DETAILED ACTION
	This action is responsive to communication filed on 07/28/2021. Claims 1-5 and 7-22 are pending and being considered. Claim 6 is cancelled. Claim 22 is newly added. Claims 1 and 21 are independent. Thus, the claims 1-5 and 7-22 are rejected.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments/Remarks
Applicant’s remarks/arguments, filed on 07/28/2021, have been fully considered. The newly prior art(s) presented in this Office Action satisfies all of the argued limitations related to rejections under Double Patenting and 35 U.S.C. 103. Therefore, this Office Action is made Non-Final. 

Drawings
The drawings (Figs. 2 and 3) are objected to because of the following informalities: 
The labels for elements 212 and 312 in Figs. 2 and 3, respectively, are misspelled as Doman Filrewall, which should be spelled as Domain Firewall.
Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure 

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-5 and 7-22 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-18 of U.S. Patent No. 10,637,647 B2 in view of Frank; Juergen et al. (US 2016/0070934 A1), hereinafter (Frank).

Instant Application 16/847,666
U.S. Patent 10,637,647 B2
Claim 1: A control device, comprising: an application core comprising a processor, a memory and a direct memory access controller; and a security module coupled to the application core via a computer bus, 

wherein the security module comprises at least one processor and at least one memory; 
wherein the direct memory access controller is configured to: read data from the memory, 
generate, in response to reading data from the memory, a hash value from the data read from the memory, and 
provide the hash value to the security module via the computer bus; and wherein the security module is configured to process the hash value.
Claim 2: wherein the security module is configured to compare the hash value with a reference hash value.







Claim 5: wherein the security module comprises an interface to connect to the computer bus and a firewall arranged between the interface and further components of the security module.
Claim 1: A control device, comprising:
an application core comprising a processor, a memory, a bridge, and a direct memory access controller; and a security module coupled to the application core via a computer bus coupling the bridge of the application core and the security module;
Claim 4: wherein the security module
comprises at least one processor and at
least one memory.
wherein the direct memory access
controller is configured to read data 
from the memory, 
generate a hash value for the data and


provide the hash value to the security
module via the computer bus; and


wherein the security module is
configured to compare the hash value,

controller, with a reference hash value and
to provide a report of the comparison to the
application core via the computer bus;
wherein the application core is further
configured to transmit the report obtained
from the security module to a peripheral 
component via the bridge, 
wherein the security module comprises an
interface to connect to the computer bus
and a firewall arranged between the
interface and further components of the
security module.
Claim 3: wherein the security module is configured to verify an integrity of the data based on the hash value.
Claim 2: wherein the security module is configured to verify an integrity of the data based on the comparison of the hash value with the reference hash value and further configured to report to the processor via the computer bus, a result of the verification.
Claim 4: wherein the direct memory access controller is configured to provide 
Claim 3: wherein the direct memory access controller is configured to provide 
Claim 6: cancelled

Claim 7: wherein the security module comprises a memory encryption unit.
Claim 5: wherein the security module comprises a memory encryption unit.
Claim 8: wherein the security module comprises one or more cryptographic accelerators.
Claim 6: wherein the security module comprises one or more cryptographic accelerators.
Claim 9: wherein the control device is a vehicle electronic control unit.
Claim 7: wherein the control device is a vehicle electronic control unit.
Claim 10: wherein the control device is configured to control a component of a vehicle.
Claim 8: wherein the control device is configured to control a component of a vehicle.
Claim 11: wherein the data are vehicle component control data.
Claim 9: wherein the data are vehicle component control data.
Claim 12: wherein the data are data to be sent to another control device connected to the control device by a second computer bus.




