DETAILED ACTION
This first non-final action is in response to applicants’ filing on 01/23/2019. Claims 1-19 are currently pending and have been considered as follows.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Priority
Acknowledgment is made of applicants’ claim for foreign priority under 35 U.S.C. 119(a)-(d).  The certified copy has been retrieved.
Drawings
The drawings filed on 01/23/2019 are accepted.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 01/23/2019 has been placed in the application file, and the information referred therein has been considered as to the merits.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 2, 5, and 13 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 2 recites the limitation "the rearmost bit" in line 5.  There is insufficient antecedent basis for this limitation in the claim.
Claim 5 recites the limitation “the flag” in line 2, but it is indefinite and unclear as to which of the “plurality of flags” in Claim 3 this refers to.
Claim 13 recites the limitations “the ID” in line 2 and “the first ID” in line 3.  There is insufficient antecedent basis for these limitations in the claim.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1, 2, 13, 15, and 17-19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Matsumoto et al. (“A Method of Preventing Unauthorized Data Transmission in Controller Area Network”, IEEE 75th Vehicular Technology Conference, May 2012, pp. 1-5, IDS submitted 01/23/2019, hereinafter Matsumoto).


As to Claim 1:
Matsumoto discloses a frame transmission prevention apparatus connected to a network of a network system including a plurality of electronic control units (e.g. Matsumoto modified ECU CAN controllers in CAN in-vehicle network [Pages 2-3]; “each to-be-protected ECU detects unauthorized transmission by monitoring all data on the bus: each ECU detects data transmission from other ECUs that delivers Data Frame indicating its own ID. Such data transmission is regarded as an unauthorized message. If an ECU detects an unauthorized message, then the ECU immediately transmits Error Frame to override the message before the message transmission is completed. Thus, our method has the capability of preventing the unauthorized Data Frame transmission itself. We can apply our prevention method to all ECUs or only to ECUs that send important messages” [V. Proposed Method C. The Fundamental Idea - Page 3]) communicating with one another via the network, comprising:
a processor (e.g. Matsumoto CAN Controller [Pages 3-4]); and
a memory including at least one set of instructions that causes the processor to perform operations when executed by the processor (e.g. Matsumoto flag is implemented within CAN controller [Section D. Implementation Page 3]; simple modification, addition of error definition [Page 4]), the operations including: 
receiving a first frame from the network (e.g. Matsumoto detects data transmission from other ECU(s) that delivers Data Frame indicating its own ID [Section C. Page 3]; ECU receives a target Data Frame [Page 4]; [Section B Page 4]), and
switching whether to perform a first process for preventing transmission of the first frame on the basis of management information indicating whether prevention of transmission of a frame is permitted if the first frame satisfies a first condition (e.g. Matsumoto “each to-be-protected ECU detects unauthorized transmission by monitoring all data on the bus: each ECU detects data transmission from other ECUs that delivers Data Frame indicating its own ID. Such data transmission is regarded as an unauthorized message. If an ECU detects an unauthorized message, then the ECU immediately transmits Error Frame to override the message before the message transmission is completed. Thus, our method has the capability of preventing the unauthorized Data Frame transmission itself. We can apply our prevention method to all ECUs or only to ECUs that send important messages” [V. Proposed Method C. The Fundamental Idea - Page 3]; By checking the flag, the ECU confirms whether or not it is in the process of its own data transmission, If the flag is OFF, then the ECU sends Error Frame immediately [Page 4]; “CAN Controller is required to check the ID field of all incoming data and immediately issue an Error Frame upon a detection of unauthorized data transmission” [Section B Page 4]).
As to Claim 2:
Matsumoto discloses the frame transmission prevention apparatus according to Claim 1, wherein the plurality of electronic control units communicate with one another via the network in accordance with a controller area network protocol (e.g. Matsumoto Controller Area Network (CAN), a major in-vehicle network with multiple ECUs [Abstract]; [I. Introduction Page 1]), and wherein the first process includes a process of transmitting an error frame to the network before the rearmost bit of the first frame is received by the processor (e.g. Matsumoto “In the proposed method, the ECU to be impersonated monitors and detects the impersonated message and overrides it by sending Error Frame before the message transmission completes. The proposed method can prevent unauthorized data transmission itself” [I. Introduction Page 1]; “If an ECU detects an unauthorized message, then the ECU immediately transmits Error Frame to override the message before the message transmission is completed. Thus, our method has the capability of preventing the unauthorized Data Frame transmission itself. We can apply our prevention method to all ECUs or only to ECUs that send important messages” [V. Proposed Method C. The Fundamental Idea - Page 3]).
