DETAILED ACTION
The following claims are pending in this office action: 1-20
The following claims are amended: 1-4, 6-15, and 17-20 
The following claims are new: -
The following claims are cancelled: 5 and 16
Claims 1-4, 6-15, and 17-20 are rejected. This rejection is FINAL.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Previous Objections Withdrawn
The objection to the claims are withdraw based on the amendments
RESPONSE TO ARGUMENTS
Applicant’s arguments filed in the amendment filed 03/09/2021 have been fully considered but are they are not persuasive.  The reasons are set forth below.
Applicant’s position is that the prior art contains no teaching or suggestion of “receiving, in the attack detection information, a Controller Area Network (CAN) identifier (ID) of an attack packet detected by the intrusion detection system” and “by the target electronic unit, discarding a packet corresponding to the CAN ID”.  Applicant explains:
Cited par. [0091] merely discloses "blocking the transmission of a message on a CAN bus by one ECU using the means of another ECU situated on the same bus." 
In more detail: in Dyakin, a central gateway 101 checks frame content using a protection module 102. The protection module 102 "is configured to intercept messages (also frames) circulating on the buses of the MT" (see par. [0055]) and, based on rules created "on the basis of the indicators of compromise" (see par. [0057]), block the "sending of the messages contained in the mentioned rule" (see par. [0091]). In cited par. [0091] Dyakin is only describing one way of blocking the sending of a message between two ECUs connected by the same CAN bus using a CAN bus protocol. There is no teaching or suggestion of "receiving, in the attack detection information, a Controller Area Network (CAN) identifier (ID) of an attack packet detected by the intrusion detection system" and "by the target electronic control unit, discarding a packet corresponding to the CAN ID," as recited in amended claim 1.



1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

The amended claims are within the scope and content of the prior art.  Examiner agrees that the protection module 102 is “configured to intercept messages (also frames) circulating on the buses of the MT” (see para. 0055 of Dyakin).  Furthermore, Dyakin’s protection module teaches receiving the Controller Area Network (CAN) identifier (ID).  The messages/frames intercepted [received] by the protection module is a frame of the CAN protocol (see para. 0120 of Dyakin).  Within the format of the frame, there is a unique identifier (see para. 0045 of Dyakin, Fig. 6: ID0 to ID10).  The intercepted message/frame is attack detection information: “in particular, the following indicators of compromise [attack detection information] when detecting a computer attack: the messages used in the computer attack…” (see para. 0057 of Dyakin).  Though it is heavily implicit (see para. 0007 and para. 0091 – existing IDS systems are able to discover [detect] anomalies in the data being transmitted on the buses of an automobile; the central gateway 101 [which includes the protection module] has the possibility of checking the frame content with the use of the protection module, and can detect an unwanted message [detect the attack] based on the rules generated by the server), Dyakin does not explicitly disclose an intrusion detection apparatus detecting the attack as it is the server that uses the information from the protection module to determine the attack, and then receives rules from the server, which are based on the indicators of compromise.  However, Kishikawa explicitly discloses the intrusion response apparatus 
The limitation “by the target electronic unit, discarding a packet corresponding to the CAN ID”, this is within the scope and content as disclosed by Dyakin.  Dyakin teaches the method to which an electronic control unit [the target electronic unit] discards a packet: “Upon receiving such a message, the ECU addressee will detect a discrepancy in the check sum of the message, and such a message will not be processed (discarding a packet)” (para. 0091).  The packet/message that is discarded corresponds to a packet/message CAN ID as 1) the identifier field of the message is used by ECUs to determine whether they should receive the message (see Dyakin, para. 0045) and 2) a change is made in one or more message defined in the indicators of compromise (see Dyakin, para. 0088).  Only an attack packet out of a pool of attack and normal packets, picked out by the indicators of compromise, corresponding to its CAN ID, has its check sum changed.  In other words, from the perspective of the ECU, the target ECU first receives the attack message based on the CAN ID.  Then the packet/message is discarded (decides the message will not be processed) by the target ECU because the checksum fails.  Thus the scope and the content of the prior art includes “by the target electronic unit, discarding a packet corresponding to the CAN ID”.  
In considering the prior art references as a whole, there is no substantive difference between the claim limitations at issue and the prior art.  The protection module in Dyakin receives an indicator of compromise: a message/frame that contains a CAN ID.  This is identical to receiving, in the attack detection information, the CAN ID of an attack packet disclosed in the instant application (see Fig. 9 of the instant application, describing the same structure for CAN ID).  Kishikawa discloses that an intrusion detection unit detects an attack packet by detection rule information.  Likewise, this is identical to the limitation of 
A person of ordinary skill in the in the pertinent art would have been able to use and combine Dyakin and Kishikawa.  If the only facts of record pertaining to the level of skill in the art are found within the prior art of record, the court has held that an invention may be held to have been obvious without a specific finding of a particular level of skill where the prior art itself reflects an appropriate level. Chore-Time Equipment, Inc. v. Cumberland Corp., 713 F.2d 774, 218 USPQ 673 (Fed. Cir. 1983). See also Okajima v. Bourdeau, 261 F.3d 1350, 1355, 59 USPQ2d 1795, 1797 (Fed. Cir. 2001). At the time of filing, it would have been obvious to use Dyakin and Kishikawa to satisfy the limitations above.  The invention, as claimed, would be within the level of ordinary skill in the art.  
The Applicant has not provided any objective indicia of nonobviousness in the record to be considered, and it is assumed that there are no secondary considerations supporting nonobviousness.