Claim 13: wherein the control device comprises a bridge to connect to the second computer bus.
Claim 16: wherein the computer bus is a
first computer bus and wherein the
application core further comprises a
second computer bus, wherein the

access controller and the bridge are directly coupled to the second bus of the application core, and wherein the
application core is configured to transmit
the data to a peripheral component via the
bridge and the first computer bus in
response to the report indicating
verification of the hash value by the
security module.
Claim 14: wherein the second computer bus is an in-vehicle bus.
Claim 17: wherein the first computer bus is an in-vehicle bus.
Claim 15: wherein the security module is a hardware security module.
Claim 10: wherein the security module is a hardware security module.
Claim 16: wherein the security module comprises a countermeasure against a physical attack.
Claim 11: wherein the security module comprises a countermeasure against a physical attack.
Claim 17: wherein the countermeasure is an active sensor to a detect fault and glitching attacks.
Claim 12: wherein the countermeasure is an active sensor to a detect fault and glitching attacks.
Claim 18: wherein the security module is configured to secure a communication 
Claim 13: wherein the security module is configured to secure a communication 
Claim 19: wherein the security module is configured to secure the communication by means of providing at least one cryptographic key for encrypting data exchanged between the memory and the direct memory access controller.
Claim 14: wherein the security module is configured to secure the communication by means of providing at least one cryptographic key for encrypting data exchanged between the memory and the direct memory access controller.
Claim 20: further comprising: a chip comprising the application core and the security module.
Claim 15: further comprising: a chip comprising the application core and the security module.
Claim 21: A method for securing data, the method comprising: 
reading, by a direct memory access controller, data from a memory of an application core which comprises the memory, the direct memory access controller and a processor; 
generating, by the direct memory access controller in response to reading data from the memory, a hash value from the data read from the memory; and providing the hash value to a security 
Claim 18: A method for securing data, the
method comprising:
reading, by a direct memory access
controller, data from a memory of an
application core which comprises the
memory, the direct memory access
controller, a bridge, and a processor;
generating, by the direct memory access
controller, 
a hash value for the data; 
		
providing the hash value to a security

bridge of the application core and the
security module; comparing, by the
security module, the hash value with a
reference hash value; providing, by the 
security module, a report of the
comparison to the application core
via the computer bus; and transmitting
after obtaining the report, the data from the
application core to a peripheral component
via the bridge, wherein the security
module comprises an interface to connect 
to the computer bus and a firewall
arranged between the interface and
further components of the security
module.
Claim 22: wherein the direct memory access controller configured to provide the hash value to the security module via a private channel comprises the direct memory access controller configured to send the hash value in a message 



All limitations of independent claim 1 are taught by the patent application except for the underlined limitation(s) such as “generate, in response to reading data from the memory, a hash value from the data read from the memory,” and “wherein the security module is configured to process the hash value”, which are taught by Frank, such as,
Frank teaches to generate, in response to reading data from the memory, a hash value from the data read from the memory (Frank, Para. [0022-0023], FIG. 2b shows a MCU 5 that includes the memory controller 10 described in FIG. 2a. In this exemplary embodiment the first memory unit 15 described in FIG. 2a is a non-volatile flash memory 17, the first processing unit 30 described in FIGS. 2a is an HASH engine 32 used to calculate the calculated HASH value CH representative for the data “DATA” in the non-volatile flash memory 17), and wherein the security module is configured to process the hash value (Frank, Para. [0023], discloses that after the HSM 37 receives the generated hash value, the HSM 37 (Hardware Security Module) compares the calculate HASH value CH with the pre-stored HASH value PH stored in the secure memory unit 20).
Further, all the limitations of dependent claims 2-5, 7-11 and 13-20 are taught by the patent application except for the limitation(s) “wherein the data are data to be sent to another control device connected to the control device by a second computer bus.” and “wherein the direct memory access controller configured to provide the hash value to the security module via a private channel comprises the direct memory access controller configured to send the hash value in a message including a tag configured to be readable only by the security module.” of dependent claims 12 and 22, respectively, which are also disclosed in Frank. See rejection below.
Furthermore, all limitations of independent claim 21 are taught by the patent application except for the underlined limitation(s) such as “generating, by the direct memory access controller in response to reading data from the memory, a hash value from the data read from the memory; and”, which is taught by Frank. Such as,
Frank teaches generating, by the direct memory access controller in response to reading data from the memory, a hash value from the data read from the memory (Frank, Para. [0022-0023], FIG. 2b shows a MCU 5 that includes the memory controller 10 described in FIG. 2a. In this exemplary embodiment the first memory unit 15 described in FIG. 2a is a non-volatile flash memory 17, the first processing unit 30 described in FIGS. 2a is an HASH engine 32 used to calculate the calculated HASH value CH representative for the data “DATA” in the non-volatile flash memory 17); and

