DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on January 9, 2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Specification
The disclosure is objected to because of the following informalities:
On page 2, paragraph 0001, reference is made to a related U.S. Patent Application with missing serial number information.
Appropriate correction is required.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: “primary hardware sensor configured to collect”, “remote hardware sensors configured to collect”, and “template processor configured to submit/receive/generate/compare/identify” in claim 1; “template processor is configured to verify” in claims 3 & 4; “template processor is configured to receive” in claim 5; and “template processor is configured to issue” in claim 7.

If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-5, 7-13, and 15 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Bajpai, US 2021/0203682.

As per claim 1, it is taught of a hardware malware detection apparatus, comprising:
at least one template processor (model is built by processor for creating baseline patterns, see paragraph 0014, lines 4-6 and paragraph 0175, lines 1-24);
a primary system (CAN bus system) including one or more primary processing components (primary system is interpreted as building baseline patterns to learn normal behavior patterns to be 
at least one remote system including one or more remote processing components, the remote system communicatively coupled to the template processor by a plurality of remote hardware sensors identical to the plurality of primary hardware sensors, the remote hardware sensors configured to collect real- time sensor response data generated by the remote processing components in response to one or more challenges (malicious behavior)(see paragraph 0170, line 1-7 and paragraph 0171, line 1-12);
the at least one template processor configured to:
submit the one or more input vectors (input parameters) to the primary system (model is built by processor for creating baseline patterns, see paragraph 0014, lines 4-6 and paragraph 0175, lines 1-24);
receive the primary sensor response data from the plurality of primary hardware sensors (see paragraph 0170, lines 1-7 and paragraph 0171, lines 1-12);
generate one or more system templates based on the one or more input vectors and the associated primary sensor response data (see paragraph 0170, lines 1-7 and paragraph 0171, lines 1-12);
generate the one or more challenges (malicious behavior) based on the one or more system templates (see paragraph 0170, line 1-7 and paragraph 0171, line 1-12);
receive the real-time sensor response data from the plurality of secondary hardware sensors (see paragraph 0171, lines 1-12);

based on the comparing, identify a presence or an absence of at least one system anomaly corresponding to the remote system (see paragraph 0156, lines 5-22 and paragraph 0175, lines 8-17).
As per claim 2, it is disclosed wherein:
the primary system is a trusted system; and the at least one remote system includes at least one untrusted system (see paragraph 0116, lines 14-30).
As per claim 3, it is taught wherein the template processor is configured to, based on the comparing, verify the remote system as a trusted system (see paragraph 0116, lines 14-30).
As per claim 4, it is disclosed wherein the template processor is configured to verify the primary system as a trusted system (see paragraph 0116, lines 14-30).
As per claim 5, it is taught wherein the template processor is configured to receive the one or more input vectors from the remote processor (see paragraph 0170, line 1-7 and paragraph 0171, line 1-12).
As per claim 7, it is disclosed wherein the at least one template processor is configured to issue the one or more challenges to the remote system (see paragraph 0170, line 1-7 and paragraph 0171, line 1-12).
As per claim 8, it is taught wherein:
the primary processing component includes at least one of a primary processor and a primary hardware component (see paragraph 0014, lines 4-6 and paragraph 0175, lines 1-24); and
the remote processing component includes at least one of a remote processor and a remote hardware component (see paragraph 0014, lines 4-6 and paragraph 0175, lines 1-24).
As per claim 9, it is disclosed of a method for detecting hardware malware, the method comprising:

