Prosecution Insights
Last updated: July 17, 2026
Application No. 18/884,479

SECURITY SYSTEM RISK CALCULATION

Final Rejection §101§103
Filed
Sep 13, 2024
Priority
Sep 15, 2023 — EU 23306527.5
Examiner
GILLS, KURTIS
Art Unit
3624
Tech Center
3600 — Transportation & Electronic Commerce
Assignee
Genetec Inc.
OA Round
2 (Final)
58%
Grant Probability
Moderate
3-4
OA Rounds
1y 9m
Est. Remaining
87%
With Interview

Examiner Intelligence

Grants 58% of resolved cases
58%
Career Allowance Rate
320 granted / 554 resolved
+5.8% vs TC avg
Strong +29% interview lift
Without
With
+28.8%
Interview Lift
resolved cases with interview
Typical timeline
3y 7m
Avg Prosecution
33 currently pending
Career history
592
Total Applications
across all art units

Statute-Specific Performance

§101
9.2%
-30.8% vs TC avg
§103
80.9%
+40.9% vs TC avg
§102
8.4%
-31.6% vs TC avg
§112
0.1%
-39.9% vs TC avg
Black line = Tech Center average estimate • Based on career data from 554 resolved cases

Office Action

§101 §103
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION Notice to Applicant In response to the communication received on 03/23/2026, the following is a Final Office Action for Application No. 18884479. Status of Claims Claims 1-20, 22 and 28-30 are pending. Claims 21 and 23-27 are cancelled. Claims 28-30 are new. Priority As required by M.P.E.P. 201.14(c), acknowledgement is made of applicant’s claim for priority based on: 18884479 filed 09/13/2024 claims foreign priority to 23306527.5, filed 09/15/2023. Response to Amendments Applicant’s amendments have been fully considered. Response to Arguments Applicant’s arguments with respect to the claims have been fully considered. The arguments regarding the new claims are moot in light of the new grounds of rejection, as necessitated by new claim amendments. Applicant arguments that are not moot with respect to the claims have been fully considered but are not persuasive: Applicant argues that Carpenter in view of Girouard fails to teach as recited in independent claim 1 (and similar claims): associating, at the server, a respective device sensitivity to each of the plurality of devices and a respective zone sensitivity to each of the multiple zones. The Examiner respectfully disagrees. The Broadest Reasonable Interpretation of this limitation includes providing associations such as device(s) sensitivities respective to each device and zone(s) sensitivities respective to each zone. Carpenter ¶0020 teaches the structures of a “Risk analysis system 100 [which] includes a central server 105 shown including a processor 110 (e.g., microcontroller, digital signal processor (DSP) or microcontroller unit (MCU) with an associated memory(ies) 115 upon which disclosed algorithms and database data is stored, including the security database 116 which stores vulnerability data 116a including cyber-risks for the respective devices in the network.” Within the structures, Carpenter ¶0028 states that “FIG. 2B described below shows an example industrial plant 200 divided into a plurality of security zones, where each security zone shown has its own router/firewall 225.” Here, Carpenter teaches a zone sensitivity, e.g. firewall, respective to each security zone. Carpenter ¶0029 teaches devices sensitivities respective to each device since “If there is a virus or worm detected on one device that can propagate through the network, all devices within the same security zone can be considered to be at risk, because the infected device can contact them directly. The security zones allow determination of which of the devices are connected to the network implemented by the ICS, indicating where a cyber-attack might spread if a particular device in the ICS 150 is compromised.” Thus, Carpenter teaches associating a respective device sensitivity to each of the plurality of devices, e.g., the particular device in the ICS 150 that is compromised, and a respective zone sensitivity to each of the multiple zones, e.g., the particular security zone with the compromised device and the devices connected to a same firewall. determining an aggregate risk for the site based on the zone sensitivities, the device sensitivities, and the device status information, wherein the aggregate risk is proportional to a number of devices in an error status and inversely proportional to a total number of the plurality of devices. The Examiner respectfully disagrees. The Broadest Reasonable Interpretation of this limitation includes a determination of an aggregate risk for the site where this aggregate risk is based on zone and device sensitivities and associated status wherein aggregate risk is proportional, e.g. higher aggregate risk is congruent to high compromised devices (in an error status), and inversely proportional to total, e.g., lower aggregate risk is congruent to high number of total devices since the overall system is safer when there are a higher number of devices and only a fewer amount that are compromise. In other words, the wherein clause limitation is a result of security proportionalities, e.g. the more devices yields higher sensitivity and the aggregate risk is proportional to the number of compromised devices relative to the total number of devices. Nevertheless, see Carpenter at the following citations: ¶0060 “FIGS. 4A-D show various example dashboard views that can be generated by disclosed risk analysis system integrated into a network of an ICS including a plurality of networked devices that are monitored that are grouped into a plurality of different security zones, according to an example embodiment. FIG. 4A shows an example list view which includes a current net site cyber-security risk as well as a site risk for each security zone shown as zones 1-6, as well as a 30 day trend for site risk for the respective zones. Notifications, risk level by area, and a 30 day net site trend for risk are shown. FIG. 4B shows an example expanded list view which further includes details of notifications including specific alerts, as well as a listing of possible causes, potential impacts and recommended actions. ¶0029 Devices that have to go through some conduit (such as a firewall/router 225) are generally grouped into another security zone. If there is a virus or worm detected on one device that can propagate through the network, all devices within the same security zone can be considered to be at risk, because the infected device can contact them directly. The security zones allow determination of which of the devices are connected to the network implemented by the ICS, indicating where a cyber-attack might spread if a particular device in the ICS 150 is compromised. ¶0047 Assume one is calculating the risk of a critical device in a system. As this is a critical device, the result if this device were compromised can be very serious, so a value of C=1.0 (or 100%) can be assigned. Assume there are two vulnerabilities on this device, a missing non-security operating patch and no antivirus software installed with vulnerability values of 0.3 (or 30%) and 0.95 (or 95%). Assume there is one active threat detected against the system, a series of repeated access attempts with bad passwords with a threat value of 0.8 (or 80%). ¶0048 The simplest way to calculate V for this device is to consider the highest threat (0.95). Other algorithms could also be used that might consider the values of all active threats, but a simple calculation is described. The calculation for T is simple as there is a single threat. Using these, it is found R=V*T*C=0.95*0.8*1.0=0.76 (or 76%). ¶0049 Step 304 comprises aggregating data including ranking the risks across the plurality of networked devices and arranging the risks into at least one logical grouping. For example, users might want to split out risks based on their source. Risks from PCs might go in one group and risks from network devices might go in another. This is useful because often different administrators are responsible for maintaining PCs vs. network devices. Another example would be splitting up the risks based on logic groupings within the site. Control systems are often split into clusters of functionality that correspond to steps in the manufacturing process. Each cluster might be a logical grouping here. The aggregating data can further comprise aggregating categories of a security state of the plurality of networked devices. The at least one logical grouping can includes security zones which allows a determination of which of the plurality of networked devices are connected, indicating where a cyber-attack might spread if one of the plurality of networked devices is compromised, sources of the risks, and severity of the risks). Although “proportions” per se are not explicitly taught by Carpenter, Girouard teaches in the analogous art of apparatus for communication between a sensor and a managing device. In particular, Girouard advantageously uses proportionality at inter alia ¶0099 which states “In the graph 50, individual measurements are shown with an (x), and as shown therein, in different time periods 52, 54, and 56 the spacing between measurements (which again may be proportional to Pi) is varied. For example, within the time period 52, times between measurements is less than in the periods 54, 56. The times between measurements may be related to the communication strength and within the time period 52 the communication strength is low and it may be advantageous to send initiation pulses at a high rate; therefore, the time between measurements (and transmissions) is small.” Per the prior art rejection, Applicant argues that the combination of Carpenter in view of Girouard is improper. The Examiner respectfully disagrees, and in particular it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the apparatus for communication between a sensor and a managing device of Girouard with the system for analyzing cyber-security risks in an industrial control environment of Carpenter for the following reasons: (1) a finding that there was some teaching, suggestion, or motivation, either in the references themselves or in the knowledge generally available to one of ordinary skill in the art, to modify the reference or to combine reference teachings, e.g. Carpenter ¶0003 teaches that it is desirable to addressed security vulnerabilities in equipment which can disrupt production or cause unsafe conditions; (2) a finding that there was reasonable expectation of success since the only difference between the claimed invention and the prior art being the lack of actual combination of the elements in a single prior art reference, e.g. Carpenter Abstract teaches a method of analyzing cyber-security risks in an industrial control system (ICS) including a plurality of networked devices includes providing a processor and a memory storing a cyber-security algorithm, and Girouard Abstract teaches adjusting characteristics of signals used to verify or track the reliability of communication between a remote sensor and a managing device; and (3) whatever additional findings based on the Graham factual inquiries may be necessary, in view of the facts of the case under consideration, to explain a conclusion of obviousness, e.g. Carpenter at least the above cited paragraphs, and Girouard at least the inclusively cited paragraphs. Therefore, it would be obvious to one skilled in the art at the time of the invention to combine the apparatus for communication between a sensor and a managing device of Girouard with the system for analyzing cyber-security risks in an industrial control environment of Carpenter. The rationale to support a conclusion that the claim would have been obvious is that "a person of ordinary skill in the art would have been motivated to combine the prior art to achieve the claimed invention and whether there would have been a reasonable expectation of success in doing so." DyStar Textilfarben GmbH & Co. Deutschland KG v. C.H. Patrick Co., 464 F.3d 1356, 1360, 80 USPQ2d 1641, 1645 (Fed. Cir. 2006). See MPEP 2143(G). Hence, the combination of Carpenter in view of Girouard is proper. The Supreme Court in KSR International Co. v. Teleflex Inc. identified a number of rationales to support a conclusion of obviousness which are consistent with the proper “functional approach” to the determination of obviousness