DETAILED ACTION
This office action is in response to the application filed on 10/03/2019. Claims 1-15 are pending and are examined.	
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Specification Objection
The abstract is only 45 words in length; however the abstract should be in narrative form and generally limited to a single paragraph within the range of 50 to 150 words in length.

Applicant is reminded of the proper content of an abstract of the disclosure.
A patent abstract is a concise statement of the technical disclosure of the patent and should include that which is new in the art to which the invention pertains. The abstract should not refer to purported merits or speculative applications of the invention and should not compare the invention with the prior art.
If the patent is of a basic nature, the entire technical disclosure may be new in the art, and the abstract should be directed to the entire disclosure. If the patent is in the nature of an improvement in an old apparatus, process, product, or composition, the abstract should include the technical disclosure of the improvement. The abstract should also mention by way of example any preferred modifications or alternatives. 

Extensive mechanical and design details of an apparatus should not be included in the abstract. The abstract should be in narrative form and generally limited to a single paragraph within the range of 50 to 150 words in length.
See MPEP § 608.01(b) for guidelines for the preparation of patent abstracts.
The abstract is objected to, as it is more than one paragraph. Applicant is reminded to use the above mentioned guidelines to re-write the abstract.

Claim Rejections - 35 USC § 112
	The following is a quotation of 35 U.S.C. 112(b)

(B)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. 

Claim 5 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention. 

Regarding claim 5, the term "specific space" is a relative term which renders the claim indefinite. 
The term "specific space" is not defined by the claim and the specification does not provide a clear definition or limitation of this term, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was.


Claim 1 is rejected under 35 U.S.C. 103 as being unpatentable over Wool (U.S Pub No. 2009/0172800 A1, referred to as Wool), in view of Qiao et al. (U.S Pub No. 2020/0274851 A1, referred to as Qiao).

Regarding claim 1, Wool teaches:
a processor configured to match a data packet received from an external device and a plurality of rules at a set order and perform rule reordering defined to change the order based on a matching result (Wool: ¶ 0003- ¶ 0006, “The present invention relates to the field of firewalls implemented on networked computers, and more particularly, to reordering the rule-base within such firewalls for reducing central processing unit (CPU) usage of said firewalls.”; “Most firewalls enforce the policy according to “first-match” semantics: for each new IP connection, the firewall checks the rules one by one, ”; Fig. 1, Items 220, 920, 270, 300; ¶ 0012, “a rule reorder engine; and a rules matched per packet (RMPP) calculator (processor), wherein rule usage statistics exhibiting usage frequency of each rule on the current firewall's rule-base are fed into the rule reorder engine”; ¶ 0030- ¶ 0031; Fig. 5; ¶ 0060).
Wool does not explicitly disclose, however Qiao teaches:
A vehicular firewall providing device (Qiao: Fig. 1; ¶ 0019, “network security gateway device 102 can be configured to logically partition the internal electronic components of the automobile into two or more logical communication zones and to apply zone-based firewall policies to apply rules to packets flowing throughout internal communication network of the automobile (vehicle)”; Fig. 2, Item 222; ¶ 0040- ¶ 0041; Fig. 3; ¶ 0042- ¶ 0045).
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching Wool by Qiao and have a security gateway which is configured to provide security operations by applying  policies to communications within the automobile to determine, based on the rules defined by the policies, whether to forward or drop data packets communicated on the communication network. (Qiao: Abstract).

Claims 2 and 6 are rejected under 35 U.S.C. 103 as being unpatentable over Wool in view of Qiao and further in view of Jain et al. (U.S Pub No. 2016/0036838 A1, referred to as Jain).

Regarding claim 2, the combination of Wool by Qiao teaches all the features of claim 1, as outlined above.
Wool does not explicitly disclose, however Jain teaches
wherein the plurality of rules includes; a black list rule generated based on an Internet protocol (IP) address and a port, and defined as a list of a data packet excluded from a processing target; and  15a white list rule generated based on an IP address and a port, and defined as a list of a data packet included in the processing target (Jain: ¶ 0048, “The analysis performed by the traffic analyzer component 404 can be performed in three stages: 1) the traffic analyzer component 404 can perform rule checking to match traffic flow metadata (e.g., port, IP address, protocol) against a whitelist (e.g., legitimate customer traffic exhibiting large, bursty traffic) and/or a blacklist (e.g., spammers, list of brokers/facilitators of malicious traffic, etc.). The traffic analyzer component 404 can then cause appropriate action to be taken to block or attenuate traffic flows believed to include respective attacks”).
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching Wool by Jain and have an analyzer to analyze data traffic against whitelist and blacklist in order to take appropriate action to block or attenuate traffic flows believed to include respective attacks. (Jain: ¶ 0048).