collecting, via one or more primary hardware sensors (see paragraph 0171, lines 1-12) coupled to the primary system (primary system is interpreted as building baseline patterns to learn normal behavior patterns to be used by the master hacking detection system, see paragraph 0155, lines 1-6 & 5-19), primary response data corresponding to the primary system in response to the one or more input vectors (paragraph 0175, lines 1-24);
generating, via the template processor, one or more system templates based on the one or more input vectors and the associated primary response data (see paragraph 0175, lines 1-24);
collecting, via one or more remote hardware sensors identical to the primary hardware sensors and coupled to the remote system (remote ECU’s within the CAN bus system contain hacking detection systems, see paragraph 0156, lines 5-19), real-time response data corresponding to the remote system in response to one or more system challenges (malicious behavior) submitted to the remote system (see paragraph 0170, line 1-7 and paragraph 0171, line 1-12);
comparing, via the template processor, the real-time response data to the one or more system templates associated with the corresponding system challenges (see paragraph 0170, line 1-7 and paragraph 0171, line 1-12); and
determining, based on the comparing, at least one of an absence or a presence of a system anomaly associated with the remote system (see paragraph 0156, lines 5-22 and paragraph 0175, lines 8-17).
As per claim 10, it is taught wherein submitting one or more input vectors to a primary system via at least one template processor in communication with a primary system includes:

As per claim 11, it is disclosed wherein submitting one or more input vectors to a primary system via at least one template processor in communication with a primary system includes:
verifying, via the template processor, the primary system as a trusted system (see paragraph 0116, lines 14-30).
As per claim 12, it is taught wherein determining, based on the comparing, at least one of an absence or a presence of a system anomaly associated with the remote system includes:
verifying, via the template processor, the remote system as a trusted system (see paragraph 0116, lines 14-30).
As per claim 13, it is disclosed wherein determining, based on the comparing, at least one of an absence or a presence of a system anomaly associated with the remote system includes:
identifying at least one of a local component failure, a malware element, and a software error associated with the remote system (see paragraph 0123, lines 1-8).
As per claim 15, it is disclosed wherein collecting, via one or more remote hardware sensors identical to the primary hardware sensors and coupled to the remote system, real-time response data corresponding to the remote system in response to one or more system challenges submitted to the remote system includes:
generating, via the template processor, the one or more system challenges based on the system templates (see paragraph 0170, line 1-7 and paragraph 0171, line 1-12); and
submitting the one or more system challenges to the remote system via the template processor (see paragraph 0170, line 1-7 and paragraph 0171, line 1-12).


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 6 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Bajpai, US 2021/0203682 in view of Hall et al, US 2011/0304340.

As per claims 6 and 14, Bajpai discloses of a plurality of primary hardware sensors and the plurality of remote hardware sensors wherein collecting, via one or more remote hardware sensors identical to the primary hardware sensors and coupled to the remote system, real-time response data corresponding to the remote system in response to the one or more system challenges (see paragraph 0170, line 1-7 and paragraph 0171, line 1-12).  The teachings of Bajpai fail to disclose wherein the collecting include at least one of: a side-channel electromagnetic (EM) emanation sensor; a side-channel magnetic current imager; and a time-domain reflectometry (TDR) probe.  Hall et al discloses of using sensors directed towards time-domain reflectometry (TDR) probes (see paragraph 0033, lines 1-8).  It would have been obvious to a person of ordinary skill in the art before the effective filling date of the claimed invention to have been motivated to recognize that the functionality of using sensors for detecting anomalies in transmissions lines is an obvious variation that could be applied to the teachings of Bajpai since the CAN bus transmits signals between various components in the vehicle system.  The claims would have been obvious because the substitution of one know element for another would have yielded predictable results.  By detecting transmission line errors using time domain reflectometry as is .

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Johnston et al, U.S. Patent 10,701,096 is relied upon for disclosing of using anomalous detection models to detect anomalous behavior, whereby event templates are used in the determination process, see column 1, line 58 through column 2, line 7 and column 2, lines 26-29.
Diehl, U.S. Patent 10,409,980 is relied upon for disclosing of a remote security service used to configure a monitored device and building situational models to detect security related instances with the monitored device, see column 2, lines 29-45.
Yen et al, U.S. Patent 9,378,361 is relied upon for disclosing of using anomaly sensors to collect and detect suspicious activities, see column 1, line 61 through column 2, line 5.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER A REVAK whose telephone number is (571)272-3794.  The examiner can normally be reached on 5:30am - 3:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LYNN FEILD can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

















/CHRISTOPHER A REVAK/Primary Examiner, Art Unit 2431