Prosecution Insights
Last updated: July 17, 2026
Application No. 18/908,477

METHOD, SYSTEMS AND APPARATUS FOR INTELLIGENTLY EMULATING FACTORY CONTROL SYSTEMS AND SIMULATING RESPONSE DATA

Final Rejection §103
Filed
Oct 07, 2024
Priority
Feb 28, 2020 — provisional 62/983,510 +3 more
Examiner
MEHEDI, MORSHED
Art Unit
2408
Tech Center
2400 — Computer Networks
Assignee
Nanotronics Imaging Inc.
OA Round
2 (Final)
86%
Grant Probability
Favorable
3-4
OA Rounds
10m
Est. Remaining
85%
With Interview

Examiner Intelligence

Grants 86% — above average
86%
Career Allowance Rate
729 granted / 849 resolved
+27.9% vs TC avg
Minimal -1% lift
Without
With
+-0.8%
Interview Lift
resolved cases with interview
Typical timeline
2y 7m
Avg Prosecution
24 currently pending
Career history
864
Total Applications
across all art units

Statute-Specific Performance

§101
2.5%
-37.5% vs TC avg
§103
72.1%
+32.1% vs TC avg
§102
4.0%
-36.0% vs TC avg
§112
11.4%
-28.6% vs TC avg
Black line = Tech Center average estimate • Based on career data from 849 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. DETAILED ACTION This office action has been issued in response to arguments/amendments filed on 04/27/2026. Claims 8-17 are newly added. Claims 1-17 are presented for examination. Information Disclosure Statement The information disclosure statement (IDS) submitted on 03/30/2026, 02/19/2026, 02/06/2026 have been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Form PTO-1449 is signed and attached hereto. Response to Arguments 1. Applicant’s arguments/amendments regarding the rejection of claims 1-17, filed on 04/27/2026 as recited in pages 6-8, have been fully considered but arguments are moot because newly added limitation to the claim (s) requires a new ground of rejection necessitated by amendments. Further, the double patenting rejection is maintained. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b). Claims 1-8 of Patent # 11,086,988 contains every element of claims 1-7 of the instant application. Claims of the instant application therefore are not patently distinct from the earlier patent claims and as such are unpatentable over obvious-type double patenting. A later patent claim is not patentably distinct from an earlier claim if the later claim is anticipated by the earlier claim. See the claim comparison below. “A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “ ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001). Furthermore, the ODP is not the only outstanding rejection and the claims, if allowed, would improperly extend the "right to exclude" already granted in the patent. A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. Claim Comparison Instant Application # 18/908,477 US Patent # 11,086,988 1. A manufacturing system comprising: a honeypot system comprising a deep learning processor conditioned to generate expected response data and expected behavioral pattern data in a manufacturing process based on one or more control signals, the deep learning processor disconnected from a process, equipment, and control system in which the deep learning processor will be deployed; and an interface in communication with the honeypot system, the interface configured to provide external updates to the honeypot system. 2. The manufacturing system of claim 1, wherein the deep learning processor comprises a trained process simulator configured to receive control signals from a process controller deployed in the manufacturing system and generate simulated response data based on the control signals. 3. The manufacturing system of claim 2, further comprising: an emulator configured to emulate the process controller deployed in the manufacturing system. 4. The manufacturing system of claim 3, wherein the trained process simulator is configured to receive emulated control signals from the emulator and generate further simulated response data based on the emulated control signals. 5. The manufacturing system of claim 1, wherein the honeypot system is isolated from other components of the manufacturing system. 6. The manufacturing system of claim 1, wherein the interface introduces a malware attack to the honeypot system for analysis. 7. The manufacturing system of claim 1, wherein the deep learning processor is trained to identify anomalous activity within the manufacturing system. 1. A computer-implemented method, comprising: providing, by a controller emulator coupled to an interface, one or more control signals to a process simulator and a deep learning processor, wherein the interface exposes the controller emulator to inputs from an external source; in response to receiving the one or more control signals, simulating, by the process simulator, response data that is provided to the deep learning processor; generating, by the deep learning processor, expected response data and expected behavioral pattern data for the one or more control signals; generating, by the deep learning processor, actual behavioral pattern data for the simulated response data; comparing at least one of: (i) the simulated response data to the expected response data, and (ii) the actual behavioral pattern data to the expected behavioral pattern data to determine whether anomalous activity is detected; and as a result of detecting the anomalous activity, performing one or more operations to address the anomalous activity. 