Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
DETAILED ACTION
Claims 1-7 are presented for examination.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 01/06/2026, 11/18/2025, 09/10/2025, 08/05/2025, 07/17/2025, 06/23/2025, 05/22/2025, 05/09/2025, 04/24/2025, 04/03/2025, 03/18/2025, 02/24/2025, 02/03/2025, 01/10/2025, 12/30/2024, 12/10/2024, 10/17/2024 have been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Form PTO-1449 is signed and attached hereto.
Drawings
The drawings filed on 10/07/2024 are accepted by the examiner.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement.
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).
Claims 1-8 of Patent # 11,086,988 contains every element of claims 1-7 of the instant application. Claims of the instant application therefore are not patently distinct from the earlier patent claims and as such are unpatentable over obvious-type double patenting. A later patent claim is not patentably distinct from an earlier claim if the later claim is anticipated by the earlier claim. See the claim comparison below.
“A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “ ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001).
Furthermore, the ODP is not the only outstanding rejection and the claims, if allowed, would improperly extend the "right to exclude" already granted in the patent. A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement.
Claim Comparison
Instant Application # 18/908,477
US Patent # 11,086,988
1. A manufacturing system comprising:
a honeypot system comprising a deep learning processor conditioned to generate expected response data and expected behavioral pattern data in a manufacturing process based on one or more control signals, the deep learning processor disconnected from a process, equipment, and control system in which the deep learning processor will be deployed; and an interface in communication with the honeypot system, the interface configured to provide external updates to the honeypot system.
2. The manufacturing system of claim 1, wherein the deep learning processor comprises a trained process simulator configured to receive control signals from a process controller deployed in the manufacturing system and generate simulated response data based on the control signals.
3. The manufacturing system of claim 2, further comprising: an emulator configured to emulate the process controller deployed in the manufacturing system.
4. The manufacturing system of claim 3, wherein the trained process simulator is configured to receive emulated control signals from the emulator and generate further simulated response data based on the emulated control signals.
5. The manufacturing system of claim 1, wherein the honeypot system is isolated from other components of the manufacturing system.
6. The manufacturing system of claim 1, wherein the interface introduces a malware attack to the honeypot system for analysis.
7. The manufacturing system of claim 1, wherein the deep learning processor is trained to identify anomalous activity within the manufacturing system.
1. A computer-implemented method, comprising:
providing, by a controller emulator coupled to an interface, one or more control signals to a process simulator and a deep learning processor, wherein the interface exposes the controller emulator to inputs from an external source; in response to receiving the one or more control signals, simulating, by the process simulator, response data that is provided to the deep learning processor; generating, by the deep learning processor, expected response data and expected behavioral pattern data for the one or more control signals; generating, by the deep learning processor, actual behavioral pattern data for the simulated response data; comparing at least one of: (i) the simulated response data to the expected response data, and (ii) the actual behavioral pattern data to the expected behavioral pattern data to determine whether anomalous activity is detected; and as a result of detecting the anomalous activity, performing one or more operations to address the anomalous activity.
2. The computer-implemented method of claim 1, wherein the deep learning processor includes a conditioned machine learning model.
3. The computer-implemented method of claim 1, wherein the simulated response data includes a control value that is provided to the controller emulator.
4. The computer-implemented method of claim 1, wherein the one or more operations include shutting down one or more factory process, equipment, and control (P/E/C) systems at risk as a result of the anomalous activity.
5. The computer-implemented method of claim 1, wherein the one or more operations include generating a notification, wherein the notification specifies the anomalous activity, and wherein the notification is provided to an operator to review the anomalous activity.
6. The computer-implemented method of claim 1, wherein the anomalous activity is detected as a result of a comparison of the simulated response data to the expected response data indicating a deviation.
7. The computer-implemented method of claim 1, wherein the anomalous activity is detected as a result of a comparison of the actual behavioral pattern data to the expected behavioral pattern data indicating a deviation.
8. The computer-implemented method of claim 1, wherein the one or more operations include determining whether the anomalous activity is a malware attack received by the controller emulator from the interface, wherein a determination that the anomalous activity is the malware attack is generated as a result of a confidence level score of the anomalous activity satisfying a confidence level threshold corresponding to detection of the malware attack.
Claim Rejections - 35 USC § 101
1. 35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-7 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter because the system claim does not constitute any physical device and or machine and merely recite software per se.
Claim 1 is directed to “a manufacturing system comprising: a honeypot system comprising a deep learning processor conditioned to generate expected response data and expected behavioral pattern data in a manufacturing process based on one or more control signals, the deep learning processor disconnected from a process, equipment, and control system in which the deep learning processor will be deployed; and an interface in communication with the honeypot system, the interface configured to provide external updates to the honeypot system…..”, emphasis added,
“a honeypot system”, “a deep learning processor” and “an interface in communication with the honeypot system” elements are interpreted to be coding/or software, and lacks of hardware elements, hence non-statutory subject matter.