as laid down in Graham. Exemplary rationales that may support a conclusion of obviousness include: (A) Combining prior art elements according to known methods to yield predictable results; (B) Simple substitution of one known element for another to obtain predictable results; (C) Use of known technique to improve similar devices (methods, or products) in the same way; (D) Applying a known technique to a known device (method, or product) ready for improvement to yield predictable results; (E) “Obvious to try” – choosing from a finite number of identified, predictable solutions, with a reasonable expectation of success; (F) Known work in one field of endeavor may prompt variations of it for use in either the same field or a different one based on design incentives or other market forces if the variations are predictable to one of ordinary skill in the art; (G) Some teaching, suggestion, or motivation in the prior art that would have led one of ordinary skill to modify the prior art reference or to combine prior art reference teachings to arrive at the claimed invention. Note that the list of rationales provided is not intended to be an all-inclusive list. Other rationales to support a conclusion of obviousness may be relied upon by Office personnel. See MPEP §2143 for Examples of Basic Requirements of a Prima Facie Case of Obviousness. Although the suggestion or motivation from the prior art is indeed one of the rationales that can be used in supporting a conclusion of obviousness (rationale G), it is not the sole rationale that can be applied, nor a requirement; as listed above, additional rationales may be used to support an examiner's conclusion of obviousness. For the reasons detailed above, Examiner is not persuaded that the claims are patentably distinguishable over the Carpenter in view of Girouard disclosure. Rather, Examiner maintains that the Carpenter in view of Girouard combination renders obvious the claimed invention. Accordingly, the previous prior art rejection is maintained. As per the 101 rejection, Applicant argues that the claims are in favor of eligibility per Prong One of Step 2A, however Examiner respectfully disagrees. Per Prong One of Step 2A, the identified recitation of an abstract idea falls within at least one of the Abstract Idea Groupings consisting of: Mathematical Concepts, Mental Processes, or Certain Methods of Organizing Human Activity. Particularly, the identified recitation falls within the Mental Processes including concepts performed in the human mind (including an observation, evaluation judgment, opinion) and/or Certain Methods of Organizing Human Activity including managing personal behavior or relationships or interactions between people (including social activities, teaching, and following rules of instructions). Since the recitation of the claims falls into at least one of the above Groupings, there is a basis for providing further analysis with regard to Prong Two of Step 2A to determine whether the recitation of an abstract idea is deduced to being directed to an abstract idea. Thus, the rejection is maintained. Applicant argues that the claims are in favor of eligibility per Prong Two of Step 2A, however Examiner respectfully disagrees. Per Prong Two of Step 2A, this judicial exception is not integrated into a practical application because the claim as a whole does not integrate the identified abstract idea into a practical application. The computer, processor, server and/or memory medium is recited at a high level of generality, i.e., as a generic processor performing a generic computer function of processing/transmitting data. This generic processor server limitation is no more than mere instructions to apply the exception using a generic computer component. Further, computer, processor, server and/or memory medium to inter alia perform the function of outputting an indication of the aggregate risk to a user is mere instruction to apply an exception using a generic computer component which cannot integrate a judicial exception into a practical application. Accordingly, this/these additional element(s) does/do not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. In other words, the present claims use a generic processing device and memory medium to inter alia perform the function of outputting an indication of the aggregate risk to a user which is a concept that can be performed in the human mind. The processor is merely used to perform the function(s), and the processor does not integrate the abstract idea into a practical application since there are no meaningful limits on practicing the abstract idea. Thus, since the claims are directed to the determined judicial exception in view of the two prongs of Step 2A, the 2019 PEG flowchart is directed to Step 2B. Thus, the rejection is maintained. Applicant argues that the claims are in favor of eligibility per Step 2B, however Examiner respectfully disagrees. Therein, the additional elements and combinations therewith are examined in the claims to determine whether the claims as a whole amounts to significantly more than the judicial exception. It is noted here that the additional elements are to be considered both individually and as an ordered combination. In this case, the claims each at most comprise additional elements of: computer, processor, server and/or memory medium. Taken individually, the additional limitations each are generically recited and thus does not add significantly more to the respective limitations. Further, computer, processor, server and/or memory medium to inter alia perform the function of outputting an indication of the aggregate risk to a user is mere instruction to apply an exception using a generic computer component which cannot provide an inventive concept in Step 2B (or, looking back to Step 2A, cannot integrate a judicial exception into a practical application). For further support, the Applicant’s specification supports the claims being directed to use of a generic computer/memory type structure. Taken as an ordered combination, the claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the limitations are directed to limitations referenced in Alice Corp. that are not enough to qualify as significantly more when recited in a claim with an abstract idea include the non-limiting or non-exclusive examples of MPEP § 2106.05. Thus, the rejection is maintained. In an effort to further expedite prosecution, see: Appendix 1 to the October 2019 Update: Subject Matter Eligibility, Life Sciences & Data Processing Examples, October 2019 30, Example 46. Livestock Management. Per claim 1 of Example 46, the memory, display and processor are recited so generically (no details whatsoever are provided other than that they are a memory, display and processor) that they represent no more than mere instructions to apply the judicial exception on a computer. These limitations can also be viewed as nothing more than an attempt to generally link the use of the judicial exception to the technological environment of a computer. As an exemplary direction for similar claim limitations to be eligible, see claims 2-4 of Example 46. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-20, 22 and 28-30 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more. The claims fall within statutory class of process or machine; hence, the claims fall under statutory category of Step 1. Step 2 is the two-part analysis from Alice Corp. (also called the Mayo test). The 2019 PEG makes two changes in Step 2A: It sets forth new procedure for Step 2A (called “revised Step 2A”) under which a claim is not “directed to” a judicial exception unless the claim satisfies a two-prong inquiry. The two-prong inquiry is as follows: Prong One: evaluate whether the claim recites a judicial exception (an abstract idea enumerated in the 2019 PEG, a law of nature, or a natural phenomenon). If claim recites an exception, then Prong Two: evaluate whether the claim recites additional elements that integrate the exception into a practical application of the exception. The claim(s) recite(s) the following abstract idea indicated by non-boldface font and additional limitations indicated by boldface font: computer-implemented method for assessing risk of a site, wherein the site is divided into multiple zones and monitored by a plurality of devices disposed within the multiple zones, the plurality of devices connected with a server over an IP network, the computer-implemented method comprising:associating, at the server, a respective device sensitivity to each of the plurality of devices and a respective zone sensitivity to each of the multiple zones; obtaining, at the server and over the IP network, communications from the plurality of devices; monitoring, using the communications, the plurality of devices to get status information from the communications; determining an aggregate risk for the site based on the zone sensitivities, the device sensitivities, and the device status information, wherein the aggregate risk is proportional to a number of devices in an error status and inversely proportional to a total number of the plurality of devices; and outputting, to a user, an indication of the aggregate risk. [or] A system for risk assessment, the system comprising:processor circuitry; and a non-transitory computer-readable memory storing program instructions executable by the processor circuitry for: associating, at a server, a respective device sensitivity to each of a plurality of devices disposed within multiple zones of a site and a respective zone sensitivity to each of the multiple zones, the plurality of devices connected with the server over an IP network, wherein the plurality of devices monitor the site; obtaining, at the server and over the IP network, communications from the plurality of devices; monitoring, using the communications, the plurality of devices to get status information from the communications; determining an aggregate risk for the site based on the zone sensitivities, the device sensitivities, and the device status information, wherein the aggregate risk is proportional to a number of devices in an error status and inversely proportional to a total number of the plurality of devices; and outputting, to a user, an indication of the aggregate risk. [or] A security system for monitoring a physical site divided into multiple zones,the system comprising:a camera status module having a network interface connected to an IP network and a camera status information output;a sensitivity module comprising memory storing a respective camera sensitivity to each one of a plurality of cameras and a respective zone sensitivity to each of the multiple zones; anda risk calculation module connected to the camera status module and to the sensitivity module determining an aggregate risk for the physical site based on the zone sensitivities, the camera sensitivities, and the camera status information, wherein the aggregate risk is proportional to a number of cameras in an error status and inversely proportional to a total number of the plurality of cameras. The claim(s) recite(s) the following summarization of the abstract idea which includes assessing risk of a site via monitoring by a plurality of devices disposed within multiple zones executed by the additional element(s) of non-transitory computer readable storage medium, computer, sever and/or processor. This falls into at least the Abstract Idea Grouping of Mental Processes since the information can be analyzed by an abstract evaluation judgment process. Thus, per Prong One of Step 2A, the identified recitation of an abstract idea falls within at least one of the Abstract Idea Groupings consisting of: Mathematical Concepts, Mental Processes, or Certain Methods of Organizing Human Activity. Particularly, the identified recitation falls within the Mental Processes including concepts performed in the human mind (including an observation, evaluation judgment, opinion). Per Prong Two of Step 2A, this judicial exception is not integrated into a practical application because the claim as a whole does not integrate the identified abstract idea into a practical application. The computer, processor, server and/or memory medium is recited at a high level of generality, i.e., as a generic processor performing