Claim Rejections - 35 U.S.C. 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.

3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or non-obviousness.

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-5, 7-11, 15-16 and 20-22 are rejected under 35 U.S.C. 103 as being unpatentable over Frank; Juergen et al. (US 2016/0070934 A1), hereinafter (Frank), in view of Gail; Markus et al. (US 2014/0223569 A1), hereinafter (Gail).

As per claim 1, Frank teaches a control device, comprising (Frank, Fig. 2b and Para. [0023], discloses a MCU 5 that includes the memory controller 10 described in FIG. 2a, and disclosed in Para. [0027], wherein the MCU 5 may be part of an automotive vehicle and in particular of a safety system embedded in the automotive vehicle. The safety system may include a plurality of MCU 5): 
an application core comprising Frank, Fig. 2a and Para. [0022], discloses that the first processing unit 30 may be embedded in a same chip with the first memory unit 15, and as disclosed in Para. [0023], FIG. 2b shows an exemplary embodiment of a MCU 5 that includes the memory controller 10 described in FIG. 2a. In this exemplary embodiment ); and 
a security module coupled to the application core via a computer bus (Frank, Fig. 2b and Para. [0023], discloses that the calculated HASH value CH may be made available to the HSM 37 via a register interface implemented in an integrated part of the memory controller 10 indicated in FIG. 2b with a dashed line embedding the non-volatile flash memory 17 with the HASH engine 32 (on a same chip, see Para. [0022]). The HSM 37 may communicate within the memory controller 10 by means of the same crossbar switch XBAR or the suitable type of system bus), wherein the security module comprises at least one processor and at least one memory (Frank, Para. [0021], discloses that secure memory unit 20 and the pre-stored value PV stored therein may be part of HSM. The HSM may usually include one or more processors); 
wherein the direct memory access controller is configured to: read data from the memory, generate, in response to reading data from the memory, a hash value from the data read from the memory (Frank, Fig. 2a and Para. [0022], discloses that the first processing unit 30 is integrated with the first memory unit 15 and the first processing unit 30 may read and write data “DATA” from and to the first memory unit 15 on a block-wise basis. For example the first processing unit 30 may be embedded in a same chip or same package with the first memory unit 15. This allows a close physical connection between the processing unit 30 and the first memory unit 15, and as disclosed in Para. [0023], FIG. 2b shows a MCU 5 that includes the memory controller 10 described in FIG. 2a. In this exemplary embodiment the first memory unit 15 described in FIG. 2a is a non-volatile flash memory 17, the first processing unit 30 ), and 
provide the hash value to the security module via the computer bus (Frank, Fig. 2b and Para. [0023], discloses that the calculated HASH value CH is offered as a read-only value to the HSM 37. The read-only value of the calculated HASH value CH may be made available to the HSM 37 via a register interface implemented in an integrated part of the memory controller 10 indicated in FIG. 2b with a dashed line embedding the non-volatile flash memory 17 with the HASH engine 32 (on a same chip, see Para. [0022]). The HSM 37 may communicate within the memory controller 10 by means of the same crossbar switch XBAR or the suitable type of system bus); and 
wherein the security module is configured to process the hash value (Frank, Para. [0023], discloses that the second processing unit 35 is an HSM 37 (Hardware Security Module) used to compare the calculate HASH value CH with the pre-stored HASH value PH stored in the secure memory unit 20). 
However Frank fails to explicitly disclose but Gail teaches an application core comprising a processor, a memory and a direct memory access controller (Gail, Fig. 1 and Para. [0013], discloses one or more application cores 108 such as embedded processor cores); and
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Gail’ into the teachings of ‘Frank’, with a motivation wherein the system on chip SOC includes one or more application cores, as taught by Gail, in order for the ESM to perform security tasks for applications running on one or more of the application cores; Gail, Para. [0016].

