DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-12 have been cancelled. 
Claims 12-31 have been examined. 

Priority
Receipt is acknowledged of certified copies of papers required by 37 CFR 1.55.

Information Disclosure Statement
The information disclosure statements (IDSs) submitted on 04/20/2020, 06/23/2020 and 01/21/2022 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 12 are rejected under 35 U.S.C. 103 as being unpatentable over WO 2010144815 A2 to Dierickx (hereinafter Diericks) and US 10841278 to Meriac (hereinafter Meriac).
As per claim 12, Dierickx teaches:
A data-processing device configured as a system-on-a-chip (Dierickx: [0022]), comprising: 
an interface unit, comprising: a communication connection with a packet-based communication protocol (Dierickx: [0034] Returning to Fig, 1, the security system 500 can receive data and other information 10 from the information system 100 and can provide data and other information 1 1 to the information system 100. The security system 500 can communicate with the information system 100 in any conventional wired and/or wireless manner. Preferably, the security system 500 and the information system 100 communicate via a wired communication connect); and 
a filter device, wherein at least part of the filter device is made from hardware, and the filter device is designed to forward, to an additional component of the data-processing device, communication data meeting an approval condition, wherein the approval condition evaluates a property of the communication data, (Dierickx: Fig. 1, Fig. 2B and [0041]: the security system 500 shown in Fig. 2A can further include a wireless fidelity (Wi-Fi) device 3 as illustrated in Fig. 2B. The wireless fidelity (Wi-Fi) device 3 can be provided in the manner set forth in more detail above with reference to Fig. 1 and is shown as being disposed between the initial input 10 to the security system 500 and the intrusion prevention system (IPS) and/or intrusion detection system (IDS) 6. The wireless fidelity device 3 thereby can receive and inspect inbound wireless data traffic for denial of service (DoS) attacks, data snooping, and other types of wireless data security risks. Advantageously, the wireless fidelity device 3 can block any unwanted inbound wireless data traffic and can provide the wanted inbound wireless data traffic to the intrusion prevention system (IPS) and/or intrusion detection system (IDS) 6, the antivirus software 1, and the Application Based Firewall 5 for further inspection, such as filtering and/or validation, in the manner discussed in more detail above with reference to Fig. 2A. The processed inbound data traffic thereby can be provided to the information system 100 via the output 11 of the security system 500); 
a secure element, realized as a Trusted Execution Environment of an authentication arrangement related to the communication protocol (Dierickx: [0025] Alternatively, and/or additionally, the security system 500 advantageously can utilize hardware based encryption. As illustrated in Fig. 1, Hardware Security Module (HSM) 2 of the security system 500 can be provided as an integrated circuit device that stores sensitive information using hardware encryption. For example, the HSM 2 may manage digital keys, accelerate cryptoprocesses in terms of digital signings and provide strong authentication to access critical keys for various software modules or LRUs); and 
an intrusion detection unit made from hardware, wherein the intrusion detection unit is configured to: connect with the filter device and/or the secure element via a signal connection (Dierickx: Fig. 1, Fig. 2B and [0041]: Advantageously, the wireless fidelity device 3 can block any unwanted inbound wireless data traffic and can provide the wanted inbound wireless data traffic to the intrusion prevention system (IPS) and/or intrusion detection system (IDS) 6; and 
evaluate an input signal received via the signal connection for a rule infringement of an intrusion detection rule, wherein the intrusion detection rule is logged and/or responded to with a measure (Dierickx: [0029]: As desired, the IPS/IDS 6 can filter traffic based on data signatures or downloadable rules that may be updated on a regular or ad hoc basis. [0038]: Receiving the inbound data traffic, the intrusion prevention system (IPS) and/or intrusion detection system (IDS) 6 can filter the inbound data traffic based upon data signature information. Thereby, the security system 500 can block any unwanted data types and/or data fragments from being transmitted to the information system 100); and 
the intrusion detection rule relates to a violation of the approval condition and/or to an authentication error (Dierickx: [0029]: As desired, the IPS/IDS 6 can filter traffic based on data signatures or downloadable rules that may be updated on a regular or ad hoc basis. [0038]: Receiving the inbound data traffic, the intrusion prevention system (IPS) and/or intrusion detection system (IDS) 6 can filter the inbound data traffic based upon data signature information. Thereby, the security system 500 can block any unwanted data types and/or data fragments from being transmitted to the information system 100).
Dierickx does not teach: a computing unit; and the approval condition is contained in a configuration information predetermined in the data-processing device. However, Meriac teaches:
a computing unit (Meriac: column 17, lines 33-58: microprocessor); and the approval condition is contained in a configuration information predetermined in the data-processing device (Meriac: column 5, lines 11-20: The node device 16 may be configured to access a ‘whitelist’ of data packets that the transmitter device 12 is permitted to send and the receiver device 14 is permitted to receive. The node device 16 may compare transmitted data packets 18 against the whitelist to determine if the monitored data packets 18 are permitted (authorised). Analysing the monitored data packet 18 may comprise comparing at least a part of the monitored data packet with a pre-defined data packet as a whole, or with pre-defined part(s) of a data packet. Column 6, lines 11-18: The node device/apparatus 16 may comprise a data store configured to store: pre-defined data on data packets that the transmitter device is configured to send; and pre-defined data on data packets that the receiver device is configured to receive).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Meriac in the invention of Dierickx to include the above limitations. The motivation to do so would be to provide a method of filtering data packets (Meriac: column 2, lines 27-28).

