DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
An amendment was filed by the Applicant on 2/15/2021.  Claims 1 and 14 are the independent claims.  Claims 1-15, and 17-23 have been examined.  The rejection is Final.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Response to Amendment
Applicant's arguments filed 2/15/2021 have been fully considered but they are not persuasive. 
On page 7 of the Applicant’s arguments the Applicant has canceled claim 16.  Thus, the previous claim objection is withdrawn by the Examiner.
On page 8 of the Applicant’s arguments the Applicant states that the prior art of “Ben Noon does not disclose or suggest ignores status values that are originated from sensors’ readings and appearing within the data field of vehicle-behavioral only messages”.
(A).  The Applicant’s above argument is moot, because the prior art of Ben Noon was not relied upon to reject the limitation, “ignores status values that are originated from sensors’ readings and appearing within the data field of vehicle-behavioral only messages”.  Therefore, the Applicant’s argument is moot.
“ignores status values that are originated from sensors’ readings and appearing within the data field of vehicle-behavioral only messages”.  The Applicant discloses, see (PG-pub 2020/0389453) the exact opposite, the sensor is used to obtain status values that originate from sensor readings, because the Applicant discloses  Typically, a continuous variable is obtained from a sensor or a meter. Therefore, the profile in fact encapsulates, among others, variables joint histograms (The Applicant’s PG-Pub 2020/0389453, para. 0061).   The Applicant’s PG-pub also discloses sensor  “listens” to the flow of information over the CAN-bus during a period T1 of, for example, 5 minutes. The flow of the messages during the period T1 is recorded by controller, and stored within a temporal storage. Periodically, every period T2 of, for example, 60 minutes, tele-processor transmits a messages file containing the accumulated content within storage to a cloud-based (also referred herein as “remote authentication server”) vehicle authentication server (not shown in FIG. 2) via transceiver (The Applicant’s PG-Pub 2020/0389453, para. 0060).  Thus, the tele-processor has a sensor that senses the messages flowing on the bus, and the values are obtained from the sensor readings.  Also, the Applicant’s limitation of “ignores status values appearing within the data field of vehicle behavioral only messages”, the Examiner also sees disclosed the exact opposite.  The Applicant’s PG-Pub discloses The CAN-bus command 0x5de reports in general the status of various lights of the car (high lights, regular lights, parking lights, fog lights, left indicator, and right indicator, or a status of all the lights off). Depending on the value of “byte 0” of the data field of the command, which may have one of the following values, 0, 1, 2, 4, 10, 20, or 40, the status of a specific light (The Applicant’s PG-Pub 2020/0389453, para. 0112).   
On page 9 of the Applicant’s arguments the Applicant states that the prior art of “Ben Noon does not disclose verifying an identity of a computerized sub-system of a vehicle”.
(C).  The Examiner disagrees with the Applicant.  First, the Examiner would like to point out in the Applicant’s PG-pub the details of the “identity” described by the Applicant.  The Applicant states in the PG-pub, the vehicle's profile can be used to determine anomalies in the vehicle's computerized sub-system, such as those that are connected to or resulting from malicious activities, such as cyber-attacks. The system of the invention which compares the temporary profile (which is generated typically during a short period, however repeatedly) with the final profile can also be used in order to authenticate the identity of the vehicle, while the temporary profile serves as a signature of the vehicle (The Applicant’s PG-pub 2020/0389453, para. 0123).  
	(D).  Ben Noon discloses the Cyber-Watchman installed in a subscriber vehicle monitors communication traffic over at least a portion of an in-vehicle communication network of the vehicle to identify anomalies in the communication traffic that may indicate a disturbance in the normal operation of the network or vehicle. The disturbance may by way of example comprise a malfunction of any of the various components, that is, nodes, in the vehicle connected to the in-vehicle communication network and/or occurrence and/or consequence of a cyber attack on the communication network (Ben Noon: para. 0010).  Ben Noon discloses a temporary profile in which CAN messages can be stored, and there is matching of rules for CAN messages (Ben Noon: para. 0032, 0038, 0050).  Ben Noon discloses the identity, because the vehicle’s profile can be used to determine attacks in the vehicle’s computerized sub-system, the CAN messages can contain content in the message that is valid for features that characterize the vehicle, these features (Ben Noon: para. 0050).
On page 9 of the Applicant’s arguments the Applicant states that, “Ben Noon never suggests that a signature of a first vehicle is distinguishable over a signature of another vehicle of a same manufacturer, nor distinguishable from a signature of a vehicle of another manufacturer, and the signature can be used to distinguish between vehicles having an exact same model number manufacturing year, assemblies and accessories”. 
(E).  In response to applicant's argument that the references fail to show certain features of applicant’s invention, it is noted that the features upon which applicant relies (i.e., Ben Noon never suggests that a signature of a first vehicle is distinguishable over a signature of another vehicle of a same manufacturer, nor distinguishable from a signature of a vehicle of another manufacturer, and the signature can be used to distinguish between vehicles having an exact same model number manufacturing year, assemblies and accessories) are not recited in the rejected claim(s).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).
On page 10 of the Applicant’s arguments the Applicant states that the prior art of Galula does not disclose or suggest, “verify the identity of the computerized sub-system of the vehicle based on at least a partial compliance between said final profile”.  
(F).  The Examiner disagrees with the Applicant.  Galula discloses “verify the identity of the computerized sub-system of the vehicle based on at least a partial compliance between said final profile”, because Galula discloses security enforcement unit enforces cyber-security in a vehicle, storing the model of expected behavior for one of more messages communicated over an in-vehicle network from at least one ECU (i.e. computerized sub-system), determining based on the model whether or not a behavior meets a criteria or complies with excepted timing (Galula: para. 0037).  The Examiner asserted the final profile is the model.  

