DETAILED ACTION
This action is in response to new application filed 6/7/2019 titled “PROTECTING VEHICLE BUSES FROM CYBER-ATTACKS”. Claims 1-13 and 21-27 are pending. 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
Acknowledgment is made of applicant's claim for foreign priority under 35 U.S.C. 119(a)-(d).  The certified copy has been received.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 6/11/2019, 11/27/2019 and 3/10/2021 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

s 1-13 and 21-27 are rejected under 35 U.S.C. 103 as being unpatentable over McGee et al (2009/0254990) in view of Red Bend WO 20018/065973.
With respect to claim 1 McGee an embedded system comprising: 
a hypervisor that supports virtualized components with isolated execution environments on partitions of a virtualized environment (see McGee figure 3, 4 and paragraph 0061 i.e. a virtualization platform including a hypervisor; a security virtual machine (VM); and a plurality of guest VMs); 
a communication channel of the virtualized environment to a network interface that provides a guest operating system (OS) on a first of the partitions with connectivity to at least one electronic unit on an external bus (see McGee figure 3 element 320 and paragraph 0095 i.e. The OS 310 of every virtual machine (VM), including the OS 310 of the guest VMs 306-1 and 306-2 and of the security-VM 304, includes a virtual network interface card (vNIC) 416….All packet traffic between a guest VM 306-i and the external network 320 passes through the vNIC 416 of the VM and the associated networking driver 318-I and paragraph 0096 i.e. the OS 310 of the security-VM 304 includes a programmatic interface to the internal vSwitch* 316 through a special vNIC_prime (vNIC*) 418. The internal vSwitch* 316 is coupled over linkages 420 with each of the networking drivers 318-i, including the ND-1 (318-1) that is associated with the unmodified guest VM 306-1); and 
a security manager on a second of the partitions (see McGee figures 3, 4 Security VM 3 and paragraph 105) comprising a security engine on the communication channel between the guest OS and the network interface (see McGee paragraph 0095 i.e. the OS 310 of every virtual machine (VM), including the OS 310 of the guest VMs 

Red Bend teaches at least one electronic unit on an external vehicle bus of a vehicle (see Red Bend figure 2 and page 3 line 26 – page 4 line 13 i.e. ECUs on a CAN bus).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify McGee in view of Red Bend to have used the system of McGee on the vehicle bus of Red Bend since the vehicle bus of Red Bend is one type of networks that the system of McGee could work on and would have been an obvious design option for a person skilled in the art before the effective filing date (Red Bend page 1 lines 4-12). Therefore one would have been motivated to have modify McGee in view of Red Bend to have used the system of McGee on the vehicle bus of Red Bend.

With respect to claim 2 McGee teaches the embedded system of claim 1, wherein the security response is performed on a communication being sent by the guest OS to the network interface (see McGee figure 3 paragraph 0095 i.e. The OS 310 of every virtual machine (VM), including the OS 310 of the guest VMs 306-1 and 306-2 and of the security-VM 304, includes a virtual network interface card (vNIC) 416….All packet traffic between a guest VM 306-i and the external network 320 passes through the vNIC 416 of the VM and the associated networking driver 318-I and paragraph 0096 i.e. the OS 310 of the security-VM 304 includes a programmatic interface to the internal vSwitch* 316 through a special vNIC_prime (vNIC*) 418. The internal vSwitch* 316 is 

With respect to claim 3 McGee the embedded system of claim 1, wherein the security response includes one or more of notifying the guest OS of the security event, logging the security event, or initiating a safe mode of operation (see McGee paragraph 0104:"....slow-path” mode, that is: to pass packet traffic over the linkage 420 through the vSwitch* 316 and the vNIC* 418, to the associated virtual security agent 412 which provides packet inspection using the FilterLib software library 414. Shown in a dotted line, the networking driver 318-1 may also directly access the FilterLib software library 414 and paragraph 0111:"...The step 510 has three possible exits, “blacklist”, “bypass”, and “OK”. The packet is discarded and removed from the packet stream, (exit “blacklist”) in a step 512 “Discard Packet” if it matches certain programmable blacklist criteria, e.g. on the basis of protocol, IP address range, and/or port number).