As per claim 2, Frank as modified by Gail teaches the control device of claim 1, wherein Frank further teaches the security module is configured to compare the hash value with a reference hash value (Frank, Para. [0023], discloses that after receiving the calculated HASH value CH from the non-volatile flash memory 17 or the HASH engine 32 of the memory controller 10 and retrieving the pre-stored HASH value PH from the secure memory unit 20, the HSM 37 compares the calculated HASH value CH with the pre-stored HASH value PH).

As per claim 3, Frank as modified by Gail teaches the control device of claim 1, wherein Frank further teaches the security module is configured to verify an integrity of the data based on the hash value (Frank, Para. [0021 and 0028], discloses that the HSM may usually include one or more processors dedicated for carrying out secure cryptographic operations with which data is protected against tampering and bus probing, such as by comparing the calculated hash value CV with the pre-stored value PV to verify the authenticity of data stored in a memory unit).

As per claim 4, Frank as modified by Gail teaches the control device of claim 1, wherein Frank further teaches the direct memory access controller is configured to provide the hash value to the security module via a private channel (Frank, Fig. 2b and Para. [0023], discloses that the calculated HASH value CH is offered as a read-only value to the HSM 37. The read-only value of the calculated HASH value CH may be made available to the HSM 37 via a register interface (i.e., via a private channel) implemented in an integrated part of the memory controller 10 indicated in FIG. 2b with a dashed line embedding the non-volatile flash memory 17 with the HASH engine 32. 

As per claim 5, Frank as modified by Gail teaches the control device of claim 1, wherein Frank fails to explicitly disclose but Gail further teaches the security module comprises an interface to connect to the computer bus and a firewall arranged between the interface and further components of the security module (Gail, Para. [0021], discloses that interface 128 of the ESM 102 (Embedded Security Module) can be a standard high bandwidth communication bridge 116 to ensure timely access to the data and code stored in external Flash memories 138, 140. The bridge 116 can include a standard firewall for restricting access to the ESM 102. The firewall can implement any standard protocol for protecting the internal components of the ESM 102 against access from outside the ESM 102.).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Gail’ into the teachings of ‘Frank’, with a motivation wherein the security module comprises an interface to connect to the computer bus and a firewall arranged between the interface and further components of the security module, as taught by Gail, in order to protect the internal components of the ESM 102 against access from outside the ESM 102; Gail, Para. [0021].


As per claim 7, Frank as modified by Gail teaches the control device of claim 1, wherein Frank further teaches the security module comprises a memory encryption unit (Frank, Para. [0021], discloses that the HSM may usually include one or more processors dedicated for carrying out secure cryptographic operations with which data is protected against tampering and bus probing. Therefore the pre-stored value PV may be stored, generated, and encrypted in the HSM as cryptographic keys. By using a HSM in the second processing unit 35, security of the memory controller 10 and of the start-up of the memory controller 10 and the first memory unit 15 is further improved).

As per claim 8, Frank as modified by Gail teaches the control device of claim 1, wherein Frank further teaches the security module comprises one or more cryptographic accelerators (Frank, Para. [0021], discloses that the HSM may usually include one or more processors (i.e., accelerators) dedicated for carrying out secure cryptographic operations with which data is protected against tampering and bus probing).

