DETAILED ACTION

Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Examiner’s Statement of Reason for Allowance

The following is an examiner’s statement of reasons for allowance: 

Claims 1, 15 and 16 are allowed because there is no prior art that teaches the underline portion of the claims

Regarding claim 1 “A method for handling an anomaly in a communication network, the method comprising: 
performing, by each of a plurality of detectors, a rule-based anomaly recognition to: 
identify a deviation of at least one parameter of a data packet of a data stream in the communication network from a target value; and 
based on the identified deviation, recognize presence of at least one anomaly; and 

aggregating, by at least one aggregator, the information about the recognized at least one anomaly sent from the plurality of detectors; 
sending, to at least one actuator by the at least one aggregator via the communication network, the aggregated information about the recognized at least one anomaly; and 
initiating, by the at least one actuator, at least one countermeasure for handling the recognized at least one anomaly, based on the aggregated information about the recognized at least one anomaly sent from the aggregator via the communication network; 
wherein the plurality of detectors are situated at different devices in the communication network; 
wherein the communication network, the plurality of detectors, the at least one aggregator, and the at least one actuator are situated in a motor vehicle, 
wherein the at least one countermeasure includes: (i) modifying or rejecting at least one Ethernet packet, and/or (ii) blocking a port, and/or (iii) excluding a network participant.”

Regarding claim 15 “A non-transitory computer-readable medium on which are stored instructions that are executable by a processor and that, when executed by the processor, cause the processor to perform a method for handling an anomaly in a communication network, the method comprising: 

identify a deviation of at least one parameter of a data packet of a data stream in the communication network from a target value; and 
based on the identified deviation, recognize presence of at least one anomaly; and the plurality of detectors-sending information about the recognized at least one anomaly via the communication network; 
aggregating, by at least one aggregator, the information about the recognized at least one anomaly sent from the plurality of detectors; 
sending, to at least one actuator by the at least one aggregator via the communication network, the aggregated information about the recognized at least one anomaly; and 
initiating, by the at least one actuator, at least one countermeasure for handling the recognized at least one anomaly, based on the aggregated information about the recognized at least one anomaly sent from the aggregator via the communication network; 
wherein the plurality of detectors are situated at different devices in the communication network; 
wherein the communication network, the plurality of detectors, the at least one aggregator, and the at least one actuator are situated in a motor vehicle, 
wherein the at least one countermeasure includes: (i) modifying or rejecting at least one Ethernet packet, and/or (ii) blocking a port, and/or (iii) excluding a network participant.”

Regarding claim 16 “A device for handling an anomaly in a communication network, the device comprising- a plurality of detectors, each of the plurality of detectors configured to: 
perform a rule-based anomaly recognition to:102817950.14U.S. Pat. App. Ser. No. 16/424,889 Attorney Docket No. BOSC.P11329US/1001058967 
Office Action of July 15, 2021 identify a deviation of at least one parameter of a data packet of a data stream in the communication network from a target value; and 
based on the identified deviation, recognize presence of at least one anomaly; and 
send information about the recognized at least one anomaly via the communication network, at least one aggregator configured to: 
aggregate the information about the recognized at least one anomaly sent from the plurality of detectors; and 
send, to at least one actuator by the at least one aggregator via the communication network, the aggregated information about the recognized at least one anomaly; and the at least one actuator, wherein the at least one actuator in configured to initiate at least one countermeasure for handling the recognized at least one anomaly, based on the aggregated information about the recognized at least one anomaly sent from the aggregator via the communication network; 
wherein the plurality of detectors are situated at different devices in the communication network; and 
wherein the communication network, the plurality of detectors, the at least one aggregator, and the at least one actuator are situated in a motor vehicle, 
wherein the at least one countermeasure includes: (i) modifying or rejecting at least one Ethernet packet, and/or (ii) blocking a port, and/or (iii) excluding a network participant.”

Funk (US 2018/0040172) teaches a method for implementing Internet of Things (IoT) functionality, and implementing added services for OBD2 smart vehicle connection for IoT-capable vehicles.  A portable device, when connected to an OBD2 DLC port of a vehicle might monitor wireless communications between a vehicle computing system(s) and an external device, and might monitor operator input sensor data from operator input sensors tracking input by a vehicle operator.  The portable analyzes monitored operator input sensor data, to determine whether vehicle operation has been compromised.  If so, the portable device alerts the operator of the vehicle via a user interface, and initiates remediation operations comprising disconnecting the portable device from the OBD2 DLC port, disrupting, with the portable device, communication between the vehicle computing system and an external device.  Alternative to disconnecting the portable device from the OBD2 DLC port, the portable device depresses a block-wireless-communication button on the portable device, disrupting, with the portable device, communication between the vehicle computing system and an external device (see paragraph [0031]).  Funk discloses different methods of remediation based on a determination that vehicle operation has been compromised by one external device.  Funk fails to teach modifying or rejecting at least one Ethernet packet as claimed.



Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Overby et al. (US 2019/0379683) teach virtualized intrusion detection and prevention in autonomous vehicles

Any inquiry concerning this communication or earlier communications from the examiner should be directed to L. T N. whose telephone number is (571)272-1013.  The examiner can normally be reached on M & Th 5:30 am - 2:30 pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, TONIA DOLLINGER can be reached on 571-272-4170.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.





/L. T. N/
Examiner, Art Unit 2459
/Backhean Tiv/Primary Examiner, Art Unit 2459