With respect to claim 4 McGee the embedded system of claim 1, wherein the security response includes transmitting data to cause a message blocking circuit to corrupt a message being communicated on the external vehicle bus (see McGee paragraph 0104:"....slow-path” mode, that is: to pass packet traffic over the linkage 420 through the vSwitch* 316 and the vNIC* 418, to the associated virtual security agent 412 which provides packet inspection using the FilterLib software library 414. Shown in a dotted line, the networking driver 318-1 may also directly access the FilterLib software library 414 and paragraph 0111:"...The step 510 has three possible exits, “blacklist”, 

With respect to claim 5 McGee the embedded system of claim 1, wherein the network interface is a physical interface to the external vehicle bus and the virtualized environment further comprises a communications manager on a third of the partitions that includes a virtualized hardware interface to the network interface (see McGee figure 3 element 320 and paragraph 0095 i.e. The OS 310 of every virtual machine (VM), including the OS 310 of the guest VMs 306-1 and 306-2 and of the security-VM 304, includes a virtual network interface card (vNIC) 416….All packet traffic between a guest VM 306-i and the external network 320 passes through the vNIC 416 of the VM and the associated networking driver 318-I and paragraph 0096 i.e. the OS 310 of the security-VM 304 includes a programmatic interface to the internal vSwitch* 316 through a special vNIC_prime (vNIC*) 418. The internal vSwitch* 316 is coupled over linkages 420 with each of the networking drivers 318-i, including the ND-1 (318-1) that is associated with the unmodified guest VM 306-1).

With respect to claim 6 McGee the embedded system of claim 1, but does not disclose wherein the external vehicle bus is a Controller Area Network (CAN) bus.
Red Bend teaches wherein the external vehicle bus is a Controller Area Network (CAN) bus (see Red Bend figure 2 and page 3 line 26 – page 4 line).


With respect to claim 7 McGee the embedded system of claim 1, wherein the security manager is positioned above the guest OS in a chain of trust of a certificate chain (See McGee paragraph 0066 i.e. The security VM comprises a plurality of virtual security agents, each security agent corresponding to a respective guest virtual machine, for performing intrusion-detection and intrusion-prevention inspection on the intercepted data traffic).

With respect to claim 8 McGee the embedded system of claim 1, but does not disclose wherein the determining of the security event from the communications is based on performing machine learning on or more of historical traffic frequency or historical traffic patterns over the communication channel  (see McGee paragraph 0111 i.e. If the security agent 406 is not installed or not running (exit "No" from the step 506), the packet is processed through a fast filter in a step 510 "Micro filter", in which a quick decision is made on the acceptability of the packet as in a firewall. The step 510 has 

With respect to claim 9 McGee teaches an embedded system comprising: 
a hypervisor that supports virtualized components with isolated execution environments on partitions of a virtualized environment (see McGee figure 3, 4 and paragraph 0061 i.e. a virtualization platform including a hypervisor; a security virtual machine (VM); and a plurality of guest VMs); 
a first communication channel of the virtualized environment that provides a first guest operating system (OS) on a first of the partitions with connectivity to an internal bus of the virtualized environment (see McGee figure 3 element 320 and paragraph 0095 i.e. The OS 310 of every virtual machine (VM), including the OS 310 of the guest VMs 306-1 and 306-2 and of the security-VM 304, includes a virtual network interface card (vNIC) 416….All packet traffic between a guest VM 306-i and the external network 320 passes through the vNIC 416 of the VM and the associated networking driver 318-I 
a second communication channel of the virtualized environment that provides a second guest operating system (OS) on a second of the partitions with connectivity to the internal bus of the virtualized environment (see McGee figure 3 element 320 and paragraph 0095 i.e. The OS 310 of every virtual machine (VM), including the OS 310 of the guest VMs 306-1 and 306-2 and of the security-VM 304, includes a virtual network interface card (vNIC) 416….All packet traffic between a guest VM 306-i and the external network 320 passes through the vNIC 416 of the VM and the associated networking driver 318-I and paragraph 0096 i.e. the OS 310 of the security-VM 304 includes a programmatic interface to the internal vSwitch* 316 through a special vNIC_prime (vNIC*) 418. The internal vSwitch* 316 is coupled over linkages 420 with each of the networking drivers 318-i, including the ND-1 (318-1) that is associated with the unmodified guest VM 306-1); and 
a security manager on a third of the partitions comprising a security engine that monitors communications between the first guest OS and the second guest OS over the first communication channel for potential threats and determines a security response upon determining a security event from the communications (See McGee paragraph 0026 i.e. c) determining if the guest virtual machine has a security agent installed on the guest virtual machine; and (d) filtering the packet stream in a slow path processing step 
McGee does not teach the internal bus is an internal vehicle bus
Red Bend teaches the internal bus is an internal vehicle bus (see Red Bend figure 2 and page 3 line 26 – page 4 line).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify McGee in view of Red Bend to have used the system of McGee on the vehicle bus of Red Bend since the vehicle bus of Red Bend is one type of networks that the system of McGee could work on and would have been an obvious design option for a person skilled in the art before the effective filing date (Red Bend page 1 lines 4-12). Therefore one would have been motivated to have 