As per claim 13, Dierickx in view of Meriac teaches:
The data-processing device according to claim 12, wherein the packet-based communication protocol of the communication connection comprises a PCI (Peripheral Component Interconnect) Express (Meriac: column 3, lines 14-18: The term “communication channel” is used interchangeably herein with the terms …, “PCI express”).

As per claim 14, Dierickx in view of Meriac teaches:
The data-processing device according to claim 12, wherein the signal connection is a hardware signal connection (Dierickx: [0022]: The security system 500 is shown as being provided as an integrated security system. In other words, the security system 500 can be disposed within a single system element of the information system 100. Hardware signal connections between different components of an integrated system was well known to one of ordinary skill in the art before the effective filing date of the claimed invention).

As per claim 23, Dierickx in view of Meriac teaches:
The data-processing device according to claim 12, wherein the computing unit and/or the intrusion detection unit is designed to reconfigure the filter device when an intrusion is detected (Meriac: column 10, lines 44-50: The node devices may be configured to report to the hub device 32 each message it has distorted. The node devices may be updatable/reconfigurable by the hub device 32, which may use the feedback data to provide updated data to the node devices).

As per claim 24, Dierickx in view of Meriac teaches:
The data-processing device according to claim 12, wherein the intrusion detection unit is configured to implement an Intrusion Detection and Prevention System (IDPS) with at least one protective measure carried out by another data-processing device external to the data-processing device (Dierickx: [0038]: Turning to Fig. 2A, the security system 500 is shown as including at least the intrusion prevention system (IPS) and/or intrusion detection system (IDS) 6. The intrusion prevention system (IPS) and/or intrusion detection system (IDS) 6 can receive inbound data traffic in any conventional wired and/or wireless manner via the initial input 10 to the security system 500. Receiving the inbound data traffic, the intrusion prevention system (IPS) and/or intrusion detection system (IDS) 6 can filter the inbound data traffic based upon data signature information. Thereby, the security system 500 can block any unwanted data types and/or data fragments from being transmitted to the information system 100).

