DETAILED ACTION
This office action is in response to the application filed on 3/27/2020.  Claim(s) 1-20 is/are pending and are examined.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Information Disclosure Statement PTO-1449
The Information Disclosure Statement(s) submitted by applicant on 6/19/2020 and 4/22/2021 has/have been considered. The submission is in compliance with the provisions of 37 CFR § 1.97. Form PTO-1449 signed and attached hereto. 

Examiner’s Note – Allowable Subject Matter
Claims 4-5, 9-12, 15-16 and 19 overcome the cited prior art and would otherwise be allowable if incorporated into the independent claims along with any intervening claims. 

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.



Claim(s) 1-3, 6-7, 13-14 and 20, is/are rejected under AIA  35 U.S.C. 102(a)(1) and 102(a)(2) as being anticipated by Galula et al. (US 2017/0013005 A1). 
Regarding claims 1 and 20, Galula teaches:
“A vehicle control system, the vehicle control system (Galula, Fig. 1C, ¶ 73 describes system 60 with in vehicle communication network.  Further, Galula, ¶ 34 discloses an implementation as a non-transitory computer readable medium) comprising: 	an in-vehicle bus (Galula, ¶ 73 system 60 inclues an in vehicle controller area network CAN 61); 	a plurality of electronic control units (ECUs) coupled to the in-vehicle bus (Galula, ¶ 76 high speed CAN bus 61 supports communications between nodes including sensors and ECUs), wherein at least one ECU of the plurality of ECUs (Galula, ¶ 73 in vehicle communication network may be protected by a set of security enforcement units SEUs 40A-D) is configured to: 	receive, at a respective at least one ECU of the plurality of ECUs, a message in a message stream on the in-vehicle bus (Galula, ¶ 76, SEU 40A or another security unit may monitor traffic or messages on a first and second network portions of an in vehicle communication network); 	evaluate the message (Galula, ¶ 76, SEU 40A or another security unit may determine whether or not a first message detected on a first network portion in anomalous) to determine at least one of a confidence value of the security classification (Galula, Fig. 8, ¶ 79 and 155 discloses a level of confidence the SEU 40 may attribute to the detected anomaly), a significance value of the message (Galula, Fig. 5, ¶ 127 and ¶ 118 SEU 40 may prioritize a context which are labeled numerically to give priority of an oil pressure message over an infotainment message), or a bounds check value of the message (Galula, ¶ 76, the time stamp of the message is compared with the absence of a second message from the second network portion over or during a predefined time window); and 	determine in real-time (Galula, ¶ 129-130, evaluations of messages occur in real-time) to allow or deny the message to the vehicle control system based on at least one of the significance value of the message, the bounds check value of the message, or the confidence value of the security classification of the message (Galula, ¶ 79, 155, and 187-188 SEU 40 may in response to detecting an anomalous message based on the determinations listed above, block the message, delay the message, limit the frequency of the message, log the message into a memory of the SEU 40 and/or raise an alert responsive to the message), to provide a sanitized message stream to the vehicle control system (Examiner notes that while this statement is merely an intended result without patentable weight, however, Galula, ¶ 79 discloses that the resulting mitigations protect system 60 from possible damage by one or more anomalous messages)”.

Regarding claim 2, Galula teaches:
“The vehicle control system of claim 1 (Galula teaches the limitations of the parent claim as discussed above), 	wherein the at least one ECU of the plurality of ECUs is further configured to: 	inspect, at the respective at least one ECU, the message to determine the security classification of the message (Galula, ¶ 165, 187-188, and 192 discloses SEU determining if messages are anomalous and potentially dangerous or typical)”.

Regarding claim 3, Galula teaches:
“The vehicle control system of claim 2 (Galula teaches the limitations of the parent claim as discussed above), wherein a content of the message includes a data sample or measurement value (Galula, ¶ 192, teaches receiving a message which contains a measurement value of the oil pressure)”.

Regarding claim 6, Galula teaches:
“The vehicle control system of claim 3 (Galula teaches the limitations of the parent claim as discussed above), wherein the at least one ECU of the plurality of ECUs is further configured to: 	determine in real-time (Galula, ¶ 129-130, evaluations of messages occur in real-time) to allow or deny the message based on the security classification of the message (Galula, ¶ 79, 155, and 187-188 SEU 40 may in response to detecting an anomalous message based on the determinations listed above, block the message, delay the message, limit the frequency of the message, log the message into a memory of the SEU 40 and/or raise an alert responsive to the message) and the confidence value of the security classification of the message (Galula, Fig. 8, ¶ 79 and 155 discloses a level of confidence the SEU 40 may attribute to the detected anomaly and that the mitigation activity is based on the determination that the message has been classified as anomalous and has a threshold level of confidence to perform a particular action)”.

Regarding claim 7, Galula teaches:
“The vehicle control system of claim 6 (Galula teaches the limitations of the parent claim as discussed above), wherein the confidence value is determined based on the security classification and a characteristic of the message, wherein the characteristic of the message includes one of an arrival time of the message (Galula, ¶ 156 the confidence is based on the relation to an anomaly and the characteristic of its expected time interval in relation to other messages)”.

