Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

The applicant’s representative Michael Fainberg (Reg. No.: 50,441) on February 03, 2021, authorized the following examiner’s amendment to be entered.

AMENDMENTS TO THE CLAIMS
This listing of claims will replace all prior versions, and listing, of claims in the application:


1.	(Currently Amended)	A computer-implemented method for blocking cyberattacks on electronics systems of a vehicle, comprising:
intercepting a plurality of messages transmitted on a first communications bus between a plurality of Electronic Control Units (ECUs) of a vehicle, wherein the plurality of ECUs are communicatively coupled to the first communications bus;

storing, in a log, the intercepted messages and information identifying the least one recipient ECU;
detecting a cyberattack on the vehicle based on satisfaction of at least one condition of a rule by the stored messages and the information stored in the log, 
wherein the rule depends on whether one or more intercepted messages are malicious messages ECU of the malicious messages; 
wherein the at least one condition of the rule specifies a presence of a defined group of messages in the log during a period of time associated with a movement of the vehicle; 
wherein the at least one condition of the rule further specifies a state of a movement of the vehicle, such that the rule is applied responsive to determining that the vehicle is in motion, and the rule is not applied responsive to determining that the vehicle is not moving; and
blocking the detected cyberattack on the vehicle by performing an action associated with the rule, wherein the blocking of the detected cyberattack further comprises blocking a transmission of at least one message between the ECUs 

2.	(Original)	The method of claim 1, wherein the first communications bus comprises at least one of a Controller Area Network (CAN) bus, a Local Interconnect Network (LIN), a Media Oriented Systems Transport (MOST) bus, a FlexRay bus, and an Ethernet bus, wherein messages 

3.	(Currently Amended)	The method of claim 1, further comprising: 
storing, in the log, time stamps corresponding to a time of the interception of the intercepted messages, and wherein the detection of the cyberattack is further based on the time stamps in the log.

4.	(Canceled)	

5.	(Currently Amended)	The method of claim [[4]] 1, wherein the at least one condition of the rule further specifies that the information indicating the at least one recipient ECU that is the recipient of the messages matches a defined group of ECU.

6.	(Canceled)	

7.	(Currently Amended)	The method of claim 1, wherein the rule specifies, responsive to determining that a portion of the intercepted messages matches a defined group of messages to a first recipient ECU,  all messages are blocked from being transmitted on the first communications bus to the first recipient ECU.



9.	(Currently Amended)	The method of claim 1, wherein the blocking of the cyberattack on the vehicle by performing the action associated with the rule further comprises:
transmitting to at least one ECU a message containing a command to disconnect the at least one ECU that is on a list of ECUs of auxiliary electronic systems of the vehicle.

10.	(Currently Amended)	The method of claim 1, wherein the blocking of the cyberattack on the vehicle by performing the action associated with the rule further comprises:
transmitting to at least one ECU a message containing a command to enable a safety mode for the at least one ECU that is on a list of ECUs of primary electronic systems of the vehicle. 

11.	(Currently Amended)	The method of claim 1, wherein the blocking of the cyberattack on the vehicle by performing the action associated with the rule further comprises:
blocking transmission of at least one message from the first communications bus to a second communications bus of the vehicle via a gateway.

12.	(Cancel). 

13.	(Previously Presented)	The method of claim 1, wherein the transmission of at least one message between ECUs is blocked by sending a sequence of bit zeros on the bus, such that a 

14.	(Currently Amended)	The method of claim 1, further comprising:
responsive to applying, to one or more ECUs of the vehicle, a software update configured to patch a vulnerability of the ECU, removing the rule for detecting the cyberattack on the vehicle.

15.	(Original)	The method of claim 1, wherein the condition for applying the rule depends on the state of at least one ECU.

16.	(Original)	The method of claim 1, wherein the condition for applying the rule depends on the performance of at least one ECU.

17.	(Currently Amended)	A computer system for blocking cyberattacks on electronics systems of a vehicle, the computer system comprising:
a plurality of Electronic Control Units (ECUs);
a first communications bus configured to communicatively couple the plurality of ECUs; and
a hardware processor configured to:
intercept a plurality of messages transmitted on the first communications bus between a plurality of ECUs of a vehicle;

store, in a log, the intercepted messages and information identifying the least one recipient ECU;
detect a cyberattack on the vehicle based on satisfaction of at least one condition of a rule by the stored messages and the information stored in the log, 
wherein the rule depends on whether one or more intercepted messages are malicious messages ECU of the malicious messages; 
wherein the at least one condition of the rule specifies a presence of a defined group of messages in the log during a period of time associated with a movement of the vehicle; 
wherein the at least one condition of the rule further specifies a state of a movement of the vehicle, such that the rule is applied responsive to determining that the vehicle is in motion, and the rule is not applied responsive to determining that the vehicle is not moving; and
block the detected cyberattack on the vehicle by performing an action associated with the rule, wherein the blocking of the detected cyberattack further comprises blocking a transmission of at least one message between the ECUs 



19.	(Currently Amended)	The computer system of claim 17, 
wherein the at least one condition of the rule further specifies that the information indicating the at least one recipient ECU that is the recipient of the messages matches a defined group of ECU


20.	(Currently Amended)	A non-transitory computer readable medium comprising computer executable instructions for blocking cyberattacks on electronics systems of a vehicle, including instructions for:
intercepting a plurality of messages transmitted on a first communications bus between a plurality of Electronic Control Units (ECUs) of a vehicle, wherein the plurality of ECUs are communicatively coupled to the first communications bus;

storing, in a log, the intercepted messages and information identifying the least one recipient ECU;
detecting a cyberattack on the vehicle based on satisfaction of at least one condition of a rule by the stored messages and the information stored in the log, 
wherein the rule depends on whether one or more intercepted messages are malicious messages ECU of the malicious messages; 
wherein the at least one condition of the rule specifies a presence of a defined group of messages in the log during a period of time associated with a movement of the vehicle; 
wherein the at least one condition of the rule further specifies a state of a movement of the vehicle, such that the rule is applied responsive to determining that the vehicle is in motion, and the rule is not applied responsive to determining that the vehicle is not moving; and
blocking the detected cyberattack on the vehicle by performing an action associated with the rule, wherein the blocking of the detected cyberattack further comprises blocking a transmission of at least one message between the ECUs 


Reason for allowance
Claims 1-3, 5, 7-11 and 13-20 are allowed. The following is an examiner’s statement of reasons for allowance. After consideration of the applicant’s claims amendment and corresponding argument remarks in correspondence filed on November 20, 2020, through examination of the claims with search and further proposed examiner’s amendment, the pertinent prior arts of record, either taken alone or in combination neither anticipates nor renders obvious the claimed subject matter of the instant application taken as a whole and the claims having particular features have been found in condition for allowance. 

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See the notice of reference cited in form PTO-892 for additional prior art.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TECHANE GERGISO whose telephone number is (571)272-3784.  The examiner can normally be reached on 9:30am to 6:30pm.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG W KIM can be reached on 5712723804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/TECHANE GERGISO/Primary Examiner, Art Unit 2494