Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions. 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 

DETAILED ACTION
Claims 20-40 are pending in this office action. 

Priority
Priority has been claimed to US Provisional Application # 62/219,695, filed 09/17/2015.

Specification
The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors.  Applicant's cooperation is requested in correcting any errors of which applicant may become aware in the specification.

Information Disclosure Statement
The information disclosure statements (IDS's) submitted on 07/21/2020, 08/13/2020 and 02/22/2021 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements are being considered by the examiner.


Claim Objections
Claims 21-37 and 39 are objected to because of the following informalities:
For claims 21-37, all of it incorrectly depend from canceled claims. Appropriate changes are required wherein -
Claims 21-23, 25-26, 28, 30-37 - all of which will be treated as depending from claim 20. Other assumptions are that -
Claim 24 depends from claim 23. 
Claim 27 depends from claim 26.
Claim 29 depends from claim 28. 
Claim 39 depends from claim 38.


Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the "right to exclude" granted by a patent 
A timely filed terminal disclaimer in compliance with 37 CFR 1.321 (c) or 1.321 (d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement.
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).
Claims 20, 38-40 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over various claims of application# 15/761,410, now patent# 10,757,114 B2 (referred to as ‘114 hereinafter). With regards to ‘114, the instant claims 20, 38-40 are covered by the limitations of narrower claims 1, 2, 14, 15 and 19 of ‘114 patent. Particularly, the instant independent claims 20, 38 and 40 are covered by the subject matter of the comparatively narrower independent claims 1, 14 and 19 respectively of ‘114. Similarly, the instant claim 39 is covered by each of claims 2 and 15 of ‘114. As various limitations in the above claims of ‘114 cover the limitations of the instant claims, the instant claims are not patentably distinct from the specified claims of ‘114 as discussed above. 
Further, the system/device/unit and computer program product (computer-readable medium) claims carry out method steps in a computing environment of the device/system. Therefore, it would be obvious to be able to carry out steps of a method, using a system or device or by computer executable computer program product code stored in a statutory computer readable medium executed by a processor.
This is a non-provisional obviousness type double patenting rejection because the conflicting claims have been patented.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 20-32, 34-40 are rejected under 35 U.S.C. 103 as being unpatentable over Barkan (US 2015/0067864 A1), in view of Ben Noon et al. (US 2015/0195297 A1, Ben Noon hereinafter).
For claim 20, Barkan teaches a computer implemented method for identifying a presence of malicious activity within a computing unit of a vehicle, comprising: at least one hardware processor of a server: receiving sensor data from a computing unit installed in a vehicle, said sensor data being transmitted over a communication network (Abstract; Fig. 1, 3, 4; para 0003, 0027-0031, 0036-0037 – data received by the output data monitoring agent comprised in the legacy computing environment (Fig. 1 element 110 and similar elements in other figures) sent from vehicle to an external receiving computing unit (Fig. 1 element 160 - monitoring station) via communication interface to a network; Fig. 1-4; para 0003, 0031, 0034, 0036 - receiving and monitoring sensor data outputted by at least one sensor associated with the vehicle to an external receiving computing unit using a communication interface in communication with a network, wherein the data is received from the sensor unit by the sensor data monitoring agent comprised in the trusted computing environment (Fig. 1 element 120 and similar elements in other figures) sent from the vehicle to an external receiving computing unit (Fig. 1 element 160) );
analyzing said received sensor data by comparing said received sensor data to sensor data designated as normal operation, received from a plurality of vehicles (para 0019, 0036-0037, 0046, 0063, 0069 – sensors data collection, comparison, and detection of anomaly, wherein the integrity of the data sent out by the vehicle is monitored by analyzing the data collected by the output data monitoring agent with the sensor data collected by the at least one sensor data monitoring agent to identify a mismatch or anomaly as compared to expected or normal data); 
identifying when a malicious activity within said computing unit is present based on said analyzing (para 0037-0038, 0041, 0046, 0051, 0063, 0069, 0072 – information alteration caused by malware is identified); and  
wherein said received sensor data comprises data collected from at least one sensor measuring at least one parameter of said vehicle (Fig. 1-4; para 0027-0030, 0036-0037 – data received by the output data monitoring agent comprised in the legacy computing environment (Fig. 1 element 110 and similar elements in other figures) from the sensors and further processed and sent out).
Although Barkan discloses sensor data anomaly detection indicative of malware presence, wherein the results of comparison are already obtained in the system, acted upon, and are available for notification (para 0038, 0046, 0055, 0069-0072 – action taken based on malware detection) wherein it would be obvious to incorporate malware alert or notification mechanism as a widely known feature in the art, Barkan does not explicitly teach, however Ben Noon discloses transmitting, over said communication network, to said computing unit, an indication of said presence of said malicious activity for presentation on a display in said vehicle (Abstract; para 0010-0012, 0044, 0046, 0050, 0065, 0072, 0080 – providing an output message displayed indicative of the malicious activity, wherein attack or malicious activity is detected and is output with the message reported or transmitted).
Therefore, based on Barkan in view of Ben Noon, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to utilize teachings of Ben Noon in the system of Barkan, in order to make the system more user-friendly by sending more meaningful notifications to users for preventive, proactive or remedial approach to also make the system more secure.