2. The computer-implemented method of claim 1, wherein the deep learning processor includes a conditioned machine learning model. 3. The computer-implemented method of claim 1, wherein the simulated response data includes a control value that is provided to the controller emulator. 4. The computer-implemented method of claim 1, wherein the one or more operations include shutting down one or more factory process, equipment, and control (P/E/C) systems at risk as a result of the anomalous activity. 5. The computer-implemented method of claim 1, wherein the one or more operations include generating a notification, wherein the notification specifies the anomalous activity, and wherein the notification is provided to an operator to review the anomalous activity. 6. The computer-implemented method of claim 1, wherein the anomalous activity is detected as a result of a comparison of the simulated response data to the expected response data indicating a deviation. 7. The computer-implemented method of claim 1, wherein the anomalous activity is detected as a result of a comparison of the actual behavioral pattern data to the expected behavioral pattern data indicating a deviation. 8. The computer-implemented method of claim 1, wherein the one or more operations include determining whether the anomalous activity is a malware attack received by the controller emulator from the interface, wherein a determination that the anomalous activity is the malware attack is generated as a result of a confidence level score of the anomalous activity satisfying a confidence level threshold corresponding to detection of the malware attack. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. 2. Claims 1-17 are rejected under 35 U.S.C. 103 as being unpatentable over Aguiar et al. (WO Publication No. 2018/044410, hereinafter “Aguiar”) in view of Zheng et al. (US Pub No. 2020/0241511, hereinafter “Zheng”). Regarding claim 1, Aguiar does disclose a operating on a processing unit and memory and comprising […] conditioned to generate expected response data and expected behavioral pattern data in a is configured to be deployed (Aguiar, (para. [0026, 0031, 0056]), deploying and monitoring a plurality of ICS HoneyPots improve the ability of ICS deployments and ICS devices to detect and prevent cyber-attacks. … … Fleet level analysis may also allow be provided to compare expected behavior across different virtual machines e.g., .. PLC honeypot controlling a giving process, where ([0031]) the HoneyPot may remotely connect. … … the profiled network traffic is also used as a communications baseline for detecting security anomalies with behavioral detection algorithms (e.g., detecting communications, commands, etc. that are generated during a cyber-attack); and [[an]] a network interface in communication with the honeypot system, the interface configured to provide external updates to the honeypot system (Aguiar, (para. [0024, 0036]), the realistic reactions of the ICS HoneyPot may include triggered alarm cascades, activation of safety systems, process system shutdown, etc. Other process scenarios may be provided, such as catastrophic or modified process scenarios based on actions taken during the cyber- attack. (para. [0056]), Each HoneyPot improves upon previous computer implemented HoneyPots by emulating the entire ICS and deploying a HoneyPot capable of actively interacting with a cyber attacker). Aguiar does not explicitly disclose but the analogous art Zheng discloses, machine learning models trained by analyzing factory operation and control data across multiple process nodes (Zheng, (para. [0013]), a processor, configured to generate the trained deep learning model configured to provide the instructions, by obtaining parameters from the factory process to derive a state of the factory process, such as slack time; determining instructions for the factory process based on applying a deep learning model on the factory process trained against lateness and tardiness; providing instructions to the factory process for execution at the factory; obtain state transitions of the state from updated parameters of the factory process including completion time as received from the factory; and calculate a reward for the instructions provided to update the deep learning model, the reward based on deriving lateness and tardiness from predetermined job due and the completion time). