DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to communication filed on 11/15/2021.
Status of claims in the instant application as of 11/15/2021:
Claims 1-20 are pending.
No claim has been amended.
No new claim has been added.
No claim has been cancelled.
Priority
This application is a “CON of 15/462,591 filed on 03/17/2017, now Pat. US 10757113 B2”.
Terminal Disclaimer
The terminal disclaimer filed on 12/14/2021 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of Pat. US 10757113 B2 has been reviewed and is accepted. The terminal disclaimer has been recorded.
EXAMINER’S AMENDMENT
Authorization for this Examiner’s amendment was given in an interview with Carl A. Kukkonen (Attorney of Record, Reg. No. 42,773) on 12/13/2021. This Examiner’s amendments further amends claims filed on 07/17/2020.
---------------------------------- Start of Examiner’s Amendment -----------------------------------
The claims of the instant application are amended as follows:
Claim 19. (Currently Amended)  A system comprising:
means for monitoring a plurality of voltage lines of a first electronic control unit (ECU) and a second ECU, wherein each ECU is electrically coupled to a communications bus;
means for measuring voltage differentials across at least two of the plurality of voltage lines of the first ECU and at least two of the plurality of voltage lines of the second ECU;
one or more processors to  compare each voltage differential to a plurality of predetermined signal fingerprints associated with the first ECU and the second ECU, the plurality of predetermined signal fingerprints representing various voltages over time that characterize nominal operation of the first ECU and the second ECU; 
one or more processors to  identify, based on the comparing, a variance in at least one of the compared voltage differentials relative to one or more of the plurality of predetermined signal fingerprints, the variance identifying whether signal transmissions on at least one of the plurality of voltage lines has been compromised; 
means for providing data characterizing the identified variance; and
            means for encrypting the data characterizing the identified variance, wherein the encrypted data identifies an origination security zone of the data as either the first security zone or the second security zone based on which of the at least one of the first data processor or the second data processor identifies the variance.
------------------------------------- End Examiner’s Amendment -------------------------------------
Response to Arguments
Applicant’s arguments, see page [3] of the remarks filed on 11/15/2021 with respect to “Objection to Drawing”, have been fully considered in view of the amended/corrected drawing filed, and they are persuasive. Therefore, the “Objection to Drawing” has been withdrawn.
Applicant’s arguments, page [3] of the remarks filed on 11/15/2021 with respect to “Nonstatutory Double Patenting Rejection” of claim 1-20, have been fully considered in view of the terminal disclaimer and Examiner’s amendment above, and they are persuasive. Therefore, the claim rejections are withdrawn. .
Applicant’s arguments, see page [4] of the remarks filed on 11/15/2021 with respect to “Rejection of Claims under 35 USC 112(b)(a)” resulting from interpretation of claims under 35 USC 112(f), have been fully considered in view of the amended claims filed on 07/17/2020 and further in view of Examiner’s amendment above, and they are persuasive. Therefore, the “Claim Rejections” have been withdrawn.
Examiner also notes that Applicant has not disagreed with Examiner’s interpretation of claims under 35 USC 112(f). Therefore, the interpretation of claims under 35 USC 112(f) are still maintained as appropriate, but there is no rejection resulting from such interpretation.
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 


As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f):
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f). The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.

Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
Claim limitations that are interpreted under 35 USC 112(f) are:
Claim 19 recites the limitations, “A system comprising: means for monitoring a plurality of voltage lines of a first electronic control unit (ECU) and a second ECU, wherein each ECU is electrically coupled to a communications bus; means for measuring voltage differentials across at least two of the plurality of voltage lines of the first ECU and at least two of the plurality of voltage lines of the second ECU; means for providing data characterizing the identified variance; and NAI-1513841255v12214216-184-999 means for encrypting the data characterizing the identified variance, wherein the encrypted data identifies an origination security zone of the data as either the first security zone or the second security zone based on which of the at least one of the first data processor or the second data processor identifies the variance.”