With respect to claim 10 McGee teaches the embedded system of claim 9, but does not disclose wherein the internal vehicle bus is a Controller Area Network (CAN) bus.
Red Bend teaches disclose wherein the internal vehicle bus is a Controller Area Network (CAN) bus (see Red Bend figure 2 and page 3 line 26 – page 4 line).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify McGee in view of Red Bend to have used the system of McGee on the vehicle bus of Red Bend since the vehicle bus of Red Bend is one type of networks that the system of McGee could work on and would have been an obvious design option for a person skilled in the art before the effective filing date (Red Bend page 1 lines 4-12). Therefore one would have been motivated to have modify McGee in view of Red Bend to have used the system of McGee on the vehicle bus of Red Bend.

With respect to claim 11 McGee 11 the embedded system of claim 9, wherein the second communication channel includes a different security services engine that monitors the communications between the first guest OS and the second guest OS over the internal vehicle bus for potential threats and determines a different security response upon determining a security event from the communications (See McGee paragraph 0026 i.e. c) determining if the guest virtual machine has a security agent 

With respect to claim 12 McGee the embedded system of claim 9, wherein the determining of the security event from the communications is based on performing machine learning on or more of historical traffic frequency or historical traffic patterns between the first guest OS and the second guest OS over the internal vehicle bus (see McGee paragraph 0111 i.e. If the security agent 406 is not installed or not running (exit "No" from the step 506), the packet is processed through a fast filter in a step 510 "Micro filter", in which a quick decision is made on the acceptability of the packet as in a firewall. The step 510 has three possible exits, " blacklist", "bypass", and "OK". The 

With respect to claim 13 McGee teaches the embedded system of claim 9, wherein the internal vehicle bus provides the first guest OS with connectivity to an electronic unit on an external bus over the first communication channel, and provides the second guest OS with connectivity to the EU on the external vehicle bus of the vehicle over the second communication channel (see McGee figure 3 element 320 and paragraph 0095 i.e. The OS 310 of every virtual machine (VM), including the OS 310 of the guest VMs 306-1 and 306-2 and of the security-VM 304, includes a virtual network interface card (vNIC) 416….All packet traffic between a guest VM 306-i and the external network 320 passes through the vNIC 416 of the VM and the associated networking driver 318-I and paragraph 0096 i.e. the OS 310 of the security-VM 304 includes a programmatic interface to the internal vSwitch* 316 through a special vNIC_prime (vNIC*) 418. The internal vSwitch* 316 is coupled over linkages 420 with each of the 
McGee does not teach the internal bus is an internal vehicle bus
Red Bend teaches the internal bus is an internal vehicle bus (see Red Bend figure 2 and page 3 line 26 – page 4 line).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify McGee in view of Red Bend to have used the system of McGee on the vehicle bus of Red Bend since the vehicle bus of Red Bend is one type of networks that the system of McGee could work on and would have been an obvious design option for a person skilled in the art before the effective filing date (Red Bend page 1 lines 4-12). Therefore one would have been motivated to have modify McGee in view of Red Bend to have used the system of McGee on the vehicle bus of Red Bend.

With respect to claim 22 McGee teaches the method of claim 21, wherein the security response is performed on a communication being sent by the guest OS to the network interface (see McGee figure 3 paragraph 0095 i.e. The OS 310 of every virtual machine (VM), including the OS 310 of the guest VMs 306-1 and 306-2 and of the security-VM 304, includes a virtual network interface card (vNIC) 416….All packet traffic between a guest VM 306-i and the external network 320 passes through the vNIC 416 of the VM and the associated networking driver 318-I and paragraph 0096 i.e. the OS 310 of the security-VM 304 includes a programmatic interface to the internal vSwitch* 316 through a special vNIC_prime (vNIC*) 418. The internal vSwitch* 316 is coupled 