As per claim 25, Dierickx teaches:
A complete entity, comprising: 
at least one interface unit using a packet-based communication protocol (Dierickx: [0034] Returning to Fig, 1, the security system 500 can receive data and other information 10 from the information system 100 and can provide data and other information 1 1 to the information system 100. The security system 500 can communicate with the information system 100 in any conventional wired and/or wireless manner. Preferably, the security system 500 and the information system 100 communicate via a wired communication connect); and 
the bridge device comprising an intrusion detection unit, wherein the intrusion detection unit is a hardware; the intrusion detection unit is connected via at least one signal connection with a filter device of the at least one interface unit, wherein the at least one signal connection is based on hardware; and the intrusion detection unit evaluates an input signal received from the filter device with regard to an infringement of a set of intrusion detection rules that needs to be logged and/or responded to with at least one measure, wherein at least part of the filter device is hardware (Dierickx: Fig. 1, Fig. 2B and [0041]: the security system 500 shown in Fig. 2A can further include a wireless fidelity (Wi-Fi) device 3 as illustrated in Fig. 2B. The wireless fidelity (Wi-Fi) device 3 can be provided in the manner set forth in more detail above with reference to Fig. 1 and is shown as being disposed between the initial input 10 to the security system 500 and the intrusion prevention system (IPS) and/or intrusion detection system (IDS) 6. The wireless fidelity device 3 thereby can receive and inspect inbound wireless data traffic for denial of service (DoS) attacks, data snooping, and other types of wireless data security risks. Advantageously, the wireless fidelity device 3 can block any unwanted inbound wireless data traffic and can provide the wanted inbound wireless data traffic to the intrusion prevention system (IPS) and/or intrusion detection system (IDS) 6, the antivirus software 1, and the Application Based Firewall 5 for further inspection, such as filtering and/or validation, in the manner discussed in more detail above with reference to Fig. 2A. The processed inbound data traffic thereby can be provided to the information system 100 via the output 11 of the security system 500. [0029]: As desired, the IPS/IDS 6 can filter traffic based on data signatures or downloadable rules that may be updated on a regular or ad hoc basis. [0038]: Receiving the inbound data traffic, the intrusion prevention system (IPS) and/or intrusion detection system (IDS) 6 can filter the inbound data traffic based upon data signature information. Thereby, the security system 500 can block any unwanted data types and/or data fragments from being transmitted to the information system 100); and 
the filter device is designed to forward communication data meeting at least one approval condition, wherein the at least one approval condition evaluates a property of the communication data received by the at least one interface unit from an interface unit of a target data-processing device  (Dierickx: Fig. 1, Fig. 2B and [0041]: the security system 500 shown in Fig. 2A can further include a wireless fidelity (Wi-Fi) device 3 as illustrated in Fig. 2B. The wireless fidelity (Wi-Fi) device 3 can be provided in the manner set forth in more detail above with reference to Fig. 1 and is shown as being disposed between the initial input 10 to the security system 500 and the intrusion prevention system (IPS) and/or intrusion detection system (IDS) 6. The wireless fidelity device 3 thereby can receive and inspect inbound wireless data traffic for denial of service (DoS) attacks, data snooping, and other types of wireless data security risks. Advantageously, the wireless fidelity device 3 can block any unwanted inbound wireless data traffic and can provide the wanted inbound wireless data traffic to the intrusion prevention system (IPS) and/or intrusion detection system (IDS) 6, the antivirus software 1, and the Application Based Firewall 5 for further inspection, such as filtering and/or validation); and 
at least one intrusion detection rule relates to a violation of at least one approval condition (Dierickx: [0029]: As desired, the IPS/IDS 6 can filter traffic based on data signatures or downloadable rules that may be updated on a regular or ad hoc basis. [0038]: Receiving the inbound data traffic, the intrusion prevention system (IPS) and/or intrusion detection system (IDS) 6 can filter the inbound data traffic based upon data signature information. Thereby, the security system 500 can block any unwanted data types and/or data fragments from being transmitted to the information system 100).
Dierickx does not teach: at least two data-processing devices, comprising at least one computing unit; and a bridge device connecting the at least two data-processing devices as end points with the at least one interface unit. However, Meriac teaches:
(Meriac: column 3, lines 20-24: FIG. 1 shows a schematic diagram of a system 10 to filter data packets transmitted between a transmitter device 12 and a receiver device 14. Column 8, lines 35-41: FIG. 2 shows an example system 20 of multiple transmitter and receiver devices in a vehicle. It was well known to one of ordninary skill in the art before the effective filing date of the claimed invention that devices on a vehicle include computing units); and 
a bridge device connecting the at least two data-processing devices as end points with the at least one interface unit (Meriac: column 3, lines 42-67. Column 5, line 65-column 6, line 5: In embodiments, the node device 16 (apparatus) for filtering data packets transmitted between a transmitter device and a receiver device, comprises: an interface configured to monitor a data packet transmitted from the transmitter device to the receiver device).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Meriac in the invention of Dierickx to include the above limitations. The motivation to do so would be to provide a method of filtering data packets (Meriac: column 2, lines 27-28).

As per claim 26, Dierickx in view of Meriac teaches:
The complete entity according to claim 25, wherein the communication protocol is a PCI (Peripheral Component Interconnect) Express (Meriac: column 3, lines 14-18: The term “communication channel” is used interchangeably herein with the terms …, “PCI express”).