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 6-8, 10-14, 17-18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Dyakin et al. (US Pub. 2019/0306187) (hereinafter “Dyakin”) in view of Kishikawa et al. (US Pub. 2018/0302422)(hereinafter “Kishikawa”).  
As per claim 1, Dyakin teaches a vehicle network performed by an intrusion response apparatus for the vehicle network, the intrusion response method comprising ([Dyakin, para. 0039; para. 0047] a protection module [the intrusion response apparatus] blocks computer attacks on an auto network)
selecting at least one target electronic control unit that is to be instructed to respond to the intrusive attack from among multiple electronic control units.  ([Dyakin, para. 0088] the protection module, upon receiving information on an intrusive attack, sends a messages to at least one of a number of ECU units)
sending a response instruction message to the at least one target electronic control unit so that the target electronic control unit responds to the intrusive attack. ([Dyakin, para. 0089] the protection module may send a message to at least one ECU containing commands [a response instruction message] to disconnect itself [a response to the intrusive attack])
wherein the receiving the attack detection information includes receiving, in the attack detection information, a Controller Area Network (CAN) identifier (ID) of an attack packet [detected by the intrusion detection system]; and ([Dyakin, para. 0055] messages/frames are intercepted by the protection module.  [Para. 0120] such messages/frames are indicators of compromise [attack detection information].  [Para. 0045; Fig. 6] within the messages/frames, the unique CAN ID can be identified.  An attack packet detected by the intrusion detection system is taught by Kishikawa below)
the method further comprises, by the target electronic control unit, discarding a packet corresponding to the CAN ID. ([Dyakin, para. 0045] the packet corresponds to the CAN ID as the identifier field of the message is used by ECUs to determine whether they should receive the message.   [para. 0088] based on the CAN ID, a change is made in the message [Para. 0091] when transmitting a message on a CAN bus, a checksum bit corresponding to 1 may be suppressed by a bit 0 when the latter is transmitted at the same time as the 1.  Upon receiving such a message, the ECU addressee will detect a discrepancy in the check sum of the message, and such the message will not be processed [or will be discarded])
Dyakin does not teach receiving attack detection information about an intrusive attack on the vehicle network from an intrusion detection system, and an attack packet detected by the intrusion detection system.
However, Kishikawa teaches receiving attack detection information about an intrusive attack on the vehicle network from an intrusion detection system.  ([Kishikawa, para. 0121; Fig. 14] the intrusion determination unit notifies the abnormality handling unit [the intrusion response apparatus] when an attack has been detected)
an attack packet detected by the intrusion detection system ([Kishikawa, para. 0121] the intrusion determination unit periodically performs determination of whether or not an unauthorized data frame has been externally injected into the bus based on intrusion detection rule information that the intrusion detection rule storing unit stores)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Dyakin with the teachings of Kishikawa to include receiving attack detection information about an intrusive attack on the vehicle network from an intrusion detection system.  One of ordinary skill in the art would have been motivated to make this modification because by including a dedicated intrusion determination unit, the abnormal handling unit can receive information on whether or not unauthorized data has been externally injected into the bus even if the ECU has been infected. (Kishikawa, para. 121; para. 0008)

