DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Response to Amendment
The Amendment filed on 02/01/2021 has been entered. 
The double patenting rejection of claims 40-59 is maintained (see below). The current amendment claims are not distinct from the conflicting application.
Claims 40-41, 47-48 and 54-55 are amended.
Claims 60-62 are new.
Claims 47-62 are pending of which claims 40, 47 and 54 are independent claims.

Response to Arguments
Regarding to applicant's arguments filed on 02/01/2021 on the ground of non-statutory obviousness-type double patenting, examiner respectively disagree as the table provided explicitly disclose that claims 40-59 of instant application are taught by claims 1-36 of U.S. Patent No. 10,389,744.
The applicant's arguments filed on 02/01/2021 have been fully considered but are moot in view of the following new ground of rejection.
	
	
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent  
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 40-59 are rejected on the ground of nonstatutory Obviousness-Type double patenting as being unpatentable over claims 1-36 of Patent No. 10,389,744 in view of GALULA et al. (Pub. No.: US 2016/0381068, hereinafter GALULA). 
Regarding to Claim 40: Claims 1 and 6 of Patent No. 10,389,744 contain every element of claim 40 except “issuing a warning responsive to determination that one or more of the received messages do not conform with the predefined changeover of the message cycle”. However, in an analogous art, GALULA teaches “issuing a warning responsive to determination that one or more of the received messages do not conform with the predefined changeover of the message cycle” (GALULA - [0080]: in response to detecting an anomalous message, operate to undertake … raising an alert responsive to the message).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Patent No. 10,389,744 so that an alert is raised in response to detect any anomalous message. The modification would have allowed the system to protect the system for security enhancement.
Independ claims 47 and 54 are rejected for the reasons similar as claim 40.
Dependent claims 41-46. 48-53 and 55-59 are each taught by claims 2-1-, 14-21 and 26-32 of Patent No. 10,389,744 respectively (see table below). 
Therefore, claims 40-59 are rejected on the ground of nonstatutory Obviousness-Type double patenting.

Instant Application 16/524,016
Patent 10,389,744


transportation vehicle, wherein communication rules are defined for the transmission of messages, the attack detection method comprising: 

receiving messages sent via the bus system; 

analyzing whether the received messages are received according to the communication rules, 













wherein the communication rules predefine a changeover of a message cycle depending on occurrence of a predefined event and the analysis determines whether the received messages are received according to the predefined changeover of the message cycle.



and issuing a warning responsive to determination that one or more of the received messages do not conform with the predefined changeover of the message cycle.

1. An attack detection method for a bus system of a motor vehicle, wherein communication rules are defined for the transmission of messages, the attack detection method comprising:

receiving messages sent via the bus system; and

analyzing whether the received messages are received according to the communication rules,
wherein the communication rules predefine a first message cycle and a second message cycle, wherein the second message cycle is shorter than the first message cycle, wherein messages are transmitted according to the second message cycle to indicate a change of state,
wherein, at the end of the second message cycle, messages are transmitted according to the first message cycle, and
wherein the analysis determines whether the messages are received according to these communication rules.

6. The attack detection method of claim 1, wherein the communication rules predefine a changeover of a message cycle depending on a predefined event and the analysis determines whether the received messages are received according to the predefined changeover of the message cycle.


41. The attack detection method of claim 40, wherein different communication rules are defined for different message types and the method further comprises analyzing messages of only a specific message type.








42. The attack detection method of claim 40, wherein the communication rules further predefine a blocking time between two consecutive messages and the analysis determines whether two consecutive messages 

43. The attack detection method of claim 42, wherein the analysis determines whether the message content of two consecutive messages is identical.










44. The attack detection method of claim 40, wherein the communications rules predefine a change in a message cycle duration depending on a predefined event and the analysis determines whether the received messages are received according to the predefined change in the message cycle duration.

45. The attack detection method of claim 40, wherein the communication rules predefine a restart of a message cycle depending on a predefined event, and the analysis determines whether the received messages are received according to the restart of the message cycle.