a generic computer function of processing/transmitting data. This generic computer, processor, server and/or memory medium limitation is no more than mere instructions to apply the exception using a generic computer component. Further, outputting an indication of the aggregate risk to a user by a computer, processor, server and/or memory medium is mere instruction to apply an exception using a generic computer component which cannot integrate a judicial exception into a practical application. Accordingly, this/these additional element(s) does/do not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. Thus, since the claims are directed to the determined judicial exception in view of the two prongs of Step 2A, the 2019 PEG flowchart is directed to Step 2B. Per Step 2B, the additional elements and combinations therewith are examined in the claims to determine whether the claims as a whole amounts to significantly more than the judicial exception. It is noted here that the additional elements are to be considered both individually and as an ordered combination. In this case, the claims each at most comprise additional elements of: computer, processor, server and memory medium. Taken individually, the additional limitations each are generically recited and thus does not add significantly more to the respective limitations. Further, outputting an indication of the aggregate risk to a user by a computer, processor, server and/or memory medium is mere instruction to apply an exception using a generic computer component which cannot provide an inventive concept in Step 2B (or, looking back to Step 2A, cannot integrate a judicial exception into a practical application). For further support, the Applicant’s specification supports the claims being directed to use of a generic computer/memory type structure at ¶0100 wherein “embodiments described herein are implemented by physical computer hardware, including computing devices, servers, receivers, transmitters, processors, memory, displays, and networks.” Taken as an ordered combination, the claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the limitations are directed to limitations referenced in Alice Corp. that are not enough to qualify as significantly more when recited in a claim with an abstract idea include, as a non-limiting or non-exclusive examples: i. Adding the words "apply it" (or an equivalent) with the judicial exception, or mere instructions to implement an abstract idea on a computer, e.g., a limitation indicating that a particular function such as creating and maintaining electronic records is performed by a computer, as discussed in Alice Corp., 134 S. Ct. at 2360, 110 USPQ2d at 1984 (see MPEP § 2106.05(f)); PNG media_image1.png 18 19 media_image1.png Greyscale ii. Simply appending well-understood, routine, conventional activities previously known to the industry, specified at a high level of generality, to the judicial exception, e.g., a claim to an abstract idea requiring no more than a generic computer to perform generic computer functions that are well-understood, routine and conventional activities previously known to the industry, as discussed in Alice Corp., 134 S. Ct. at 2359-60, 110 USPQ2d at 1984 (see MPEP § 2106.05(d)); PNG media_image1.png 18 19 media_image1.png Greyscale iii. Adding insignificant extra-solution activity to the judicial exception, e.g., mere data gathering in conjunction with a law of nature or abstract idea such as a step of obtaining information about credit card transactions so that the information can be analyzed by an abstract mental process, as discussed in CyberSource v. Retail Decisions, Inc., 654 F.3d 1366, 1375, 99 USPQ2d 1690, 1694 (Fed. Cir. 2011) (see MPEP § 2106.05(g)); or PNG media_image1.png 18 19 media_image1.png Greyscale v. Generally linking the use of the judicial exception to a particular technological environment or field of use, e.g., a claim describing how the abstract idea of hedging could be used in the commodities and energy markets, as discussed in Bilski v. Kappos, 561 U.S. 593, 595, 95 USPQ2d 1001, 1010 (2010) or a claim limiting the use of a mathematical formula to the petrochemical and oil-refining fields, as discussed in Parker v. Flook. The courts have recognized the following computer functions inter alia to be well-understood, routine, and conventional functions when they are claimed in a merely generic manner: performing repetitive calculations; receiving, processing, and storing data (e.g., the present claims); electronically scanning or extracting data; electronic recordkeeping; automating mental tasks (e.g., process/machine/manufacture for performing the present claims); and receiving or transmitting data (e.g., the present claims). The dependent claims do not cure the above stated deficiencies, and in particular, the dependent claims further narrow the abstract idea without reciting additional elements that integrate the exception into a practical application of the exception or providing significantly more than the abstract idea. Since there are no elements or ordered combination of elements that amount to significantly more than the judicial exception, the claims are not eligible subject matter under 35 USC §101. Thus, viewed as a whole, these additional claim element(s) do not provide meaningful limitation(s) to transform the abstract idea into a patent eligible application of the abstract idea such that the claim(s) amounts to significantly more than the abstract idea itself. Therefore, the claim(s) are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-20 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Carpenter et al. (US 20160050225 A1) hereinafter referred to as Carpenter in view of Girouard (US 20160080107 A1) hereinafter referred to as Girouard. Carpenter teaches: Claim 1. A computer-implemented method for assessing risk of a site, wherein the site is divided into multiple zones and monitored by a plurality of devices disposed within the multiple zones, the plurality of devices connected with a server over an IP network, the computer-implemented method comprising (¶0028 Disclosed methods can include the step of discovering the devices networked in the ICS 150, creating a database of vulnerability and event data for those devices stored in the data collection module 121, and then grouping the devices into security zones for further analysis. For example, FIG. 2B described below shows an example industrial plant 200 divided into a plurality of security zones, where each security zone shown has its own router/firewall 225. ¶0040 FIG. 2A shows a DCS 120′ having five different tiers (levels) of networking that can benefit from disclosed cyber-security risk analysis systems. The network levels include a device-level 120a, IO-level 120b, control-level 120c, plant-level 120d and business level 120e. The device-level 120a includes gauges, valves, transmitters, actuators, sensors and other devices. The IO-level 120b includes IO modules 120b′. The control-level 120c includes at least one controller 120c′ which corresponds to the workstations 135, servers 140 and networked devices 145 shown in FIG. 1. ¶0020 Risk analysis system 100 includes a central server 105 shown including a processor 110 (e.g., microcontroller, digital signal processor (DSP) or microcontroller unit (MCU) with an associated memory(ies) 115 upon which disclosed algorithms and database data is stored, including the security database 116 which stores vulnerability data 116a including cyber-risks for the respective devices in the network. "; ¶0022 There are three basic approaches to data gathering of vulnerability data and event data (if present) to provide to the data collection module 121 that can be used with disclosed embodiments. The first approach uses a local agent on the monitored device, which is essentially a program that runs locally, collects information of interest relating to vulnerability data and event data (if present) and sends it up to the central device here being the data collection module 121.): associating, at the server, a respective device sensitivity to each of the plurality of devices and a respective zone sensitivity to each of the multiple zones (¶0020 Risk analysis system 100 includes a central server 105 shown including a processor 110 (e.g., microcontroller, digital signal processor (DSP) or microcontroller unit (MCU) with an associated memory(ies) 115 upon which disclosed algorithms and database data is stored, including the security database 116 which stores vulnerability data 116a including cyber-risks for the respective devices in the network. As noted above, besides vulnerability, cyber-security risk can be a function of threat level being the degree to which vulnerabilities are likely to be exploited, and the consequence being how severe of an impact would be felt if the networked device being measured for cyber-security risk were successfully exploited. Using disclosed algorithms, processor 110 is shown implementing a data collection module 121, a rules engine and aggregation module 122, and a user interface (UI) module 123. The network implemented by ICS 150 can be a wired (e.g., cable) network, a wireless network, optical network, or any combination of the three (e.g., wired and wireless network). ¶0028 Disclosed methods can include the step of discovering the devices networked in the ICS 150, creating a database of vulnerability and event data for those devices stored in the data collection module 121, and then grouping the devices into security zones for further analysis. For example, FIG. 2B described below shows an example industrial plant 200 divided into a plurality of security zones, where each security zone shown has its own router/firewall 225. ¶0029 For the purposes of this Disclosure, it is generally desired to know what devices in the control network are in the same security zone for disclosed risk calculations. Security zones as used herein can refer to the ANSI/ISA-99 Standards to Improve Control System Security model of zones and conduits, where roughly, devices in a control network that can freely communicate with each other are grouped in the same security zone. Devices that have to go through some conduit (such as a firewall/router 225) are generally grouped into another security zone. If there is a virus or worm detected on one device that can propagate through the network, all devices within the same security zone can be considered to be at risk, because the infected device can contact them directly. The security zones allow determination of which of the devices are connected to the network implemented by the ICS, indicating where a cyber-attack might spread if a particular device in the ICS 150 is compromised.); obtaining, at the server and over the IP network, communications from the plurality of devices (¶0023 Assuming local agents are present on all devices in the network, the local agent generally collects data and sends the vulnerability data and event data (if present) to data collection module 121, such as using agentless collection protocols on each device (e.g., Windows Management Instrumentation (WMI), Simple Network Management Protocol (SNMP), Syslog), or a combination of these approaches. One particular local agent-based implementation uses Microsoft System Center Operations Manager (SCOM) for data collection. Risk analysis system 100 can thus use a combination of local agents to collect data from workstations 135 (or PCs) and agentless collection to gather data); monitoring, using the communications, the plurality of devices to get status information from the communications (¶0031 Two different example methods for monitoring devices can be used. The simplest monitoring method is polling, where the value is read at some fixed interval (e.g., once every hour). The other method which can be used when possible is to register with the operating system of the device to be notified any time the value one is interested in changes. This method is generally only possible for certain parameters on certain operating devices (e.g., registry values on WINDOWS machines). When it is not possible to register for notifications for a given parameter, polling is generally used. Areas of monitoring include anti-virus, application whitelisting, WINDOWS security