As to Claim 13:
Matsumoto discloses the frame transmission prevention apparatus according to Claim 1, wherein the first condition includes a condition related to the ID of a frame, and wherein if the first ID of the first frame satisfies the first condition, the switching switches whether to perform the first process on the basis of the management information (e.g. Matsumoto “each to-be-protected ECU detects unauthorized transmission by monitoring all data on the bus: each ECU detects data transmission from other ECUs that delivers Data Frame indicating its own ID. Such data transmission is regarded as an unauthorized message. If an ECU detects an unauthorized message, then the ECU immediately transmits Error Frame to override the message before the message transmission is completed. Thus, our method has the capability of preventing the unauthorized Data Frame transmission itself. We can apply our prevention method to all ECUs or only to ECUs that send important messages” [V. Proposed Method C. The Fundamental Idea - Page 3]; By checking the flag, the ECU confirms whether or not it is in the process of its own data transmission, If the flag is OFF, then the ECU sends Error Frame immediately [Page 4]; “CAN Controller is required to check the ID field of all incoming data and immediately issue an Error Frame upon a detection of unauthorized data transmission” [Section B Page 4]).
As to Claim 15:
Matsumoto discloses the frame transmission prevention apparatus according to Claim 1, wherein the plurality of electronic control units communicate with one another via the network in accordance with a controller area network protocol (e.g. Matsumoto Controller Area Network (CAN), a major in-vehicle network with multiple ECUs [Abstract]; [I. Introduction Page 1]), wherein the first condition is a condition related to data in a data field of a data frame representing a frame (e.g. Matsumoto CAN Controller is required to check the ID field of all incoming data frames [Section VI. B. Feasibility on Real-time Response Page 4]), and wherein if the data in the data field of the first frame satisfies the first condition, the switching switches whether to perform the first process on the basis of the management information (e.g. Matsumoto “each to-be-protected ECU detects unauthorized transmission by monitoring all data on the bus: each ECU detects data transmission from other ECUs that delivers Data Frame indicating its own ID. Such data transmission is regarded as an unauthorized message. If an ECU detects an unauthorized message, then the ECU immediately transmits Error Frame to override the message before the message transmission is completed. Thus, our method has the capability of preventing the unauthorized Data Frame transmission itself. We can apply our prevention method to all ECUs or only to ECUs that send important messages” [V. Proposed Method C. The Fundamental Idea - Page 3]; By checking the flag, the ECU confirms whether or not it is in the process of its own data transmission, If the flag is OFF, then the ECU sends Error Frame immediately [Page 4]; “CAN Controller is required to check the ID field of all incoming data and immediately issue an Error Frame upon a detection of unauthorized data transmission” [Section B Page 4]).
As to Claim 17:
Matsumoto discloses the frame transmission prevention apparatus according to Claim 1, wherein the plurality of electronic control units communicate with one another via the network in accordance with a controller area network protocol (e.g. Matsumoto Controller Area Network (CAN), a major in-vehicle network with multiple ECUs [Abstract]; [I. Introduction Page 1]), and wherein the first process includes a process of transmitting a dominant signal to the network while the first frame is being transmitted (e.g. Matsumoto the ECU detects an error and transmits 6-bit dominant Error signal and all ECUs recognize the error and cancel data transmission [III. CAN C. Error Frame Page 2]; [Page 4]).

As to Claim 18:
Matsumoto discloses a frame transmission prevention method for use of a network system including a plurality of electronic control units communicating with one another via a network (e.g. Matsumoto “a method of preventing unauthorized data transmission in CAN” [Section V. Proposed Method Page 3]; “In our prevention method, each to-be-protected ECU detects unauthorized transmission by monitoring all data on the bus: each ECU detects data transmission from other ECUs that delivers Data Frame indicating its own ID. Such data transmission is regarded as an unauthorized message. If an ECU detects an unauthorized message, then the ECU immediately transmits Error Frame to override the message before the message transmission is completed. Thus, our method has the capability of preventing the unauthorized Data Frame transmission itself. We can apply our prevention method to all ECUs or only to ECUs that send important messages” [V. Proposed Method C. The Fundamental Idea - Page 3]), the method comprising:
receiving a first frame from the network (e.g. Matsumoto detects data transmission from other ECU(s) that delivers Data Frame indicating its own ID [Section C. Page 3]; ECU receives a target Data Frame [Page 4]; [Section B Page 4]); and
switching whether to perform a first process for preventing transmission of the first frame if the first frame satisfies a first condition on the basis of management information indicating whether prevention of transmission of a frame is permitted (e.g. Matsumoto “each to-be-protected ECU detects unauthorized transmission by monitoring all data on the bus: each ECU detects data transmission from other ECUs that delivers Data Frame indicating its own ID. Such data transmission is regarded as an unauthorized message. If an ECU detects an unauthorized message, then the ECU immediately transmits Error Frame to override the message before the message transmission is completed. Thus, our method has the capability of preventing the unauthorized Data Frame transmission itself. We can apply our prevention method to all ECUs or only to ECUs that send important messages” [V. Proposed Method C. The Fundamental Idea - Page 3]; By checking the flag, the ECU confirms whether or not it is in the process of its own data transmission, If the flag is OFF, then the ECU sends Error Frame immediately [Page 4]; “CAN Controller is required to check the ID field of all incoming data and immediately issue an Error Frame upon a detection of unauthorized data transmission” [Section B Page 4]).