On page 11 of the Applicant’s argument the Applicant states that, “Ben Noon and Galula do not distinguish between two vehicles from the same make and model”.  
(G).  In response to applicant's argument that the references fail to show certain features of applicant’s invention, it is noted that the features upon which applicant relies (i.e., Ben Noon and Galula do not distinguish between two vehicles from the same make and model) are not recited in the rejected claim(s).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).  Further, Claim 1 states, “A system for verifying an identity of a computerized sub-system of a vehicle”.  The Examiner has examined the claims, in particular claim 1, and does not see claimed two vehicles being distinguished between each other.    Therefore, the Applicant’s argument is moot.
On page 11-12 of the Applicant arguments the Applicant argues the prior art of Galula, the Applicant states that Galula does not disclose or suggest, “said vehicle-behavioral only messages that characterize machine-based elements within the subsystem, said generation of the final profile ignores status values that are originated from sensors’ reading and appearing within the data field of vehicle-behavioral only messages”.
said vehicle-behavioral only messages that characterize machine-based elements within the subsystem, because Galula discloses a given CAN message may be associated with at least one frequency of transmission that defines a corresponding expected repetition period (e.g. behavior) with which the given CAN message is usually transmitted or retransmitted over the CAN network. A specific CAN message, e.g., identified by its specific (possibly unique) CAN message ID, may be associated with more than one expected repetition periods. At any given time, the selection or identification of which of the more than one repetition periods associated with (or characterizing) a transmission of a given CAN message over a CAN network may be a function of, or based on, a context at the given time. The terms "vehicle context", "network context", "nodes context" or simply "context" as referred to herein may relate to a state, configuration or any operational or functional aspects of one or more of: a vehicle, an in-vehicle network, and/or one or more nodes connected to the in-vehicle network (Galula: para. 0050).  Thus, the vehicle only messages that characterized machine based elements are based on the configuration of vehicle and the frequency of the transmission of messages.  Further, Galula discloses “said generation of the final profile ignores status values that are originated from sensors’ reading and appearing within the data field of vehicle-behavioral only messages”, because Galula discloses a message may be a signal. Generally, signals as referred to herein may be data sent by a control or other unit. Signal values, as referred to herein, may be values sent by a control or other unit (Galula: para. 0045).  Thus, Galula signal does not have to come from sensor’s reading, but can come from another component, such as a control or other unit (Galula: para. 0045).  Also, Galula discloses a unit or component that monitors and/or controls oil pressure in an engine may send signals that may be messages that include values representing engine oil pressure (Galula: para. 0045).  The Examiner would like to point out, that oil pressure can also be a machine-based element, and not a function of driver of the vehicle, behavior, or environmental 
In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  
(I).  In this case, both are analogous in the art vehicle security, the motivation is that there is a growing complexity of electronic control systems in vehicles makes it harder than before to identity and/or detect faults or malfunctions of, or related to, components and network included in a vehicle (Galula: para. 0009).  Galula’s method is a security measure that detects cyber-security in a vehicle (Galula: para. 0009).