For claim 21, Barkan in view of Ben Noon teaches the claimed subject matter as discussed above. Barkan further teaches wherein said malicious activity is identified based on a deviation of said received sensor data from said sensor data designated as normal operation according to a statistical correlation requirement (para 0037-0038-0039, 0041, 0046, 0051, 0055, 0063, 0068-0069, 0072 – information alteration caused by malware is identified by analyzing the data collected by the output data monitoring agent with the sensor data collected by the at least one sensor data monitoring agent to identify a mismatch or anomaly as compared to expected or normal data, wherein the sensor measurements, raw data, test data and training mechanisms all represent statistical process which is based on gathering of various data and utilizing or refining algorithm based on the same which is further utilized to detect anomaly).

For claim 22, Barkan in view of Ben Noon teaches the claimed subject matter as discussed above. Barkan further teaches comprising the at least one hardware processor of the server: categorizing said sensor data received from said plurality of vehicles according to at least one attribute selected from a group consisting of: vehicle manufacturer, sensor type and geographical location (Fig. 1-4; para 0028-0031, 0035, 0037-0038, 0046, 0063 - various types of electronic sensors associated with vehicles, wherein the sensor data received pertains to specific sensor type or category such as thermal data or speed data, and the sensor identified as well).

For claim 23, Barkan in view of Ben Noon teaches the claimed subject matter as discussed above. Barkan further teaches wherein said sensor data designated as normal operation is received from sensors of vehicles being driven on the road, as part of a data collection phase, or as part of the vehicles being driven by respective drivers in a normal manner, or both (para 0017, 0039, 0045-0046, 0055, 0063-0064 - sensors and actuators in vehicles such as cars that provide test or training data to be designated as expected/normal data).

For claim 24, Barkan in view of Ben Noon teaches the claimed subject matter as discussed above. Barkan further teaches the computer implemented method of claim 23, wherein said data collection phase is part of a manufacturing process, or collected dynamically throughout a life cycle of the vehicles, or both to generate a large set of data under different conditions (para 0017, 0039, 0045-0046, 0055, 0063-0064 - sensors and actuators in vehicles such as cars that provide test or training data to be designated as expected/normal data, refined over time).

For claim 25, Barkan in view of Ben Noon teaches the claimed subject matter as discussed above. Barkan further teaches wherein said normal operation designation is conducted manually by a user (para 0031 - admin user monitors and (manually) designates the data as expected or as anomalous data).

For claim 26, Barkan in view of Ben Noon teaches the claimed subject matter as discussed above. Barkan further teaches further comprising the at least one hardware processor of the server (Fig. 1-4; para 0028-0031): categorizing said sensor data received from said plurality of vehicles according to at least one unified internal parameter (Fig. 1-4; para 0028-0031, 0035, 0037-0038, 0046, 0063 - various types of electronic sensors associated with vehicles, wherein the sensor data received pertains to specific sensor type or category such as thermal data or speed data wherein the collected or unified data pertains to sensor of one particular category, and the sensor is identified as well); and performing said analysis by correlating the received sensor data with sensor data designated as normal operation according to said at least one unified internal parameter (para 0019, 0036-0037, 0046, 0063, 0069 – sensors data collection, comparison, and detection of anomaly, wherein the integrity of the data sent out by the vehicle is monitored by analyzing the data collected by the output data monitoring agent with the uniform sensor data collected or unified by the at least one sensor data monitoring agent to identify a mismatch or anomaly as compared to expected or normal data).

