DETAILED ACTION

Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority

Receipt is acknowledged of certified copies of papers required by 37 CFR 1.55.

Information Disclosure Statement

The information disclosure statement (IDS) submitted on 5/29/2019 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Drawings

The drawings in figures 1-6 are objected to for lacking of suitable descriptive legends. Any structural detail that is essential for a proper understanding of the disclosed invention should be shown in the drawing. MPEP § 608.02(d). Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to 

Claim Interpretation

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 

(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitations use a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitations are: a detector in claim 16; one actuator in claim 18.
Because these claim limitations are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. The following cited paragraphs and figure provide written description corresponding to the claim limitations:  paragraphs [0008]; [0034] and [0078] for description of the detector; paragraphs [0040]; [0070] and [0080]-[0081] for description of the actuator.


Claim Objections

Claim 2 recites the limitation “wherein the communication is incorporated in a vehicle.” There is insufficient antecedent basis for this limitation in the claim.

Claim Rejections - 35 USC § 102

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claims 1-6 and 15-19 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Paraskevas et al. (US 2021/0075800), hereinafter Paraskevas.

As for claim 1, Paraskevas teaches a method for handling an anomaly in a communication network (paragraph [0008] describes a method of executing a remedial action in response to a detection of an intrusion into networked vehicle controllers), the method comprising: 
at least one detector performing a rule-based anomaly recognition to: identify a deviation of at least one parameter of a data packet of a data stream in the communication network from a target value (paragraphs [0025]-[0026] and [0030]-[0031] describe an onboard or remote electronic control unit (ECU or controllers (see paragraph [0010])) comprising a central processing unit that executes instructions to perform functions/operations, the ECU/controllers that perform operations is construed as a detector, one of the operations includes receiving Ethernet frames from data packets of networked vehicle controllers, identifying a specified field within the Ethernet frames with data indicate desired network traffic characteristics and then determining if any of the traffic characteristics of the monitored network traffic flow is outside a respective calibrated boundary); and based on the identified deviation, recognize presence of at least one anomaly (paragraph [0031] describes an intrusion detection system (IDS) logic checks the boundaries of the network traffic patterns to realize possible anomalies on the network traffic flows); and the at least one detector sending information about the recognized at least one anomaly via the communication network (paragraph [0037] describes in response to the traffic characteristics associated with the monitored network traffic flow falling outside of its respective calibrated boundary, the 

As for claim 2, Paraskevas teaches wherein the communication is incorporated in a vehicle (paragraphs [0037]-[0038] describe the alarm is sent to a governing system controller and the operations are implemented through a programs executed by an onboard vehicle computer).  

As for claim 3, Paraskevas teaches wherein at least one actuator receives the sent information via the communication network (paragraphs [0037]-[0039] describe processors execute instructions to perform operations, one of the operations include a governing system controller is informed of a possible attack which then be put to an intrusion prevention system, the processor that informs of an attack is construed as an actuator), the method further comprising the at least one actuator initiating at least one countermeasure for handling the at least one anomaly based on the information (paragraph [0037] describes the intrusion prevention system decides whether any counteractive measures will be taken to stop or offset the attack).  

As for claim 4, Paraskevas teaches wherein at least one aggregator receives the sent information from the at least one detector (paragraph [0037] describes the governing system controller is informed of an alarm of a possible attack), the method further comprising the at least one aggregator sending the information to at least one 

As for claim 5, Paraskevas teaches wherein the identification is performed by at least two of the at least detector analyzing data packets of the data stream at various devices in the communication network (paragraphs [0028]-[0031] describe network patterns monitored electronic controllers i.e. detectors, of the vehicle extract and store network traffic patterns identified from traffic flows, and checks the boundaries of the network traffic patterns to realize possible anomalies on the network traffic flows).  

As for claim 6, Paraskevas teaches wherein the at least two detectors are in a same subnetwork of the communication network (paragraph [0023] describes an in-vehicle Ethernet network that supports communications with and between multiple electronic controllers and computing devices).  