As per claim 9, Frank as modified by Gail teaches the control device of claim 1, wherein Frank further teaches the control device is a vehicle electronic control unit (Frank, Para. [0019], discloses a larger system controlling a network of devices interacting with each other. For example the MCUs and transceivers controlling the electrical features in a vehicle such as switching on/off indoor or outdoor lights, lifting-up/sliding down electrical windows, etc.).

As per claim 10, Frank as modified by Gail teaches the control device of claim 1, wherein Frank further teaches the control device is configured to control a component of a vehicle (Frank, Para. [0019], discloses to control electrical features of or see also Para. [0027, discloses that the MCU 5 may be part of an automotive vehicle and in particular of a safety system embedded in the automotive vehicle. The safety system may include a plurality of MCU 5. The safety system may be for example a break system. The break system may receive a break command from a central node which may be another MCU 5).

As per claim 11, Frank as modified Gail teaches the control device of claim 1, wherein Frank further teaches the data are vehicle component control data (Frank, Para. [0019], discloses the instructions for the operations of these devices may be related for example to switching on/off indoor or outdoor lights, lifting-up/sliding down electrical windows, etc. The data DATA in the first memory unit 15 may consist of said instructions for the operations of the devices in the network).

As per claim 15, Frank as modified by Gail teaches the control device of claim 1, wherein Frank further teaches the security module is a hardware security module (Frank, Fig. 2b, illustrates a HSM 37).

As per claim 16, Frank as modified by Gail teaches the control device of claim 1, wherein Frank further teaches the security module comprises a countermeasure against a physical attack (Frank, Para. [0027], discloses that the MCU 5 may be part of an automotive vehicle and in particular of a safety system embedded in the automotive vehicle. The safety system may include a plurality of MCU 5. The safety system may be for example a break system. The break system may receive a break command from a central node which may be another MCU 5. The break command may ).

As per claim 20, Frank as modified by Gail teaches the control device of claim 1, wherein Frank fails to disclose but Gail further teaches: further comprising: a chip comprising the application core and the security module (Gail, Fig. 1 and Para. [0013], discloses a system on chip (SOC) 100 including an embedded security module (ESM) 102 […] and one or more application processing cores 108).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Gail’ into the teachings of ‘Frank’, with a motivation wherein the system on chip SOC includes an embedded security module and one or more application cores, as taught by Gail, in order for the ESM to perform security tasks for applications running on one or more of the application cores; Gail, Para. [0016].

As per claim 21, Frank teaches a method for securing data, the method comprising (Frank, Para. [0001], discloses a method for verifying authenticity of data stored in a memory unit and a method for controlling a memory unit, and as disclose din Para. [0003], for a secure functioning of the electronic system and to protect the data ): 
reading, by a direct memory access controller, data from a memory of an application core which comprises the memory, the direct memory access controller Frank, Fig. 2a and Para. [0022], discloses that the first processing unit 30 is integrated with the first memory unit 15 and the first processing unit 30 may read and write data “DATA” from and to the first memory unit 15 on a block-wise basis. For example the first processing unit 30 may be embedded in a same chip or same package with the first memory unit 15. This allows a close physical connection between the processing unit 30 and the first memory unit 15, and as disclosed in Para. [0023], FIG. 2b shows an exemplary embodiment of a MCU 5 that includes the memory controller 10 described in FIG. 2a. In this exemplary embodiment the first memory unit 15 described in FIG. 2a is a non-volatile flash memory 17, the first processing unit 30 described in FIGS. 2a is an HASH engine 32 used to calculate the calculated HASH value CH representative for the data “DATA” in the non-volatile flash memory 17); 
generating, by the direct memory access controller in response to reading data from the memory, a hash value from the data read from the memory (Frank, Fig. 2b and Para. [0023], discloses that a HASH engine 32, within memory controller 10, is used to calculate the HASH value CH representative for the data in the non-volatile flash memory 17); and 
providing the hash value to a security module via a computer bus coupling the application core and the security module (Frank, Fig. 2b and Para. [0023], discloses that the calculated HASH value CH is offered as a read-only value to the HSM ).
However Frank fails to explicitly disclose but Gail teaches an application core which comprises the memory, the direct memory access controller and a processor (Gail, Fig. 1 and Para. [0013], discloses one or more application cores 108 such as embedded processor cores); and
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Gail’ into the teachings of ‘Frank’, with a motivation wherein the system on chip SOC includes one or more application cores, as taught by Gail, in order for the ESM to perform security tasks for applications running on one or more of the application cores; Gail, Para. [0016].

