DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 02/15/2021 has been entered.
 
Response to Amendment
The Amendment filed on 09/24/2020 has been entered. 
Claim 1, 8-9, 11 and 18 are cancelled.
Claims 19-21 are cancelled.
Claims 1-18 and 22 are pending of which claims 1 and 11 are independent claims.

Response to Arguments
Applicant’s arguments with respect to claims 1-18 and 22 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
	
	
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences 


Claims 1-2, 7-9, 11-12, 16-18 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Valasek et al. (Pub. No.: US 2015/0113638, hereinafter Valasek) in view of Huang et al. (Pub. No.: US 2016/0035148, hereinafter Huang) and Ying (Pub. No.: US 2002/0181405).
Regarding claim 1: Valasek discloses a system for providing cyber security to an in-vehicle communication network comprising: 
a vehicle including: 
a memory; and a controller included in a security enforcement unit (Valasek - [0024]: Fig. 2, the attack monitoring unit 118 includes a processor 202), the controller configured to:
determine that a message sent over a network, from an initiator to a target node, jeopardizes the security of the network (Valasek - [0024]: the processor 202 is configured to monitor data messages (for example data messages 402, 404) transmitted on the automobile network 102. In an exemplary embodiment, the processor is configured to determine whether at least one data message (e.g., data message 402) among the data messages (e.g., data messages 402, 404) transmitted on the automobile network 102 is a threat to one or more of the plurality of electronic components (e.g., … the On-Board Diagnostic (OBD-II) port 108 or OBD-II unit 122),
However Valasek doesn’t explicitly teach wherein the message is related to a data transfer which is related to a diagnostic session. However, Valasek does teach data message transmitted to the automobile network is a threat to On-Board Diagnostic (OBD-II) (Valasek - [0024]). As a person with ordinary skills in the art,  OBD II information is commonly used by vehicle telematics devices that perform remote diagnostics. Furthermore, Huang discloses wherein the message is related to a data transfer which is related to a diagnostic session (Huang - [0012]: When this information is transmitted from the ECU to the diagnostic tool, it is conventionally unsecured from an eavesdropper. Thus, at this moment, a malicious attacker may acquire and improperly use the information).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Valasek with Huang so that a message related to 
However the combination of Valasek and Huang doesn’t explicitly teach but Ying discloses generate a disruptive message designed to terminate or prevent transfer of data over the session; and transmit, over the network, the disruptive message, wherein when sent, the disruptive message prevents the initiator from transferring data to the target node by at least one of: causing at least one of the initiator and the target node to terminate the session, and preventing at least one message sent from the initiator from reaching the target node (Ying - [0141]: a command is issued from one or more ground stations 710 to the control network 705 and/or the portable electronic diagnostic equipment 730, causing the portable electronic diagnostic equipment 730 or control network 705 to take appropriate action to prevent further use by the operator. For example, either the portable electronic diagnostic equipment 730 and/or the control network 705 may terminate the diagnostic and test session).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Valasek and Huang with Ying so that an action is taken to terminate a diagnostic session in case of any abnormal situation. The modification would have allowed the system to terminate a diagnostic session for security enhancement.
Regarding claim 2: Valasek as modified discloses wherein the identified message is one of: a message sent by the initiator in order to prepare the target node to receive the data transfer and a message sent by the target node in reply to a message sent by the initiator (Valasek - [0024]: The attack monitoring unit 118 can also include a communication interface 208 configured to send and/or receive data messages).
Regarding claim 7: Valasek as modified discloses wherein the controller and memory are embedded in a node that is adapted to control at least one system in the vehicle (Valasek - [0024]: the attack monitoring unit 118 includes a processor 202 and a memory 204. [0022]: the attack monitoring unit 118 would act as an independent ECU. The attack monitoring unit 118 can also be part of an existing ECU).
Regarding claim 8: Valasek as modified discloses wherein the controller is further configured to select the disruptive message according to a predefined protocol (Ying - [0070]: The communications interface 883 provides a wired (or possibly wireless) connection to the local area network 754. The communication interface 883 may utilize any conventional protocol for transporting data).
The reason to combine is similar as claim 1.
Regarding claim 9: Valasek as modified discloses wherein the controller is further configured to select the disruptive message based on at least one of: a state of the vehicle, a context, a message received by the controller, the target node and a stage of a session (Ying - [0141]: if the supervisor decides it is necessary to terminate access to a control network 705 by a particular operator (for example, to prevent an illegal or inappropriate command), the supervisor may enter an instruction at the user terminal 781 to do so).
The reason to combine is similar as claim 1.
Regarding claims 11-12, 16-18 and 22: Claims are directed to method claims and do not teach or further define over the limitations recited in claims 1-2, 7-9. Therefore, claims are also rejected for similar reasons set forth in claims 1-2, 7-9. 