events, network security (including state of switches, routers, firewalls, and intrusion detection/prevention systems), backup status, patching status and asset policies..") ¶0039 the user station 125 can provide high level indicators of system problems, shown as gauges, numeric representations of risk, and charts of current status and historic views of risk. More experienced users can expand the user station 125 to see more information about the ICS 150 and its cyber-risks. The user can access a system analysis view to see trends and status on individual machines, within zones, and across the ICS 150.); determining an aggregate risk for the site based on the zone sensitivities, the device sensitivities, and the device status information, wherein the aggregate risk is proportional to a number of devices in an error status and inversely proportional to a total number of the plurality of devices (Fig. 4A, ¶0060 FIGS. 4A-D show various example dashboard views that can be generated by disclosed risk analysis system integrated into a network of an ICS including a plurality of networked devices that are monitored that are grouped into a plurality of different security zones, according to an example embodiment. FIG. 4A shows an example list view which includes a current net site cyber-security risk as well as a site risk for each security zone shown as zones 1-6, as well as a 30 day trend for site risk for the respective zones. Notifications, risk level by area, and a 30 day net site trend for risk are shown. FIG. 4B shows an example expanded list view which further includes details of notifications including specific alerts, as well as a listing of possible causes, potential impacts and recommended actions. ¶0029 Devices that have to go through some conduit (such as a firewall/router 225) are generally grouped into another security zone. If there is a virus or worm detected on one device that can propagate through the network, all devices within the same security zone can be considered to be at risk, because the infected device can contact them directly. The security zones allow determination of which of the devices are connected to the network implemented by the ICS, indicating where a cyber-attack might spread if a particular device in the ICS 150 is compromised. ¶0047 Assume one is calculating the risk of a critical device in a system. As this is a critical device, the result if this device were compromised can be very serious, so a value of C=1.0 (or 100%) can be assigned. Assume there are two vulnerabilities on this device, a missing non-security operating patch and no antivirus software installed with vulnerability values of 0.3 (or 30%) and 0.95 (or 95%). Assume there is one active threat detected against the system, a series of repeated access attempts with bad passwords with a threat value of 0.8 (or 80%). ¶0048 The simplest way to calculate V for this device is to consider the highest threat (0.95). Other algorithms could also be used that might consider the values of all active threats, but a simple calculation is described. The calculation for T is simple as there is a single threat. Using these, it is found R=V*T*C=0.95*0.8*1.0=0.76 (or 76%). ¶0049 Step 304 comprises aggregating data including ranking the risks across the plurality of networked devices and arranging the risks into at least one logical grouping. For example, users might want to split out risks based on their source. Risks from PCs might go in one group and risks from network devices might go in another. This is useful because often different administrators are responsible for maintaining PCs vs. network devices. Another example would be splitting up the risks based on logic groupings within the site. Control systems are often split into clusters of functionality that correspond to steps in the manufacturing process. Each cluster might be a logical grouping here. The aggregating data can further comprise aggregating categories of a security state of the plurality of networked devices. The at least one logical grouping can includes security zones which allows a determination of which of the plurality of networked devices are connected, indicating where a cyber-attack might spread if one of the plurality of networked devices is compromised, sources of the risks, and severity of the risks); and outputting, to a user, an indication of the aggregate risk (Fig. 1 and ¶0039 The workstation 125a can display the vulnerability information in the security database 116 for the user in multiple ways. For relatively inexperienced users, the user station 125 can provide high level indicators of system problems, shown as gauges, numeric representations of risk, and charts of current status and historic views of risk. More experienced users can expand the user station 125 to see more information about the ICS 150 and its cyber-risks. The user can access a system analysis view to see trends and status on individual machines, within zones, and across the ICS 150... ¶0049 Step 304 comprises aggregating data including ranking the risks across the plurality of networked devices and arranging the risks into at least one logical grouping.). Although proportions per se are not explicitly taught by Carpenter, Girouard teaches in the analogous art of apparatus for communication between a sensor and a managing device: wherein the aggregate risk is proportional to a number of devices in an error status and inversely proportional to a total number of the plurality of devices (¶0094 In some embodiments, the reference device 12 may be configured to determine the strength or quality of received return signals 20, and in response it may send a message to the mobile device 16 that it only expects to receive a return signal 20 at some rate. For example, the message may instruct the mobile sensor 16 to only send return signals to every other initiation pulse 18 it receives (or some other suitable proportion of initiation pulses 18). The mobile sensor 16 may, in some embodiments, send a response to some proportion of initiation pulses 18, but if the strength and/or quality of one or more received initiation pulses 18 suitably changes, the mobile sensor 16 may then opt to send return signals 20 to a greater proportion of initiation pulses 18. Therefore, in that situation, the ratio of initiation pulses 18 and return signals 20 may be varied. ¶0095 Therefore, the devices 12, 16 may safely adjust a proportion of return signals 20 to initiation pulse 18 without one device mistakenly identifying that communication was lost. Advantageously, the strength of communication may be continuously assessed, but the mobile device 16 may still only transmit signals at a low rate conserving energy. ¶0099 In the graph 50, individual measurements are shown with an (x), and as shown therein, in different time periods 52, 54, and 56 the spacing between measurements (which again may be proportional to Pi) is varied. For example, within the time period 52, times between measurements is less than in the periods 54, 56. The times between measurements may be related to the communication strength and within the time period 52 the communication strength is low and it may be advantageous to send initiation pulses at a high rate; therefore, the time between measurements (and transmissions) is small.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the apparatus for communication between a sensor and a managing device of Girouard with the system for analyzing cyber-security risks in an industrial control environment of Carpenter for the following reasons: (1) a finding that there was some teaching, suggestion, or motivation, either in the references themselves or in the knowledge generally available to one of ordinary skill in the art, to modify the reference or to combine reference teachings, e.g. Carpenter ¶0003 teaches that it is desirable to addressed security vulnerabilities in equipment which can disrupt production or cause unsafe conditions; (2) a finding that there was reasonable expectation of success since the only difference between the claimed invention and the prior art being the lack of actual combination of the elements in a single prior art reference, e.g. Carpenter Abstract teaches a method of analyzing cyber-security risks in an industrial control system (ICS) including a plurality of networked devices includes providing a processor and a memory storing a cyber-security algorithm, and Girouard Abstract teaches adjusting characteristics of signals used to verify or track the reliability of communication between a remote sensor and a managing device; and (3) whatever additional findings based on the Graham factual inquiries may be necessary, in view of the facts of the case under consideration, to explain a conclusion of obviousness, e.g. Carpenter at least the above cited paragraphs, and Girouard at least the inclusively cited paragraphs. Therefore, it would be obvious to one skilled in the art at the time of the invention to combine the apparatus for communication between a sensor and a managing device of Girouard with the system for analyzing cyber-security risks in an industrial control environment of Carpenter. The rationale to support a conclusion that the claim would have been obvious is that "a person of ordinary skill in the art would have been motivated to combine the prior art to achieve the claimed invention and whether there would have been a reasonable expectation of success in doing so." DyStar Textilfarben GmbH & Co. Deutschland KG v. C.H. Patrick Co., 464 F.3d 1356, 1360, 80 USPQ2d 1641, 1645 (Fed. Cir. 2006). See MPEP 2143(G). Carpenter teaches: Claim 2. The method of claim 1, wherein determining the aggregate risk comprises determining zone- specific risks, the aggregate risk being based on an average of the zone-specific risks (¶0060 FIG. 4A shows an example list view which includes a current net site cyber-security risk as well as a site risk for each security zone shown as zones 1-6, as well as a 30 day trend for site risk for the respective zones. Notifications, risk level by area, and a 30 day net site trend for risk are shown. FIG. 4B shows an example expanded list view which further includes details of notifications including specific alerts, as well as a listing of possible causes, potential impacts and recommended actions.). Carpenter teaches: Claim 3. The method of claim 2, wherein the aggregate risk is based on a weighted average of the zone-specific risks (¶0048 The simplest way to calculate V for this device is to consider the highest threat (0.95). Other algorithms could also be used that might consider the values of all active threats, but a simple calculation is described. The calculation for T is simple as there is a single threat. Using these, it is found R=V*T*C=0.95*0.8*1.0=0.76 (or 76%).). Carpenter teaches: Claim 4. The method of claim 3, wherein the weighted average is based on weights associated with each of the multiple zones (¶0062 FIG. 4E shows an example billboard view of a 6-zone system which helps show the progression of information disclosure in the system. The basic flow of the system is the user starts at the billboard view in FIG. 4E, which shows the general status of the system. The user can switch the individual elements of the dashboard to a detail view shown in FIG. 4A. The user can further expand to see the list of risk items in the system as well as guidance for each individual risk item shown in FIG. 4B. The user can further go into an analysis view, which allows for tabular review of the data in the system shown in FIG. 4C. The user might filter to see how an individual risk item appears across the whole system. They can also export this filtered view for future reference or hand off to someone to fix the problem that is present.). Carpenter teaches: Claim 5. The method of claim 3, wherein the aggregate risk is determined based on a maximum zone- specific risk, an average zone-specific risk, and a ratio of zones in risk to a total number of the multiple zones (¶0060 FIGS. 4A-D show various example dashboard views that can be generated by disclosed risk analysis system integrated into a network of an ICS including a plurality of networked devices that are monitored that are grouped into a plurality of different security zones, according to an example