As per claim 28, Dierickx teaches:
A method for operating a data-processing device, comprising: 
receiving, by an interface unit of the data-processing device, communication data via a communication connection with a packet-based communication protocol (Dierickx: [0034] Returning to Fig, 1, the security system 500 can receive data and other information 10 from the information system 100 and can provide data and other information 1 1 to the information system 100. The security system 500 can communicate with the information system 100 in any conventional wired and/or wireless manner. Preferably, the security system 500 and the information system 100 communicate via a wired communication connect); 
forwarding, by a filter device of the interface unit, the communication data that meets at least one approval condition, to an additional component of the data-processing device, wherein forwarding the communication data by the filter device comprises: evaluating, using the at least one approval condition, at least one property of the communication data (Dierickx: Fig. 1, Fig. 2B and [0041]: the security system 500 shown in Fig. 2A can further include a wireless fidelity (Wi-Fi) device 3 as illustrated in Fig. 2B. The wireless fidelity (Wi-Fi) device 3 can be provided in the manner set forth in more detail above with reference to Fig. 1 and is shown as being disposed between the initial input 10 to the security system 500 and the intrusion prevention system (IPS) and/or intrusion detection system (IDS) 6. The wireless fidelity device 3 thereby can receive and inspect inbound wireless data traffic for denial of service (DoS) attacks, data snooping, and other types of wireless data security risks. Advantageously, the wireless fidelity device 3 can block any unwanted inbound wireless data traffic and can provide the wanted inbound wireless data traffic to the intrusion prevention system (IPS) and/or intrusion detection system (IDS) 6, the antivirus software 1, and the Application Based Firewall 5 for further inspection, such as filtering and/or validation, in the manner discussed in more detail above with reference to Fig. 2A. The processed inbound data traffic thereby can be provided to the information system 100 via the output 11 of the security system 500); and 
evaluating, by an intrusion detection unit, an input signal with regard to a rule infringement of a set of intrusion detection rules (Dierickx: [0029]: As desired, the IPS/IDS 6 can filter traffic based on data signatures or downloadable rules that may be updated on a regular or ad hoc basis. [0038]: Receiving the inbound data traffic, the intrusion prevention system (IPS) and/or intrusion detection system (IDS) 6 can filter the inbound data traffic based upon data signature information. Thereby, the security system 500 can block any unwanted data types and/or data fragments from being transmitted to the information system 100), 
wherein evaluating the input signal comprises: receiving the input signal from the filter device and/or a secure element via a hardware-based signal connection (Dierickx: Fig. 1, Fig. 2B and [0041]: Advantageously, the wireless fidelity device 3 can block any unwanted inbound wireless data traffic and can provide the wanted inbound wireless data traffic to the intrusion prevention system (IPS) and/or intrusion detection system (IDS) 6), wherein the secure element is realized as a Trusted Execution Environment of an authentication arrangement related to the communication (Dierickx: [0025] Alternatively, and/or additionally, the security system 500 advantageously can utilize hardware based encryption. As illustrated in Fig. 1, Hardware Security Module (HSM) 2 of the security system 500 can be provided as an integrated circuit device that stores sensitive information using hardware encryption. For example, the HSM 2 may manage digital keys, accelerate cryptoprocesses in terms of digital signings and provide strong authentication to access critical keys for various software modules or LRUs); and
logging and/or responding to the set of instruction detection rules with at least one measure, wherein at least one instruction detection rule relates to a violation of the at least one approval condition and/or an authentication error (Dierickx: [0029]: As desired, the IPS/IDS 6 can filter traffic based on data signatures or downloadable rules that may be updated on a regular or ad hoc basis. [0038]: Receiving the inbound data traffic, the intrusion prevention system (IPS) and/or intrusion detection system (IDS) 6 can filter the inbound data traffic based upon data signature information. Thereby, the security system 500 can block any unwanted data types and/or data fragments from being transmitted to the information system 100).
Dierickx does not teach: wherein the at least one approval condition is contained in a configuration information predetermined in the data-processing device (Meriac: column 5, lines 11-20: The node device 16 may be configured to access a ‘whitelist’ of data packets that the transmitter device 12 is permitted to send and the receiver device 14 is permitted to receive. The node device 16 may compare transmitted data packets 18 against the whitelist to determine if the monitored data packets 18 are permitted (authorised). Analysing the monitored data packet 18 may comprise comparing at least a part of the monitored data packet with a pre-defined data packet as a whole, or with pre-defined part(s) of a data packet. Column 6, lines 11-18: The node device/apparatus 16 may comprise a data store configured to store: pre-defined data on data packets that the transmitter device is configured to send; and pre-defined data on data packets that the receiver device is configured to receive).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Meriac in the invention of Dierickx to include the above limitations. The motivation to do so would be to provide a method of filtering data packets (Meriac: column 2, lines 27-28).

As per claim 29, Dierickx in view of Meriac teaches:
The method according to claim 28, wherein receiving the communication data comprises receiving via the communication connection with a PCI (Peripheral Component Interconnect) Express (Meriac: column 3, lines 14-18: The term “communication channel” is used interchangeably herein with the terms …, “PCI express”).

Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Dierickx in view of Meriac as applied to claim 12 above, and further in view of US 9509717 to Stute (hereinafter Stute) and US 20140108791 to Sinclair et al (hereinafter Sinclair).
As per claim 15, Dierickx in view of Meriac does not teach the limitations of claim 15. However, Stute teaches:
wherein the interface unit further comprises an encryption/decryption device for the authentication arrangement, wherein the encryption/decryption device is configured (Stute: column 5, lines 37-46: In an embodiment, each of the hardware devices 212, 222, and 232 encrypt outgoing data packets received from their respective host systems 210, 220, and 230. The hardware devices 212, 222, and 232 decrypt incoming data packets prior to sending them to the I/O ports of their respective host systems 210, 220, and 230. The encryption and decryption occurs at the data link layer).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Stute in the invention of Dierickx in view of Meriac to include the above limitations. The motivation to do so would be to prevent data packets from being maliciously sent out from the host system 120 in circumstances where applications or the operating system of the host system 120 are compromised by, for example, a computer virus or a hacker (Stute: column 4, lines 54-58).
Dierickx in view of Meriac and Stute does not teach: the encryption/decryption device comprises a hardware that cannot access the computing unit and/or the secure element, However, Sinclair teaches:
the encryption/decryption device comprises a hardware that cannot access the computing unit and/or the secure element (Sinclair: [0010]: an input capture module (secure element) isolated from a less secure part of the computing system, the isolation configured to prevent corruption of the input capture module by computing instructions received from outside of the input capture module, the input capture module comprising: storage configured to store an encryption key or certificate such that the encryption key or certificate cannot be read from outside the input capture module, i.e., the input capture module cannot be accessed by any other device. [0108]: The various examples of logic noted above can comprise hardware).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Sinclair in the invention of Dierickx in view of Meriac and Stute to include the above limitations. The motivation to do so would be to prevent corruption of the input capture module by computing instructions received from outside of the input capture module (Sinclair: [0010]).

Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over Dierickx in view of Meriac, Stute and Sinclair as applied to claim 15 above, and further in view of US 20140089202 to Bond et al (hereinafter Bond).
As per claim 16, Dierickx in view of Meriac, Stute and Sinclair teaches:
The data-processing device according to claim 15, wherein the secure element, logically isolated from the computing unit (Sinclair: [0010]: an input capture module (secure element) isolated from a less secure part of the computing system), comprises: wherein the communication data for transmission is encrypted by the encryption/decryption device based on the hardware-coded key information (Stute: column 5, lines 37-46: In an embodiment, each of the hardware devices 212, 222, and 232 encrypt outgoing data packets received from their respective host systems 210, 220, and 230. The hardware devices 212, 222, and 232 decrypt incoming data packets prior to sending them to the I/O ports of their respective host systems 210, 220, and 230. Dierickx: [0042]: If the inbound data traffic includes a request for encryption/decryption key information, the information system 100, at B, can provide the request to the Hardware Security Module 2 via the initial input 10 to the security system 500. At C, the Hardware Security Module 2 can responds to the request by providing the requested encryption/decryption key information).
Dierickx in view of Meriac, Stute and Sinclair does not teach: a hardware-coded key information. However, Bond teaches:
a hardware-coded key information (Bond: [0093] A secure storage module 355 provides both obfuscated storage (encryption with a hardcoded key)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Bond in the invention of Dierickx in view of Meriac, Stute and Sinclair to include the above limitations. The claim would have been obvious because a particular known technique was recognized as part of the ordinary capabilities of one skilled in the art (see KSR Int’l Co. v. Teleflex Inc. 550 U.S. ___, 82 USPQ2d 1385 (Supreme Court 2007) (KSR)).
	
Claims 17 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Dierickx in view of Meriac as applied to claim 12 above, and further in view of JP 2019-71572 A to Gay (hereinafter Gay).
Examiner’s Note: The English translation of  JP 2019-71572 used below is attached to end of the original document.
As per claim 17, Dierickx in view of Meriac teaches:
The data-processing device according to claim 12, the secure element is at least partially formed as hardware (Dierickx: Fig. 1, [0025]: Hardware security module 2).
Dierickx in view of Meriac does not teach: wherein the secure element generates the input signal for the intrusion detection unit. However, Gay teaches:
(Gay: Page 7, lines 19-22: Page 12, lines 31-40: The security monitoring unit 100 generates a challenge for authentication based on a code such as a random number, and transmits the challenge to the HSM (that is, the security certificate authority 200) (S151). On the other hand, when the response to the channel is not received from the HSM and the authentication fails (S153, NO), the security monitoring unit 100 waits for a predetermined period (S155) unless timeout occurs (S157, NO). , And waits for a response from the HSM again (S153). Then, the security monitoring unit 100 continues to be in a state where it cannot receive the response from the HSM, and when it times out as a result (S 157, YES), controls the CAN communication unit to be invalidated (S 159)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Gay in the invention of Dierickx in view of Meriac to include the above limitations. The motivation to do so would be to protect various devices such as the ECU, the GW, and the TCU can be a protection target even when a security problem occurs (Gay: page 5, lines 1-2).