46. The attack detection method of claim 45, wherein the analysis determines whether the received messages have the same message content before and after the restart of the message cycle.




3. The attack detection method of claim 1, wherein the communication rules predefine a fixed message transmission cycle and the analysis determines whether the messages have been received according to the fixed message transmission cycle.

4. The attack detection method of claim 1, wherein the communication rules predefine a blocking time between two consecutive messages and the analysis determines whether two consecutive messages are received according to the predefined blocking time.


5. The attack detection method of claim 4, wherein the analysis determines whether the message content of two consecutive messages is identical.


7. The attack detection method of claim 1, wherein the communications rules predefine a change in a message cycle duration depending on a predefined event and the analysis determines whether the received messages are received according to the predefined change in the message cycle duration.

8. The attack detection method of claim 1, wherein the communication rules predefine a restart of a message cycle depending on a predefined event, and the analysis determines whether the received messages are received according to the restart of the message cycle.


9. The attack detection method of claim 8, wherein the analysis determines whether the received messages have the same message content before and after the restart of the message cycle.


10. The attack detection method of claim 1, wherein the communication rules predefine that a message cycle and the method further comprises changing a message content of a predefined message type depending on a specific event, wherein the analysis determines whether the message content of the message type remains unchanged.

11. The attack detection method of claim 1, further comprising outputting a message in response to the messages having not been received according to the communication rules.

12. The attack detection method of claim 11, wherein the message is output in response to a predefined number of messages not being received according to the communication rules.



47. An attack detection device for a bus system for a transportation vehicle, comprising: 
a microprocessor, wherein the attack detection device is configured to receive messages via the bus system and the microprocessor is configured to carry out an attack detection method for the bus system of the transportation vehicle, wherein communication rules are defined for the transmission of messages, the attack detection method comprising 

receiving messages sent via the bus system, and analyzing whether the received messages are received according to the communication rules, 














wherein the communication rules predefine a changeover of a message cycle depending on a predefined event and the analysis determines whether the received messages are received according to the predefined changeover of the message cycle,

wherein the microprocessor is configured to issue a warning responsive to determination that one or more of the received messages do not conform with the predefined changeover of the message cycle.

motor vehicle, comprising: 
a microprocessor, wherein the attack detection device receives messages via the bus system and the microprocessor carries out an attack detection motor vehicle, wherein communication rules are defined for the transmission of messages, the attack detection method comprising 


receiving messages sent via the bus system, and analyzing whether the received messages are received according to the communication rules, wherein the communication rules predefine a first message cycle and a second message cycle, wherein the second message cycle is shorter than the first message cycle, wherein messages are transmitted according to the second message cycle to indicate a change of state, wherein, at the end of the second message cycle, messages are transmitted according to the first message cycle, and wherein the analysis determines whether the messages are received according to these communication rules.


18. The device of claim 13, 
wherein the communication rules predefine a changeover of a message cycle depending on a predefined event and the analysis determines whether the received messages are received according to the predefined changeover of the message cycle.












49. The device of claim 47, wherein the communication rules further predefine a blocking time between two consecutive messages and the analysis determines whether two consecutive messages are received according to the predefined blocking time.



51. The device of claim 47, wherein the communications rules predefine a change in a message cycle duration depending on a predefined event and the analysis determines whether the received messages are received according to the predefined change in the message cycle duration.

52. The device of claim 47, wherein the communication rules predefine a restart of a message cycle depending on a predefined event, and the analysis determines whether the received messages are received according to the restart of the message cycle.

53. The device of claim 52, wherein the analysis determines whether the received messages have the same message content before and after the restart of the message cycle.



15. The device of claim 13, wherein the communication rules predefine a fixed message transmission cycle and the analysis determines whether the messages have been received according to the fixed message transmission cycle.

16. The device of claim 13, wherein the communication rules predefine a blocking time between two consecutive messages and the analysis determines whether two consecutive messages are received according to the predefined blocking time.