As per claim 22, Frank as modified by Gail teaches the control device of claim 4, wherein Frank further teaches the direct memory access controller configured to provide the hash value to the security module via a private channel comprises the direct memory access controller configured to send the hash value in a message including a tag configured to be readable only by the security module (Frank, Fig. 2b and Para. [0023], discloses that the calculated HASH value CH is offered as a read-only value to the HSM 37. The read-only value of the calculated HASH value CH may be made available to the HSM 37 via a register interface (i.e., via a private channel) ).

Claim(s) 12-14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Frank in view of Gail, as applied above, and further in view of Wang; Qiyan (US 9705678 B1), hereinafter (Wang).

As per claim 12, Frank as modified by Gail teaches the control device of claim 1, wherein Frank further teaches the data are data to be sent to another control device connected to the control device Frank, Para. [0019], discloses that the memory controller 10 of FIG. 1a may be part of a larger system controlling a network of devices interacting with each other and wherein the memory controller 10 gives instructions for operations and timing of operations to be performed by each of the devices in the network. In a context of automotive applications the memory controller 10 may be for example part of a MCU (Microcontroller Unit) and ).
However Frank as modified by Gail fails to disclose “a second computer bus” but Wang teaches wherein the data are data to be sent to another control device connected to the control device by a second computer bus (Wang, Fig. 1 and Col. 4 (Lines 16-20), discloses that all ECUs 102 are connected to a Controller Area Network (CAN) bus 104. In most cases, there are two CAN buses 104 (CAN-1 and CAN-2, as depicted in Fig. 1) on the vehicle, and they are interconnected through a bridge unit 106, which forwards messages from one CAN bus 104 to the other).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Wang’ into the teachings of ‘Frank’ as modified by ‘Gail’, with a motivation wherein the data are data to be sent to another control device connected to the control device by a second 

As per claim 13, Frank as modified by Gail in view of Wang teaches the control device of claim 12, wherein Frank as modified by Gail fails to explicitly disclose but Wang teaches the control device comprises a bridge to connect to the second computer bus (Wang, Fig. 1 and Col. 4 (Lines 16-20), discloses that all ECUs 102 are connected to a Controller Area Network (CAN) bus 104. In most cases, there are two CAN buses 104 (CAN-1 and CAN-2, as depicted in Fig. 1) on the vehicle, and they are interconnected through a bridge unit 106, which forwards messages from one CAN bus 104 to the other).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Wang’ into the teachings of ‘Frank’ as modified by ‘Gail’, with a motivation wherein the control device comprises a bridge to connect to the second computer bus, as taught by Wang, in order to take advantage of the two CANs that are connected via a bridge unit to forwards messages from one CAN to the other; Wang, Col. 3 (Lines 58-60).

As per claim 14, Frank as modified by Gail in view of Wang teaches the control device of claim 12, wherein Frank as modified by Gail fails to explicitly disclose but Wang teaches the second computer bus is an in-vehicle bus (Wang, Fig. 1 and Col. 4 (Lines 16-20), discloses that all ECUs 102 are connected to a Controller Area Network (CAN) bus 104. In most cases, there are two CAN buses 104 (CAN-1 and CAN-2, as ).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Wang’ into the teachings of ‘Frank’ as modified by ‘Gail’, with a motivation wherein the second computer bus is an in-vehicle bus, as taught by Wang, in order to take advantage of the two CANs that are connected via a bridge unit to forwards messages from one CAN to the other; Wang, Col. 3 (Lines 58-60).

