DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on12/03/20, 11/27/19.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Priority
Acknowledgment is made of applicant' s claim for foreign priority under 35 U.S.C. 119 (a)-(d). The certified copy has been filed in parent Application No. DE 10 2018130297.5, filed on 11/29/2018.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 8-15, 19-22 are rejected under 35 U.S.C. 103 as being unpatentable over SHIN et al(US 20170286675 A1) in view of Han et al(US 9288048 B2).


transmitting, by a first controller, a first message to a second controller ([0009]; A plurality of messages are received by a recipient ECU from a transmitting ECU, where the plurality of messages are transmitted periodically from the transmitting ECU via the vehicle network to the recipient ECU); 
determining, by a third controller, a Proof-of-Work for the second message based on at least one vehicle-specific characteristic of the network ([0014] In another aspect, the method for detecting a compromised electronic control unit in a vehicle network further includes: determining a clock offset for each message in the plurality of messages, where clock offset is determined in relation to a first message received from amongst the plurality of messages; determining an accumulated clock offset for the plurality of messages by summing the determined clock offsets together; computing a difference between the accumulated clock offset to a baseline clock offset; detecting a sudden change in the difference between the accumulated clock offset and the baseline clock offset; and identifying the transmitting ECU as compromised in response to detecting a sudden change in the differences between the accumulated clock offset and the baseline clock offset.[0068] To build an efficient/effective IDS, which can detect various types of attack including the masquerade attack, it should be capable of verifying the transmitter of each message. However, since such information is not present in CAN messages, one must fingerprint ECUs with other "leaked" information. Unlike the existing approaches that exploit embedded timestamps, this disclosure exploits message 

SHIN does not exclusively but Han teaches, transmitting, by a second controller, a second message comprising the first message to a third controller (FIG 5A and associated text; For fabrication (under M1, M2, or M3), the attacker 51 broadcasts fraudulent data or remote frames on CAN as depicted in FIG. 5A. In conjunction with interception, the attacker could also mount a replay attack. That is, the transmission of valid data can be repeated maliciously or fraudulently. The attacker intercepts the data first and retransmits it. This attack can be mounted at any time.; )	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify SHIN’s method with teaching of Han in order to provide  an efficient security protocol for in-vehicle networks (Han col 1 line 55-65;) 
	
With regards to claim 2, 13 SHIN further discloses, wherein the at least three controllers are electronic control units, which are connected via the network via a bus system (FIG 2-3A, 3B, 3C and associated text;).

With regards to claim 3, 14 SHIN further discloses, wherein the vehicle-specific characteristics comprises a latency between the at least three controllers ([0014] In another aspect, the method for detecting a compromised electronic control unit in a vehicle network further includes: determining a clock offset for each message in the 

With regards to claim 4, 15 SHIN further discloses, wherein the latency is predetermined to lie within a latency window (FIG 4 and associated text; [0079-80]  In the example embodiment, the control limits of CUSUM are used to detect sudden change. If either of the control limits, L.sup.+ or L.sup.-, exceeds a threshold, .GAMMA..sub.L, a sudden positive or negative shift in value has been detected, respectively, and thus CIDS declares it as an intrusion. Note: threshold determine latency within lower or upper limit).

With regards to claim 8, 19, SHIN in view of Han further discloses, wherein the first message comprises a signature of the first controller and the second message comprises a signature of the second controller (Col 11 line 10-25; see also col 12; In the example embodiment, HMAC-SHA1 is used for the evaluation of IA-CAN although numerous other cryptographic functions fall within the scope of the disclosure.). Motivation would be same as stated in claim 1.

wherein more than two controllers of the at least three controllers utilize chained messaging ( Han col 2 line 35-45; In one aspect of this disclosure, a communication session is first established between the sending electronic control unit and the receiving electronic control unit. ), wherein the more than two controllers are sequentially arranged along a communication path such that one controller transmits a message to another controller that has not yet been reached or that has not been reached a predetermined number of times (Han FIG 3 and associated text; col 17 line 20-30; Another way of mounting a DoS attack on CAN is just flooding a large number of high-priority (garbage) messages on the CAN bus. For example, flooding an ID with 0x00 will always win the bus arbitration. Although there is no way to prevent attackers from broadcasting bogus messages to overload the CAN, several research efforts introduced intrusion detection mechanisms against such flooding attempts on CAN. Moreover, initiating a fail-safe mode when ECUs do not receive frames within a certain time will effectively give resiliency against such an attack. ). Motivation would be same as stated in claim 1.

With regards to claim 10, 21 Shin in view of Han further teaches, determining the Proof-of-Work for the second message by authenticating the first controller and the second controller based on the second message (Han FIG 7B step 83-86 and associated text;)). Motivation would be same as stated in claim 1.

wherein at least one of the first message and the second message comprise respective payload data (FIG 1 and associated text;).
Allowable Subject Matter
Claims 5-7, 16-18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED WALIULLAH whose telephone number is (571)270-7987.  The examiner can normally be reached on 8.30 to 430 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 1-571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  






/MOHAMMED WALIULLAH/Primary Examiner, Art Unit 2498