As per claim 18, Dierickx in view of Meriac does not teach the limitations of claim 18. However, Gay teaches: 
wherein the input signal for the intrusion detection unit describes an authentication error and/or an encryption error (Gay: Page 7, lines 19-22: Page 12, lines 31-40: The security monitoring unit 100 generates a challenge for authentication based on a code such as a random number, and transmits the challenge to the HSM (that is, the security certificate authority 200) (S151). On the other hand, when the response to the channel is not received from the HSM and the authentication fails (S153, NO), the security monitoring unit 100 waits for a predetermined period (S155) unless timeout occurs (S157, NO). , And waits for a response from the HSM again (S153). Then, the security monitoring unit 100 continues to be in a state where it cannot receive the response from the HSM, and when it times out as a result (S 157, YES), controls the CAN communication unit to be invalidated (S 159)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Gay in the invention of Dierickx in view of Meriac to include the above limitations. The motivation to do so would be to protect various devices such as the ECU, the GW, and the TCU can be a protection target even when a security problem occurs (Gay: page 5, lines 1-2).

Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Dierickx in view of Meriac as applied to claim 12 above, and further in view of EP 3291119 to El-Fotouh et al (hereinafter El-Fotouh).
As per claim 19, Dierickx in view of Meriac does not teach the limitations of claim 19. However, El-Fotouh teaches:
wherein the intrusion detection unit is at least partially configured as a part of the secure element (El-Fotouh: [0017]: the automotive security system further comprises an intrusion detection component operable to detect an intrusion to the software components during a runtime of the secure ECU. [0020]: The intrusion detection component can be located on the secure ECU (secure element) in the vehicle).
.

Claims 20 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Dierickx in view of Meriac as applied to claim 12 above, and further in view of US 20110060913 to Hird et al (hereinafter Hird) and US 20030145226 to Bruton et al (hereinafter Bruton).
As per claim 20, Dierickx in view of Meriac teaches:
The data-processing device according to claim 12, wherein the input signal for the intrusion detection unit descriptively generates a piece of information comprising: 
communication data not forwarded due to the configuration information (Meriac: column 5, lines 5-27: The node device 16 may be configured to access a ‘whitelist’ of data packets that the transmitter device 12 is permitted to send and the receiver device 14 is permitted to receive. The node device 16 may compare transmitted data packets 18 against the whitelist to determine if the monitored data packets 18 are permitted (authorised). If the monitored data packet 18 does not comprise, for example, a header that matches a pre-defined header, then the node device 16 may determine that the monitored data packet 18 is not permitted to be transmitted); exceeding a permissible communication data throughput (Meriac: column 5, lines 28-48: Additionally or alternatively, determining if the monitored data packet is permitted to be transmitted may comprise determining the density of data packets targeting a particular receiver device 14. That is, the node device 16 may be configured to check the number of packets that are typically sent to a particular receiver device 14 along a particular network path/communication path, and determine if the transmitted packet 18 means that more packets than usual are being sent to the receiver device 14); 
Dierickx in view of Meriac does not teach: an initialization error when establishing a communication connection; too many or too few encrypted packets with partial encryption via the communication connection; and statistic information on the communication data not forwarded due to the configuration information. However, Hird teaches:
an initialization error when establishing a communication connection (Hird: [0029]: The camouflaging scheme may be configured to provide a plausible key, that is, a key which is different but indistinguishable from a correct key, to an attacker in response to an incorrect PIN input. As a result, an attacker may use this plausible key with a service provider system where the service provider system may be configured to detect input of the plausible, but incorrect key (initialization error) as an intrusion, triggering intrusion detection systems. [0058]: The authentication server 60, at step 660, evaluates the user OTP, which may include regenerating the user OTP independently and comparing the regenerated OTP with the user OTP generated by the passcode application provided by the user device 20. Upon successful match or authentication, the provider system authenticates the OTP and grants authorization to the user, for example, to access the secure system or secured data, i.e., an incorrect key while establishing a connection with the provider system triggers intrusion detection systems).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Hird in the invention of Dierickx in view of Meriac to include the above limitations. The motivation to do so would be to thwart or catch the attacker (Hird: [0029]).
And, Bruton teaches:
too many or too few encrypted packets with partial encryption via the communication connection (Bruton: [0044] 1. Intrusion detection can be performed even though end-to-end encryption is in use. [0102] Detecting a possible UDP flood event, or an application capacity exceeded event, based on the number of backlogged UDP datagrams which are queued for a UDP port exceeding a policy limit for the UDP port. [0103] Raising flood detection events based on a packet discard rate (too many encrypted packets));
statistic information on the communication data not forwarded due to the configuration information (Bruton: [0103] Raising flood detection events based on a packet discard rate (based on internal discards). Further statistics on specific discard reasons may also be gathered and used for detecting flood events).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Bruton in the invention of Dierickx in view of Meriac and Hird to include the above limitations. The motivation to do so would be to enable improved intrusion detection while using end-to-end encryption (Bruton: [0020]).