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-15, and 17-23 are rejected under 35 U.S.C. 103 as being unpatentable over Ben Noon et al (2015/0195297) in view of Galula et al (2016/0381066).
As per claim 1, BEN NOON et al discloses a system for verifying an identity of a computerized sub-system of a vehicle, comprising: at the vehicle (Ben Noon: See Fig. 1A #30 vehicle):
a tele-processor (Ben Noon: See Fig. 1A, Watchmen #40) configured to periodically record during a period T1 a flow of messages over a bus of the vehicle’s sub-system (Ben Noon: See Fig. 1A, para. 0032, 0038, discloses a recording mode, the Watchmen (i.e. tele-processor) monitors communications in in-vehicle communication network of the vehicle to accumulate data from messages over a CAN bus#71), and to periodically transmit every period T2 the recorded flow of messages to a remote server via a transceiver (Ben Noon: para. 0011, para. 0045-0046,  to periodically transmit every period the recorded flow of messages to remote server (i.e. Cyber-Hub) via a transceiver);
at a remote authentication server (Ben Noon: Cyber-Hub: para. 0013):
(Ben Noon: See Fig. 2A, para. 0052, transceiver #43 receives CAN messages); 
said profile generator is further configured to generate during run-time (Ben Noon: para. 0034-0035, 0090, generate during run-time (i.e. vehicle is active)), from vehicle-behavioral-only messages within an individual record of a flow of messages a temporary profile (Ben Noon: para. 0033-0035, temporary profile (i.e. histogram is limited and discloses the histogram can be discarded, thus the Examiner asserts the histogram is the temporary profile; and histogram includes CAN messages that includes vehicle context (i.e. behavioral only messages, engine temperature, oil pressure, hydraulic pressure), said temporary profile reflecting a signature of the sub-system of the vehicle (Ben Noon: para. 0046, 0090, uses the histogram (i.e. temporary profile) reflecting a signature, the Examiner asserts the histogram contains CAN messages that reflects a signature to determine if there are unwarranted messages that indicate a cyber-attack).
Ben Noon does not explicitly disclose a profile generator configured to generate during an offline stage from vehicle-behavioral only messages within a plurality of said flows of messages a final profile that forms an identity of said computerized sub-system of the vehicle; and a comparator which is configured to compare periodically said final profile, thereby to verify the identity of the computerized sub-system of the vehicle based on at least a partial compliance between said final profile; wherein said vehicle-behavioral-only messages are messages that characterize machine-based elements within the subsystem, while eliminating functions that depend on the driver of the vehicle, on the driver’s behavior, or on environmental conditions during the vehicle’s operation; wherein said generation of the final profile ignores status values that are originated from sensors’ readings and appearing within the data field of vehicle-behavioral-only messages; and wherein the identity of the computerized sub-system of the vehicle forms an identity of the vehicle itself.
(Galula: para. 0059, 0153, 0159, 0262, a logging of messages with a final profile (i.e. model)); comparator which is configured to compare periodically said final profile (Galula: para. 0052, 0061-0063, comparing CAN messages during run-time with the final profile (i.e. model), thereby to verify the identity of the computerized sub-system of the vehicle based on at least a partial compliance between said final profile (Galula: para. 0052-0053, verify the identity of the computerized sub-system (i.e. node) based on at least partial compliance between the model (i.e. final profile)); wherein said vehicle-behavioral-only messages are messages that characterize machine-based elements within the subsystem, while eliminating functions that depend on the driver of the vehicle, on the driver’s behavior, or on environmental conditions during the vehicle’s operation (Galula: para. 0056, discloses at least one parameter (i.e. vehicle-behavioral-only messages) includes engine temperature, oil pressure, hydraulic pressure); wherein said generation of the final profile ignores status values that are originated from sensors’ readings and appearing within the data field of vehicle-behavioral-only messages, and wherein the identity of the computerized sub-system of the vehicle forms an identity of the vehicle itself (Galula: para. 0037, 0045, 0053, generation of the model (i.e. final profile) ignore status values (i.e. values)and the identity of the sub-system of the vehicle forms according to checking the model to determine is the anomalous messages have been submitted, this determines the identity of the vehicle itself).  
It would have been obvious to one of ordinary skill in art before the time of the effective filing date of the claimed invention to include a profile generator configured to generate during an offline stage from vehicle-behavioral only messages within a plurality of said flows of messages a final profile that forms an identity of said computerized sub-system of the vehicle; and a (Galula: para. 0009).  Galula’s method is a security measure that detects cyber-security in a vehicle (Galula: para. 0009).