19. The device of claim 13, wherein the communications rules predefine a change in a message cycle duration depending on a predefined event and the analysis determines whether the received messages are received according to the predefined change in the message cycle duration.

20. The device of claim 13, wherein the communication rules predefine a restart of a message cycle depending on a predefined event, and the analysis determines whether the received messages are received according to the restart of the message cycle.

21. The device of claim 20, wherein the analysis determines whether the received messages have the same message content before and after the restart of the message cycle.

22. The device of claim 13, wherein the communication rules predefine that a message cycle and the method further comprises changing a message content of a predefined message type depending on a specific event, wherein the analysis determines whether the message content of the message type remains unchanged.

23. The device of claim 13, wherein the method further comprises outputting a message in response to the messages having not been received according to the communication rules.

24. The device of claim 23, wherein the message is output in response to a predefined number of messages not being received according to the communication rules.



54. A bus system for a transportation vehicle, comprising: at least one bus line and a plurality of bus participants configured to exchange messages with one another via the bus line, wherein at least one bus participant is configured to carry out an attack detection method for the bus system of the transportation vehicle, wherein communication rules are defined for the transmission of messages, the attack detection method comprising 















wherein the communication rules predefine a changeover of a message cycle depending on a predefined event and the analysis determines whether the received messages are received according to the predefined changeover of the message cycle,

wherein the at least one bus participant is configured to issue a warning responsive to determination that one or more of the received messages do not conform with the predefined changeover of the message cycle.

motor vehicle, comprising at least one bus line and a plurality of bus participants which exchange messages 
with one another via the bus line, wherein at least one bus participant carries out an 
attack detection method for the bus system of the motor vehicle, wherein communication rules are defined for the transmission of messages, the attack detection method comprising 

receiving messages sent via the bus system, and analyzing whether the received messages are received according to the communication rules, wherein the communication rules predefine a first message cycle and a second message cycle, wherein the second message cycle is shorter than the first message cycle, wherein messages are transmitted according to the second message cycle to indicate a change of state, wherein, at the end of the second message cycle, messages are transmitted according to the first message cycle, and wherein the analysis determines whether the messages are received according to these communication rules.

30. The bus system of claim 25, 
wherein the communication rules predefine a changeover of a message cycle depending on a predefined event and the analysis determines whether the received messages are received according to the predefined changeover of the message cycle.


only a specific message type are analyzed.







56. The bus system of claim 54, wherein the communication rules predefine a blocking time between two consecutive messages and the analysis determines whether two consecutive messages are received according to the predefined blocking time.

57. (New) The device of claim 56, wherein the analysis determines whether the message content of two consecutive messages is identical.

58. (New) The bus system of claim 54, wherein the communications rules predefine a change in a message cycle duration depending on a predefined event and the analysis determines whether the received messages are received 

59. (New) The bus system of claim 54, wherein the communication rules predefine a restart of a message cycle depending on a predefined event, and the analysis determines whether the received messages are received according to the restart of the message cycle.


27. The bus system of claim 25, wherein the communication rules predefine a fixed message transmission cycle and the analysis determines whether the messages have been received according to the fixed message transmission cycle.
28. The bus system of claim 25, wherein the communication rules predefine a blocking time between two consecutive messages and the analysis determines whether two consecutive messages are received according to the predefined blocking time.

29. The bus system of claim 28, wherein the analysis determines whether the message content of two consecutive messages is identical.

31. The bus system of claim 25, wherein the communications rules predefine a change in a message cycle duration depending on a predefined event and the analysis determines whether the received messages are received 

32. The bus system of claim 25, wherein the communication rules predefine a restart of a message cycle depending on a predefined event, and the analysis determines whether the received messages are received according to the restart of the message cycle.

33. The bus system of claim 32, wherein the analysis determines whether the received messages have the same message content before and after the restart of the message cycle.

34. The bus system of claim 25, wherein the communication rules predefine that a message cycle and the method further comprises changing a message content of a predefined message type depending on a specific event, wherein the analysis determines whether the message content of the message type remains unchanged.

35. The bus system of claim 25, wherein the method further comprises outputting a message in response to the messages having not been received according to the communication rules.

