Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Allowable Subject Matter
Claims 4-6 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. The Prior art of record does not antedate or provided for an obvious combination where the switch devices, and each switch device holds a list indicating at least one of the unauthorized-communication function unit, and an abnormality function unit that is a function unit determined as having an abnormality in the validation process

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3 and 7-12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Foreign Patent Document JP 2017-005617 A (DENSO) by way of translation of written the description retrieved from USPTO Global Dossier in view of United States Patent Application Publication No.: US 2010/0241744 A1 (Fujiwara)

As Per Claim 1: DENSO teaches: An on-vehicle communication system comprising:

- a plurality of function units; and
- one or a plurality of switch devices, each switch device being configured to perform a relay process of relaying communication data between the function units, wherein
	(DENSO, Paragraph [0013], ”Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings. The communication system 2 shown in FIG. 1 is mounted on a vehicle, and includes a gateway electronic control unit (GW-ECU) 10, a gateway electronic control unit ("GW-ECU") 60, and a ECU110,130,210,230,250 1, and a communication system 1 shown in FIG. 1-1. The microcomputer provided with GWECU10,60, ECU110,130,210,230,250 , CPU,RAM,ROM , an input/output interface, etc. is mounted.”).
	(DENSO, Paragraph [0023], ”As shown in FIG. 2, the GW-ECU 10 includes an Ethernet switch 20, a CAN port 30, and a control unit 40. The Ethernet switch 20 includes a plurality of Ethernet ports 22 and a switch relay control unit 24. A corresponding ECU 110 is connected to each Ethernet port 22 via an Ethernet bus 300.”).
	(DENSO, Paragraph [0037], ”The abnormality detection unit 54 determines whether an Ethernet bus 320 connecting the GW-ECU 10 and the GW-ECU 60 is abnormal or not. For example, it is detected on the basis of a reception state of the link pulse, a reception of no response in response to a transmission request, a reception of an Ethernet frame to be received regularly, a very high communication traffic, and the like. When the Ethernet bus 320 is abnormal, the abnormality detection unit 54 sets, for example, 1 to an abnormality flag.”).

DENSO does not explicitly teach the following limitation however Fujiwara in analogous art does teach the following limitation:
- when unauthorized communication by a function unit has been detected, the switch device performs a validation process of validating a function unit other than an unauthorized-communication function unit that is the function unit for which the unauthorized communication has been detected.
	(Fujiwara, Paragraph [0037], ”Various embodiments according to the invention will be described hereinafter with reference to the accompanying drawings. In general, according to one embodiment of the invention, there is provided a network monitoring apparatus which is configured to monitor a network to which nodes are connected, the network monitoring apparatus comprising: an unauthorized node determination module configured to determine whether a sender node which transmits an address resolution protocol request packet is an unauthorized node, based on a sender physical address in the address resolution protocol request packet, in response to the reception of the address resolution protocol request packet; a spoofed address resolution protocol request transmission module configured to transmit a spoofed address resolution protocol request packet which includes a physical address of the network monitoring apparatus as a sender physical address and a network address of the unauthorized node as a sender network address to a target node corresponding to a target network address in the received address resolution protocol request packet if the sender node is an unauthorized node; and a spoofed address resolution protocol reply transmission module configured to transmit to the unauthorized node a spoofed address resolution protocol reply packet which includes a predetermined physical address other than the physical address of the target node as a sender physical address and a network address of the target node as a sender network address, in response to the reception of an address resolution protocol reply packet transmitted from the target node with respect to the spoofed address resolution protocol request packet.”).
	It would have been an obvious variation readily applied with expectations of success to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the 

As Per Claim 2: The rejection of claim 1 is incorporated and further DENSO teaches:
- the switch device: performs the relay process by using relay information indicating a relationship of communication between the function units;
	(DENSO, Paragraph [0025], ”Here, a process of the switch relay control unit 24 when data is transmitted from the ECU 110 of the Ethernet 100 to the ECU 130 of the Ethernet 120 will be described. When the Ethernet bus 320 is normal, the switch relay control unit 24 is provided. In order to transmit data to the ECU 130 corresponding to the IP address of the destination on the basis of the relay path table for normal use, the Ethernet bus 320 determines the Ethernet port to which the data is to be transmitted next and the Ethernet port 22 connected to the Ethernet bus 320. The switch relay control unit 24 transmits data from the determined Ethernet port 22 to the GW-ECU 60 via the Ethernet bus 320.”).