As per claim 2, Ben Noon and Galula discloses the system according to claim 1.
Ben Noon further discloses wherein said tele-processor comprising a sensor configured to sense the messages flowing on the bus, a controller, and a storage for storing accumulated messages (Ben Noon: para. 0024-0024, 0034, 0052, Watchmen (i.e. tele-processor) includes a sensor that senses the CAN messages flowing from the CAN bus, a controller, and storage for storing accumulated messages (i.e. histogram)) .



As per claim 3, Ben Noon and Galula discloses the system according to claim 1.
Ben Noon does not explicitly disclose wherein said profile generator is further configured to generate said final profile based on one or more flows of messages, whose accumulated duration in total is significantly longer than the period T1.
Galula discloses wherein said profile generator is further configured to generate said final profile based on one or more flows of messages, whose accumulated duration in total is significantly longer than the period T1 (Galula: See Fig. 11, para. 0052, 0059, final profile (i.e. model, number of expected messages per second, time unit, or period, and used to determine expected behavior).
It would have been obvious to one of ordinary skill in art before the time of the effective filing date of the claimed invention to include wherein said profile generator is further configured to generate said final profile based on one or more flows of messages, whose accumulated duration in total is significantly longer than the period T1 of Galula with Ben Noon’s temporary profile, both are analogous in the art of vehicle security, the motivation is that this a security measure that detects a cyber-attack, by determining if a sequence of messages sent from a node deviates from a known or expected repetition period by comparing an interval between messages to an interval stored, thus detecting anomalous messages (Galula: para. 0052-0053).

             As per claim 4, Ben Noon and Galula discloses a system according to claim 1.  The combination of Ben Noon and Galula further discloses wherein said profile generator generates said final profile (Galula: para. 0052, 0059, generates final profile (i.e. model)) and said temporary profile based on a substantially same set of rules (Ben Noon: para. 0046, 0086, 0090, uses the histogram (i.e. temporary profile).
	Same Motivation as claim 1 above.

As per claim 5, Ben Noon and Galula discloses a system according to claim 1. 
The combination of Ben Noon and Galula further discloses wherein said comparator is configured to verify whether a match exists between said final profile (Galula: para. 0059, 0061, comparator is configured to verify whether a match exists using the final profile (i.e. model)) and said temporary profile (Ben Noon: para. 0033-0035, temporary profile (i.e. histogram) within predefined envelopes (Galula: para. 0061, predefined envelopes (i.e. thresholds/maximum deviation), and when a mismatch is found, an alert is issued (Galula: para. 0115, indicate an anomaly or intrusion).
Same Motivation as claim 1.