36. The bus system of claim 35, wherein the message is output in response to a predefined number of messages not being received according to the communication rules.



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 40-42, 44, 47-49, 51, 54-56, 58 and 60-62 are rejected under 35 U.S.C. 103 as being unpatentable over Larson et al. ( "An approach to specification-based attack detection for in­vehicle networks", INTELLIGENT VEHICLES SYMPOSIUM, 2008 IEEE, IEEE, PISCATAWAY, NJ, USA, 4 June .
Regarding claims 47: Larson discloses An attack detection device for a bus system for a transportation vehicle, comprising: 
a microprocessor, wherein the attack detection device is configured to receive messages via the bus system (larson - [Page 221, III-B]: communicates sensor data to other ECUs over the CAN bus) and 
the microprocessor is configured to carry out an attack detection method for the bus system of the transportation vehicle (Larson - [Page 221, III-B]: An in-vehicle ECU consists of a microprocessor and dedicated software for handling specific tasks), wherein communication rules are defined for the transmission of messages (Larson - [Page 221, IV-A]: security specifications for ECU communication parameters will help us detect illegal attempts to transmit or receive messages).
However, Larson doesn’t explicitly teach but GALULA discloses: the attack detection method comprising 
receiving messages sent via the bus system (GALULA - [0058]: an SEU 40 may receive any of, or even all, messages sent over an in-vehicle network); and 
analyzing whether the received messages are received according to the communication rules (GALULA - [0058]: an SEU 40 may know, or determine or identify, the state of the vehicle itself, nodes on the in-vehicle network as well as the state or context of any one of the nodes connected to an in-vehicle network. [0116]: an SEU 40 try to keep track of cyclic messages and compare their data, content or payload to the data, content or payload of the previous message seen of this message ID), 
wherein the communication rules predefine a changeover of a message cycle depending on a predefined event and the analysis determines whether the received messages are received according to the predefined changeover of the message cycle (GALULA - [0153]: events may cause an SEU 40 to update or modify a state of the vehicle, nodes or network as described. For example, upon receiving the “door open” message, an SEU 40 may change the state or context of vehicle 30 to some predefined state or context and, as described, subsequent messages sent over the in-vehicle network may be processed in accordance with the state or context as updated);
wherein the microprocessor is configured to issue a warning responsive to determination that one or more of the received messages do not conform with the predefined changeover of the message cycle (GALULA - [0080]: in response to detecting an anomalous message, operate to undertake … raising an alert responsive to the message).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Larson with GALULA so that messages sent over the in-vehicle network may be processed in accordance with the state or context and any anomalous message will raise an alert. The modification would have allowed the system to detect detecting an anomalous message in accordance with the vehicle state or context.
Regarding claim 48: Larson as modified discloses wherein different communication rules are defined for different message types (Larson - [Page 222, IV-C]: The communication parameters section defines the set of supported messages) and messages of a specific message type are analyzed (Larson - [Page 221, IV-B]: By using the CANopen application layer protocols, we can construct security specifications for identifying messages whose structure differ from the expected, e.g., a value in a header field which is outside of the expected range).
Regarding claims 49: Larson as modified discloses wherein the communication rules predefine a blocking time between two consecutive messages and the analysis determines whether two consecutive messages are received according to the predefined blocking time (Larson - [Page 222, IV-C]: it is possible to determine timing intervals, such as the interval with which SYNC messages are sent. From this, it is possible to make an approximation of how often messages leave and arrive at a ECU).
Regarding claim 51: Larson as modified discloses wherein the communications rules predefine a change in a message cycle duration depending on a predefined event and the analysis determines whether the received messages are received according to the predefined change in the message cycle duration (GALULA - [0055]: expected values, messages, events, content and timing may be defined, included or represented in a model and, accordingly, an embodiment may identify unexpected timing, content or behavior by comparing attributes of messages to data in a model and thus determine, detect or identify an anomaly).
The reason to combine is similar as claim 47.
Regarding claim 61: Larson as modified discloses wherein the predefined event includes a change in state of a feature of the transportation vehicle (GALULA - [0127]: table 590 is an exemplary and simplified representation of contexts. As shown the description column 592, a context may be related to a vehicle's state or operation (e.g., engine is running, vehicle is accelerating)).
The reason to combine is similar as claim 47.
Regarding claims 40-42, 44 and 60: Claims are directed to method claims and do not teach or further define over the limitations recited in claims 47-49, 51 and 60. Therefore, claims 40-42, 44 and 60 are also rejected for similar reasons set forth in claims 47-49, 51 and 60. 
Regarding claims 54-56, 58 and 62: Claims are directed to bus system claims and do not teach or further define over the limitations recited in claims 47-49, 51 and 60. Therefore, claims 54-56, 58 and 62 are also rejected for similar reasons set forth in claims 47-49, 51 and 60.

