Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 12-23-2020 has been entered.

Response to Amendments
The amended claims 1 – 5, 9 – 14, 18 and 19 were considered under 35 USC 112, 101 and 103 for patentability over closest and analogous prior arts Ujiie et al (US Pub. #: 20180316584), hereafter Ujiie and Xie et al (US Pub. #: 20180324219), hereafter Xie have been fully considered and are persuasive. Claims 6 – 8 and 15 – 17 are cancelled.

Allowable Subject Matter
1.	Amended claims 1 – 5, 9 – 14, 18 and 19 are allowed in light of applicant’s arguments, approved examiner’s proposed amendments and in light of prior art(s) made of record. 

Examiner’s Amendment


1. (currently amended) A method at a computing device for determining processing characteristics of nodes within a system, the method comprising: 
receiving at the computing device a plurality of messages being passed within the system; 
analyzing a payload for each message of the plurality of messages to determine one or more message identifiers; 
performing an analysis of a binary image for each node within the system to find nodes filtering for the one or more message identifiers, the binary image comprising executable code for execution by a processor of a respective node; [[
finding anomalies in the plurality of messages based on volume of messages or amount of error frames processed by the nodes;
determining a relative amount of processing done by each of the nodes based on the plurality of messages, thereby creating a ranking of the nodes; and  
performing a vulnerability analysis of the plurality of nodes based on the ranking of the nodes. 

2. (original) The method of claim 1, wherein the messages are passed on a Controller Area Network (CAN) bus. 

3. (original) The method of claim 2, wherein the message identifier is a standard or extended CAN identifier. 

4. (original) The method of claim 1, wherein the analysis for the binary image further: 
identifies that the node is filtering for messages; and 


5. (original) The method of claim 1, wherein the determining of the relative amount of processing ranks each node within the system based on an amount of processing performed at that node. 

6. (canceled) 

7. (canceled)

8. (canceled) 

9. (original) The method of claim 1, wherein the system is a vehicle system and wherein the nodes are electronic control units. 

10. (currently amended) A computing device for determining processing characteristics of nodes within a system, the computing device comprising: 
a processor communicatively coupled to a memory; and 
a communications subsystem, 
wherein the computing device is configured to: 
receive a plurality of messages being passed within the system; 
analyze a payload for each message of the plurality of messages to determine one or more message identifiers; 
perform an analysis of a binary image for each node within the system to find nodes filtering for the one or more message identifiers, the binary image comprising executable code for execution by a processor of a respective node; [[
 find anomalies in the plurality of messages based on volume of messages or amount of error frames processed by the nodes; 
determine a relative amount of processing done by each of the nodes based on the plurality of messages, thereby creating a ranking of the nodes; and
perform a vulnerability analysis of the plurality of nodes based on the ranking of the nodes.  

 11. (original) The computing device of claim 10, wherein the messages are passed on a Controller Area Network (CAN) bus. 

12. (original) The computing device of claim 11, wherein the message identifier is a standard or extended CAN identifier. 

13. (original) The computing device of claim 10, wherein the analysis for the binary image further: 
identifies that the node is filtering for messages; and 
identifies the one or more message identifiers. 

14. (original) The computing device of claim 10, wherein the computing device is configured to determine of the relative amount of processing by ranking each node within the system based on an amount of processing performed at that node. 

15. (canceled) 

16. (canceled) 

17. (canceled) 

18. (original) The computing device of claim 10, wherein the system is a vehicle system and wherein the nodes are electronic control units. 

19. (currently amended) A non-transitory computer readable medium for storing instruction code for determining processing characteristics of nodes within a system, the instruction code when executed by a processor of a computing device cause the computing device to: 
receive a plurality of messages being passed within the system; 
analyze a payload for each message of the plurality of messages to determine one or more 
perform an analysis of a binary image for each node within the system to find nodes filtering for the one or more message identifiers, the binary image comprising executable code for execution by a processor of a respective node; [[
find anomalies in the plurality of messages based on volume of messages or amount of error frames processed by the nodes; 
determine a relative amount of processing done by each of the nodes based on the plurality of messages, thereby creating a ranking of the nodes; and
perform a vulnerability analysis of the plurality of nodes based on the ranking of the nodes.  

Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: 
As to the independent claim 1, the prior art of reference Ujjie teaches [0040, 0055] acquiring particular information based on the number of messages received, within the unit time identified based on the vehicle identification information received from the one vehicle, from a specified bus in a specified vehicle in a specified on-board network system, the specified vehicle specified from one or more vehicles in a set of vehicles identified by the vehicle identification information; [0039-0040] determine the unit time used to detect an abnormality based on a result of latest analysis of information on frames accumulated from a plurality of vehicles of the same type. The received message may include a message ID indicating a message type, and identifying, as the feature information, a feature vector including components assigned to respective message IDs corresponding to the number of messages received from the bus and respectively indicating numbers of messages of the assigned message IDs received from the bus within the determined unit time; [0115] the abnormality detection result storage stores, as a log for each vehicle, the abnormality detection result notified from the communicator. In a case  

Further, a second prior art of record Xie teaches: [0007] analyzing respective system configurations of the one or more network security devices ([0038] BOTNET IP addresses, malicious websites, SPAM and malicious email is being filtered... and (iv) evaluating performance of the security policies based on the traffic and the observed behaviors. [0043] based on the analysis of the network topology, security policies being implemented on network devices, performance of security policy by different network assets, system can generate a scoring metric. [0033] wherein the scoring metric is a quantitative representation of protection level and/or exposure level of the network segment. Each criterion of the one or more defined security criteria may have a weight assigned and a score again each criterion of the one or more defined security criteria is determined based on analysis of the network segment. [0048] the browse-through user interface can allow a user to see different malware that has been detected, infected network devices, infected network segments, and all such threats/vulnerabilities in the network. 

None of the other prior arts of record teach by themselves or in any combination, would have anticipated nor render obvious by combination the claimed invention of the present application at or before the time it was filed.  The prior arts of record fail to teach: determining message 

Therefore, independent claim 1 and their corresponding dependent claims are allowed in light of applicant’s arguments, approved examiner’s amendments and prior arts of record. The same amendments and reasoning are applicable to independent claims 10 and 19 mutatis mutandis.  Claims 6 – 8 and 15 – 17 are cancelled.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892 Notice of References Cited.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Badri -- Champakesan whose telephone number is (571)270-3867.  The examiner can normally be reached on M-F: 7:45am-5pm (EST).

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T. Arani can be reached on 5712723787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/BADRINARAYANAN / Examiner, Art Unit 2438.