As per claim 6, Ben Noon and Galula discloses the system according to claim 6.  
Ben Noon does not explicitly disclose wherein a mismatch outside of said envelopes hints to one or more of: (a) a malicious activity within said vehicle’s sub-system; (b) a malicious activity to fake the identity of the vehicle; (c) installation of a non-original or non-standard element within said vehicle’s computerized sub-system; or (d) installation of a non-standard element within a communication network of the vehicle.
Galula discloses wherein a mismatch outside of said envelopes hints to one or more of: (a) a malicious activity within said vehicle’s sub-system; (b) a malicious activity to fake the identity of the vehicle; (c) installation of a non-original or non-standard element within said vehicle’s computerized sub-system; or (d) installation of a non-standard element within a communication network of the vehicle (Galula: para. 0115, 0224, only one needs to be disclosed, a mismatch outside of said envelopes hints to one or more of: (a) a malicious activity within said vehicle’s sub-system, because Galula discloses deviations (i.e. envelopes) hints to malicious activity within said vehicle sub-system, such as a malicious entity on the in-vehicle network may attempt to inject malicious messages to the in-vehicle network).
It would have been obvious to one of ordinary skill in art before the time of the effective filing date of the claimed invention to include wherein a mismatch outside of said envelopes hints to one or more of: (a) a malicious activity within said vehicle’s sub-system; (b) a malicious activity to fake the identity of the vehicle; (c) installation of a non-original or non-standard element within said vehicle’s computerized sub-system; or (d) installation of a non-standard element within a communication network of the vehicle of Galula with Ben Noon, both are analogous in the art of vehicle security, the motivation is that this is a security measure that detects a malicious entity on the in-vehicle network that may inject malicious messages to the in-vehicle network (Galula: para. 0115).

As per claim 7, Ben Noon and Galula discloses a system according to claim 1.
Ben Noon further discloses wherein said remote authentication server (Ben Noon: Cyber-Hub: para. 0013) further comprising a storage for storing the received flows of messages (Ben Noon: para. 0011, para. 0045-0046, to periodically transmit every period the recorded flow of messages to remote server), the temporary profile (Ben Noon: para. 0046, 0090, uses the histogram (i.e. temporary profile), and at least one final profile (Galula: para. 0059, 0153, 0159, 0262, a final profile (i.e. model)).
Same Motivation as claim 1.




As per claim 8, Ben Noon and Galula discloses a system according to claim 7.
Ben Noon wherein said envelopes are defined by said profile generator, manually, or by a combination thereof.
Galula discloses wherein said envelopes are defined by said profile generator, manually, or by a combination thereof (Galula: para. 0150, envelopes (i.e. thresholds), can be updated dynamically or continuously).
It would have been obvious to one of ordinary skill in art before the time of the effective filing date of the claimed invention to include wherein said envelopes are defined by said profile generator, manually, or by a combination thereof of Galula with Ben Noon both are analogous in the art of vehicle security, the motivation is that envelopes being defined is an efficient method, that insures anomalous messages can be detected in an in-vehicle communication network (Galula: para. 0002).

            As per claim 9, Ben Noon and Galula discloses a system according to claim 1.
            The combination of Ben Noon and Galula further discloses wherein said temporary profile (Ben Noon: para. 0046, 0090, uses the histogram (i.e. temporary profile)) and said final profile comprise a plurality of parameters of the computerized sub-system (Ben Noon: para. 0033, only one needs to be discloses, Ben Noon discloses plurality of parameters of the computerized sub-subsystem, engine temperature, oil pressure, wheel transaction).
	Same Motivation as claim 1.