Claims 3 and 13 are rejected under 35 U.S.C. 103 as being unpatentable Valasek et al. (Pub. No.: US 2015/0113638, hereinafter Valasek) in view of Huang et al. (Pub. No.: US 2016/0035148, hereinafter Huang) and Ying (Pub. No.: US 2002/0181405) and Rawat et al. (Patent No.: US 7,333,481, hereinafter Rawat).
Regarding claims 3 and 13: Valasek as modified doesn’t explicitly teach but Rawat discloses wherein the disruptive message modifies a state of a node (Rawat -[Col. 14, Line 17-21]: Transition 407A indicates that the present invention can disrupt communications of a station by sending one or more ARP messages from the sniffer directed to corrupt data in the ARP cache of the station. As a result, the station enters state 428 (state 5)).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Valasek, Huang and Ying with Rawat so that a disruptive message can modify a state. The modification would have allowed the system to change state of a station.

s 4 is rejected under 35 U.S.C. 103 as being unpatentable over Valasek et al. (Pub. No.: US 2015/0113638, hereinafter Valasek) in view of Huang et al. (Pub. No.: US 2016/0035148, hereinafter Huang) and Ying (Pub. No.: US 2002/0181405) and TANABE (Pub. No.: US 2016/0365822).
Regarding claim 4: Valasek as modified discloses “send disruptive messages” (see claim 1). However, Valasek as modified doesn’t explicitly teach but TANABE discloses wherein the controller is further configured to select an operational mode and selectively send disruptive messages based on the selected operational mode(Tanabe - [0033]: protection logic circuit 320 selects the internal protection mode by activating the PROTECTION SIGNAL).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Valasek, Huang and Ying with TANABE so that the disruptive messages can be sent selectively. The modification would have allowed the system to have more control for sending disruptive messages.

Claims 5 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Valasek et al. (Pub. No.: US 2015/0113638, hereinafter Valasek) in view of Huang et al. (Pub. No.: US 2016/0035148, hereinafter Huang) and Ying (Pub. No.: US 2002/0181405) and OCHIAI et al. (Pub. No.: US 2016/013503, hereinafter OCHIAI).
Regarding claims 5 and 14: Valasek as modified discloses wherein the controller is further configured to select whether or not to send the disruptive message based on a context (OCHIAI - [0036]: The ECU 40D is configured to be able to send the caution state signal, which indicates whether the vehicle 100 is in the security caution state, and the warning state signal, which indicates that the vehicle 100 is in the warning state, to the gateway ECU 10 via the in-vehicle LAN 30).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Valasek, Huang and Ying with OCHIAI so that different message is sent based on vehicle state. The modification would have allowed the system to be more flexible.

s 6 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Valasek et al. (Pub. No.: US 2015/0113638, hereinafter Valasek) in view of Huang et al. (Pub. No.: US 2016/0035148, hereinafter Huang) and Ying (Pub. No.: US 2002/0181405) and CHATURVED et al. (Pub. No.: US 2012/0296964, hereinafter CHATURVED).
Regarding claim 6: Valasek as modified doesn’t explicitly teach but CHATURVED discloses wherein the controller is further configured to send a first disruptive message to the initiator and a second disruptive message to the target node (CHATURVED - [0060]: The notification may also terminate the current session with the device 104 or place it on hold. In step 506, the device 102 may also send a message to the device 106 to terminate or hold the current session with the device 106).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Valasek, Huang and Ying with CHATURVED so that the disruptive messages can be send to different devices. The modification would have allowed the system to send disruptive messages to different devices.
Regarding claim 15: Claim 15 does not teach or further define over the limitations recited in claim 6. Therefore, claim 15 is also rejected for similar reasons set forth in claim 6. 

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Valasek et al. (Pub. No.: US 2015/0113638, hereinafter Valasek) in view of Huang et al. (Pub. No.: US 2016/0035148, hereinafter Huang) and Ying (Pub. No.: US 2002/0181405) and TANABE (Pub. No.: US 2016/0365822) and ZUFELT (Pub. No.: US 2008/0250137).
Regarding claim 10: Valasek as modified discloses “send disruptive messages” (see claim 1). However, Valasek as modified doesn’t explicitly teach but TANABE discloses wherein the controller is further configured to send disruptive messages when in a protective operational mode (see claim 4) 
However, the combination of Valasek, Huang and Ying and TANABE doesn’t explicitly teach but ZUFELT discloses monitor traffic on the network when in a passive operational mode (ZUFELT -[0032]: In the passive mode, the primary sensor 20 and one or more back-up sensors 30 are in-line with the network traffic and monitor the BPDUs).
prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Valasek, Huang and Ying and TANABE with ZUFELT so that network traffic is monitored in passive mode. The modification would have allowed the system to operate in different mode.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MENG LI whose telephone number is (571)272-8729.  The examiner can normally be reached on M-F 8:30-5:30.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on (571) 272-40633.  The fax phone number for the organization where this application or proceeding is assigned is 571-272-8729.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MENG LI/
Primary Examiner, Art Unit 2437