embodiment. FIG. 4A shows an example list view which includes a current net site cyber-security risk as well as a site risk for each security zone shown as zones 1-6, as well as a 30 day trend for site risk for the respective zones. Notifications, risk level by area, and a 30 day net site trend for risk are shown. FIG. 4B shows an example expanded list view which further includes details of notifications including specific alerts, as well as a listing of possible causes, potential impacts and recommended actions.). Carpenter teaches: Claim 6. The method of claim 5, wherein the average zone-specific risk is determined excluding the maximum zone-specific risk (¶0060 FIGS. 4A-D show various example dashboard views that can be generated by disclosed risk analysis system integrated into a network of an ICS including a plurality of networked devices that are monitored that are grouped into a plurality of different security zones, according to an example embodiment. FIG. 4A shows an example list view which includes a current net site cyber-security risk as well as a site risk for each security zone shown as zones 1-6, as well as a 30 day trend for site risk for the respective zones. Notifications, risk level by area, and a 30 day net site trend for risk are shown. FIG. 4B shows an example expanded list view which further includes details of notifications including specific alerts, as well as a listing of possible causes, potential impacts and recommended actions.). Carpenter teaches: Claim 7. The method of claim 6, wherein the aggregate risk is based on a weighted maximum zone- specific risk (¶0060 FIGS. 4A-D show various example dashboard views that can be generated by disclosed risk analysis system integrated into a network of an ICS including a plurality of networked devices that are monitored that are grouped into a plurality of different security zones, according to an example embodiment. FIG. 4A shows an example list view which includes a current net site cyber-security risk as well as a site risk for each security zone shown as zones 1-6, as well as a 30 day trend for site risk for the respective zones. Notifications, risk level by area, and a 30 day net site trend for risk are shown. FIG. 4B shows an example expanded list view which further includes details of notifications including specific alerts, as well as a listing of possible causes, potential impacts and recommended actions. ¶0062 FIG. 4E shows an example billboard view of a 6-zone system which helps show the progression of information disclosure in the system. The basic flow of the system is the user starts at the billboard view in FIG. 4E, which shows the general status of the system. The user can switch the individual elements of the dashboard to a detail view shown in FIG. 4A. The user can further expand to see the list of risk items in the system as well as guidance for each individual risk item shown in FIG. 4B. The user can further go into an analysis view, which allows for tabular review of the data in the system shown in FIG. 4C. The user might filter to see how an individual risk item appears across the whole system. They can also export this filtered view for future reference or hand off to someone to fix the problem that is present). Although not explicitly taught by Carpenter, Girouard teaches in the analogous art of apparatus for communication between a sensor and a managing device: Claim 8. The method of claim 2, wherein determining zone-specific risks comprises determining, on a per-zone basis, a maximum device-specific risk and an average device-specific risk, wherein the aggregate risk is based on the maximum device-specific risk of the multiple zones, the average device- specific risk of the multiple zones, and a ratio of the number of devices in the error status to the total number of the plurality of devices (¶0103 In some embodiments, it may be desirable to maintain the interval (Pi) within certain acceptable bounds. For example, it may be desired to only vary the interval (Pi) between a maximum possible interval Pi(max) and a minimum possible interval Pi(min) as may be expressed by the relation: Pi(max)<or=Pi <   (Equation 3) Where: [0104] Pi(max)=Max possible interval [0105] Pi(min)=Min possible interval [0106] For example, Equation 1 or Equation 2 may vary Pi but be subject to the above constraint. Values of Pi (max) may be default values, calculated values or a combination of both. And, in some embodiments, Pi (max) may be calculated as part of an exchange calibration procedure that is run at regular intervals or based on other factors as described above,). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the apparatus for communication between a sensor and a managing device of Girouard with the system for analyzing cyber-security risks in an industrial control environment of Carpenter for the following reasons: (1) a finding that there was some teaching, suggestion, or motivation, either in the references themselves or in the knowledge generally available to one of ordinary skill in the art, to modify the reference or to combine reference teachings, e.g. Carpenter ¶0003 teaches that it is desirable to addressed security vulnerabilities in equipment which can disrupt production or cause unsafe conditions; (2) a finding that there was reasonable expectation of success since the only difference between the claimed invention and the prior art being the lack of actual combination of the elements in a single prior art reference, e.g. Carpenter Abstract teaches a method of analyzing cyber-security risks in an industrial control system (ICS) including a plurality of networked devices includes providing a processor and a memory storing a cyber-security algorithm, and Girouard Abstract teaches adjusting characteristics of signals used to verify or track the reliability of communication between a remote sensor and a managing device; and (3) whatever additional findings based on the Graham factual inquiries may be necessary, in view of the facts of the case under consideration, to explain a conclusion of obviousness, e.g. Carpenter at least the above cited paragraphs, and Girouard at least the inclusively cited paragraphs. Therefore, it would be obvious to one skilled in the art at the time of the invention to combine the apparatus for communication between a sensor and a managing device of Girouard with the system for analyzing cyber-security risks in an industrial control environment of Carpenter. The rationale to support a conclusion that the claim would have been obvious is that "a person of ordinary skill in the art would have been motivated to combine the prior art to achieve the claimed invention and whether there would have been a reasonable expectation of success in doing so." DyStar Textilfarben GmbH & Co. Deutschland KG v. C.H. Patrick Co., 464 F.3d 1356, 1360, 80 USPQ2d 1641, 1645 (Fed. Cir. 2006). See MPEP 2143(G). Although not explicitly taught by Carpenter, Girouard teaches in the analogous art of apparatus for communication between a sensor and a managing device: Claim 9. The method of claim 8, wherein the average device-specific risk for each zone is determined excluding the maximum device-specific risk within the zone (¶0065 In some embodiments, a sensor may be equipped to move between both a personal network and one or more other networks. And, in some embodiments, it may be convenient to apply different protocols for locating sensor devices and/or establishing device communication depending upon whether the sensor is within the domain of a personal network and/or one or more other networks. For example, at least in some embodiments, a mobile sensor may operate primarily by sending initiation pulses when in one network, but when in another network the mobile sensor may switch to operating partially or exclusively as a responder (sending response signals). ¶0093 requiring that signals pass from the remote device to the reference device may be desired because such an operation may respond to drifts, changes or other inaccuracies in the power at which a device may send a signal such as if calibration routines associated with transmission have error or become unstable as system energy is drained. That is, such an operation demands that signal is accurately transmitted and detected as would an emergency message—e.g., it requires transmission from the remote device and receipt by the reference device.) ¶0026 a sensor may be configured to send an audible alarm to alert an individual that the sensor is approaching a physical or communication boundary or to alert an individual that a strength or quality of data exchange has dropped below some threshold level. In some embodiments, a sensor may include a processor that may store or calculate one or more time periods that may be needed to execute one or more tasks. The processor may further be configured to determine if the sensor may be too close to a communication boundary or if communication strength is too low or dropping too rapidly to reliably or successfully execute those tasks. Appropriate actions, including, for example, preemptive transmission of data that otherwise may be at risk of becoming unavailable for successful transmission, may be executed if risk of loss of communication is deemed too great.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the apparatus for communication between a sensor and a managing device of Girouard with the system for analyzing cyber-security risks in an industrial control environment of Carpenter for the following reasons: (1) a finding that there was some teaching, suggestion, or motivation, either in the references themselves or in the knowledge generally available to one of ordinary skill in the art, to modify the reference or to combine reference teachings, e.g. Carpenter ¶0003 teaches that it is desirable to addressed security vulnerabilities in equipment which can disrupt production or cause unsafe conditions; (2) a finding that there was reasonable expectation of success since the only difference between the claimed invention and the prior art being the lack of actual combination of the elements in a single prior art reference, e.g. Carpenter Abstract teaches a method of analyzing cyber-security risks in an industrial control system (ICS) including a plurality of networked devices includes providing a processor and a memory storing a cyber-security algorithm, and Girouard Abstract teaches adjusting characteristics of signals used to verify or track the reliability of communication between a remote sensor and a managing device; and (3) whatever additional findings based on the Graham factual inquiries may be necessary, in view of the facts of the case under consideration, to explain a conclusion of obviousness, e.g. Carpenter at least the above cited paragraphs, and Girouard at least the inclusively cited paragraphs. Therefore, it would be obvious to one skilled in the art at the time of the invention to combine the apparatus for communication between a sensor and a managing device of Girouard with the system for analyzing cyber-security risks in an industrial control environment of Carpenter. The rationale to support a conclusion that the claim would have been obvious is that "a person of ordinary skill in the art would have been motivated to combine the prior art to achieve the claimed invention and whether there would have been a reasonable expectation of success in doing so." DyStar Textilfarben GmbH & Co. Deutschland KG v. C.H. Patrick Co., 464 F.3d 1356, 1360, 80 USPQ2d 1641, 1645 (Fed. Cir. 2006). See MPEP 2143(G). Although not explicitly taught by Carpenter, Girouard teaches in the analogous art of apparatus for communication between a sensor and a managing device: Claim 10. The method of claim 8, wherein the aggregate risk is determined based on a maximum zone- specific risk, an average zone-specific risk, and a ratio of zones in risk to a total number of the multiple zones (¶0103 In some embodiments, it may be desirable to maintain the interval (Pi) within certain acceptable bounds. For example, it may be desired to only vary the interval (Pi) between a maximum possible interval Pi(max) and a minimum possible interval Pi(min) as may be expressed by the relation: Pi(max)<or=Pi <   (Equation 3) Where: [0104] Pi(max)=Max possible interval [0105] Pi(min)=Min possible interval [0106] For example, Equation 1 or Equation 2 may vary Pi but be subject to the above constraint. Values of Pi (max) may be default values, calculated values or a combination of both. And, in some embodiments, Pi (max) may be calculated as part of an exchange calibration procedure that is run at regular intervals or based on other factors as described above ¶0031 processor may gauge how well a device is receiving signals based on a percentage or ratio of signals a device detects (e.g., a device may expect to detect a certain number of initiation pulses or parts of an initiation pulse and compare the expected number to an actual detected number), based on how strongly signals are received (e.g., an amplitude or power of a detected signal), based on temporal or phase delay between two signals, based on a ratio of signal to background, based on other factors, and/or based on combinations of factors thereof..). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the apparatus for communication between a sensor and a managing device of Girouard with the system for analyzing cyber-security risks in an industrial control environment of Carpenter for the following reasons: (1) a finding that there was some teaching, suggestion, or motivation, either in the references themselves or in the knowledge generally available to one of ordinary skill in the art, to modify the reference or to combine reference teachings, e.g. Carpenter ¶0003 teaches that it is desirable to addressed security vulnerabilities in equipment which can disrupt production or cause unsafe conditions; (2) a finding that there was reasonable expectation of success since the only difference between the claimed invention and the prior art being the lack of actual combination of the elements in a single prior art reference, e.g. Carpenter Abstract teaches a method of analyzing cyber-security risks in an industrial control system (ICS) including a plurality of networked devices includes providing a processor and a memory storing a cyber-security algorithm, and Girouard Abstract teaches adjusting characteristics of signals used to verify or track the reliability of communication between a remote sensor and a managing device; and (3) whatever additional findings based on the Graham factual inquiries may be necessary, in view of the facts of the case under consideration, to explain a conclusion of obviousness, e.g. Carpenter at least the above cited paragraphs, and Girouard at least the inclusively cited paragraphs. Therefore, it would be obvious to one skilled in the art at the time of the invention to combine the apparatus for communication between a sensor and a managing device of Girouard with the system for analyzing cyber-security risks in an industrial control environment of Carpenter. The rationale to support a conclusion that the claim would have been obvious is that "a person of ordinary skill in the art would have been motivated to combine the prior art to achieve the claimed invention and whether there would have been a reasonable expectation of success in doing so." DyStar Textilfarben GmbH & Co. Deutschland KG v. C.H. Patrick Co., 464 F.3d 1356, 1360, 80 USPQ2d 1641, 1645 (Fed. Cir. 2006). See MPEP 2143(G). Although not explicitly taught by Carpenter, Girouard teaches in the analogous art of apparatus for communication between a sensor and a managing device: Claim 11. The method of claim 8, wherein the average zone-specific risk is determined excluding the maximum zone-specific risk (¶0065 In some embodiments, a sensor may be equipped to move between both a personal network and one or more other networks. And, in some embodiments, it may be convenient to apply different protocols for locating sensor devices and/or establishing device communication depending upon whether the sensor is within the domain of a personal network and/or one or more other networks. For example, at least in some embodiments, a mobile sensor may operate primarily by sending initiation pulses when in one network, but when in another network the mobile sensor may switch to operating partially or exclusively as a responder (sending response signals). ¶0093 requiring that signals pass from the remote device to the reference device may be desired because such an operation may respond to drifts, changes or other inaccuracies in the power at which a device may send a signal such as if calibration routines associated with transmission have error or become unstable as system energy is drained. That is, such an operation demands that signal is accurately transmitted and detected as would an emergency message—e.g., it requires transmission from the remote device and receipt by the reference device.) ¶0026 a sensor may be configured to send an audible alarm to alert an individual that the sensor is approaching a physical or communication boundary or to alert an individual that a strength or quality of data exchange has dropped below some threshold level. In some embodiments, a sensor may include a processor that may store or calculate one or more time periods that may be needed to execute one or more tasks. The processor may further be configured to determine if the sensor may be too close to a communication boundary or if communication strength is too low or dropping too rapidly to reliably or successfully execute those tasks. Appropriate actions, including, for example, preemptive transmission of data that otherwise may be at risk of becoming unavailable for successful transmission, may be executed if risk of loss of communication is deemed too great.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the apparatus for communication between a sensor and a managing device of Girouard with the system for analyzing cyber-security risks in an industrial control environment of Carpenter for the following reasons: (1) a finding that there was some teaching, suggestion, or motivation, either in the references themselves or in the knowledge generally available to one of ordinary skill in the art, to modify the reference or to combine reference teachings, e.g. Carpenter ¶0003 teaches that it is desirable to addressed security vulnerabilities in equipment which can disrupt production or cause unsafe conditions; (2) a finding that there was reasonable expectation of success since the only difference between the claimed invention and the prior art being the lack of actual combination of the elements in a single prior art reference, e.g. Carpenter Abstract teaches a method of analyzing cyber-security risks in an industrial control system (ICS) including a plurality of networked devices includes providing a processor and a memory storing a cyber-security algorithm, and Girouard Abstract teaches adjusting characteristics of signals used to verify or track the reliability of communication between a remote sensor and a managing device; and (3) whatever additional findings based on the Graham factual inquiries may be necessary, in view of the facts of the case under consideration, to explain a conclusion of obviousness, e.g. Carpenter at least the above cited paragraphs, and Girouard at least the inclusively cited paragraphs. Therefore, it would be obvious to one skilled in the art at the time of the invention to combine the apparatus for communication between a sensor and a managing device of Girouard with the system for analyzing cyber-security risks in an industrial control environment of Carpenter. The rationale to support a conclusion that the claim would have been obvious is that "a person of ordinary skill in the art would have been motivated to combine the prior art to achieve the claimed invention and whether there would have been a reasonable expectation of success in doing so." DyStar Textilfarben GmbH & Co. Deutschland KG v. C.H. Patrick Co., 464 F.3d 1356, 1360, 80 USPQ2d 1641, 1645 (Fed. Cir. 2006). See MPEP 2143(G). Although not explicitly taught by Carpenter, Girouard teaches in the analogous art of apparatus for communication between a sensor and a managing device: Claim 12. The method of claim 10, wherein the aggregate risk is based on a weighted maximum device specific risk, a weighted average of the device-specific risk of the multiple zones, a weighted ratio of the number of devices in the error status to the total number of the plurality of devices, a weighted maximum zone-specific risk, a weighted average zone-specific risk, and a weighted ratio of zones in risk to a total number of the multiple zones (¶0103 In some embodiments, it may be desirable to maintain the interval (Pi) within certain acceptable bounds. For example, it may be desired to only vary the interval (Pi) between a maximum possible interval Pi(max) and a minimum possible interval Pi(min) as may be expressed by the relation: Pi(max)<or=Pi <   (Equation 3) Where: [0104] Pi(max)=Max possible interval [0105] Pi(min)=Min possible interval [0106] For example, Equation 1 or Equation 2 may vary Pi but be subject to the above constraint. Values of Pi (max) may be default values, calculated values or a combination of both. And, in some embodiments, Pi (max) may be calculated as part of an exchange calibration procedure that is run at regular intervals or based on other factors as described above). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the apparatus for communication between a sensor and a managing device of Girouard with the system for analyzing cyber-security risks in an industrial control environment of Carpenter for the following reasons: (1) a finding that there was some teaching, suggestion, or motivation, either in the references themselves or in the knowledge generally available to one of ordinary skill in the art, to modify the reference or to combine reference teachings, e.g. Carpenter ¶0003 teaches that it is desirable to addressed security vulnerabilities in equipment which can disrupt production or cause unsafe conditions; (2) a finding that there was reasonable expectation of success since the only difference between the claimed invention and the prior art being the lack of actual combination of the elements in a single prior art reference, e.g. Carpenter Abstract teaches a method of analyzing cyber-security risks in an industrial control system (ICS) including a plurality of networked devices includes providing a processor and a memory storing a cyber-security algorithm, and Girouard Abstract teaches adjusting characteristics of signals used to verify or track the reliability of communication between a remote sensor and a managing device; and (3) whatever additional findings based on the Graham factual inquiries may be necessary, in view of the facts of the case under consideration, to explain a conclusion of obviousness, e.g. Carpenter at least the above cited paragraphs, and Girouard at least the inclusively cited paragraphs. Therefore, it would be obvious to one skilled in the art at the time of the invention to combine the apparatus for communication between a sensor and a managing device of Girouard with the system for analyzing cyber-security risks in an industrial control environment of Carpenter. The rationale to support a conclusion that the claim would have been obvious is that "a person of ordinary skill in the art would have been motivated to combine the prior art to achieve the claimed invention and whether there would have been a reasonable expectation of success in doing so." DyStar Textilfarben GmbH & Co. Deutschland KG v. C.H. Patrick Co., 464 F.3d 1356, 1360, 80 USPQ2d 1641, 1645 (Fed. Cir. 2006). See MPEP 2143(G). Carpenter teaches: Claim 13. The method of claim 2, comprising outputting the aggregate risk and the zone-specific risks via an interface (¶Fig. 1 and ¶0039 The workstation 125a can display the vulnerability information in the security database 116 for the user in multiple ways. For relatively inexperienced users, the user station 125 can provide high level indicators of system problems, shown as gauges, numeric representations of risk, and charts of current status and historic views of risk. More experienced users can expand the user station 125 to see more information about the ICS 150 and its cyber-risks. The user can access a system analysis view to see trends and status on individual machines, within zones, and across the ICS 