METHOD FOR MANAGING EMERGENCY ACCESS TO A COMPUTER SYSTEM OF A RENEWABLE POWER PLANT

DETAILED ACTION The following claims are pending in this office action: 1-10 Claim 1 is independent claim. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Drawings The drawings filed on 11/22/2024 are accepted. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1, 2, and 4-10 are rejected under 35 U.S.C. §103 as being unpatentable over Nagaraja et al.(US 20140228976 A1) [hereinafter “Nagaraja”] in view of Rossi et al (US 20220103544 A1) [hereinafter “Rossi”]. As per claim 1, Nagaraja discloses a method for [managing] [access to a computer system of a renewable power plant], ([Nagaraja, [0001]” The present application relates to the field of user management, and to a method for user management and a power plant control system for a power plant system”) the method comprising: receiving a user request ([Nagaraja, [0022], [0016]” … the central server comprising a central processor and a central database for managing the users,” and “A list containing information regarding the user roles that are assigned to the user is provided to the specific local server. Hereby, the authentication of the user on the specific local server for performing the tasks on the entities managed by the specific local server is facilitated.”) requesting credentials ([Nagaraja, [0058]-[0059]”… processing the user's credentials” and ” if user 141 possesses a relevant certificate,… then the central processor 103 can compare the certificate possessed by user 141 with the plurality of certificates 181-186 stored in the central database 105 ”) of an emergency related to the computer system of the [renewable power plant] ([Nagaraja, [0030]-[0031]” a power plant system in the form of a Wind Power Generation System” and “a plurality of wind parks 20,30,40, which is a well-known power plant system for power generation.”)from a [central access system], ([Nagaraja, [0015]” The power plant control system includes a central server and multiple local servers.”). the central access system providing the requested credentials responsive to the user request, ([Nagaraja, [0057]” the central processor 103 fetches the relevant data stored in the central database 105, and provides the processed data to a specific local server 70,80,90”). [allowing user access] ([Nagaraja, [0058]” user 141 may be granted access and authenticated to work on all the inventory, i.e. all the wind parks 20,30,40”) to the emergency account of computer system of the [renewable power plant] ([Nagaraja, [0030]-[0031]”a power plant system in the form of a Wind Power Generation System” and “a plurality of wind parks 20,30,40, which is a well-known power plant system for power generation.”) [based on the credentials provided by the central access system,] ([Nagaraja, [0058], [0057] “One manner of performing the aforesaid assignment is disclosed processing the user's credentials, and accordingly assigning the one or more user roles 151-158 appropriate to the user 141-146 based on the user's credentials.” ……. “stored in the central database 105,”) wherein the allowed access includes user actions at the computer system of the renewable power plant, ([Nagaraja, [0047], [0052]” the tasks and activities associated that are to be performed by a user 141-146 in the framework of the WPGS 10 and the SCADA system 110 for the proper functioning of the same” and “…monitoring, data acquisition, servicing, and/or controlling the respective wind park 20,30,40 or one or more wind mills 21-23,31-33,41-43 by one or more of the pertinent users 141-146”). the computer system of the renewable power plant ([Nagaraja, [0030]- [0031]” a power plant system in the form of a Wind Power Generation System” and “a plurality of wind parks 20,30,40, which is a well-known power plant system for power generation.”) communicating to the central access system([Nagaraja, [0055]” the local server 70 can comprise an activity logger module, which monitors the users 141-146 who have accessed any of the plurality of units 61-67 associated with the wind mills 21-23 of the wind park 20 whereunto the local server 70 is associated, along with the activities performed by the users 141-146 on that specific plurality of units 61-67 associated with the wind mills 21-23 of the wind park 20. The activity logger module may be a software program functioning in the server for performing the aforementioned, and a resulting activity log file may be stored in the local database 75 or may be provided to the central server 100 upon a request issued by the central sever 100 to the local server 70.”)that the emergency account has been used for accessing the computer system of the renewable power plant Nagaraja does not explicitly disclose discloses a method for an emergency access, the emergency account of computer system, an emergency account related to the computer system, that the emergency account has been used for accessing the computer system; refreshing the credentials of the emergency account, and sharing the refreshed credentials among the computer system of the renewable power plant and the central access system. However, Rossi in the same field endeavor discloses a method for managing emergency access, the emergency account of computer system, an emergency account related to the computer system, that the emergency account has been used for accessing the computer system; ([Rossi, [0007]” In accordance with an aspect there is provided a method for authentication in a computer network system based on security credentials issued for client hosts by a remote security authority, the method comprising: detecting that a client host is prevented from obtaining security credentials from the remote security authority for use in accessing a target host, in response to said detecting, obtaining by the client host an [emergency security credential] from a storage of emergency security