            As per claim 10, Ben Noon and Galula discloses a system according to claim 1.  
Galula further discloses wherein the final profile is stored within the remote authentication server, within the vehicle, or both within the remote server and within the vehicle (Galula: para. 0059, discloses the final profile is stored within the vehicle, the final profile is the model).
	Same Motivation as claim 1.
            As per claim 11, Ben Noon and Galula discloses a system according to claim 4.
            Ben Noon does not explicitly disclose wherein the final profile is updated following a maintenance of the vehicle at a trusted repair shop.
	Galula discloses wherein the final profile is updated following a maintenance of the vehicle at a trusted repair shop (Galula: para. 0064, final profile (i.e. model) is updated by a technician (i.e. trusted repair shop the Examiner asserts is where the technician works).
	It would have been obvious to one of ordinary skill in art before the time of the effective filing date of the claimed invention to include wherein the final profile is updated following a maintenance of the vehicle at a trusted repair shop of Galula with Ben Noon both are analogous in the art of vehicle security, the motivation is that the final profile (i.e. model) can be updated, thus this is an efficient method that allows one to detect or identify anomalies in an in-vehicle network (Galula: para. 0062, 0064).
As per claim 12, Ben Noon and Galula discloses a system according to claim 1.
Ben Noon further discloses wherein said bus is a CAN-bus (Ben Noon: See 1B, para. 0024-0025, CAN-bus #61 and #71).

            As per claim 13, Ben Noon and Galula discloses a system according to claim 1.
            Ben Noon further discloses wherein a communication on the bus is based on Flexray, Ethernet, or another communication protocol suitable for use in a vehicle’s bus (Ben Noon: para. 0007, discloses Flexray, Ethernet, and another communication protocol such as control area network).

As per claim 14, Ben Noon discloses a method for verifying an identity of a computerized sub-system of a vehicle (Ben Noon: See Fig. 1A #30 vehicle), comprising:
installing within said computerized sub-system of the vehicle a tele-processor (Ben Noon: See Fig. 1A, Watchmen #40);
periodically recording by said tele-processor during a period T1 a flow of messages over
a bus of the vehicle's sub-system (Ben Noon: See Fig. 1A, para. 0032, 0038, discloses a recording mode, the Watchmen (i.e. tele-processor) monitors communications in in-vehicle communication network of the vehicle to accumulate data from messages over a CAN bus#71), and transmitting periodically every period T2 the recorded flow of messages to a remote authentication server (Ben Noon: para. 0011, para. 0045-0046,  to periodically transmit every period the recorded flow of messages to remote server (i.e. Cyber-Hub) via a transceiver); 
at the remote authentication server (Ben Noon: Cyber-Hub: para. 0013):
receiving each of said recorded flow of messages (Ben Noon: See Fig. 2A, para. 0052, transceiver #43 receives CAN messages);
generating during run-time from vehicle-behavioral-only messages within each individual record of a flow of messages a temporary profile (Ben Noon: para. 0034-0035, 0090, generate during run-time (i.e. vehicle is active)), said temporary profile reflecting a signature of the sub-system of the vehicle (Ben Noon: para. 0046, 0090, uses the histogram (i.e. temporary profile) reflecting a signature, the Examiner asserts the histogram contains CAN messages that reflects a signature to determine if there are unwarranted messages that indicate a cyber-attack).