150... ¶0049 Step 304 comprises aggregating data including ranking the risks across the plurality of networked devices and arranging the risks into at least one logical grouping). Carpenter teaches: Claim 14. The method of claim 1, wherein the aggregate risk is determined based on a ratio of the number of devices in the error status to the total number of the plurality of devices (¶0047 Assume one is calculating the risk of a critical device in a system. As this is a critical device, the result if this device were compromised can be very serious, so a value of C=1.0 (or 100%) can be assigned. Assume there are two vulnerabilities on this device, a missing non-security operating patch and no antivirus software installed with vulnerability values of 0.3 (or 30%) and 0.95 (or 95%). Assume there is one active threat detected against the system, a series of repeated access attempts with bad passwords with a threat value of 0.8 (or 80%). ¶0048 The simplest way to calculate V for this device is to consider the highest threat (0.95). Other algorithms could also be used that might consider the values of all active threats, but a simple calculation is described. The calculation for T is simple as there is a single threat. Using these, it is found R=V*T*C=0.95*0.8*1.0=0.76 (or 76%). ¶0049 Step 304 comprises aggregating data including ranking the risks across the plurality of networked devices and arranging the risks into at least one logical grouping. For example, users might want to split out risks based on their source. Risks from PCs might go in one group and risks from network devices might go in another. This is useful because often different administrators are responsible for maintaining PCs vs. network devices. Another example would be splitting up the risks based on logic groupings within the site. Control systems are often split into clusters of functionality that correspond to steps in the manufacturing process. Each cluster might be a logical grouping here. The aggregating data can further comprise aggregating categories of a security state of the plurality of networked devices. The at least one logical grouping can includes security zones which allows a determination of which of the plurality of networked devices are connected, indicating where a cyber-attack might spread if one of the plurality of networked devices is compromised, sources of the risks, and severity of the risks ). Carpenter teaches: Claim 15. The method of claim 1, wherein associating the respective zone sensitivity to the multiple zones comprises associating, to each of the multiple zones, a vulnerability indicative of a risk of the respective zone being compromised (¶0029 Devices that have to go through some conduit (such as a firewall/router 225) are generally grouped into another security zone. If there is a virus or worm detected on one device that can propagate through the network, all devices within the same security zone can be considered to be at risk, because the infected device can contact them directly. The security zones allow determination of which of the devices are connected to the network implemented by the ICS, indicating where a cyber-attack might spread if a particular device in the ICS 150 is compromised. ¶0047 Assume one is calculating the risk of a critical device in a system. As this is a critical device, the result if this device were compromised can be very serious, so a value of C=1.0 (or 100%) can be assigned. Assume there are two vulnerabilities on this device, a missing non-security operating patch and no antivirus software installed with vulnerability values of 0.3 (or 30%) and 0.95 (or 95%). Assume there is one active threat detected against the system, a series of repeated access attempts with bad passwords with a threat value of 0.8 (or 80%)). Carpenter teaches: Claim 16. The method of claim 1, wherein associating the respective zone sensitivity to the multiple zones comprises associating, for each zone of the multiple zones, an impact indicative of a potential damage that would be caused if the respective zone is compromised (¶0035 The rules engine of the rules engine and aggregation module 122 can then rank the risks across the ICS 150 using the numerical scores arrange them into logical groupings (e.g., security zones, risk sources, risk severity). The rules engine can associate guidance text with each risk to help a user address the risk (e.g., problem description, possible causes, potential impact to the system, recommended actions, see FIG. 4B described below). ¶0050 Step 305 comprises displaying at least the logical grouping on a workstation associated with the user station. The method can further comprising generating guidance text with each of the risks including a problem description, possible causes, potential impact to the ICS and recommended actions, and displaying the guidance text on the user station.). Carpenter teaches: Claim 17. The method of claim 1, wherein associating the respective device sensitivity to the plurality of devices comprises associating, to each of the plurality of devices, a vulnerability indicative of a level of exposure if the respective device is compromised (¶0035 There can also be more sophisticated scoring rules used by rules engine and aggregation module 122 that take repetition of risks and exposure to connected devices into account. These rules can be modified and fine-tuned by users as needed. The rules engine of the rules engine and aggregation module 122 can then rank the risks across the ICS 150 using the numerical scores arrange them into logical groupings (e.g., security zones, risk sources, risk severity). The rules engine can associate guidance text with each risk to help a user address the risk (e.g., problem description, possible causes, potential impact to the system, recommended actions, see FIG. 4B described below). Carpenter teaches: Claim 18. The method of claim 17, wherein the level of exposure is based on a scope of coverage of the respective device (¶0035 There can also be more sophisticated scoring rules used by rules engine and aggregation module 122 that take repetition of risks and exposure to connected devices into account. These rules can be modified and fine-tuned by users as needed. The rules engine of the rules engine and aggregation module 122 can then rank the risks across the ICS 150 using the numerical scores arrange them into logical groupings (e.g., security zones, risk sources, risk severity). The rules engine can associate guidance text with each risk to help a user address the risk (e.g., problem description, possible causes, potential impact to the system, recommended actions, see FIG. 4B described below ¶0052 1. Multi-pass discovery of control system devices: disclosed systems such as risk analysis system 100 can make use of multiple sources for device discovery and combine them to compile a complete picture of the devices in the control system 120 of ICS 150. For example, the data collection module 121 may query a domain controller using a domain controller as part of servers 140 in FIG. 1 to obtain a full list of all the PCs (e.g., workstations 135 shown in FIG. 1 as well as the servers in 140 including the domain controller itself in the ICS 150.). Carpenter teaches: Claim 19. The method of claim 18, wherein the level of exposure is based on the importance of the scope of coverage (¶0035 There can also be more sophisticated scoring rules used by rules engine and aggregation module 122 that take repetition of risks and exposure to connected devices into account. These rules can be modified and fine-tuned by users as needed. The rules engine of the rules engine and aggregation module 122 can then rank the risks across the ICS 150 using the numerical scores arrange them into logical groupings (e.g., security zones, risk sources, risk severity). The rules engine can associate guidance text with each risk to help a user address the risk (e.g., problem description, possible causes, potential impact to the system, recommended actions, see FIG. 4B described below ¶0052 The data collection module 121 can then further interrogate those devices to determine their role in the ICS and discover further attached devices that are not part of the domain, such as real-time process controllers. Known solutions in the field can obtain device lists from the domain controller or by interrogating the network, but are not capable of the second pass discovery to find device features such as controller devices in the ICS). Carpenter teaches: Claim 20. The method of claim 18, the level of exposure of a particular device is based on a degree of overlap between the scope of coverage of the particular device and the scope of coverage of other devices within the plurality of devices (¶0035 There can also be more sophisticated scoring rules used by rules engine and aggregation module 122 that take repetition of risks and exposure to connected devices into account. These rules can be modified and fine-tuned by users as needed. The rules engine of the rules engine and aggregation module 122 can then rank the risks across the ICS 150 using the numerical scores arrange them into logical groupings (e.g., security zones, risk sources, risk severity). The rules engine can associate guidance text with each risk to help a user address the risk (e.g., problem description, possible causes, potential impact to the system, recommended actions, see FIG. 4B described below ¶0059 A consequence example can be the failure of only one device in a redundant pair (no impact); the loss of sensor fidelity in a non-critical process (minor impact to production or quality); the failure of a key process (major impact to production), and failure of a safety-related system (major impact to HSE).). As per claim 22, the system tracks the method of claim 1, respectively, resulting in substantially similar limitations. The same cited prior art and rationale of claim 1 are applied to claim 22, respectively. Carpenter discloses that the embodiment may be found as a system (Fig. 1 and ¶0019). Limitations that are not stated in claim 1 are as follows, however: Carpenter teaches: associating, at a server, a respective device sensitivity to each of a plurality of devices disposed within multiple zones of a site and a respective zone sensitivity to each of the multiple zones, the plurality of devices connected with the server over an IP network, wherein the plurality of devices monitor the site (¶0019 FIG. 1 is an example cyber-security risk analysis system (risk analysis system) 100 integrated into a network of an ICS 150 including a plurality of networked devices that are monitored, according to an example embodiment. As noted above, ICS 150 can be used in connection with a variety of different control system applications including for example control systems involved in manufacturing, power generation, energy distribution, waste handling, transportation, telecommunications, and water treatment ¶0028 Disclosed methods can include the step of discovering the devices networked in the ICS 150, creating a database of vulnerability and event data for those devices stored in the data collection module 121, and then grouping the devices into security zones for further analysis. For example, FIG. 2B described below shows an example industrial plant 200 divided into a plurality of security zones, where each security zone shown has its own router/firewall 225. ¶0040 FIG. 2A shows a DCS 120′ having five different tiers (levels) of networking that can benefit from disclosed cyber-security risk analysis systems. The network levels include a device-level 120a, IO-level 120b, control-level 120c, plant-level 120d and business level 120e. The device-level 120a includes gauges, valves, transmitters, actuators, sensors and other devices. The IO-level 120b includes IO modules 120b′. The control-level 120c includes at least one controller 120c′ which corresponds to the workstations 135, servers 140 and networked devices 145 shown in FIG. 1. ¶0020 Risk analysis system 100 includes a central server 105 shown including a processor 110 (e.g., microcontroller, digital signal processor (DSP) or microcontroller unit (MCU) with an associated memory(ies) 115 upon which disclosed algorithms and database data is stored, including the security