Claims 43, 50 and 57 are rejected under 35 U.S.C. 103 as being unpatentable over Larson et al. ( "An approach to specification-based attack detection for in­vehicle networks", INTELLIGENT VEHICLES SYMPOSIUM, 2008 IEEE, IEEE, PISCATAWAY, NJ, USA, 4 June 2008 (2008-06-04), pages 220-225, XP031318908, ISBN: 978-1-4244-2568-6, hereinafter Larson, IDS reference), GALULA et al. (Pub. No.: US 2016/0381068, hereinafter GALULA) and Leuty (Patent Number 5,134,704).
Regarding claims 43, 50 and 57: Larson as modified doesn’t explicitly teach but Leuty discloses wherein the analysis determines whether the message content of two consecutive messages is identical (Leuty - [Col. 6, Line 38-41]: Since the ballast must receive two consecutive (and identical) configuration messages in order to store a new value for a setting, the controller 120 is operable to determine if the ballast did not receive the second of the two consecutive configuration messages).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Larson and GALULA with Leuty so that two .

Claims 45-46, 52-53 and 59 are rejected under 35 U.S.C. 103 as being unpatentable over Larson et al. ( "An approach to specification-based attack detection for in­vehicle networks", INTELLIGENT VEHICLES SYMPOSIUM, 2008 IEEE, IEEE, PISCATAWAY, NJ, USA, 4 June 2008 (2008-06-04), pages 220-225, XP031318908, ISBN: 978-1-4244-2568-6, hereinafter Larson, IDS reference), GALULA et al. (Pub. No.: US 2016/0381068, hereinafter GALULA) and Gates (Patent Number: 6,157,971).
Regarding claims 45, 52 and 59: Larson as modified discloses the analysis determines whether the received messages are received according to the restart of the message cycle (Larson - [Page 224, V-C]: the attacker needs to enable reception and transmission of the message.  this requires reconfiguration of one or more communication parameters to allow new messages to reach the ECU, and would be detected by D1). 
 However Larson as modified doesn’t explicitly teach but Gates discloses wherein the communication rules predefine a restart of a message cycle depending on a predefined event (Gates - [Col. 3, Line 13-16]: changing the bus access cycle to a second period different from the first period by a module controlling the bus access cycle in response to the active bus re-time signal).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Larson and GALULA with Gates so that a change of cycle based on an signal can be made. The modification would have allowed the system to change access cycle to improve security.
Regarding claims 46 and 53: Larson as modified discloses wherein the analysis determines whether the received messages have the same message content before and after the restart of the message cycle (Larson - [Page 223, V-A]: Since messages lack freshness protection, an attacker who controls any of ECU1, ECU2, or Gateway, can record messages initiating an event, and replay the messages to recreate the event at an arbitrary time).

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure as the prior art additionally discloses certain parts of the claim features (See “PTO-892 Notice of Reference Cited”).
\Any inquiry concerning this communication or earlier communications from the examiner should be directed to MENG LI whose telephone number is (571)272-8729.  The examiner can normally be reached on M-F 8:30-5:30.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-272-8729.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MENG LI/
Primary Examiner, Art Unit 2437