credentials, and sending the emergency security credential with an error state indication from the client host to the target host.”)refreshing the credentials of the emergency account ([Rossi, [0083], [0085]” The emergency certificate enrollment and renewal can be arranged to occur together with the normal authentication flow so that as long as the normal operation mode is used, the emergency keypair can be renewed (based on the configured renewal intervals), and the [emergency certificate can be updated]” and “An emergency certificate may otherwise have the same role-based access constraints as normal authentication certificates. Roles can be updated from the CA and the user registry. New roles can be applied as soon as the emergency certificate has been renewed. This can be a configurable feature.”)sharing the refreshed credentials among the computer system ([Rossi, [0022]” the stored emergency security credential can be periodically renewed, a new emergency security credential can be delivered to the client host in response to a request from the client host, and/or a new emergency security credential can be sent to the client host together with a normal security credential, in the course of normal security credential delivery operation.” of the renewable power plant and the central access system. Therefore, it would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to modify Nagaraja to include an emergency access, the emergency account of computer system, an emergency account related to the computer system, that the emergency account has been used for accessing the computer system; refreshing the credentials of the emergency account, and sharing the refreshed credentials among the computer system of the renewable power plant and the central access system as suggested by Rossi. One of ordinary skill in the art would have been motivated to do so because incorporating emergency account and refreshing the credentials of the emergency account into Nagaraja’s power plan control system improves security and ensures continued emergency access by renewing emergency credentials after use. As per claim 2, the combination of Nagaraja and Rossi discloses the method according to claim 1. Rossi further discloses wherein refreshing the credentials of the emergency account is performed by the central access system. ([Rossi, [0083], [0085]” The emergency certificate enrollment and renewal can be arranged to occur together ….Roles can be updated from the[ CA and the user registry]. New roles can be applied as soon as the emergency certificate has been renewed. This can be a configurable feature. “The Examiner finds that CA and user registry correspond to the claimed central access system because they centrally manage and update the emergency credentials.). As per claim 4, the combination of Nagaraja and Rossi discloses the method according to claim 1. Nagaraja further discloses wherein the user request for credentials of an emergency account comprises information regarding actions intended to be performed at the computer system of the renewable power plant, ([Nagaraja, [0047]” Herein, the user roles 151-158 define the specific role and the tasks and activities associated that are to be performed by a user 141-146 in the framework of the WPGS 10 and the SCADA system 110”). Nagaraja does not disclose wherein the central access system providing the requested credentials comprises the central access system providing credentials of an emergency account with access permissions matching the intended actions. However, Rossi discloses wherein the central access system providing the requested credentials comprises the central access system providing credentials of an emergency account with access permissions matching the intended actions([Rossi, [0038], [0039]” A security credential authority server such as the CA server 30 can be arranged to communicate with a system of record 33 to authenticate users and get additional information, for example group information. The CA server can further implement policy decisions. A policy decision can include, inter alia, how users are authenticated, how user groups map to principals, and which options and extensions are included in a credential such as a certificate. ” and “Credential information associated with the credential may also comprise at least one use restriction on a credential such as a certificate…Other limitations…may change include limitations based on the IP address of the hosts, date and/or time of access, type of service requested and so on).Claim 4 is rejected under the same rationale as claim1 above. As per claim 5, the combination of Nagaraja and Rossi discloses the method according to claim 1. Rossi further discloses the central access system logging user requests for credentials to emergency accounts. ([Rossi, [0011]” the at least one additional security operation comprises at least one of…additional auditing of the access request”). As per claim 6, the combination of Nagaraja and Rossi discloses the method according to claim 1. Rossi further discloses the computer system of the renewable power plant logging actions performed by users having accessed the computer system using an emergency account. ([Rossi, [0052]” The target server syslog/SIEM systems can be configured so that the use of the emergency certificate is detected and in response to the detection an alert is generated. According to a possible arrangement, if the client side credentials have been leaked, their usage will generate a critical alert from the server side when used.”). As per claim 7, the combination of Nagaraja and Rossi discloses the method according to claim 6. Rossi further discloses the computer system of the renewable power plant communicating logging data related to actions performed by users having accessed the computer system using an emergency account to the central access system. ([Rossi, [0052]” The target