database 116 which stores vulnerability data 116a including cyber-risks for the respective devices in the network. "; ¶0022 There are three basic approaches to data gathering of vulnerability data and event data (if present) to provide to the data collection module 121 that can be used with disclosed embodiments. The first approach uses a local agent on the monitored device, which is essentially a program that runs locally, collects information of interest relating to vulnerability data and event data (if present) and sends it up to the central device here being the data collection module 121). Claims 28-30 are rejected under 35 U.S.C. 103 as being unpatentable over Carpenter et al. (US 20160050225 A1) hereinafter referred to as Carpenter in view of Girouard (US 20160080107 A1) hereinafter referred to as Girouard in further view of Selinger (WO 2023192080 A1) hereinafter referred to as Selinger. As per claim 28, the system tracks the method of claim 1, respectively, resulting in substantially similar limitations. The same cited prior art and rationale of claim 1 are applied to claim 28, respectively. Carpenter discloses that the embodiment may be found as a system (Fig. 1 and ¶0019). Limitations that are not stated in claim 1 are as follows, however: Although not explicitly taught by Carpenter in view of Girouard, Selinger teaches in the analogous art of using guard feedback to train AI models: wherein the device(s) is/are camera(s) (¶0036 At 370, the processor monitors or observes, records, and analyzes guard responses to the security alert by using one or more cameras, keystroke loggers, bodycams, GPS, motion tracking devices, sound recorders, or other devices. ¶0038 Column two relates to the objects (i.e., person, car, animal, or other object) inside a protection zone performing “suspect” behavior. The first cell in column two represents a situation in which a person is inside the protection zone engaging in suspect behavior. In this situation, the camera is programmed to “escalate now” by, for example, issuing an alert to security personnel. The second cell in column two represents a situation in which a car is inside the protection zone engaging in suspect behavior. In this situation, the camera is programmed to “hold for X seconds” or remain in the current recording position for X number of seconds where X is a predetermined value such as 30 seconds. The term “hold” as it relates to the camera can also refer to continuing to observe the object, in this case the car, for X amount of time.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the art of using guard feedback to train AI models of Selinger with the system for analyzing cyber-security risks in an industrial control environment of Carpenter in view of Girouard for the following reasons: (1) a finding that there was some teaching, suggestion, or motivation, either in the references themselves or in the knowledge generally available to one of ordinary skill in the art, to modify the reference or to combine reference teachings, e.g. Carpenter ¶0003 teaches that it is desirable to addressed security vulnerabilities in equipment which can disrupt production or cause unsafe conditions; (2) a finding that there was reasonable expectation of success since the only difference between the claimed invention and the prior art being the lack of actual combination of the elements in a single prior art reference, e.g. Carpenter Abstract teaches a method of analyzing cyber-security risks in an industrial control system (ICS) including a plurality of networked devices includes providing a processor and a memory storing a cyber-security algorithm, and Girouard Abstract teaches adjusting characteristics of signals used to verify or track the reliability of communication between a remote sensor and a managing device, and Selinger Abstract teaches a recorded video is divided into video frames that are input and read by a processor that identifies objects in the video frames using the object's latent characteristics; and (3) whatever additional findings based on the Graham factual inquiries may be necessary, in view of the facts of the case under consideration, to explain a conclusion of obviousness, e.g. Carpenter in view of Girouard at least the above cited paragraphs, and Selinger at least the inclusively cited paragraphs. Therefore, it would be obvious to one skilled in the art at the time of the invention to combine the art of using guard feedback to train AI models of Selinger with the system for analyzing cyber-security risks in an industrial control environment of Carpenter in view of Girouard. The rationale to support a conclusion that the claim would have been obvious is that "a person of ordinary skill in the art would have been motivated to combine the prior art to achieve the claimed invention and whether there would have been a reasonable expectation of success in doing so." DyStar Textilfarben GmbH & Co. Deutschland KG v. C.H. Patrick Co., 464 F.3d 1356, 1360, 80 USPQ2d 1641, 1645 (Fed. Cir. 2006). See MPEP 2143(G). Although not explicitly taught by Carpenter in view of Girouard, Selinger teaches in the analogous art of using guard feedback to train AI models: Claim 29. The security system of claim 28, further comprising the plurality of cameras,each one of said plurality of cameras having a field of view covering at least one of said zones, the plurality of cameras connected to the camera status module over the IP network (¶0042 Column three of table 402 relates to objects outside the protection zone, which are predicted to enter the protection zone based on their approach vector. The first cell in column three represents a situation in which a person is predicted to enter the protection zone. In this situation, the camera is programmed to “escalate now” or issue an alert. The second cell in column three represents a situation in which a car is predicted to enter the protection zone. In this situation, the camera is programmed to “hold indefinitely” or continuously observe the car until it disappears from the field of view. As mentioned above, the term “hold” can also refer to the camera holding its position until directed elsewhere. The third cell in column three represents a situation in which an animal is predicted to enter the protection zone ¶0081] In some embodiments, filtering conditions may be changed in real time. In exemplary scenarios of usage, prior art cameras may not be able to change their filtering conditions in real- time. In some examples, prior art cameras may not, for example, adapt filtering conditions to ignore objects that are not of interest; the best they could conceivably do is to send the information to the web and be one (1) second behind real-time. In some embodiments, an exemplary AI- managed camera may detect that the object in the field of view is a cat and so for the next 10 minutes, we will not trigger on cat-sized objects.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the art of using guard feedback to train AI models of Selinger with the system for analyzing cyber-security risks in an industrial control environment of Carpenter in view of Girouard for the following reasons: (1) a finding that there was some teaching, suggestion, or motivation, either in the references themselves or in the knowledge generally available to one of ordinary skill in the art, to modify the reference or to combine reference teachings, e.g. Carpenter ¶0003 teaches that it is desirable to addressed security vulnerabilities in equipment which can disrupt production or cause unsafe conditions; (2) a finding that there was reasonable expectation of success since the only difference between the claimed invention and the prior art being the lack of actual combination of the elements in a single prior art reference, e.g. Carpenter Abstract teaches a method of analyzing cyber-security risks in an industrial control system (ICS) including a plurality of networked devices includes providing a processor and a memory storing a cyber-security algorithm, and Girouard Abstract teaches adjusting characteristics of signals used to verify or track the reliability of communication between a remote sensor and a managing device, and Selinger Abstract teaches a recorded video is divided into video frames that are input and read by a processor that identifies objects in the video frames using the object's latent characteristics; and (3) whatever additional findings based on the Graham factual inquiries may be necessary, in view of the facts of the case under consideration, to explain a conclusion of obviousness, e.g. Carpenter in view of Girouard at least the above cited paragraphs, and Selinger at least the inclusively cited paragraphs. Therefore, it would be obvious to one skilled in the art at the time of the invention to combine the art of using guard feedback to train AI models of Selinger with the system for analyzing cyber-security risks in an industrial control environment of Carpenter in view of Girouard. The rationale to support a conclusion that the claim would have been obvious is that "a person of ordinary skill in the art would have been motivated to combine the prior art to achieve the claimed invention and whether there would have been a reasonable expectation of success in doing so." DyStar Textilfarben GmbH & Co. Deutschland KG v. C.H. Patrick Co., 464 F.3d 1356, 1360, 80 USPQ2d 1641, 1645 (Fed. Cir. 2006). See MPEP 2143(G). Carpenter teaches: Claim 30. The security system of claim 29, further comprising a display connected to and receiving the aggregate risk from the risk calculation module (¶0049 Step 304 comprises aggregating data including ranking the risks across the plurality of networked devices and arranging the risks into at least one logical grouping. For example, users might want to split out risks based on their source. Risks from PCs might go in one group and risks from network devices might go in another. This is useful because often different administrators are responsible for maintaining PCs vs. network devices. Another example would be splitting up the risks based on logic groupings within the site. Control systems are often split into clusters of functionality that correspond to steps in the manufacturing process. Each cluster might be a logical grouping here. The aggregating data can further comprise aggregating categories of a security state of the plurality of networked devices. The at least one logical grouping can includes security zones which allows a determination of which of the plurality of networked devices are connected, indicating where a cyber-attack might spread if one of the plurality of networked devices is compromised). Conclusion THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). Any inquiry concerning this communication or earlier communications from the examiner should be directed to KURTIS GILLS whose telephone number is (571) 270-3315. The examiner can normally be reached on M-F, 8am-5pm EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jerry O’Connor can be reached on 571-272-6787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /KURTIS GILLS/Primary Examiner, Art Unit 3624
Read full office action

Prosecution Timeline

Sep 13, 2024
Application Filed
Dec 22, 2025
Non-Final Rejection mailed — §101, §103
Mar 23, 2026
Response Filed
May 04, 2026
Final Rejection mailed — §101, §103
Jul 02, 2026
Examiner Interview Summary
Jul 02, 2026
Applicant Interview (Telephonic)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12682305
METHOD OF ENGINEERING FORECAST AND ANALYSIS
2y 8m to grant Granted Jul 14, 2026
Patent 12670514
METHODS AND SYSTEMS FOR AUTOMATIC PROCESSING OF IMAGES OF A DAMAGED VEHICLE AND ESTIMATING A REPAIR COST
2y 0m to grant Granted Jun 30, 2026
Patent 12602664
INTELLIGENT MEETING TIMESLOT ANALYSIS AND RECOMMENDATION
3y 1m to grant Granted Apr 14, 2026
Patent 12572864
AVOIDING PROHIBITED SEQUENCES OF MATERIALS PROCESSING AT A CRUSHER USING PREDICTIVE ANALYTICS
3y 11m to grant Granted Mar 10, 2026
Patent 12572872
Mine Management System
3y 0m to grant Granted Mar 10, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
58%
Grant Probability
87%
With Interview (+28.8%)
3y 7m (~1y 9m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 554 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month