains a set of communication protocols that enables the host system 350 to communicate with the communications device 100. A subset of applications provided by the transport stack can be used to pass IT policy commands to the operating system of the communications device 100 and can be used to provide an updated password policy).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Trivellato to include the teachings of Friedmaan. The motivation for doing so is to allow the system to update security policy of the password in order to increase security and prevent unauthorize access.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to YOUNES NAJI whose telephone number is (571)272-2659. The examiner can normally be reached Monday - Friday 8:30 AM -5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar A Louie can be reached at (571) 270-1684. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000
/YOUNES NAJI/Primary Examiner, Art Unit 2445