As for claim 15, Paraskevas teaches a non-transitory computer-readable medium on which are stored instructions that are executable by a processor and that, when executed by the processor, cause the processor to perform a method for handling an anomaly in a communication network (paragraph [0040] describes a processor executes machine readable instructions to perform methods/operations; paragraph [0008] describes a method of executing a remedial action in response to a detection of an intrusion into networked vehicle controllers), the method comprising: 


As for claim 16, Paraskevas teaches a device for handling an anomaly in a communication network (Fig. 1, system 16; paragraph [0024] describes a system providing intrusion protection, detection and remediation functionality), the device 

As for claim 17, Paraskevas teaches wherein the device is integrated in a vehicle (paragraphs [0037]-[0038] describe the alarm is sent to a governing system controller and the operations are implemented through a programs executed by an onboard vehicle computer).  

  As for claim 18, Paraskevas teaches the system comprises at least one actuator (paragraphs [0037]-[0039] describe processors execute instructions to perform operations, one of the operations include a governing system controller is informed of a possible attack which then be put to an intrusion prevention system, the processor that informs of an attack is construed as an actuator), wherein the at least one actuator is configured to receive the sent information via the communication network and initiate at least one countermeasure for handling the at least one anomaly based on the information (paragraphs [0025], [0030] and [0037] describe a method performed by a processor of an on-board ECU, the method includes receiving of Ethernet frames from data packets and deciding whether any counteractive measures will be taken to stop or offset the attack).  

As for claim 19, Paraskevas teaches the device further comprising at least one aggregator arranged to receive the information from at least one detector and configured to send the information to at least one actuator via the communication network (paragraph [0037] describes the governing system controller is informed of an alarm of a possible attack, the alarm is input to the intrusion prevention system).

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Paraskevas (US 2021/0075800) in view of Kishikawa et al. (US 2018/0302422), hereinafter Kishikawa.

As for claim 7, Paraskevas teaches all the limitations set forth above except at least two actuators situated at different devices in a communication network initiating at least one countermeasure to an at least one anomaly.
However, it is well known in the art, to countermeasure an intrusion by collaborating multiple units, as evidenced by Kishikawa.
Kishikawa discloses at least two actuators situated at different devices in a communication network initiating at least one countermeasure to an at least one anomaly (paragraph [0167] describes a process of handling of an abnormal i.e. a possibility of a problem with secret key sharing among the ECUs, the ECUs are configured to update keys, reset counters, the ECUs that perform a countermeasure operation is construed as actuators; Fig. 1 illustrates an onboard network system 
One of ordinary skill in the art before the effective filing date of the claimed invention would have recognized the ability to utilize the teachings of Kishikawa for performing countermeasure operations in response to a detected abnormality in an onboard network system. The teachings of Kishikawa, when implemented in the Paraskevas system, will allow one of ordinary skill in the art to remedy an intrusion attack. One of ordinary skill in the art would be motivated to utilize the teachings of Kishikawa in the Paraskevas system in order to carry out security measures to discontinue an attack that had occurred at multiple ECUs of an onboard network system furthermore, the countermeasure takes place at individual ECU in a collaboration fashion which requires less processing resources.

Claims 8, 9, 11, 12 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Paraskevas (US 2021/0075800) in view of Adachi et al. (US 2014/0380416), hereinafter Adachi.

As for claim 8, Paraskevas teaches at least two actuators initiating at least one countermeasure to the at least one anomaly (paragraph [0167] describes a process of handling of an abnormal i.e. a possibility of a problem with secret key sharing among the ECUs, the ECUs are configured to update keys, reset counters, the ECUs that perform a countermeasure operation is construed as actuators).