Claims 2-7 inherit the deficiencies of the base claim 1 and therefore are non-statutory by virtue of their dependency.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
Claim 1 recites, "will be deployed" in line 5, renders the claim indefinite because "will be deployed" does not define the structure of the device/system. (See also MPEP § 2173.05).
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.
2. Claims 1-7 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Aguiar et al. (WO Publication No. 2018/044410, hereinafter “Aguiar”).
Regarding claim 1, Aguiar does disclose a manufacturing system comprising: a honeypot system comprising a deep learning processor conditioned to generate expected response data and expected behavioral pattern data in a manufacturing process based on one or more control signals, the deep learning processor disconnected from a process, equipment, and control system in which the deep learning processor will be deployed (Aguiar, (para. [0026, 0031, 0056]), deploying and monitoring a plurality of ICS HoneyPots improve the ability of ICS deployments and ICS devices to detect and prevent cyber-attacks. … … Fleet level analysis may also allow be provided to compare expected behavior across different virtual machines e.g., .. PLC honeypot controlling a giving process, where ([0031]) the HoneyPot may remotely connect. … … the profiled network traffic is also used as a communications baseline for detecting security anomalies with behavioral detection algorithms (e.g., detecting communications, commands, etc. that are generated during a cyber-attack); and an interface in communication with the honeypot system, the interface configured to provide external updates to the honeypot system (Aguiar, (para. [0024, 0036]), the realistic reactions of the ICS HoneyPot may include triggered alarm cascades, activation of safety systems, process system shutdown, etc. Other process scenarios may be provided, such as catastrophic or modified process scenarios based on actions taken during the cyber- attack. (para. [0056]), Each HoneyPot improves upon previous computer implemented HoneyPots by emulating the entire ICS and deploying a HoneyPot capable of actively interacting with a cyber attacker).
Regarding claim 2, Aguiar further discloses the manufacturing system of claim 1, wherein the deep learning processor comprises a trained process simulator configured to receive control signals from a process controller deployed in the manufacturing system and generate simulated response data based on the control signals (Aguiar, (para. [0034]), all security events are logged locally within the embedded process historian of the emulated devices, preventing the necessity for additional outgoing data streams and/or network connections that may be received or perceived by cyber attackers. Simulated process historian and other log erasing functions are made available with the emulated devices to prevent data cleaning of the security sensor data).
Regarding claim 3, Aguiar further discloses the manufacturing system of claim 2, further comprising: an emulator configured to emulate the process controller deployed in the manufacturing system (Aguiar, (para. [0037]), The real process/production data is then used to emulate the exact process conditions running on the real-world ICS. For example, process data is pulled from each next generation field device into a temporary storage within the ICS
HoneyPot for distribution to embedded process historians of the emulated devices).
Regarding claim 4, Aguiar further discloses the manufacturing system of claim 3, wherein the trained process simulator is configured to receive emulated control signals from the emulator and generate further simulated response data based on the emulated control signals (Aguiar, (para. [0022]), the ICS HoneyPot may use defined state tables to establish a baseline of normal network traffic and to identify deviations in protocols that are potentially malicious or out of the range of normal process operations).
Regarding claim 5, Aguiar further discloses the manufacturing system of claim 1, wherein the honeypot system is isolated from other components of the manufacturing system (Aguiar, (para. [0018]), the ICS HoneyPot offers an isolated and monitored computer-designed emulation to attract cyber attackers, to quickly detect the cyber- attacks and to analyze the cyber-attacks to determine the underlying attack methodologies).
Regarding claim 6, Aguiar further discloses the manufacturing system of claim 1, wherein the interface introduces a malware attack to the honeypot system for analysis (Aguiar, (para. [0036, 0058]), the processor 605B and/or 607B analyze the security data for the HoneyPot, such as to detect cyber-attacks and to identify protocol violations for the emulated ICS).
Regarding claim 7, Aguiar further discloses the manufacturing system of claim 1, wherein the deep learning processor is trained to identify anomalous activity within the manufacturing system (Aguiar, (para. [0055]), the monitoring is based on the data indicative of the plurality of industrial control systems and the data indicative of the plurality of ICS HoneyPots. For example, the monitoring compares the data to detect cyber-attacks, to identify protocol changes in the HoneyPots, and to identify cyber-attack techniques on the HoneyPots).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US Publication No. 2018/0097803, “a system to detect the misuse of certificates—including poor practices and malicious use—to improve the security of networked systems and environments. In various aspects, certificates are monitored to identify misuse, and recommendations or notifications are generated in response to detecting such misuse. Various rules representing best practices and malicious use patterns are installed or evolved (e.g., via machine learning) for use by a certificate monitor to provide detection, notifications, and automated remediation. In some aspects, a control interface is provided by which the certificates are managed according to the rules to affect the deployment of certificates and the monitoring of various devices and environments”.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MORSHED MEHEDI whose telephone number is (571) 270-7640. The examiner can normally be reached on M - F, 8:00 am to 4:00 pm EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Linglan Edwards can be reach on (571) 270-5440. The fax number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from their Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (In USA or Canada) or 571-272-1000.
/MORSHED MEHEDI/Primary Examiner, Art Unit 2408