As per claim 21, Dierickx in view of Meriac, Hird and Bruton teaches:
The data-processing device according to claim 20, wherein the initialization error comprises a missing key from a communication partner (Hird: [0029]: The camouflaging scheme may be configured to provide a plausible key, that is, a key which is different but indistinguishable from a correct key, to an attacker in response to an incorrect PIN input. As a result, an attacker may use this plausible key with a service provider system where the service provider system may be configured to detect input of the plausible, but incorrect key (missing correct key) as an intrusion, triggering intrusion detection systems).

Claim 22 is rejected under 35 U.S.C. 103 as being unpatentable over Dierickx in view of Meriac, Hird and Bruton as applied to claim 20 above, and further in view of CN 107181738 to Yang et al (hereinafter Yang).
Examiner’s Note: The English translation of  CN107181738 used below is attached to end of the original document.
As per claim 22, Dierickx in view of Meriac, Hird and Bruton does not teach the limitations of claim 22. However, Yang teaches:
wherein the communication data not forwarded due to the configuration information is stored in a ring buffer (Yang: Page 8, lines 40-44: And packaging the detection matching result into a message according to a certain format and storing the message into a buffer to be processed (ToBeProcessed _ RingBuffer), wherein the ToBeProcessed _ RingBuffer is a ring buffer and is used for storing the detection matching results of all data packets, including the message information of the data packets, the matched rule information, the alarm information and the processing action of the rule, and the ring buffer is used for storing the message, so that the memory can be allocated less frequently, the speed of accessing the ring buffer is high, and high-performance data access can be provided. Page 5, lines 15-16: s116, a Ring Buffer (Ring Buffer) is initialized in S116, wherein the Ring Buffer includes: the device comprises an instruction buffer area (Policy _ RingBuffer), a statistical information buffer area (Info _ RingBuffer) and a buffer area to be processed (ToBeProcessed _ RingBuffer), wherein the instruction buffer area is used for storing controller instructions, the statistical information buffer area is used for storing statistical information, and the buffer area to be processed is used for storing detection information of illegal data packets).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Yang in the invention of Dierickx in view of Meriac, Hird and Bruton to include the above limitations. The motivation to do so would be to provide a software intrusion detection system and a software intrusion detection method, which can solve the problems of poor expandability, inflexible deployment, poor performance and poor controllability and incapability of adapting to the development of switching technology and high-speed networks in the conventional intrusion detection system (Yang: page 3, last 5 lines).

Claim 27 is rejected under 35 U.S.C. 103 as being unpatentable over Dierickx in view of Meriac as applied to claim 25 above, and further in view of Yang.
As per claim 27, Dierickx in view of Meriac does not teach the limitations of claim 27. However, Yang teaches:
wherein the intrusion detection unit comprises at a ring buffer configured to store the communication data not forwarded by the filter device (Yang: Page 8, lines 40-44: And packaging the detection matching result into a message according to a certain format and storing the message into a buffer to be processed (ToBeProcessed _ RingBuffer), wherein the ToBeProcessed _ RingBuffer is a ring buffer and is used for storing the detection matching results of all data packets, including the message information of the data packets, the matched rule information, the alarm information and the processing action of the rule, and the ring buffer is used for storing the message, so that the memory can be allocated less frequently, the speed of accessing the ring buffer is high, and high-performance data access can be provided. Page 5, lines 15-16: s116, a Ring Buffer (Ring Buffer) is initialized in S116, wherein the Ring Buffer includes: the device comprises an instruction buffer area (Policy _ RingBuffer), a statistical information buffer area (Info _ RingBuffer) and a buffer area to be processed (ToBeProcessed _ RingBuffer), wherein the instruction buffer area is used for storing controller instructions, the statistical information buffer area is used for storing statistical information, and the buffer area to be processed is used for storing detection information of illegal data packets).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Yang in the invention of Dierickx in view of Meriac to include the above limitations. The motivation to do so would be to provide a software intrusion detection system and a software intrusion detection method, which can solve the problems of poor expandability, inflexible deployment, poor performance and poor controllability and incapability of .