            Galula discloses generating during an offline stage from vehicle-behavioral-only messages within a plurality of said flows of messages a final profile that forms an identity of said sub-system of the vehicle (Galula: para. 0059, 0153, 0159, 0262, a logging of messages with a final profile (i.e. model));
comparing during run time with said final profile (Galula: para. 0052, 0061-0063, comparing CAN messages during run-time with the final profile (i.e. model), thereby to verify the identity of the computerized sub-system of the vehicle based on at least a partial compliance between said final profile (Galula: para. 0052-0053, verify the identity of the computerized sub-system (i.e. node) based on at least partial compliance between the model (i.e. final profile));
wherein said vehicle-behavioral-only messages are messages that characterize machine-based elements, while eliminating functions that depend on the driver of the vehicle, on the driver's behavior, or on environmental conditions during the vehicle's operation (Galula: para. 0056, discloses at least one parameter (i.e. vehicle-behavioral-only messages) includes engine temperature, oil pressure, hydraulic pressure);
wherein said generation of the final profile ignores status values that are originated from sensors readings and appearing within the data field of vehicle-behavioral-only messages (Galula: para. 0056, discloses at least one parameter (i.e. vehicle-behavioral-only messages) includes engine temperature, oil pressure, hydraulic pressure) and
wherein the identity of the computerized sub-system of the vehicle forms an identity of the vehicle itself (Galula: para. 0037, 0045, 0053, generation of the model (i.e. final profile) ignore status values (i.e. values) and the identity of the sub-system of the vehicle forms according to checking the model to determine is the anomalous messages have been submitted, this determines the identity of the vehicle itself).
It would have been obvious to one of ordinary skill in art before the time of the effective filing date of the claimed invention to include generating during an offline stage from vehicle-behavioral-only messages within a plurality of said flows of messages a final profile that forms an identity of said sub-system of the vehicle; comparing during run time with said final profile, thereby to verify the identity of the computerized sub-system of the vehicle based on at least a partial compliance between said final profile; wherein said vehicle-behavioral-only messages are messages that characterize machine-based elements, while eliminating functions that depend on the driver of the vehicle, on the driver's behavior, or on environmental conditions during the vehicle's operation; wherein said generation of the final profile ignores status values that are originated from sensors readings and appearing within the data field of vehicle-behavioral-only messages and wherein the identity of the computerized sub-system of the vehicle forms an identity of the vehicle itself of Galula with Ben Noon’s temporary profile, both are analogous in the art vehicle security, the motivation is that there is a growing complexity of electronic control systems (Galula: para. 0009).  Galula’s method is a security measure that detects cyber-security in a vehicle (Galula: para. 0009).
	As per claim 15, Ben Noon and Galula discloses the method according to claim 14.  Galula further discloses wherein said final profile is generated based on one or more periodic flows of messages, whose duration in total is much longer than the period T1 (Galula: See Fig. 11, para. 0052, 0059, final profile (i.e. model, number of expected messages messages per second, time unit, or period, and used to determine expected behavior).
	Same Motivation as claim 1.
	As per claim 17, rejected under similar scope as claim 4.
	As per claim 18, Ben Noon and Galula disclose the method according to claim 14. The combination of Ben Noon and Galula further discloses wherein said comparison verifies whether a match exists between said final profile and temporary profile (Ben Noon: para. 0033-0035, temporary profile (i.e. histogram) to within predefined envelopes (Galula: para. 0052, 0061-0063, comparing CAN messages with the final profile (i.e. model)).
	Same motivation as claim 1.
	As per claims 19-20, rejected under similar scope as claims 6-7 respectively.
	As per claim 21, rejected under similar scope as claim 11.
As per claim 22, Ben Noon and Galula discloses the system according to claim 1. 
            The combination of Ben Noon and Galula further discloses wherein the final profile (Galula: para. 0056, final profile (i.e. model) discloses behavioral only and non-behavioral messages, vehicle location, behavioral, and oil pressure non-behavioral) as well as the temporary profile are formed from both behavioral-only messages and from non-behavioral messages (Ben Noon: para. 0015, 0033, temporary profile (i.e. histogram) formed by both behavior only messages and from non-behavioral messages, Ben Noon discloses state of the vehicle, which includes a variety of behavioral only messages and non-behavioral messages).
	Same motivation as claim 1 above.
	As per claim 23, rejected under similar basis as claim 22.


Conclusion

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 


Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T Pham can be reached on (571)270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  
For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

3/1/2021
/J.E.J/Examiner, Art Unit 2439     


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439