Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 3/24/2020 was filed after the mailing date of the application on 03/24/2020.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
The information disclosure statement (IDS) submitted on 3/24/2020 (2) was filed after the mailing date of the application on 03/24/2020.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
The information disclosure statement (IDS) submitted on 7/7/2021 was filed after the mailing date of the application on 03/24/2020.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
The information disclosure statement (IDS) submitted on 8/6/2021 was filed after the mailing date of the application on 03/24/2020.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
The information disclosure statement (IDS) submitted on 11/5/2021 was filed after the mailing date of the application on 03/24/2020.  The submission is in 

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

The following is a quotation of pre-AIA  35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA  35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

Claims 10-11 are rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends.  Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements.




Claim Objections
Claim 6 is objected to because of the following informalities:  misspelling of the term “wherein”. 
 Appropriate correction is required.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1-3, 5-7 and 9-11 are rejected under 35 U.S.C. 102(a) (2) as being anticipated by Lee (US Patent Pub. 2017/0142078).

As per claims 1 and 8-9: (Currently Amended) Lee discloses a method for detecting a cyber-attack on a control device of a vehicle comprising (see abstract):
Paragraph 64;  transmit and receive in-vehicle information and a vehicle control instruction through a separate vehicle-dedicated data channel);
wherein the checking of the communication data that is transmitted via the at least one communication channel of the vehicle that is connected to the control device comprises: examining whether the communication data transmitted via the at least one communication channel of the vehicle fulfils data requirements that are defined by one or a plurality of changeable rules (Paragraph 30; wherein the transmitting and receiving includes: generating a second plaintext symmetric key using the first plaintext symmetric key according to a predefined rule when the packet is received through the vehicle-dedicated data channel) (Paragraph 31; The established vehicle-dedicated data channel may be canceled when the MITM attack is determined to occur).
As per claim 2: (Currently Amended) The method as claimed in claim 1, further comprising:
classifying the communication data transmitted via the at least one communication channel of the vehicle as non-hazardous or harmless if the communication data fulfils the data requirements (Paragraph 121; determine that MITM attack occurs at an end of an operating system of the smartphone, and cancel the established vehicle-dedicated data channel); and
Paragraph 121; determine that MITM attack occurs at an end of an operating system of the smartphone, and cancel the established vehicle-dedicated data channel).
As per claims 3 and 11: (Currently Amended) The method as claimed in claim 1, further comprising: 
allowing the reception of the communication data transmitted via the at least one communication channel of the vehicle by the control device or a control unit of the control device if the communication data transmitted via the at least one communication channel of the vehicle fulfils the data requirements (Paragraph 90; When MITM attack is not detected, the MITM attack detection module 413 may deliver the decrypted packet to the vehicle information provision module 411);
preventing the reception of the communication data transmitted via the at least one communication channel of the vehicle by the control device or a control unit of the control device if the communication data transmitted via the at least one communication channel of the vehicle does not fulfil the data requirements (Paragraph 89; When MITM attack is detected, the MITM attack detection module 413 may transmit a predetermined hacking occurrence report message indicating that hacking occurs to the vehicle information provision module 411); and 
temporarily interrupting or permanently preventing the communication with a data source whose communication data, transmitted via the at least one communication channel of the vehicle, does not fulfil the data requirements (Paragraph 75; When MITM attack is detected in S304, the AVN system may block use of or cancel the established vehicle-dedicated data channel). 
As per claim 5: (Currently Amended) The method as claimed in claim 1, wherein one or the plurality of rules defining the data requirements are protected against modification by means of a hardware-based trust anchor (Paragraph 37; The transmitting and receiving may include generating a second plaintext symmetric key using the first plaintext symmetric key according to a predefined rule when the packet is received through the vehicle-dedicated data channel).
As per claim 6: (Currently Amended) The method as claimed in claim 1, wherein the communication data that is transmitted via the at least one communication channel of the vehicle that is connected to the control device and checked is data received via a communication interface of the vehicle and/or data that is internal to the vehicle that is stored in a memory internal to the vehicle or which is generated by the vehicle (Paragraph 121; determine that MITM attack occurs at an end of an operating system of the smartphone, and cancel the established vehicle-dedicated data channel).
As per claim 7: (Currently Amended) The method as claimed in claim 1, wherein the control device is operated as a client-control device of a network internal to the vehicle, wherein the checking of the communication data takes place jointly by the client control device and by a server control device of the network internal to the vehicle (Paragraph 12; vehicle head unit such as an AVN system is used in a physically controlled environment. In addition, the vehicle head unit is not continuously connected to a network, or software and firmware are not constantly updated by a user. Thus, security risk of the vehicle head unit is low when compared to a smartphone). 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 4 and 8 are rejected under 35 U.S.C. 103 as being unpatentable over Lee (US Patent Pub. 2017/0142078) in view of Mackjust (US Patent Pub. 2011/0074561)

As per claim 4: (Currently Amended) The method as claimed 1, further comprising:  
checking communication data that is transmitted via at least one communication channel of the vehicle that is connected to the control device (Paragraph 64;  transmit and receive in-vehicle information and a vehicle control instruction through a separate vehicle-dedicated data channel);
Lee does not specifically disclose changing the one or the plurality of rules that define the data requirements; supplementing the one or the plurality of rules that define the data requirements with one or a plurality of further rules; cancelling or deleting one or a plurality of the rules defining the data requirements; and exchanging one or a plurality of the rules defining the data requirements.
Mackjust discloses a security system comprising: a base system; and a remote controller having means for providing user inputs; wherein: the base system is installed in a vehicle, the base system is configured to send a signal to the remote controller in response to a change in preset condition parameters of a plurality of vehicle systems (claim 1).
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains, having the teachings of Lee and Mackjust in it’s entirety, to modify the technique of Lee for transmit and receive in-vehicle information and a vehicle control instruction through a separate vehicle-dedicated data channel by adopting Mackjust's teaching for send a signal to the remote controller in response to a change in preset condition parameters of a plurality of vehicle systems. The motivation would have been to improve detecting a cyber-attack on a control device of a vehicle.

As per claim 8: (Currently Amended) The method as claimed in claim 7, comprising:
Paragraph 12; vehicle head unit such as an AVN system is used in a physically controlled environment. In addition, the vehicle head unit is not continuously connected to a network, or software and firmware are not constantly updated by a user. Thus, security risk of the vehicle head unit is low when compared to a smartphone). 
Lee does not specifically disclose transmitting an apparently erroneous check signal from the client control device to the server control device; checking by the server control device whether the check signal received by the server control device corresponds to the check signal transmitted by the client control device or has been changed; generating a check response to the received check signal by the server control device; and transmitting the generated check response from the server control device to the client control device wherein the checking of communication data that has been transmitted via the at least one communication channel of the vehicle connected to the control device preferably comprises checking the check response generated by the server control device.
Mackjust discloses a security system comprising: a base system; and a remote controller having means for providing user inputs; wherein: the base system is installed in a vehicle, the base system is configured to send a signal to the remote controller in claim 1).
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains, having the teachings of Lee and Mackjust in it’s entirety, to modify the technique of Lee for transmit and receive in-vehicle information and a vehicle control instruction through a separate vehicle-dedicated data channel by adopting Mackjust's teaching for send a signal to the remote controller in response to a change in preset condition parameters of a plurality of vehicle systems. The motivation would have been to improve detecting a cyber-attack on a control device of a vehicle.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANTHONY D BROWN whose telephone number is (571)270-1472. The examiner can normally be reached 730-330pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/ANTHONY D BROWN/Primary Examiner, Art Unit 2433