As per claim 2, Dyakin in view of Kishikawa teaches claim 1.  
Kishikawa also teaches wherein the receiving the attack detection information further includes receiving, in the attack detection information, at least one of, a presumably damaged electronic control unit expected to be damaged by the intrusive attack, or a type of the intrusive attack.  ([Kishikawa, para. 0045] ECUs may exchange data frames on a CAN that is detected by the intrusion detection information and received by the abnormality handling unit.  Appropriate detection can be made in a case where an unauthorized state has occurred in an ECU [a presumably damaged electronic control unit expected to be damaged by the attack].  [Para. 0052] Transmission of an unauthorized data frame from outside can be detected, and the content of the attack by an attacker can be classified [a type of the intrusive attack]) 
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Dyakin with the teachings of Kishikawa to include receiving the attack detection information is configured to receive the attack detection information including at least one of a Controller Area Network (CAN) identifier (ID) of an attack packet detected by the intrusion detection system, a handling processing (by the intrusion response apparatus) that is appropriate for the attack can be decided and carried out. (Kishikawa, para. 0052)

As per claim 3, Dyakin in view of Kishikawa teaches claim 2.  
Dyakin also teaches wherein selecting the target electronic control unit includes selecting, as the target electronic control unit, at least one of the presumably damaged electronic control unit expected to be damaged by the intrusive attack on the vehicle network or a priority electronic control unit selected based on a priority. ([Dyakin, para. 0045; para. 0089] the identifier field of a message indicates the priority of the message.  The message sent from the protection module to the ECU may contain a command specifying instructions to disconnect at least one ECU from a list of ECUs [the presumably damaged ECU].  An ECU out of a group of ECUs is selected to be sent the message so that a computer attack will not take place, and so is selected based on priority of importance to stop the attack) 
At the time of filing it would have been obvious to one of ordinary skill in the art to combine the teachings of Kishikawa and Dyakin for the same reasons as disclosed above.

As per claim 6, Dyakin in view of Kishikawa teaches claim 2.  
Dyakin also teaches wherein the selecting the target electronic control unit includes, when a detected intrusive attack is made through an infotainment system, selecting an infotainment electronic control unit included in an infotainment domain as the target electronic control unit. ([Dyakin, para. 0041; para. 0088] the network includes a plurality of ECUs associated with an infotainment system.  The ECUs may be selected as a target electronic control unit for sending a message to when an attack occurs) 


As per claim 7, Dyakin in view of Kishikawa teaches claim 6.  
Dyakin also teaches wherein the sending the response instruction message to the target electronic control unit includes instructing, in the response instruction message, the target electronic control unit to change configuration information of the infotainment system. ([Dyakin, para. 0041; and para. 0089] the message sent to one of the ECUs associated with an infotainment system may be to enable restrictions which eliminate risks of its operation in a dangerous situation) 
At the time of filing it would have been obvious to one of ordinary skill in the art to combine the teachings of Kishikawa and Dyakin for the same reasons as disclosed above.

As per claim 8, Dyakin in view of Kishikawa teaches claim 2.  
Dyakin also teaches wherein selecting the target electronic control unit includes, when the vehicle network comprises a domain gateway, selecting the domain gateway as a target domain gateway that is to be instructed to respond to the intrusive attack. ([Dyakin, para. 0090; and para. 0089] In one particular aspect, the blocking of the sending of the messages [the response to the intrusive attack] is performed via the gateway)
At the time of filing it would have been obvious to one of ordinary skill in the art to combine the teachings of Kishikawa and Dyakin for the same reasons as disclosed above.
  
As per claim 10, Dyakin in view of Kishikawa teaches claim 2.  
Dyakin also teaches wherein the sending the response instruction message to the target electronic control unit includes instructing, in the response instruction message, the target electronic  ([Dyakin, para. 0091; and para. 0120] when transmitting a message, the bits on the broadcasted packet having the CAN ID of the attack packet can modified.  One of the bits which might be modified is the RTR bit.)
At the time of filing it would have been obvious to one of ordinary skill in the art to combine the teachings of Kishikawa and Dyakin for the same reasons as disclosed above.  

As per claim 11, Dyakin in view of Kishikawa teaches claim 10.  
Dyakin also teaches wherein an electronic control unit, having received the broadcasted packet, is configured to, when the electronic control unit is not an electronic control unit corresponding to the CAN ID of the attack packet, discard the broadcasted packet. ([Dyakin, para. 0112; 0088] in some aspects, the at least one condition of the rule further specifies that the information indicating the at least one recipient ECU that is a recipient of the messages matches a defined group of ECU [an electronic control unit corresponding to the CAN ID].  If the match is not made, the packet can be blocked or dropped by the ECU)
At the time of filing it would have been obvious to one of ordinary skill in the art to combine the teachings of Kishikawa and Dyakin for the same reasons as disclosed above.