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Aguiar by including machine learning models trained by analyzing factory operation and control data across multiple process nodes taught by Zheng for the advantage of reduce massive data collection and reduce model training time, which can eventually improve dispatching efficiency and reduce factory cost (Zheng, (abstract)). Regarding claim 2, the combination of Aguiar-Zheng discloses the Aguiar, (para. [0034]), all security events are logged locally within the embedded process historian of the emulated devices, preventing the necessity for additional outgoing data streams and/or network connections that may be received or perceived by cyber attackers. Simulated process historian and other log erasing functions are made available with the emulated devices to prevent data cleaning of the security sensor data). Regarding claim 3, the combination of Aguiar-Zheng discloses the Aguiar, (para. [0037]), The real process/production data is then used to emulate the exact process conditions running on the real-world ICS. For example, process data is pulled from each next generation field device into a temporary storage within the ICS HoneyPot for distribution to embedded process historians of the emulated devices). Regarding claim 4, the combination of Aguiar-Zheng discloses the Aguiar, (para. [0022]), the ICS HoneyPot may use defined state tables to establish a baseline of normal network traffic and to identify deviations in protocols that are potentially malicious or out of the range of normal process operations). Regarding claim 5, the combination of Aguiar-Zheng discloses the Aguiar, (para. [0018]), the ICS HoneyPot offers an isolated and monitored computer-designed emulation to attract cyber attackers, to quickly detect the cyber- attacks and to analyze the cyber-attacks to determine the underlying attack methodologies). Regarding claim 6, the combination of Aguiar-Zheng discloses the Aguiar, (para. [0036, 0058]), the processor 605B and/or 607B analyze the security data for the HoneyPot, such as to detect cyber-attacks and to identify protocol violations for the emulated ICS). Regarding claim 7, the combination of Aguiar-Zheng discloses the Aguiar, (para. [0055]), the monitoring is based on the data indicative of the plurality of industrial control systems and the data indicative of the plurality of ICS HoneyPots. For example, the monitoring compares the data to detect cyber-attacks, to identify protocol changes in the HoneyPots, and to identify cyber-attack techniques on the HoneyPots). Regarding claim 8, the combination of Aguiar-Zheng discloses the system of claim 1, wherein the deep learning processor is configured to generate observed behavioral pattern data from simulated response data and compare the observed behavioral pattern data to the expected behavioral pattern data to determine whether anomalous activity is detected (Aguiar, (para. [0019, 0031]), a security anomaly detection application on a PLC or other field device may also include intrusion detection capabilities, based on process variables, sensor values, actuator values, etc.). Regarding claim 9, the combination of Aguiar-Zheng discloses the system of claim 8, wherein the deep learning processor is configured to generate a confidence level associated with the anomalous activity (Aguiar, (para. [0031]), profiling network traffic allows for simulated traffic and/or real-world collected process data to pass through emulated communication channels in the same manner as the real-world ICS. The profiled network traffic is also used as a communications baseline for detecting security anomalies with behavioral detection algorithms (e.g., detecting communications, commands, etc. that are generated during a cyber-attack)). Regarding claim 10, the combination of Aguiar-Zheng discloses the system of claim 9, wherein the deep learning processor is configured to identify one or more operations to address the anomalous activity based on the confidence level (Aguiar, (para. [0022]), the high interaction realistic ICS HoneyPot may identify protocol violations caused by a cyber-attack. The ICS HoneyPot may use defined state tables to establish a baseline of normal network traffic and to identify deviations in protocols that are potentially malicious or out of the range of normal process operations. The high interaction realistic ICS HoneyPot may additionally provide for source validation). Regarding claim 11, the combination of Aguiar-Zheng discloses the system of claim 1, wherein the conditioned machine learning models are further trained by determining normal variation data and noise data Zheng, (para. [0013]), … generate the trained deep learning model configured to provide the instructions, by obtaining parameters from the factory process to derive a state of the factory process, such as slack time; determining instructions for the factory process based on applying a deep learning model on the factory process trained against lateness and tardiness. …). Regarding claim 12, the combination of Aguiar-Zheng discloses the system of claim 1, wherein the deep learning processor is configured to communicate an alert protocol to cause a controller emulator to shut down one or more factory processes, equipment, and control systems at risk as a result of anomalous activity (Aguiar, (para. [0036]), the device and/or process scenarios are created by a process expert to provide realistic reactions of the ICS HoneyPot to malicious process manipulations during a cyber-attack. The realistic reactions of the ICS HoneyPot may include triggered alarm cascades, activation of safety systems, process system shutdown, etc. Other process scenarios may be provided, such