Claim 30 is rejected under 35 U.S.C. 103 as being unpatentable over Dierickx in view of Meriac as applied to claim 28 above, and further in view of Stute.
As per claim 30, Dierickx in view of Meriac does not teach the limitations of claim 30. However, Stute teaches: 
further comprising: encrypting the communication data by an encryption/decryption device in the interface unit for the authentication arrangement, wherein encrypting the communication data comprises: applying an encryption to the communication data in a communication layer of the communication protocol; transmitting, via the communication connection, the encrypted communication data to another data-processing device; and decrypting the communication data received via the communication connection from another data-processing device (Stute: column 5, lines 37-46: In an embodiment, each of the hardware devices 212, 222, and 232 encrypt outgoing data packets received from their respective host systems 210, 220, and 230. The hardware devices 212, 222, and 232 decrypt incoming data packets prior to sending them to the I/O ports of their respective host systems 210, 220, and 230. The encryption and decryption occurs at the data link layer. Column 7, lines 17-30: At step 606, if the parameters meet authentication criteria, the data packet is encrypted using a common key established with the destination hardware device (step 608) and the encrypted data packet forwarded to the network (step 612)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Stute in the .

Claim 31 is rejected under 35 U.S.C. 103 as being unpatentable over Dierickx in view of Meriac and Stute as applied to claim 30 above, and further in view of Bond and Sinclair.
As per claim 31, Dierickx in view of Meriac and Stute does not teach the limitations of claim 31. However, Bond teaches: 
wherein encrypting the communication data further comprises encrypting based on a hardware-coded key information generated by the secure element (Bond: [0093] A secure storage module 355 provides both obfuscated storage (encryption with a hardcoded key)), 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Bond in the invention of Dierickx in view of Meriac and Stute to include the above limitations. The claim would have been obvious because a particular known technique was recognized as part of the ordinary capabilities of one skilled in the art (see KSR Int’l Co. v. Teleflex Inc. 550 U.S. ___, 82 USPQ2d 1385 (Supreme Court 2007) (KSR)).
Dierickx in view of Meriac, Stute and Bond does not teach the secure element logically isolated from a computing unit of the data- processing device. However, Sinclair teaches: 
the secure element logically isolated from a computing unit of the data- processing device (Sinclair: [0010]: an input capture module (secure element) isolated from a less secure part of the computing system, the isolation configured to prevent corruption of the input capture module by computing instructions received from outside of the input capture module, the input capture module comprising: storage configured to store an encryption key or certificate such that the encryption key or certificate cannot be read from outside the input capture module, i.e., the input capture module cannot be accessed by any other device. [0108]: The various examples of logic noted above can comprise hardware).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Sinclair in the invention of Dierickx in view of Meriac and Stute to include the above limitations. The motivation to do so would be to prevent corruption of the input capture module by computing instructions received from outside of the input capture module (Sinclair: [0010]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 
US 20170295182 to Teshler et al: In some embodiments, the present invention provides for an exemplary inventive device which includes at least the following components: a secure lockdown component that is operationally associated with at least one electronic control unit (ECU) of at least one network; where the secure lockdown component is configured such that the device physically separates at least one of: i) the at least one network from any other network, ii) the at least one network from external inputs directed to the at least one network, iii) the at least one ECU from at least one other ECU, iv) the at least one ECU from external inputs directed to the at least one ECU, v) at least one memory component within the at least one ECU from at least one processing unit within the at least one ECU, and vi) any combination thereof.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MADHURI R HERZOG whose telephone number is (571)270-3359. The examiner can normally be reached 8:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on (571)272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

MADHURI R. HERZOG
Primary Examiner
Art Unit 2438



/MADHURI R HERZOG/Primary Examiner, Art Unit 2438