server syslog/SIEM systems can be configured so that the use of the emergency certificate is detected and in response to the detection an alert is generated. According to a possible arrangement, if the client side credentials have been leaked, their usage will generate a critical alert from the server side when used. ”The Examiner interprets Rossi’s syslog/SIEM-based detection and alerting as teaching communication of event-related logging data from the target server to a centralized security system.). As per claim 8, the combination of Nagaraja and Rossi discloses the method according to claim 1. Rossi further discloses the central access system periodically refreshing credentials of all emergency accounts. ([Rossi, [0022]” The stored emergency security credential can be periodically renewed, a new emergency security credential can be delivered to the client host in response to a request from the client host, and/or a new emergency security credential can be sent to the client host together with a normal security credential, in the course of normal security credential delivery operation.”). As per claim 9, the combination of Nagaraja and Rossi discloses the method according to claim 1. Nagaraja further discloses wherein the renewable power plant is a wind power plant comprising a plurality of wind turbines. ([Nagaraja, [0032], [0058]”… three wind parks 20,30,40 of the WPGS 10, and three wind mills 21-23,31-33,41-43 per wind park 20,30,40 ” and “Since wind turbines are present in all the wind mills 21-23,31-33,41-43 of the respective wind parks 20,30,40, …”). As per claim 10, the combination of Nagaraja and Rossi discloses the method according to claim 1. Nagaraja further discloses wherein the computer system of the renewable power plant is a power plant controller (PPC), ([Nagaraja, [0002]” Power Plant Control Systems (PPCS) may broadly relate to a wide variety of power plant control systems that are employed in power plant systems for monitoring and controlling the processes and operations associated. ”) a wind turbine controller, ([Nagaraja, [0034], [0058] “a wind park controller (not depicted)for controlling the operations of the individual wind mills” and “wind turbines are present in all the wind mills”) a photovoltaic unit controller, [a SCADA server], ([Nagaraja, [0036]” centralised user management is achieved, which enhances the security in the WPGS 10 and the SCADA system 110 associated.”) a switch, or a router. ([Nagaraja, [0034]”[a network interface unit] (not depicted) for enabling the local server 100 for communicating with another local server 100…”). Claim 3 is rejected under 35 U.S.C. §103 as being unpatentable over Nagaraja et al.(US 20140228976 A1) [hereinafter “Nagaraja”] in view of Rossi et al (US 20220103544 A1) [hereinafter “Rossi”] as applied to claim 2 and in view of Lam et al(US 8683569 B1) [hereinafter “Lam”] As per claim 3, the combination of Nagaraja and Rossi discloses the method according to claim 2. The combination does not disclose wherein sharing the refreshed credentials among the computer system of the renewable power plant and the central access system is performed by the computer system of the renewable power plant retrieving the refreshed credentials from the central access system. However, Lam in the same field of endeavor discloses wherein sharing the refreshed credentials among the computer system of the renewable power plant and the central access system is [performed by the computer system of the renewable power plant retrieving the refreshed credentials] from the central access system ([Lam, (27)” an authorized user can use a software program called EAST UDT Break-Glass Tool to retrieve the clear-text password for a particular UDT. He/she can then open the required application directly with this clear-text password instead of using the EAST UDT Launcher. Under such circumstances, after the break-glass period is over, a new random password will be generated by the server and placed under the break-glass database.”). Therefore, it would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to modify Nagaraja to include an emergency access, the emergency account of computer system, an emergency account related to the computer system, that the emergency account has been used for accessing the computer system; refreshing the credentials of the emergency account, and sharing the refreshed credentials among the computer system of the renewable power plant and the central access system as suggested by Rossi to further include wherein sharing the refreshed credentials among the computer system of the renewable power plant and the central access system is [performed by the computer system of the renewable power plant retrieving the refreshed credentials from the central access system] as taught by Lam. One of ordinary skill in the art would have been motivated to do so because incorporating Lam’s credential-retrieval technique would allow the local computer system to update emergency credentials from the central access system on demand, thereby improving availability, reducing downtime, and maintaining secure emergency access when normal authentication is unavailable. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. McMurdie et al, (US 20190294768 A1) discloses “APPARATUS AND METHOD FOR POST-AUTHENTICATION USER VERIFICATION BASED ON USER INTERACTIONS “. Hecht et al, (US 20220286446 A1) discloses “AUTHENTICATION CREDENTIAL WITH EMBEDDED AUTHENTICATION INFORMATION” Any inquiry concerning this communication or earlier communications from the examiner should be directed to Komi N. AMEVIGBE whose telephone number is (571)272-3381. The examiner can normally be reached Monday-Friday 2pm-10pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached at (571) 272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /K.N.A./Examiner, Art Unit 2493 /CARL G COLIN/Supervisory Patent Examiner, Art Unit 2493