as catastrophic or modified process scenarios based on actions taken during the cyber- attack). Regarding claim 13, the combination of Aguiar-Zheng discloses the system of claim 1, wherein the honeypot system further comprises a controller emulator coupled to the network interface, the controller emulator configured to receive external inputs from the network interface (Aguiar, (para. [0023]), the process data from the PLC includes process variables, inputs, outputs, memory variables, commands from human-machine interfaces (HMIs), commands from a Manufacturing Execution System (MES), etc). Regarding claim 14, the combination of Aguiar-Zheng discloses the system of claim 13, wherein the controller emulator is configured to output one or more control signals to a process simulator and the deep learning processor (Aguiar, (para. [0034]), the emulated devices of the ICS HoneyPot emulate a process performed by the ICS, interacting with a cyber-attack as would the real-world ICS. In an embodiment, the ICS HoneyPot emulates the process using real process/production data, simulated process/production data, or obfuscated process/production data. Modes of operation of the ICS HoneyPot are provided based on the type of data used for operating the ICS HoneyPot). Regarding claim 15, the combination of Aguiar-Zheng discloses the system of claim 1, wherein the deep learning processor is configured to determine whether anomalous activity is a malware attack based on a confidence level score satisfying a confidence level threshold corresponding to detection of the malware attack (Aguiar, (para. [0051]), the security data is analyzed. For example, the stored security data is evaluated to determine security threats to the ICS and to identify the methods used in the logged cyber-attacks. Further, the security data is analyzed to determine control system protocol violations, such as when a cyber-attack rewrites device firmware, control logic, etc. The security data may be compared across the fleet (e.g., different customer deployments), with a defined template, or with other local machines). Regarding claim 16, the combination of Aguiar-Zheng discloses the system of claim 1, wherein the expected behavioral pattern data comprises at least one of positive correlations, negative correlations, frequency, amplitude, upward or downward trends, or a rate of change for control values or node values (Aguiar, (para. [0026]), Fleet level analysis may also allow be provided to compare expected behavior across different virtual machines (e.g., a virtual Siemens PLC honeypot controlling a giving process in a plant A for a customer should not behave drastically different form a second PLC controlling a similar process in a plant B). Regarding claim 17, the combination of Aguiar-Zheng discloses the system of claim 1, wherein the deep learning processor comprises a conditioned machine learning model utilizing at least one of recurrent neural networks, convolutional neural networks, or general adversarial networks (Aguiar, (para. [0055]), the monitoring compares the data to detect cyber-attacks, to identify protocol changes in the HoneyPots, and to identify cyber-attack techniques on the HoneyPots. The monitoring by the cloud server cloud server also aggregates data for providing cross-deployment and cross-customer analytics. For example, trends and techniques utilized in cyber-attacks on multiple emulated ICS deployments may be identified and leveraged to enhance security in the real-world ICS deployments). Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MORSHED MEHEDI whose telephone number is (571) 270-7640. The examiner can normally be reached on M - F, 8:00 am to 4:00 pm EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Linglan Edwards can be reach on (571) 270-5440. The fax number for the organization where this application or proceeding is assigned is (571) 273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from their Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (In USA or Canada) or 571-272-1000. /MORSHED MEHEDI/Primary Examiner, Art Unit 2408
Read full office action

Prosecution Timeline

Oct 07, 2024
Application Filed
Jan 28, 2026
Non-Final Rejection mailed — §103
Apr 27, 2026
Response Filed
Jun 09, 2026
Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12670295
DATA DE-IDENTIFICATION
2y 3m to grant Granted Jun 30, 2026
Patent 12659048
Operating a Layered Quantum Networking Environment with Fidelity Estimates
2y 6m to grant Granted Jun 16, 2026
Patent 12659738
GENERATING AN AUTHENTICATION TOKEN
2y 5m to grant Granted Jun 16, 2026
Patent 12659147
DATA OWNER DEVICE AND ITS DATA MANAGEMENT METHOD FOR USER-CENTRIC DATA MANAGEMENT THROUGH AUTHENTICATION AND KEY AGREEMENT BASED ON SINGLE AGGREGATE KEY
2y 2m to grant Granted Jun 16, 2026
Patent 12652159
SERVICE PROVISION METHODS, DEVICES, ELECTRONIC EQUIPMENT AND MEDIA FOR LARGE MODEL SCENES
1y 11m to grant Granted Jun 09, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
86%
Grant Probability
85%
With Interview (-0.8%)
2y 7m (~10m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 849 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month