DENSO does not explicitly teach the following limitation however Fujiwara in analogous art does teach the following limitation:
- as the validation process, identifies a function unit serving as a communication counterpart of the unauthorized-communication function unit, on the basis of the relay information; and validates the identified function unit.
	(Fujiwara, Paragraph [0037], ”Various embodiments according to the invention will be described hereinafter with reference to the accompanying drawings. In general, according to one embodiment of the invention, there is provided a network monitoring apparatus which is configured to monitor a network to which nodes are connected, the network monitoring apparatus comprising: an unauthorized node determination module configured to determine whether a sender node which transmits an address 
	It would have been an obvious variation readily applied with expectations of success to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Fujiwara in to the method of DENSO as Fujiwara provides a detailed set of specifics for unauthorized access detection expanding the capabilities of DENSO’s abnormality detection. 

As Per Claim 3: The rejection of claim 1 is incorporated and further DENSO teaches:
- the switch device further validates a secondary function unit that is a function unit serving as a communication counterpart of an abnormality function unit that is a function unit determined as having an abnormality
	(DENSO, Paragraph [0025], ”Here, a process of the switch relay control unit 24 when data is transmitted from the ECU 110 of the Ethernet 100 to the ECU 130 of the Ethernet 120 will be described. 
	(DENSO, Paragraph [0026], ” When an Ethernet bus 320 is abnormal, a switch relay control part 24 transmits data to an ECU 130 corresponding to an IP address of a destination on the basis of a relay route table for an abnormality in an Ethernet bus 320. Next, an internal port (not shown) of an Ethernet switch 20 connected to the control unit 40 of the GW-ECU 10 is determined as a port to which data is to be transmitted.”).

DENSO does not explicitly teach the following limitation however Fujiwara in analogous art does teach the following limitation:
- in the validation process.
	(Fujiwara, Paragraph [0037], ”Various embodiments according to the invention will be described hereinafter with reference to the accompanying drawings. In general, according to one embodiment of the invention, there is provided a network monitoring apparatus which is configured to monitor a network to which nodes are connected, the network monitoring apparatus comprising: an unauthorized node determination module configured to determine whether a sender node which transmits an address resolution protocol request packet is an unauthorized node, based on a sender physical address in the address resolution protocol request packet, in response to the reception of the address resolution protocol request packet; a spoofed address resolution protocol request transmission module configured to transmit a spoofed address resolution protocol request packet which includes a physical address of the network monitoring apparatus as a sender physical address and a network address of the unauthorized 
	It would have been an obvious variation readily applied with expectations of success to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Fujiwara in to the method of DENSO as Fujiwara provides a detailed set of specifics for unauthorized access detection expanding the capabilities of DENSO’s abnormality detection. 

As Per Claim 7: The rejection of claim 1 is incorporated and further DENSO does not explicitly teach the following limitation however Fujiwara in analogous art does teach the following limitation:
- the switch device acquires validation data for stored data from the function unit, and validates the function unit by using the acquired validation data.
	(Fujiwara, Paragraph [0037], ”Various embodiments according to the invention will be described hereinafter with reference to the accompanying drawings. In general, according to one embodiment of the invention, there is provided a network monitoring apparatus which is configured to monitor a network to which nodes are connected, the network monitoring apparatus comprising: an unauthorized node determination module configured to determine whether a sender node which transmits an address resolution protocol request packet is an unauthorized node, based on a sender physical address in the address resolution protocol request packet, in response to the reception of the address resolution 
	It would have been an obvious variation readily applied with expectations of success to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Fujiwara in to the method of DENSO as Fujiwara provides a detailed set of specifics for unauthorized access detection expanding the capabilities of DENSO’s abnormality detection. 

As Per Claim 8: The rejection of claim 1 is incorporated and further DENSO does not explicitly teach the following limitation however Fujiwara in analogous art does teach the following limitation:
- the switch device acquires authentication data for stored data from the function unit, and validates the function unit by using the acquired authentication data.
	(Fujiwara, Paragraph [0037], ”Various embodiments according to the invention will be described hereinafter with reference to the accompanying drawings. In general, according to one embodiment of the invention, there is provided a network monitoring apparatus which is configured to monitor a network to which nodes are connected, the network monitoring apparatus comprising: an unauthorized node 
	It would have been an obvious variation readily applied with expectations of success to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Fujiwara in to the method of DENSO as Fujiwara provides a detailed set of specifics for unauthorized access detection expanding the capabilities of DENSO’s abnormality detection. 

As Per Claim 9: Claim 9 is substantially a restatement of the on-vehicle communication system of claim 1 as a device and is rejected under substantially the same reasoning.