Regarding claim 13, Galula teaches:
“The vehicle control system of claim 3 (Galula teaches the limitations of the parent claim as discussed above), wherein the at least one ECU of the plurality of ECUs is further configured to: 	determine in real-time (Galula, ¶ 129-130, evaluations of messages occur in real-time) to allow or deny the message (Galula, ¶ 79, 155, and 187-188 SEU 40 may in response to detecting an anomalous message based on the determinations listed above, block the message, delay the message, limit the frequency of the message, log the message into a memory of the SEU 40 and/or raise an alert responsive to the message) based on the safety bounds check value of the message, wherein the safety bounds check value of the message is determined based on a consistency among the content of the message and the contents of a plurality of previously received messages from the message stream, wherein the content of the message and the contents of the plurality of previously received messages correspond to sequential measurement values of a series of measurement values (Galula, ¶ 178-181, 184, and 192 the values measured for the oil pressure (¶ 192) are monitored in sequence to see if there is a rate )”.

Regarding claim 14, Galula teaches:
“The vehicle control system of claim 13 (Galula teaches the limitations of the parent claim as discussed above), wherein evaluating the content of the message to determine the safety bounds check value comprises: 	determining whether the content of the message is consistent with the content of the plurality of previously received messages based on an indirect comparison of the content of the message and a predetermined safety threshold value based on the safety driving model (Galula, ¶ 150 and 194, the oil pressure in a sequence of oil pressure measurements can be evaluated to be anomalous by comparison with a dynamic threshold which is determined through averaging normal values)”.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Galula, in view of Jiao et al. (US 2021/0024079 A1). 
Regarding claim 8, Galula teaches:
The vehicle control system of claim 3 (Galula teaches the limitations of the parent claim as discussed above), wherein the at least one ECU of the plurality of ECUs is further configured to: 	determine in real-time (Galula, ¶ 129-130, evaluations of messages occur in real-time) to allow or deny the message (Galula, ¶ 79, 155, and 187-188 SEU 40 may in response to detecting an anomalous message based on the determinations listed above, block the message, delay the message, limit the frequency of the message, log the message into a memory of the SEU 40 and/or raise an alert responsive to the message) based on the significance value of the message, wherein the significance value of the message is based on the content of the message (Galula, Fig. 5, ¶ 127 and ¶ 118 SEU 40 may prioritize a context which are labeled numerically to give priority of an oil pressure message over an infotainment message)”.
Galula does not, but in related art, Jiao teaches:	 “a current driving context, wherein the current driving context is based on a current driving situation classification determined according to a driving safety model (Jiao, ¶ 74 discloses that priority is given for messages that deal with the current driving safety of the vehicle)”.
	Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Galula and Jiao, to modify the vehicle network malicious mitigation system of Galula to include the method to monitor the driving condition of the vehicle to make decisions as taught in Jiao.  The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.
 
Claim(s) 17-18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Galula, in view of Pogorelik et al. (US 2019/014069 A1).
Regarding claim 17, Galula teaches:
“The vehicle control system of claim 3 (Galula teaches the limitations of the parent claim as discussed above), wherein the at least one ECU of the plurality of ECUs is further configured to: 	determine in real-time (Galula, ¶ 129-130, evaluations of messages occur in real-time) to allow or deny the message based on the security classification of the message (Galula, ¶ 79, 155, and 187-188 SEU 40 may in response to detecting an anomalous message based on the determinations listed above, block the message, delay the message, limit the frequency of the message, log the message into a memory of the SEU 40 and/or raise an alert responsive to the message) the confidence value of the security classification of the message (Galula, Fig. 8, ¶ 79 and 155 discloses a level of confidence the SEU 40 may attribute to the detected anomaly and that the mitigation activity is based on the determination that the message has been classified as anomalous and has a threshold level of confidence to perform a particular action)”.	Galula does not, but in related art, Pogorelik teaches:	“the significance value (Pogorelik, ¶ 207-209 and 257 teaches detecting an anomaly based on the above mentioned features and the significance value of the message)”.
	Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Galula and Pogorelik, to modify the vehicle network malicious mitigation system of Galula to include the method to evaluate Pogorelik.  The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.


Regarding claim 18, Galula teaches:
“The vehicle control system of claim 3 (Galula teaches the limitations of the parent claim as discussed above), wherein the at least one ECU of the plurality of ECUs is further configured to: 	determine in real-time (Galula, ¶ 129-130, evaluations of messages occur in real-time) to allow or deny the message based on the security classification of the message (Galula, ¶ 79, 155, and 187-188 SEU 40 may in response to detecting an anomalous message based on the determinations listed above, block the message, delay the message, limit the frequency of the message, log the message into a memory of the SEU 40 and/or raise an alert responsive to the message) the confidence value of the security classification of the message (Galula, Fig. 8, ¶ 79 and 155 discloses a level of confidence the SEU 40 may attribute to the detected anomaly and that the mitigation activity is based on the determination that the message has been classified as anomalous and has a threshold level of confidence to perform a particular action); the safety bounds check value (Galula, ¶ 178-181, 184, and 192 the values measured for the oil pressure (¶ 192) are monitored in sequence to see if there is a rate of change among the sequence of measurements that is out of bounds and therefore anomalous)”.	Galula does not, but in related art, Pogorelik teaches:	“the significance value (Pogorelik, ¶ 207-209 and 257 teaches detecting an )”.
	Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Galula and Pogorelik, to modify the vehicle network malicious mitigation system of Galula to include the method to evaluate the significance value in making anomaly determinations as taught in Pogorelik.  The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.

Conclusion
	In the case of amending the claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention.
	The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure: See PTO-892.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to STEPHEN GUNDRY whose telephone number is (571)270-0507 and can normally be reached on Monday - Friday 8:30 AM - 5PM EST.
	If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571) 272-3685.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for 
/STEPHEN T GUNDRY/Examiner, Art Unit 2435