Regarding claim 6, the combination of Wool, Qiao and Jain teaches all the features of claim 2, as outlined above.
Wool does not explicitly disclose, however Qiao teaches:
(Qiao: Fig. 1. Item 120 (user applications), 140 (device driver); ¶ 0020- ¶ 0025; Fig. 5, Items 520, 530, 540; Fig. 6, Items 620, 630; Fig. 7, Items 750 (kernel space), 730, 720 (user space); ¶ 0060- ¶ 0073).
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching Wool by Qiao and have an automobile which comprises a set of policies that logically partition the electrical components of the automobile into a first zone having one or more of the critical components and a second zone having one or more of the non-critical components in order to improve the automobile security. (Qiao: Abstract).

Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Wool in view of Qiao and further in view of Krishnan et al. (U.S Pub No. 2003/0051165 A1, referred to as Krishnan).

Regarding claim 4, the combination of Wool by Qiao teaches all the features of claim 1, as outlined above.
Wool does not explicitly disclose, however Krishnan teaches:
wherein the processor is configured to perform the rule reordering when a hit count for a first rule of the plurality of rules is satisfied; and  5wherein the hit count is defined as a number of times .hat a data packet matches the first rule (Krishnan: ¶ 0009, “the packet filter dynamically maintains, during operation of the packet filter, a ”; ¶ 0031- ¶ 0034).
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching Wool by Krishnan to have an adaptive re-ordering of data packet filter rules to improve the performance of the filter while maintaining a security policy. (Krishnan: ¶ 0001).

Allowable Subject Matter
Claims 3 and 7-15 would be allowable if they were rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Claim 5 would be allowable should Applicant overcome the 35 U.S.C. 112 (b) rejection set forth therein AND if they were rewritten in independent form including all of the limitations of the base claim and any intervening claims.

The closest prior arts made of records are, Wool (U.S Pub No. 2009/0172800 A1, referred to as Wool), Qiao et al. (U.S Pub No. 2020/0274851 A1, referred to as Qiao) and Jain et al. (U.S Pub No. 2016/0036838 A1, referred to as Jain).

Wool discloses a computer implemented method of reducing central processing unit (CPU) usage of a firewall by safe reordering a current firewall's rule-base exhibiting N rules. The method comprising: receiving rule usage statistics exhibiting usage 

Qiao discloses an automobile which comprises a plurality of electrical components interconnected by a communication network. The automobile comprises a set of policies that logically partition the electrical components of the automobile into a first zone having one or more of the critical components and a second zone having one or more of the non-critical components, the policies specifying rules for communication between the zones defined for the communication network within the automobile. The automobile further comprises a security gateway embedded within the automobile and coupled, by the communication network, to the one or more critical components and the one or more non-critical components. The security gateway is configured to provide security operations by applying the policies to communications within the automobile to determine, based on the rules defined by the policies, whether to forward or drop data packets communicated on the communication network.

Jain discloses various technologies pertaining to identification of inbound and outbound network and application attacks with respect to a data center. Commodity servers are used to monitor ingress and egress traffic flows, and anomalies are detected in the traffic flows. Responsive to detecting an anomaly, a mitigation strategy is executed to mitigate damage caused by a cyber-attack.

However, regarding claim 3, the prior art of Wool, Qiao and Jain when taken in the context of the claim as a whole do not disclose nor suggest, “wherein, upon detecting a hacking attack sign in a state in which a vehicle autonomously travels, the processor is configured to perform the rule reordering after the state, in which the vehicle autonomously travels, is terminated.”.

Regarding claim 5, the prior art of Wool, Qiao and Jain when taken in the context of the claim as a whole do not disclose nor suggest, “wherein the processor is configured to perform 10the rule reordering when a vehicle is positioned in a specific space.”.

Regarding claim 7, the prior art of Wool, Qiao and Jain when taken in the context of the claim as a whole do not disclose nor suggest, “wherein the Kernel space includes: a netfilter configured to filter a data packet based on the black list rule and the white list rule according to a first requirement; and  25a first detector configured to perform hooking on a data packet input to the netfilter”.

Regarding claim 11, the prior art of Wool, Qiao and Jain when taken in the context of the claim as a whole do not disclose nor suggest, “wherein the processor is configured to perform 5reordering on a black list rule used in the user space.”.

Regarding claim 12, the prior art of Wool, Qiao and Jain when taken in the context of the claim as a whole do not disclose nor suggest, “wherein the processor is configured to perform reordering on a white list rule used in the user space”.

Regarding claim 14, the prior art of Wool, Qiao and Jain when taken in the context of the claim as a whole do not disclose nor suggest, “wherein the processor is configured to perform reordering on a black List rule used in the Kernel space”.

Regarding claim 15, the prior art of Wool, Qiao and Jain when taken in the context of the claim as a whole do not disclose nor suggest, “wherein the processor is configured to perform reordering on a black list rule used in the Kernel space based on a matching result of a data packet in the user space and rule black list rule.”.

Claims 8-10 and 13 depends on claim 7 and are of consequence identified as allowable.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:  See PTO-892.  
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASSAN SAADOUN whose telephone number is (571)272-8408. The examiner can normally be reached Mon-Fri 9:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/HASSAN SAADOUN/Examiner, Art Unit 2435


/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435