Examiner has investigated the disclosure (specification, drawing) of the instant application and finds the following description in the published (PG-PUB US 20200351276 A1) application:
“Abstract: Systems are provided herein for communications bus signal fingerprinting. A security module monitors a plurality of voltage lines of at least one electronic control unit (ECU) electrically coupled to a communications bus. A voltage differential across at least two of the plurality of voltage lines of the at least one ECU is measured. The voltage differential is compared to a plurality of predetermined signal fingerprints associated with the at least one ECU. A variance in the compared voltage differential is identified relative to one or more of the plurality of predetermined signal fingerprints. Data characterizing the identified variance is provided.
Para [0028]: FIG. 3 is a system diagram 300 illustrating a logical integration of security module 150 with one ECU of a system 350. Security module 150 can include a variety of components which can monitor, interpret, and/or inject data of communications bus/network interface 140. The components of security module 150 can include, for example, a processor 302, a hashing encryption chip 304, a memory 306, a clock 308, a microcontroller 310, one or more transceivers 312, 316, a failsafe module 314, a power regulator 318, a sideband transmitter 322, and an AD sampler 320. Processor 302 can be a general-purpose security processor that can perform calculations and logic operations required to execute operations described herein. A non-transitory processor-readable storage medium, such as memory 306 which can be an encrypted flash memory, can be in communication with the microcontroller 310 and can include one or more programming instructions for the operations specified herein. For example, memory 306 can store one or more signal fingerprints of ECU 120. Programming instructions can be encrypted using hashing encryption chip 304. Hashing encryption chip 304 can also encrypt message traffic along paths A, B, and/or C. Microcontroller 310 can be regulated by clock 308. Clock 308 can be a high-precision clock that is synchronized based on bus initialization or upon determining that synchronization has been lost. A predetermined time synchronization window can be set for clock 308. Microcontroller 310 can also include a memory (not shown) for performing various operations specified herein.
Para [0031]: FIG. 4 is an example amplitude versus time plot 400 of an ECU signal fingerprint of a vehicle. For visual purposes only, the time axis (i.e. x-axis) of plot 400 is arbitrary and has no associated units. ECU 120 can include a CAN high voltage line and a CAN low voltage line which are each electrically coupled to a CAN bus (i.e., communications bus/network interface 140). The nominal voltage of an example CAN high voltage line is illustrated as plot line 410. The nominal voltage of an example CAN low voltage line is illustrated as plot line 420. ECU 120 can contain a transceiver which communicates with communications bus/network interface 140. A voltage differential across the CAN high voltage line and the CAN low voltage line relative to a ground line of ECU 120 can be measured to determine a unique transceiver identity. Such a unique transceiver identity can be, for example, of a transmitter within the transceiver. While the ideal model of the CAN bus' signaling is a direct differential voltage separation of either 0 V or 2 V on the CAN high and CAN low lines, each transceiver of one or more ECUs 120 on the communications bus/network interface 140 has unique transmission elements. For example, the transceiver contains electrical components such as resistors and capacitors which have unique electrical characteristics. The excitation phase of the transmission has a unique charge, discharge, and associated waveform characteristics that can be used to generate a signal fingerprinting of the transceivers of each ECU 120 on the communications bus/network interface 140.
Para [0034]: During a monitoring mode, the CAN high and CAN low voltages lines can be continuously monitored while ECU 120 and/or security module 150 is energized. Such monitoring, for example, can be initiated during start-up of a vehicle, during operation of the security module 150, during a loss of clock synchronization of the at least one security module, during a predetermined clock synchronization time window, after replacement of security module 150, or after replacement of ECU 120 once imprint mode has completed. A measured voltage differential across the CAN high and CAN low voltages lines relative to a ground of ECU 120 can be compared to the predetermined signal fingerprint that was measured and stored during imprint mode. Variances within this comparison can identify, for example, that signal transmission between ECU 120 and communications bus/network interface 140 has been compromised (i.e., via an internal or external attack). Based on this compromised determination, security module 150 can block signal transmissions to ECU 120, cause an in-vehicle alert to trigger, transmit a fault state message corresponding to the compromise determination 
If applicant does not intend to have these limitations interpreted under 35 U.S.C. 112(f), applicant may:  (1) amend the claim limitations to avoid them being interpreted under 35 U.S.C. 112(f) (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitations recite sufficient structure to perform the claimed function so as to avoid them being interpreted under 35 U.S.C. 112(f).