With respect to claim 23 McGee teaches the method of claim 21, wherein the security response includes one or more of notifying the guest OS of the security event, logging the security event, or initiating a safe mode of operation (see McGee paragraph 0104:"....slow-path” mode, that is: to pass packet traffic over the linkage 420 through the vSwitch* 316 and the vNIC* 418, to the associated virtual security agent 412 which provides packet inspection using the FilterLib software library 414. Shown in a dotted line, the networking driver 318-1 may also directly access the FilterLib software library 414 and paragraph 0111:"...The step 510 has three possible exits, “blacklist”, “bypass”, and “OK”. The packet is discarded and removed from the packet stream, (exit “blacklist”) in a step 512 “Discard Packet” if it matches certain programmable blacklist criteria, e.g. on the basis of protocol, IP address range, and/or port number).

With respect to claim 24 McGee teaches the method of claim 21, wherein the security response includes transmitting data to cause a message blocking circuit to corrupt a message being communicated on the external vehicle bus (see McGee paragraph 0104:"....slow-path” mode, that is: to pass packet traffic over the linkage 420 through the vSwitch* 316 and the vNIC* 418, to the associated virtual security agent 412 which provides packet inspection using the FilterLib software library 414. Shown in a dotted line, the networking driver 318-1 may also directly access the FilterLib software library 414 and paragraph 0111:"...The step 510 has three possible exits, “blacklist”, 

With respect to claim 25 McGee teaches the method of claim 21,  wherein the network interface is a physical interface to the external vehicle bus and the virtualized environment further comprises a communications manager on a third of the partitions that includes a virtualized hardware interface to the network interface (see McGee figure 3 element 320 and paragraph 0095 i.e. The OS 310 of every virtual machine (VM), including the OS 310 of the guest VMs 306-1 and 306-2 and of the security-VM 304, includes a virtual network interface card (vNIC) 416….All packet traffic between a guest VM 306-i and the external network 320 passes through the vNIC 416 of the VM and the associated networking driver 318-I and paragraph 0096 i.e. the OS 310 of the security-VM 304 includes a programmatic interface to the internal vSwitch* 316 through a special vNIC_prime (vNIC*) 418. The internal vSwitch* 316 is coupled over linkages 420 with each of the networking drivers 318-i, including the ND-1 (318-1) that is associated with the unmodified guest VM 306-1).

With respect to claim 26 McGee teaches the method of claim 21, but does not disclose wherein the external vehicle bus is a Controller Area Network (CAN) bus.
Red Bend teaches wherein the external vehicle bus is a Controller Area Network (CAN) bus (see Red Bend figure 2 and page 3 line 26 – page 4 line).


With respect to claim 27 McGee teaches the method of claim 21, wherein the security manager is positioned above the guest OS in a chain of trust of a certificate chain (See McGee paragraph 0066 i.e. The security VM comprises a plurality of virtual security agents, each security agent corresponding to a respective guest virtual machine, for performing intrusion-detection and intrusion-prevention inspection on the intercepted data traffic).

Prior Art
Manmohan et al (US 2014/0237537) titled “METHOD AND TECHNIQUE FOR APPLICATION AND DEVICE CONTROL IN A VIRTUALIZED ENVIRONMENT” teaches A data loss prevention (DLP) manager running on a security virtual machine manages DLP policies for a plurality of guest virtual machines. The DLP manager identifies a source associated with a file open or create event. The source is at least one of an application or a device being used by a guest virtual machine (GVM). The DLP manager 
	Shin et al (US 2014/0317737) titled “HYPERVISOR-BASED INTRUSION PREVENTION PLATFORM AND VIRTUAL NETWORK INTRUSION PREVENTION SYSTEM” teaches a hypervisor-based intrusion prevention platform is provided. The hypervisor-based intrusion prevention platform comprises a virtual network intrusion prevention system (vIPS) framework which obtains internal information of a virtualization system from a hypervisor and performs security control on the hypervisor in response to the result of intrusion detection carried out by using the internal information of the virtualization system.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DEVIN E ALMEIDA whose telephone number is (571)270-1018.  The examiner can normally be reached on Monday-Thursday from 7:30 A.M. to 5:00 P.M.  The examiner can also be reached on alternate Fridays from 7:30 A.M. to 4:00 P.M. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Saleh Najjar, can be reached on 571-272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  

/DEVIN E ALMEIDA/           Examiner, Art Unit 2492                                                                                                                                                                                             

/SALEH NAJJAR/           Supervisory Patent Examiner, Art Unit 2492