However, it is well known in the art, to form different communication lines with in different vehicle communication devices, as evidenced by Adachi.
Adachi discloses wherein at least two actuators are situated at different devices that are in different subnetworks of the communication network (Fig. 1, communication lines 4a-4c; paragraph [0030] describes an in-vehicle communication system comprising multiple electronic control units (ECUs), each ECUS connects to one of the communication lines which connected to a gateway, each communication line connects to a gateway is construed as a subnetwork).
One of ordinary skill in the art before the effective filing date of the claimed invention would have recognized the ability to utilize the teachings of Adachi for implementing multiple communication lines connected to a gateway in an in-vehicle communication system. The teachings of Adachi, when implemented in the Paraskevas system, will allow one of ordinary skill in the art to facilitate communication between an ECU and a gateway. One of ordinary skill in the art would be motivated to utilize the teachings of Adachi in the Paraskevas system in order to transmit and receive signals from multiple ECUs via a hub which further enables the detection of an abnormal in the signals’ waveform. 

As for claim 9, Paraskevas teaches all the limitations set forth above except

However, it is well known in the art, to implement a gateway in an in-vehicle network system, as evidenced by Adachi.
Adachi discloses at least two aggregators situated at different devices in the communication network aggregating information about recognized anomalies (paragraphs [0046]-[0047] describe a process of detecting waveforms of signals sent by each in-vehicle communication device in a group of devices (see Fig. 1) are abnormal); and another aggregator aggregating the aggregated information of at least two aggregators (paragraph [0047] describes a gateway construed as an aggregator requests the in-vehicle communication devices i.e. aggregators to transmit a detection signal and each in-vehicle communication device transmits a detection signal in response to the request).  
One of ordinary skill in the art before the effective filing date of the claimed invention would have recognized the ability to utilize the teachings of Adachi for implementing a gateway in an in-vehicle communication system. The teachings of Adachi, when implemented in the Paraskevas system, will allow one of ordinary skill in the art to detect an abnormal waveform. One of ordinary skill in the art would be motivated to utilize the teachings of Adachi in the Paraskevas system in order to transmit and receive signals from multiple ECUs via a hub which further enables the detection of an abnormal in the signals’ waveform. 


However, it is well known in the art, to implement a device to identify an abnormal ECU, as evidenced by Adachi.
Adachi discloses  
wherein a data stream is between control devices within at least one subnetwork of a communication network (Fig. 2, gateway 2; communication lines 4a-4c; paragraphs [0057] describes a gateway requests in-vehicle communication devices connected to the communication lines to transmit a detection signal and in response to the requests, each in vehicle communication device transmits a predetermined detection signal), and an identification is based on an analysis by a detector of at least one detector that is situated at at least one of control devices (paragraph [0061] describes the gateway comprises a processing unit that operates to compare acquired waveform information on a ringing waveform with a stored normal waveform and detects, based on the comparison result, whether an unauthorized communication has been connected, the gateway is construed as one of control devices).  
One of ordinary skill in the art before the effective filing date of the claimed invention would have recognized the ability to utilize the teachings of Adachi for implementing a gateway in an in-vehicle communication system. The teachings of Adachi, when implemented in the Paraskevas system, will allow one of ordinary skill in the art to detect an abnormal waveform. One of ordinary skill in the art would be 

As for claim 12, Paraskevas teaches all the limitations set forth above except wherein a data stream is between control devices of different subnetworks of a communication network that are connected to one another via a gateway or control device, and an identification is based on an analysis by a detector of at least one detector that is situated at the gateway or control device.  
However, it is well known in the art, to implement a device to identify an abnormal ECU, as evidenced by Adachi.
Adachi discloses  
wherein a data stream is between control devices of different subnetworks of a communication network that are connected to one another via a gateway or control device (Fig. 2, gateway 2; communication lines 4a-4c; paragraphs [0057] describes a gateway requests in-vehicle communication devices connected to the communication lines to transmit a detection signal and in response to the requests, each in vehicle communication device transmits a predetermined detection signal), and an identification is based on an analysis by a detector of at least one detector that is situated at the gateway or control device (paragraph [0061] describes the gateway comprises a processing unit that operates to compare acquired waveform information on a ringing waveform with a stored normal waveform and detects, based on the comparison result, 
One of ordinary skill in the art before the effective filing date of the claimed invention would have recognized the ability to utilize the teachings of Adachi for implementing a gateway in an in-vehicle communication system. The teachings of Adachi, when implemented in the Paraskevas system, will allow one of ordinary skill in the art to detect an abnormal waveform. One of ordinary skill in the art would be motivated to utilize the teachings of Adachi in the Paraskevas system in order to transmit and receive signals from multiple ECUs via a hub which further enables the detection of an abnormal in the signals’ waveform. 

