DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

                                      EXAMINER’S AMENDMENT
Authorization for the Examiner’s Amendment was given in an interview with the
Applicant’s representative, Jeffrey Kuo (Reg. No. 73,071) on September 30, 2021.
Claims 1 and 14 have been amended by the Applicant, and claims 5-6, and 19 have been canceled by the Applicant.  
The following Examiner’s amendment is listed below:


                                                               Claims
1. (Currently Amended) A system for verifying an identity of a computerized sub-system of
a vehicle, comprising: at the vehicle:
- a tele-processor configured to periodically record during a period T1 a flow of messages
over a bus of the vehicle's sub-system, and to periodically transmit every period T2 the recorded flow of messages to a remote server via a transceiver;
at a remote authentication server:
- a transceiver configured to receive each of said recorded flows of messages;

stored in a non-transitory computer-readable storage medium configured to generate during an offline stage from vehicle-behavioral-only messages within a plurality of said flows of messages a final profile that forms an identity of said computerized sub-system of the vehicle;
- said profile generator stored in a non-transitory computer-readable storage medium is further configured to generate during run-time, from vehicle-behavioral-only messages within an individual record of a flow of messages a temporary profile,
said temporary profile reflecting a signature of the sub-system of the vehicle; and
- a comparator stored in the non-transitory computer-readable storage medium which is configured to compare periodically during run time each of said temporary profiles with said final profile, thereby to verify the identity of the computerized sub-system of the vehicle based on at least partial compliance between said temporary profile and final profile;
wherein said generation of the final profile and said generation of the temporary profile are based only on the vehicle-behavioral only messages, wherein said vehicle-behavioral only messages are messages that are characterize machine-based elements within the subsystem, while eliminating functions that depend on the driver of the vehicle, on the driver’s behavior, or on environmental conditions during the vehicle’s operation; and wherein said identity of the computerized sub-system of the vehicle forms a unique identity of the vehicle itself, which individually distinguishes the vehicle over other vehicles, even those having an exact same model number, manufacturing year, assemblies, and/or accessories,
wherein said comparator is configured to verify whether a match exists between said final profile and said temporary profile within predefined envelopes, and when a mismatch is found, an alert is issued, and wherein a mismatch outside of said envelopes hints to one or more of: (a) a malicious activity within said vehicle's sub-system; (b) a malicious activity to fake the identity of the vehicle; (c) installation of a non-original or non-standard element within said vehicle's computerized sub-system; or (d) installation of a non-standard element within a communication network of the vehicle.

5. (Canceled)

6. (Canceled)

14. (Currently Amended) A method for verifying an identity of a computerized sub-system of
a vehicle, comprising:
     - installing within said computerized sub-system of the vehicle a tele-processor;
     - periodically recording by said tele-processor during a period T1 a flow of messages over a bus of the vehicle's sub-system, and transmitting periodically every period T2 the recorded
flow of messages to a remote authentication server;
at the remote authentication server:
     - receiving each of said recorded flow of messages;
     - generating during an offline stage from vehicle-behavioral-only messages within a
plurality of said flows of messages a final profile that forms an identity of said sub-system of the
vehicle;
     - generating during run-time from vehicle-behavioral-only messages within each individual
record of a flow of messages a temporary profile, said temporary profile reflecting a signature of
the sub-system of the vehicle; and
     - comparing during run time each of said temporary profiles with said final profile, thereby
to verify the identity of the computerized sub-system of the vehicle based on at least a partial
compliance between said temporary profile and said final profile;

wherein said identity of the computerized sub-system of the vehicle forms a unique identity of the vehicle itself, which individually distinguishes the vehicle over other vehicles, even those having an exact same module number, manufacturing year, assemblies, and/or accessories, 
-verify whether a match exists between said final profile and said temporary profile within predefined envelopes, and when a mismatch is found, an alert is issued, and wherein a mismatch outside of said envelopes hints to one or more of: (a) a malicious activity within said vehicle's sub-system; (b) a malicious activity to fake the identity of the vehicle; (c) installation of a non-original or non-standard element within said vehicle's computerized sub-system; or (d) installation of a non-standard element within a communication network of the vehicle.