As per claim 12, this claim recites an apparatus for a vehicle network that performs the steps disclosed in the method of claim 1, has claim language that is identical or substantially similar to that of claim 1, and thus is rejected with the same rationale applied against claim 1.   

As per claim 13, the claim language is identical or substantially similar to that of claim 2. Therefore, it is rejected under the same rationale applied to claim 2.

As per claim 14, the claim language is identical or substantially similar to that of claim 3. Therefore, 

As per claim 17, the claim language is identical or substantially similar to that of claim 6. Therefore, it is rejected under the same rationale applied to claim 6.

As per claim 18, the claim language is identical or substantially similar to that of claim 7. Therefore, it is rejected under the same rationale applied to claim 7.

As per claim 20, the claim language is identical or substantially similar to that of claim 10. Therefore, it is rejected under the same rationale applied to claim 10.


Claims 4 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Dyakin in view of Kishikawa as applied to claims 3 and 14, and further in view of David et al. (US Pub. 2017/0295188) (hereinafter, “David”)

As per claim 4, Dyakin in view of Kishikawa teaches claim 3.    
Dyakin also teaches wherein the sending the response instruction message to the target electronic control unit includes instructing, in the response instruction message, the target electronic control unit to perform at least one of [a reboot operation, ]an operation of switching to a safe mode, or an operation of changing configuration information of the target electronic control unit. ([Dyakin, para. 0089] the message sent to at least one ECU may contain a command specifying instructions to turn on safe mode.  The instructions may also contain changing configurations of the ECU such as by limiting the maximum speed of the vehicle.  Instructing the ECU to perform a reboot option will be taught later)
Dyakin does not teach instructing the target electronic control unit to perform a reboot operation.  
However, David teaches instructing, in the response message, the target electronic control unit to perform a reboot operation ([David, para. 0069] in the event of an attack, a watchdog service as part of a response message instructs the ECU to restart/reset an ECU)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Dyakin with the teachings of David to include instructing the target electronic control unit to perform a reboot operation.  One of ordinary skill in the art would have been motivated to make this modification because such an action can prevent attempts to circumvent the security policy associated with the ECU. (David, para. 0069)

As per claim 15, the claim language is identical or substantially similar to that of claim 4. Therefore, it is rejected under the same rationale applied to claim 4.

Claims 9 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Dyakin in view of Kishikawa to claims 8 and 13 further in view of Borkowicz et al. (US Pub. 2018/0227306).  
As per claim 9, Dyakin in view of Kishikawa teaches claim 8.    
Dyakin in view of Kishikawa does not explicitly teach wherein sending the response instruction message to the target electronic control unit includes instructing, in the response instruction message the domain gateway, selected as the target domain gateway, to perform at least one of an operation of changing domain configuration information, an operation of switching the domain gateway to a security mode, or an operation of discarding a packet corresponding to the CAN ID.  
the response instruction message to the target electronic control unit includes instructing, in the response instruction message the domain gateway, selected as the target domain gateway, to perform at least one of an operation of changing domain configuration information, an operation of switching the domain gateway to a security mode, or an operation of discarding a packet corresponding to the CAN ID.  ([Borkowicz, para. 0024; 0017] Sending a message to the gateway can cause it to enter or leave the restricted state [changing domain configuration information and switching to a switching to a security mode.]  The gateway is configured not to pass a message when that message has a CAN_ID that does not match [discarding the message])
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Dyakin with the teachings of Borkowicz to include wherein sending the response instruction message to the target electronic control unit includes instructing, in the response instruction message the domain gateway, selected as the target domain gateway, to perform at least one of an operation of changing domain configuration information, an operation of switching the domain gateway to a security mode, or an operation of discarding a packet corresponding to the CAN ID.  One of ordinary skill in the art would have been motivated to make this modification because such an action can allow the gateway to prevent a hacker from altering the programming of ECUs in an improper manner. (Borkowicz, para. 0002)

As per claim 19, the claim language is identical or substantially similar to that of claim 9. Therefore, it is rejected under the same rationale applied to claim 9.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  Allouche et al. (US Pub. 2016/0197944) discloses a controller area network bus monitor bus that causes target electronic control units to discard and invalidate/discard a package/message.  
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHE LIU whose telephone number is (571) 272-3634.  The examiner can normally be reached on Monday - Friday: 8:30 AM to 5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from 
/Z.L./Examiner, Art Unit 2493                                                              

/CARL G COLIN/Supervisory Patent Examiner, Art Unit 2493