Claim(s) 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Frank in view of Gail, as applied above, and further in view of Hendrik Schweppe (Security and Privacy in Automotive On-Board Networks, Submitted on 27 May 2015), hereinafter (Hendrik).

As per claim 17, Frank as modified by Gail teaches the control device of claim 16, wherein Frank as modified by Gail fails to explicitly disclose but Hendrik further teaches the countermeasure is an active sensor to detect a fault and glitching attacks (Hendrik, Page 173- 175, discloses the intrusion detection sensors). 
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Hendrik’ into the teachings of ‘Frank’ as modified by ‘Gail’, with a motivation wherein the countermeasure is an active sensor to detect a fault and glitching attacks, as taught by Hendrik, in order to provide a security mechanisms for preventing and detecting attacks .

Claim(s) 18-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Frank in view of Gail, as applied above, and further in view of Westerinen; William J. et al. (US 2008/0148065 A1), hereinafter (Westerinen).

As per claim 18, Frank as modified by Gail teaches the control device of claim 1, wherein Frank as modified by Gail fails to explicitly disclose but Westerinen teaches the security module is configured to secure a communication between the memory and the direct memory access controller (Westerinen, Para. [0004], discloses to enforce the restrictions on memory, the security module may use its access to the DMA controller to write a pattern into the restricted memory and later read back the pattern to ensure that the memory is not in use by other, unauthorized programs. Because a substantial amount of memory may be involved, a cryptographic algorithm may be used to generate the pattern or verify the original contents. The cryptographic algorithm allows use of a fast block cipher, such as the Advanced Encryption Standard (AES) algorithm, to generate patterns by address, or patterns from a known seed).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Westerinen’ into the teachings of ‘Frank’ as modified by ‘Gail’, with a motivation wherein the security module is configured to secure a communication between the memory and the direct memory access controller, as taught by Westerinen, in order to enforce restrictions on 

As per claim 19, Frank as modified by Gail in view of Westerinen teaches the control device of claim 18, wherein Frank as modified by Gail fails to explicitly disclose but Westerinen further teaches the security module is configured to secure the communication by means of providing at least one cryptographic key for encrypting data exchanged between the memory and the direct memory access controller (Westerinen, Para. [0004], discloses to enforce the restrictions on memory, the security module may use its access to the DMA controller to write a pattern into the restricted memory and later read back the pattern to ensure that the memory is not in use by other, unauthorized programs. Because a substantial amount of memory may be involved, a cryptographic algorithm may be used to generate the pattern or verify the original contents. The cryptographic algorithm allows use of a fast block cipher, such as the Advanced Encryption Standard (AES) algorithm, to generate patterns by address, or patterns from a known seed, and as disclosed in Claim 11, wherein the cryptographic unit further includes cryptographic keys for use in generating a memory pattern).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Westerinen’ into the teachings of ‘Frank’ as modified by ‘Gail’, with a motivation wherein the security module is configured to secure the communication by means of providing at least one cryptographic key for encrypting data exchanged between the memory and the direct memory access controller, as taught by Westerinen, in order to enforce restrictions on .

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 1.	Antoni; Henrik et al. (US 10680816 B2), a system for improving the data security during a communication process, including at least one processor and a hardware security module.
2.	Koide; Shohei et al. (US 20140040992 A1), the invention relates to vehicle network system in which a plurality of electronic control units installed on a vehicle are network-connected to each other and exchange information.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALI CHEEMA, whose contact number is 571-272-1239. The examiner can normally be reached on Monday-Friday: 8:00AM – 4:00PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
/ALI CHEEMA/
Examiner, Art Unit 2496

/JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496