For claim 27, Barkan in view of Ben Noon teaches the claimed subject matter as discussed above. Barkan further teaches wherein said at least one unified internal parameter is selected from a group consisting of: - transportation infrastructure indicators, - car manufacturers indicators, - car type indicator, - traffic control indicators, - road tolls indicators, - cellular communication network indicators, - home area network indicators, - electric grids and payment system indicators, - telematics based insurance indicators, - payment gateways indicators, - location indicators, - vehicle-to-vehicle communication indicators, - weather, - geographical location, - time of day, and - day of the year (para 0028-0029, 0037, 0064 - proximity sensors imply transportation or traffic specific indicators, voltage sensors send electric grid specific indicator data, and machine to machine communication etc. obtained from respective uniform sensor data).

For claim 28, Barkan in view of Ben Noon teaches the claimed subject matter as discussed above. Barkan further teaches further comprising the at least one hardware processor of the server: aggregating said sensor data designated as normal operation, using said sensor data designated as normal operation to train a statistical classifier; and performing said analysis by applying said trained statistical classifier (para 0037-0038-0039, 0041, 0046, 0051-0052, 0055, 0063, 0068-0069, 0072 – the sensor measurements, raw data, test data and training mechanisms all represent statistical process which is based on gathering of various data and utilizing or refining (training) algorithm based on the same which is further utilized to detect anomaly or classify abnormal data; information alteration caused by malware is identified by analyzing the data collected by the output data monitoring agent with the sensor data collected by the at least one sensor data monitoring agent to identify a mismatch or anomaly as compared to expected or normal data).

For claim 29, Barkan in view of Ben Noon teaches the claimed subject matter as discussed above. Barkan further teaches wherein said statistical classifier is selected from a group consisting of: - machine learning method, - a neural network, - a statistical classifier of a decision tree, - a set-of-rules, - regression methods, - support vector machine, and - k-nearest neighbor (para 0039, 0055, 0063, 0070-0072 - identifying and deciding based on deviation rule to determine data anomaly, in addition to training or learning applied to machine).

For claim 30, Barkan in view of Ben Noon teaches the claimed subject matter as discussed above. Barkan further teaches wherein said identifying is based on a probability of the presence of said malicious activity according to a probability requirement, said probability requirement being at least one of a threshold, a range, and a function (para 0070-0072 - probability of range and function).

For claim 31, Barkan in view of Ben Noon teaches the claimed subject matter as discussed above. Barkan further discloses comprising the at least one hardware processor of the server to detect sensor data anomaly indicative of malware presence, wherein the results of comparison are already obtained in the system, acted upon, and are available for notification (para 0038, 0046, 0055, 0069-0072 – action taken based on malware detection) wherein it would be obvious to incorporate malware alert or notification mechanism as a widely known feature in the art. Barkan does not explicitly teach, however Ben Noon discloses transmitting said indication of said presence of said malicious activity to a server of a manufacturer of said vehicle (Abstract; para 0010-0012, 0039, 0044, 0046, 0050, 0065, 0072, 0080 – providing an output message indicative of the malicious activity, wherein attack or malicious activity is detected and is output with the message reported or transmitted based on CAN data manufacturer list to cyber-hub associated with the data provided by the manufacturer).

For claim 32, Barkan in view of Ben Noon teaches the claimed subject matter as discussed above. Although Barkan teaches training the algorithm based on sensor data identified as expected or normal data or with deviation identified as malicious data (para 0063), Barkan does not appear to explicitly teach, however Ben Noon teaches upon identification of said malicious activity within said computing unit, tagging said received sensor data, and adding said tagged sensor data to a dataset of sensor data defined as associated with malicious activity (para 0041, 0042, 0053, 0057).

For claim 34, Barkan in view of Ben Noon teaches the claimed subject matter as discussed above. Barkan further teaches wherein said received sensor data is collected in at least one condition selected from: - when an engine of the vehicle is turned on, - dynamically and/or continuously during driving of said vehicle, - at random times, - at predefined time intervals, and - at a time of occurrence of predefined events (para 0021, 0028, 0037-0039, 0055 - real-time data collection, data collection over time, and during conditional events associated with factors such as temperature, speed, pressure etc.).