As for claim 13, Paraskevas teaches all the limitations set forth above except wherein (a) at least one of detector and (b) at least one aggregator within at least one subnetwork of a communication network is distributed over at least one or (a) a plurality of control devices and (b) at least one of the control devices and (b) at least one gateway.  
However, it is well known in the art, to implement a system that comprises a gateway and multiple in vehicle communication devices, as evidenced by Adachi.
Adachi discloses
wherein (a) at least one of detector and (b) at least one aggregator within at least one subnetwork of a communication network is distributed over at least one or (a) a plurality of control devices and (b) at least one of the control devices and (b) at least one gateway (Fig. 1; gateway 2; in vehicle communication devices 5; Fig. 2; gateway 2, 
One of ordinary skill in the art before the effective filing date of the claimed invention would have recognized the ability to utilize the teachings of Adachi for implementing a gateway in an in-vehicle communication system. The teachings of Adachi, when implemented in the Paraskevas system, will allow one of ordinary skill in the art to detect an abnormal waveform. One of ordinary skill in the art would be motivated to utilize the teachings of Adachi in the Paraskevas system in order to transmit and receive signals from multiple ECUs via a hub which further enables the detection of an abnormal in the signals’ waveform. 

Claims 10 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Paraskevas (US 2021/0075800) in view of Kariman (US 2015/0200964).

As for claim 10, Paraskevas teaches an interface at least one of communicating recognized anomalies to a backend (paragraph [0021] describes the vehicle system comprises a network connection interface that enables the vehicle hardware to send and receive signal; paragraph [0037] describes an electronic alert is sent to a service provider’s remote server).

However, it is well known in the art, to provide software update to a compromised electronic control unit of a vehicle, as evidenced by Kariman.
Kariman discloses receiving instructions from a backend (paragraph [0018] describes a remote security application receives an alert from an embedded system and the remote security application responds by transmitting command instructions and parameters to the embedded system).
One of ordinary skill in the art before the effective filing date of the claimed invention would have recognized the ability to utilize the teachings of Kariman for having a remote security application responding to an alert. The teachings of Kariman, when implemented in the Paraskevas system, will allow one of ordinary skill in the art to implementing a control action to a system in response to a security event. One of ordinary skill in the art would be motivated to utilize the teachings of Kariman in the Paraskevas system in order to promptly issue a security action instructions.

As for claim 14, Paraskevas teaches all the limitations set forth above except an actuator sending instructions about at least one countermeasure to a plurality of other actuators via a communication network.
However, it is well known in the art, to have a server transmitted software update to multiple ECUs in a communication system, as evidenced by Kariman.
Kariman discloses receiving instructions from a backend (paragraph [0018] describes a remote security application receives an alert from an embedded system and 
One of ordinary skill in the art before the effective filing date of the claimed invention would have recognized the ability to utilize the teachings of Kariman for having a remote security application responding to an alert. The teachings of Kariman, when implemented in the Paraskevas system, will allow one of ordinary skill in the art to implementing a control action to a system in response to a security event. One of ordinary skill in the art would be motivated to utilize the teachings of Kariman in the Paraskevas system in order to promptly issue a security action instructions.

Conclusions

Litichever et al. (US 2019/0385057) teach method for using signal waveform analysis for detecting a change in a wired network
Shiota et al. (US 2017/0244594) teach on-vehicle system
Gilad et al. (US 2020/0387605) teach methods for disabling a malicious ECU in a controller area network (CAN) bus


Any inquiry concerning this communication or earlier communications from the examiner should be directed to L. T N. whose telephone number is (571)272-1013.  The examiner can normally be reached on M & Th 5:30 am - 2:30 pm EST.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, TONIA DOLLINGER can be reached on 571-272-4170.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/L. T. N/
Examiner, Art Unit 2459
/TONIA L DOLLINGER/Supervisory Patent Examiner, Art Unit 2459