19. (Canceled)




                                 Reasons for Allowance

Claims 1-4, 7-15, 17-18, and 20-23 are allowable.
The following is an Examiner’s statement of reasons for allowance:
The present invention is directed to a system and method that discloses the final profile may be passed to a communication peer on demand.  Furthermore, a final profile which is stored in a vehicle may be requested by a communication peer from the authentication server.  The vehicle's profile can be used to determine anomalies in the vehicle's computerized sub-system, such as those that are connected to or resulting from malicious activities, such as cyber-attacks.
The system of the invention which compares the temporary profile (which is generated typically during a short period, however repeatedly) with the final profile can also be used in order to authenticate the identity of the vehicle, while the temporary profile serves as a signature of the vehicle, although this signature may somewhat change from one sampling period T1 to another period T1. 
The closest prior art is Ben Noon et al. (2015/0195297) discloses the structure of the cloud-based ("remote") vehicle authentication server. The messages file that was periodically transmitted from the vehicle is received via transceiver and stored within temporary database. Profile generator analyzes the content of database typically all the messages that have flown through the CAN-bus during period T, and based on predefined rules the profile generator creates a temporary profile. The temporary profile is typically divided to several selected categories (functions) of the vehicle, and each category contains selected parameters for which the profile contains values that reflect status or characteristics of elements of the car during the car operation. The functions for the temporary profile and of the final profile which will be are “wherein said generation of the final profile and said generation of the temporary profile are based only on the vehicle-behavioral only messages, wherein said vehicle-behavioral only messages are messages that are characterize machine-based elements within the subsystem, while eliminating functions that depend on the driver of the vehicle, on the driver’s behavior, or on environmental conditions during the vehicle’s operation; and wherein said identity of the computerized sub-system of the vehicle forms a unique identity of the vehicle itself, which individually distinguishes the vehicle over other vehicles, even those having an exact same model number, manufacturing year, assemblies, and/or accessories,
wherein said comparator is configured to verify whether a match exists between said final profile and said temporary profile within predefined envelopes, and when a mismatch is found, an alert is issued, and wherein a mismatch outside of said envelopes hints to one or more of: (a) a malicious activity within said vehicle's sub-system; (b) a malicious activity to fake the identity of the vehicle; (c) installation of a non-original or non-standard element within said vehicle's computerized sub-system; or (d) installation of a non-standard element within a communication network of the vehicle”.
	The Non-patent literature of Wang et al. (Title: VeCure: A Practical Security Framework to Protect the CAN Bus of Vehicles) teaches demand for improving driving safety, in-vehicle entertainment, and vehicle intelligence, vehicles are being revolutionized by integrating many computer and communication technologies to provide Internet connectivity, navigation, interactivity with mobile devices, voice control, Over-The-Air (OTA) diagnostics & updates, and 
Wang does not teach or suggest, “wherein said generation of the final profile and said generation of the temporary profile are based only on the vehicle-behavioral only messages, wherein said vehicle-behavioral only messages are messages that are characterize machine-based elements within the subsystem, while eliminating functions that depend on the driver of the vehicle, on the driver’s behavior, or on environmental conditions during the vehicle’s operation; and wherein said identity of the computerized sub-system of the vehicle forms a unique identity of the vehicle itself, which individually distinguishes the vehicle over other vehicles, even those having an exact same model number, manufacturing year, assemblies, and/or accessories,
wherein said comparator is configured to verify whether a match exists between said final profile and said temporary profile within predefined envelopes, and when a mismatch is found, an alert is issued, and wherein a mismatch outside of said envelopes hints to one or more of: (a) a malicious activity within said vehicle's sub-system; (b) a malicious activity to fake the identity of the vehicle; (c) installation of a non-original or non-standard element within said vehicle's computerized sub-system; or (d) installation of a non-standard element within a communication network of the vehicle”.

Therefore the claims are allowable over the cited prior art.
Any comments considered necessary by applicant must be submitted no later than the
payment of the issue fee and, to avoid processing delays, should preferably accompany the issue
fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for
Allowance."

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JENISE E JACKSON whose telephone number is (571)272-3791.  The examiner can normally be reached on M-F 8:00am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T Pham can be reached on (571)270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications 




9/30/2021
/J.E.J/Examiner, Art Unit 2439        



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439