For claim 35, Barkan in view of Ben Noon teaches the claimed subject matter as discussed above. Barkan does not appear to explicitly teach, however Ben Noon teaches wherein said received sensor data from said computing unit is an aggregation of signals of a plurality of sensors stored as a vector (para 0034, 0036-0037, 0049, 0053, 0085 - signals from various sensors combined and stored as vectors).

For claim 36, Barkan in view of Ben Noon teaches the claimed subject matter as discussed above. Barkan further teaches wherein said communication network includes a wireless network (para 0003, 0030, 0038, 0084 – data transmission over the network that may comprise of wireless links).

For claim 37, Barkan in view of Ben Noon teaches the claimed subject matter as discussed above. Although Barkan discloses sensor data anomaly detection indicative of malware presence, wherein the results of comparison are already obtained in the system, acted upon, and are available for notification (para 0038, 0046, 0055, 0069-0072 – action taken based on malware detection) wherein it would be obvious to incorporate malware alert or notification mechanism as a widely known feature in the art, Barkan does not explicitly teach, however Ben Noon discloses providing an output message indicative of the malicious activity, wherein said indication of said presence of said malicious activity is presented to a user of said vehicle by at least one operation selected from: - displaying a message in a graphical user interface (GUI) of said display of the vehicle, - displaying said indication on a Smartphone or on another mobile device of a user, - displaying said indication as a light on the dashboard of the vehicle, - as an email sent to an email account of the user, - as an audio message played through a speaker system of the vehicle, and - as an audio message provided as a call to a phone of the user (Abstract; para 0010-0012, 0044, 0046, 0050, 0065, 0072, 0080 – providing an output message displayed on the screen indicative of the malicious activity, wherein attack or malicious activity is detected and is output with the message reported or transmitted).

As to claim 38, the claim limitations are similar to those of claim 20, except the instant claim 38 is drawn to a computing device for identifying a presence of malicious activity within a computing unit of a vehicle, comprising: a program store storing code; and at least one hardware processor coupled to the program store for executing a stored code (Barkan - Abstract; Fig. 1-4; para 0003, 0027-0031, 0076), the code comprising code for performing all of the limitations of the method claimed in claim 20. Therefore the instant claim 38 is rejected according to claim 20 as above.

For claim 39, Barkan in view of Ben Noon teaches the claimed subject matter as discussed above. Barkan further teaches wherein the computing device is implemented as a server located externally to the vehicle and communicating with said computing unit of said vehicle over a wireless network (Fig. 6; para 0005, 0053, 0067-0068, 0075 - legacy computing environment may be isolated, and the processed data as collected by the legacy computing environment may be a server that can be a standalone device anywhere on the network, i.e. internal or external to the vehicle system).

As to claim 40, the claim limitations are similar to those of claim 20, except the instant claim 40 is drawn to a computer program product for identifying a presence of malicious activity within a computing unit of a vehicle, comprising: a non-transitory computer readable storage medium storing program code for execution by at least one hardware processor of a computing device, the program code comprising: program instructions (Barkan - Abstract; Fig. 1-4; para 0003, 0027-0031, 0077) for performing all of the limitations of the method claimed in claim 20. Therefore the instant claim 40 is rejected according to claim 20 as above.


Claim 33 is rejected under 35 U.S.C. 103 as being unpatentable over Barkan (US 2015/0067864 A1), in view of Ben Noon et al. (US 2015/0195297 A1, Ben Noon hereinafter), and further in view of Maher et al. (US 2013/0212659 A1, Maher hereinafter).
For claim 33, Barkan in view of Ben Noon teaches the claimed subject matter as discussed above. Barkan and Ben Noon do not appear to expressly teach, however Maher teaches wherein said received sensor data is acquired as part of a self-integrity data analysis performed during a secure boot process to verify that the computing unit of the vehicle is started using a trusted source (para 0028, 0051, 0059, 0063-0064, 0105 - trusted source verification in various steps of the operational data access including startup).




    
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAYESH JHAVERI whose telephone number is (571)270-7584. The examiner can normally be reached on Mon-Fri 9 AM to 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571)272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/JAYESH M JHAVERI/Primary Examiner, Art Unit 2433