As to Claim 19:
Matsumoto discloses an in-vehicle network system including a plurality of electronic control units communicating with one another via a network (e.g. Matsumoto modified ECU CAN controllers in CAN in-vehicle network [Pages 2-3]; “each to-be-protected ECU detects unauthorized transmission by monitoring all data on the bus: each ECU detects data transmission from other ECUs that delivers Data Frame indicating its own ID. Such data transmission is regarded as an unauthorized message. If an ECU detects an unauthorized message, then the ECU immediately transmits Error Frame to override the message before the message transmission is completed. Thus, our method has the capability of preventing the unauthorized Data Frame transmission itself. We can apply our prevention method to all ECUs or only to ECUs that send important messages” [V. Proposed Method C. The Fundamental Idea - Page 3]), the system comprising: 
a processor (e.g. Matsumoto CAN Controller [Pages 3-4])
a memory including at least one set of instructions that causes the processor to perform operations when executed by the processor (e.g. Matsumoto flag is implemented within CAN controller [Section D. Implementation Page 3]; simple modification, addition of error definition [Page 4]), the operations including: 
receiving a first frame from the network (e.g. Matsumoto detects data transmission from other ECU(s) that delivers Data Frame indicating its own ID [Section C. Page 3]; ECU receives a target Data Frame [Page 4]; [Section B Page 4]), and
switching whether to perform a first process for preventing transmission of the first frame on the basis of management information indicating whether prevention of transmission of a frame is permitted if the first frame satisfies a first condition (e.g. Matsumoto “each to-be-protected ECU detects unauthorized transmission by monitoring all data on the bus: each ECU detects data transmission from other ECUs that delivers Data Frame indicating its own ID. Such data transmission is regarded as an unauthorized message. If an ECU detects an unauthorized message, then the ECU immediately transmits Error Frame to override the message before the message transmission is completed. Thus, our method has the capability of preventing the unauthorized Data Frame transmission itself. We can apply our prevention method to all ECUs or only to ECUs that send important messages” [V. Proposed Method C. The Fundamental Idea - Page 3]; By checking the flag, the ECU confirms whether or not it is in the process of its own data transmission, If the flag is OFF, then the ECU sends Error Frame immediately [Page 4]; “CAN Controller is required to check the ID field of all incoming data and immediately issue an Error Frame upon a detection of unauthorized data transmission” [Section B Page 4]).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 14 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Matsumoto in view of Han et al. (US 20150089236 A1, hereinafter Han).
As to Claim 14:
Matsumoto discloses the frame transmission prevention apparatus according to Claim 1, wherein the plurality of electronic control units communicate with one another via the (e.g. Matsumoto Controller Area Network (CAN), a major in-vehicle network with multiple ECUs [Abstract]; [I. Introduction Page 1]), but does not specifically disclose:
a condition related to Data Length Code (DLC) of a data frame representing a frame, and wherein if the DLC of the first frame satisfies the first condition, the switching switches whether to perform the first process on the basis of the management information.
