DETAILED ACTION

Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority

Receipt is acknowledged of certified copies of papers required by 37 CFR 1.55.

Information Disclosure Statement

The information disclosure statement (IDS) submitted on 1/28/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Objections

Claims 2 and 3 recite the limitation “the detection unit detects the attack on the basis of …” There is insufficient antecedent basis for this limitation in the claim.  Appropriate correction is requested.
Response to Amendment

The preliminary made to the claims on 1/28/2020 have been considered.

Claim Interpretation

The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:

(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 


This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitations are: “a monitoring unit configured to monitor a communication error,” “an aggregation unit configured to aggregate a communication error occurrence state,” and “a detection unit configured to detect the attack.” in claim 1.
Because these claim limitations are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.  Fig. 7, paragraph [0101]-[0102] and [0167]-[0168] describe a gateway and its units (i.e. monitoring, aggregation and detection units); paragraphs [0111]-[0113] disclose the monitoring unit and its functions; paragraphs [0119]-[0130] disclose the aggregation unit and its functions; and paragraph [0142]-[0146] disclose the detection unit and its functions.


Claims 2-5 are dependent claims of claim 1, each of the claims recites the limitation “the detection unit”  the claims are also interpreted as invoking 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 102

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-7 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by
 Ben-Noon et al. (US 2020/0186560), hereinafter Ben-Noon.


a plurality of the frames being transmitted in the bus (paragraph [0084] describes messages are transmitted/received to/from the CAN bus), the plurality of the frames including pieces of the identification information different from each other (paragraphs [0050]-[0051] describe multiple CAN frames transmitted through CAN bus, each CAN message contains an ID), 
the detection device comprising:
a monitoring unit configured to monitor a communication error in the bus (Fig. 2, processor 41; paragraphs [0053]-[0054] describe the SEU monitors pattern of messages sent by a node, e.g. time interval between message, the SEU determines whether or not a sequence of messages sent from the node deviates from a known or expected repetition period.  The SEU performs monitoring of messages is construed as the SEU having a monitoring unit);

a detection unit configured to detect the attack on the basis of an aggregation result by the aggregation unit (paragraph [0106] describes if one or more of the counts or counters exceeds its respective maximum, then an alert is generated indicating of a number of detected anomalies requires attention i.e. the anomalies are detected based on the amount of counts or counters.  The SEU/processor detects anomalies is construed as the SEU having a detection unit).

As for claim 2, Ben-Noon teaches wherein the detection unit detects the attack on the basis of a bias in a communication error occurrence state among the pieces of identification information in the aggregation result (paragraphs [0099]- [0106] describe a security enforcement unit (SEU) receives a CAN message including an ID and has 

As for claim 3, Ben-Noon teaches wherein the detection unit detects the attack on the basis of: a total, regarding each piece of the identification information, of the number of times of occurrence of the communication error (paragraphs [0072]-[0074] describe a table including list, for a specific message ID, a set of time intervals and a respective set of contexts, in order for some degree of “normal” deviations from an expected timing, more than one deviation or message which deviates from a time interval may be required,  at least a threshold is used to determine an anomaly by the SEU, a threshold may be related to the number of violations, e.g. the number of occurrences of time intervals that are not expected); and an error ID number, which is a number of pieces of an identification information for which a communication error has occurred (paragraph [0095] and [0097] describe a bin width of time lapse bin is associated with a maximum anomaly count i.e. an error ID number).

As for claim 4, Ben-Noon teaches wherein the detection unit detects the attack on the basis of at least one of:

a third comparison result between a third threshold and the total in a second monitoring interval composed of a plurality of the first monitoring intervals, and a fourth comparison result between a fourth threshold and an average of the error ID number.

As for claim 5, Ben-Noon teaches wherein the detection unit detects the attack on the basis of at least one of: 
the first comparison result (paragraph [0074] describes two thresholds are used in order to determine if one or more messages indicate an anomaly, and the SEU determines at least one of two messages is related to an anomaly if the time interval between the two messages is greater than a first threshold), the second comparison result (paragraph [0074] describes the second threshold is used in comparison of 
the third comparison result, the fourth comparison result, and a comparison result between a sixth threshold greater than the fourth threshold and the average.

As for claim 6, Ben-Noon teaches a detection method to be used in a detection device configured to detect an attack in an on-vehicle network that includes a bus in which a frame including identification information that allows recognition of at least one of a transmission source and a destination is transmitted (Fig. 2 illustrates a security enforcement unit (SEU) including a processor 41; paragraph [0084] describes the SEU receives/transmits messages from/to CAN bus via communication ports; paragraphs [0087]-[0088] describe the SEU’s processor determines whether or not a message is an anomalous message in accordance with a vehicle context e.g. a message ID, during 
a plurality of the frames being transmitted in the bus (paragraph [0084] describes messages are transmitted/received to/from the CAN bus), the plurality of the frames including pieces of the identification information different from each other (paragraphs [0050]-[0051] describe multiple CAN frames transmitted through CAN bus, each CAN message contains an ID), the detection method comprising the steps of:
monitoring a communication error in the bus (paragraphs [0053]-[0054] describe the SEU monitors pattern of messages sent by a node, e.g. time interval between message, the SEU determines whether or not a sequence of messages sent from the node deviates from a known or expected repetition period);
aggregating a communication error occurrence state regarding each piece of the identification information on the basis of a monitoring result (paragraphs [0099]-[0105] describe a processor included in the SEU receives a CAN message and has integer counter values acquired responsive to receptions of earlier messages that are stored in integer counters. The SEU determines a time lapse between two time values and set counters to zero and set an integer to one, if the time lapse has value that falls in a time lapse bin then the counters is increased by one, the processor then determines whether or not a count in the counters has reached a maximum count); and
detecting the attack on the basis of an aggregation result (paragraph [0106] describes if one or more of the counts or counters exceeds its respective maximum, then an alert is generated indicating of a number of detected anomalies requires attention i.e. the anomalies are detected based on the amount of counts or counters).

As for claim 7, the claim listed all the same elements of claim 1, but in a non-transitory computer readable storage medium storing a detection program to be used in a detection device configured to detect an attack in an on-vehicle network (Ben-Noon: paragraphs [0040]-[0041] describes computer program stored in memory and executed by a controller to enforce security in a vehicle). Therefore, the supporting rational of the rejection to claim 1 applies equally as well to claim 7.

Conclusions

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

Ruvio et al. (US 2018/0196941) teach security methods for identification of in-vehicle attack originator
Hartkopp et al. (US 2018/0115575) teach attack detection method, attack detection device and bus system for a motor vehicle
Yajima (US 2019/0007427)  teach attack detection method
Ben-Noon et al. (US 2015/0191135) teach bus watchman

Any inquiry concerning this communication or earlier communications from the examiner should be directed to L. T N. whose telephone number is (571)272-1013.  The examiner can normally be reached on M & Th 5:30 am - 2:30 pm EST.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, TONIA DOLLINGER can be reached on 571-272-4170.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/LINH T. NGUYEN/Examiner, Art Unit 2459