As Per Claim 10: DENSO teaches: A validation method to be performed in an on-vehicle communication system, the on-vehicle communication system including a plurality of function units and one or a plurality of switch devices, each switch device being configured to perform a relay process of relaying communication data between the function units, the validation method comprising the steps of:
	(DENSO, Paragraph [0013], ”Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings. The communication system 2 shown in FIG. 1 is mounted on a vehicle, and includes a gateway electronic control unit (GW-ECU) 10, a gateway electronic control unit ("GW-ECU") 60, and a ECU110,130,210,230,250 1, and a communication system 1 shown in FIG. 1-1. The microcomputer provided with GWECU10,60, ECU110,130,210,230,250 , CPU,RAM,ROM , an input/output interface, etc. is mounted.”).
	(DENSO, Paragraph [0023], ”As shown in FIG. 2, the GW-ECU 10 includes an Ethernet switch 20, a CAN port 30, and a control unit 40. The Ethernet switch 20 includes a plurality of Ethernet ports 22 and a switch relay control unit 24. A corresponding ECU 110 is connected to each Ethernet port 22 via an Ethernet bus 300.”).
	(DENSO, Paragraph [0025], ”Here, a process of the switch relay control unit 24 when data is transmitted from the ECU 110 of the Ethernet 100 to the ECU 130 of the Ethernet 120 will be described. When the Ethernet bus 320 is normal, the switch relay control unit 24 is provided. In order to transmit data to the ECU 130 corresponding to the IP address of the destination on the basis of the relay path table for normal use, the Ethernet bus 320 determines the Ethernet port to which the data is to be transmitted next and the Ethernet port 22 connected to the Ethernet bus 320. The switch relay control unit 24 transmits data from the determined Ethernet port 22 to the GW-ECU 60 via the Ethernet bus 320.”).
	(DENSO, Paragraph [0026], ” When an Ethernet bus 320 is abnormal, a switch relay control part 24 transmits data to an ECU 130 corresponding to an IP address of a destination on the basis of a relay route table for an abnormality in an Ethernet bus 320. Next, an internal port (not shown) of an Ethernet switch 20 connected to the control unit 40 of the GW-ECU 10 is determined as a port to which data is to be transmitted.”).

DENSO does not explicitly teach the following limitation however Fujiwara in analogous art does teach the following limitation:
- acquiring, performed by the switch device, a detection result of unauthorized communication performed by a function unit;
- transmitting, performed by the switch device, a confirmation request to a function unit serving as a communication counterpart of an unauthorized-communication function unit that is the function unit for which the unauthorized communication has been detected; and
- transmitting to the switch device, performed by the function unit serving as the communication counterpart of the unauthorized-communication function unit, response information to the confirmation request.
	(Fujiwara, Paragraph [0037], ”Various embodiments according to the invention will be described hereinafter with reference to the accompanying drawings. In general, according to one embodiment of the invention, there is provided a network monitoring apparatus which is configured to monitor a network to which nodes are connected, the network monitoring apparatus comprising: an unauthorized node determination module configured to determine whether a sender node which transmits an address resolution protocol request packet is an unauthorized node, based on a sender physical address in the address resolution protocol request packet, in response to the reception of the address resolution protocol request packet; a spoofed address resolution protocol request transmission module configured to transmit a spoofed address resolution protocol request packet which includes a physical address of the network monitoring apparatus as a sender physical address and a network address of the unauthorized node as a sender network address to a target node corresponding to a target network address in the received address resolution protocol request packet if the sender node is an unauthorized node; and a spoofed address resolution protocol reply transmission module configured to transmit to the unauthorized node a spoofed address resolution protocol reply packet which includes a predetermined physical address other than the physical address of the target node as a sender physical address and a network address of the target node as a sender network address, in response to the reception of an address resolution protocol reply packet transmitted from the target node with respect to the spoofed address resolution protocol request packet.”).
	It would have been an obvious variation readily applied with expectations of success to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Fujiwara in to the method of DENSO as Fujiwara provides a detailed set of specifics for unauthorized access detection expanding the capabilities of DENSO’s abnormality detection. 

As Per Claim 11: Claim 11 is substantially a restatement of the on-vehicle communication system of claim 1 as a method and is rejected under substantially the same reasoning.

As Per Claim 12: Claim 12 is substantially a restatement of the on-vehicle communication system of claim 1 as a non-transitory computer readable storage medium and is rejected under substantially the same reasoning.

Additional cited Prior Art
United States Patent Application Publication No.: US 2020/0244442 A1 (ZEH et al.) and United States Patent Application Publication No.: US 2019/0182267 A1 (Aher et al.) teach additional facets of methods for securing a vehicle mounted networks relevant to the field of endeavor.

Conclusion

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BENJAMIN A KAPLAN/Examiner, Art Unit 2434