However, the analogous art Han does disclose a condition related to Data Length Code (DLC) of a data frame representing a frame (e.g. Han two-step filtering through ID field and anonymized bits [0091]; in data length code (DLC) control field [0048]; [0104]), and wherein if the DLC of the first frame satisfies the first condition (e.g. Han 4 bits of the DLC field are used for anonymous ID [0104] which is compared to pre-computed ID stored locally [0079]), the switching switches whether to perform the first process on the basis of the management information (e.g. Han “Receiving ECUs use the anonymous identifiers to filter incoming data frames before verifying data integrity” [Abstract]; “a frame filter 61 in the ECU 60 is configured to receive an incoming data frame, extract the anonymous ID from the frame and compare the anonymous ID to a pre-computed ID stored locally by the ECU 60. When the IDs match, the data frame is passed along the message authenticator 63 for further processing… Conversely, invalid frames are filtered by the filter 61” [0079]).  Matsumoto and Han
(e.g. see Han, “Control field contains a 4-bit data length code (DLC) indicating the number of bytes of data, and reserved bits (1-bit identifier extension (IDE), and 1-bit r0 for the standard frame format and r1 for the extended frame format)” [0048]; “In such a case, two-step frame filtering is required: a frame is filtered first by the ID field at the frame filter (step 2 in FIG. 8), and then by the anonymized bits in the data field (step 3 in FIG. 8). Since the remote frame contains no data field, bits from the data field cannot be borrowed, but up to 5 bits can be assigned in the control field (DLC and r0)” [0091]; “As described earlier, a remote frame is transmitted by a receiver ECU e2, when it needs to request a data frame. Since the remote frame does not contain the data field, it can use 4 bits of the DLC field for an anonymous ID” [0104]; “Use of anonymous IDs prevents injection of unauthorized frames (defense against M2)” [0106]; [0140]; [0142]).
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of Matsumoto and Han before him or her, to modify the disclosure of Matsumoto with the teachings of Han to include a condition related to Data Length Code (DLC) of a data frame representing a frame, and wherein if the DLC of the first frame satisfies the first condition, the switching switches whether to perform the first process on the basis of the management information as claimed because Matsumoto provides a method and system for detecting and preventing unauthorized CAN frame transmission by monitoring ECU flags and Frame IDs (Matsumoto [Pages 1-5]) which could include filtering remote frames by using DLC fields for frame IDs that are compared (Han [0048]-[0104]; [0106]; [0140]; [0142]).  The suggestion/motivation for doing so would have been to (Han [0106]).  Therefore, it would have been obvious to combine Matsumoto and Han to obtain the invention as specified in the instant claim(s).
As to Claim 16:
Matsumoto discloses the frame transmission prevention apparatus according to Claim 1, but does not specifically disclose:
wherein the first condition includes a condition that is satisfied if a frame does not include a proper message authentication code.
However, the analogous art Han does disclose wherein the first condition includes a condition that is satisfied if a frame does not include a proper message authentication code (e.g. Han frame is invalid if its embedded message authentication code (MAC) is not authenticated [0079]; [0081]; and then proceed to discard the incoming frame [0083]).  Matsumoto and Han are analogous art because they are from the same field of endeavor in real-time filtering of CAN in-vehicle network frames transmitted by ECUs.
(e.g. see Han, “When the IDs match, the data frame is passed along the message authenticator 63 for further processing. The message authenticator 63 in turn checks the validity of frame data using a message authentication code (MAC) embedded in the frame. Once authenticated, the data frame is processed in a conventional manner” [0079]; “a message authentication code may be computed for the frame as indicated at 73. In one example, the message authentication code is derived from a cyclic redundancy check although other types of codes are contemplated by this disclosure. The message authentication [0081]; [0083]).
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of Matsumoto and Han before him or her, to modify the disclosure of Matsumoto with the teachings of Han to include wherein the first condition includes a condition that is satisfied if a frame does not include a proper message authentication code as claimed because Matsumoto provides a method and system for detecting and preventing unauthorized CAN frame transmission by monitoring ECU flags and Frame IDs (Matsumoto [Pages 1-5]) which could also include authenticating message authentication codes (MAC) embedded in the frames (Han [0079]; [0081]; [0083]).  The suggestion/motivation for doing so would have been to check the validity of frame data by using the message authentication codes (Han [0079]).  Therefore, it would have been obvious to combine Matsumoto and Han to obtain the invention as specified in the instant claim(s).
Allowable Subject Matter
Claims 3-12 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicants’ disclosure.
Butts et al. (US 20080186870 A1) is cited for disclosing validation testing of information using a received verification token.
MABUCHI (US 20140036693 A1) is cited for teaching an ECU network communication system through gateway relays.
Elend (US 20150095711 A1) is cited for teaching CAN traffic control system that emulates an error management protocol.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kenneth W Chang whose telephone number is (571)270-7530.  The examiner can normally be reached on Monday - Friday 9-5pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on 571-272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access 






/KENNETH W CHANG/Primary Examiner, Art Unit 2438                                                                                                                                                                                                        
    PNG
    media_image1.png
    35
    280
    media_image1.png
    Greyscale

09.17.2021