Allowable Subject Matter
Claims 1-20 are allowed.
The following are examiner's statement of reasons for allowance: The following prior arts were yielded during the examination of claim set filed on 07/17/2020 that have subsequently been amended in Examiner’s Amendments above in response to office action mailed on 12/13/2021. They do not explicitly teach the applicant’s claimed invention, in view of the amended claims, but are in general realm of applicant’s field of endeavor:
Du et al., [US PGPUB: 2016/0320441], this is considered the closest prior art of the instant application, that generally teaches a method for detecting ground faults in a communications system. The method includes measuring a predetermined number of voltage points; determining if the measured voltage points represent recessive or dominant bits; identifying which of the predetermined number of voltage points represent inter-frame bits and which represent frame data bits based on whether the measured voltage points are recessive or dominant; calculating a maximum average 
Du generally teaches ground fault detection, and more particularly, to detecting and isolating ground faults in electronic control units (ECUs) using network bus voltage measurements.
Choi et al., [NPL: Identifying ECUs Using Inimitable Characteristics of Signals in Controller Area Networks], discloses identifying information security issues relating to automotive electronic components. These electronic control units (ECUs) communicate with each other in an in-vehicle network that makes the vehicle both safer and easier to drive. Controller Area Networks (CANs) are the current standard for such high quality in-vehicle communication, but CANs do not currently offer protection against security attacks. In particular, they do not allow for message authentication and hence are open to attacks that replay ECU messages for malicious purposes. Applying the classic cryptographic method of message authentication code (MAC) is not feasible since the CAN data frame is not long enough to include a sufficiently long MAC to provide effective authentication. It discloses a novel identification method, which works in the physical layer of an in-vehicle CAN network. The method disclosed identifies ECUs using inimitable characteristics of signals enabling detection of a compromised or alien ECU being used in a replay attack. The method works by simply adding a monitoring unit to the existing network, making it deployable in current systems and 
Litichever et al., [US PGPUB: 2015/0020152], discloses Security system for protecting a vehicle electronic system by selectively intervening in the communications path in order to prevent the arrival of malicious messages at ECUs, in particular at the safety critical ECUs. The security system includes a filter which prevents illegal messages sent by any system or device communicating over a vehicle communications bus from reaching their destination. The filter may, at its discretion according to preconfigured rules, send messages as is, block messages, change the content of the messages, request authentication or limit the rate such messages can be delivered, by buffering the messages and sending them only in preconfigured intervals.
Litichever discloses security systems and methods in general, and in particular to protecting a vehicle's electronic system or industrial control systems from cyber threats.
Shreejith et al., [NPL: Zero Latency Encryption with FPGAs for Secure Time-Triggered Automotive Networks], discloses incorporating a security layer within the network communication controller in modern time-triggered systems, without introducing additional latency or processing overheads. This allows critical communications to be secured in a manner that is transparent to the processors in the electronic control units (ECUs), while also safeguarding network communication 
However, none of the prior arts of record, either alone or in combination, discloses all the limitations of the independent claims 1, 11 and 19, including at-least,  “two security zones, measuring voltages differentials across ECUs voltage lines in respective security zones to identify variance in the measured voltage differentials for multiple security zones with respect to respective voltage fingerprints”. Therefore, the independent claims are allowable over the prior arts of record. The dependent claims are allowable by virtue of their dependence on the independent claims.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAHABUB S AHMED whose telephone number is (571)272-0364.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/MAHABUB S AHMED/Examiner, Art Unit 2434
/KAMBIZ ZAND/Supervisory Patent Examiner, Art Unit 2434