DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
Receipt is acknowledged of certified copies of papers required by 37 CFR 1.55.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-8 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
The claims are generally narrative and indefinite, failing to conform with current U.S. practice.  They appear to be a literal translation into English from a foreign document and are replete with grammatical and idiomatic errors.
It is recited in claim 1 of: “…detecting an intrusion signal in a difference signal by noise reduction technology and weak signal detection technology, ….” It is unclear how this is to be applied in the claim language, in view of the Applicant’s specification since the specification uses similar terminology.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-8 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Cain et al, U.S. Patent 9,380,070.

As per claim 1, it is taught of a method for detecting physical intrusion attack in industrial control system (a vehicle system, col. 2, lines 2-9) based on analysis of signals on serial communication (CAN) bus (col. 2, lines 41-49 and col. 3, lines 51-53), comprising steps of:
actively sending signals for detecting to a communication (CAN) bus via a bus (CAN) controller in a serial communication (CAN) bus network (col. 2, lines 41-55), sampling (col. 6, lines 43-46) and analyzing the signals on the communication bus by a monitoring device (col. 2, lines 59-67 and col. 3, lines 51-61), performing differential comparison with a standard signal stored in the monitoring device database, detecting an intrusion signal in a difference signal by noise reduction technology and weak signal detection technology (col. 2, lines 59-67 and col. 3, lines 51-61), and according to a detection result of the intrusion signal caused by an external device (col. 3, lines 48-61), effectively determining whether there is an external malicious device in the system, and determining whether the system is subjected to a physical intrusion attack (col. 3, lines 48-61).
As per claim 2, it is disclosed of a method for detecting physical intrusion attack in the industrial control system based on analysis of signals on serial communication bus, as recited in claim 1, specifically comprising steps of:
S1: monitoring a service condition of a serial communication bus in the industrial control system according to a set time period by the bus controller (col. 5, lines 12-29); if the communication bus is in an idle state (bus logic state, col. 2, lines 64-65), sending a detection signal once by the bus controller (col. 5, lines 12-29); if the communication bus is in a data transmission state, continuing to monitor and wait until the communication bus is in an idle state (bus logic state, col. 2, lines 64-65), and sending the detection signal once by the bus controller (col. 5, lines 12-29);
S2: performing sampling (col. 6, lines 43-46), receiving and protocol analysis on all communication signals (col. 3, lines 7-10) on the serial communication bus by the monitoring device deployed in the network (col. 5, lines 12-21);
1S3: analyzing signals after parsing and determine whether to start detecting physical intrusion attack in the industrial control system (col. 5, lines 12-29);
S4: comparing signal data received with standard signal data in the database of monitoring device to obtain a difference signal therebetween (col. 5, lines 21-29);
S5: detecting the intrusion signal on the difference signal (col. 5, lines 21-29); if the intrusion signal is detected in the difference signal, judging that the serial communication bus network of the industrial control system is subjected to the physical intrusion attack and continuing to execute S6 (col. 5, lines 21-29); if no intrusion signal is detected in the difference signal, judging that the serial communication bus network of the industrial control system is not subjected to the physical intrusion attack and continuing to monitor the bus to receive a next communication signal (col. 5, lines 12-29);
S6: according to a detection result of the intrusion signal, if the serial communication bus network of the industrial communication system is subjected to physical intrusion attack, reporting the detection result to the bus controller in the serial communication bus network, and making a quick judgment and an emergency response on the physical intrusion attack by the bus controller (col. 4, lines 6-11 and col. 5, lines 32-34).
As per claim 3, it is taught of a method for detecting physical intrusion attack in the industrial control system based on analysis of signals on serial communication bus, as recited in claim 1, wherein in the step S1, the detection signal is set according to a protocol specification (col. 3, lines 7-10) of the serial communication bus, and the detection signal is different from all normal communication signals in the digital sequence, and the detection signal is only capable of being identified and analyzed by a corresponding monitoring device in the serial communication bus network, and the other devices are not capable of responding to detection signals (col. 5, lines 12-29).
As per claim 4, it is disclosed of a method for detecting physical intrusion attack in the industrial control system based on analysis of signals on serial communication bus, as recited in claim 1, wherein the step S2 specifically comprises steps of: according to types of the serial 2communication bus in the industrial control system, performing protocol parsing on corresponding communication signals by adopting one corresponding protocol such as Modbus, CANBus, P-Net, ProfiBus, WorldFIP, ControlNet, FF or HART to obtain a digital signal sequence (col. 3, lines 7-10 and col. 5, lines 12-21).
As per claim 5, it is taught of a method for detecting physical intrusion attack in the industrial control system based on analysis of signals on serial communication bus, as recited in claim 1, wherein the step S3 specifically comprises steps of:
S301: performing consistency detection on the digital signal sequence parsed in the step S2 and the digital sequence of the detection signal, if the signal received is the detection signal, starting detecting the physical intrusion attack in the industrial control system, and performing a step S302; if the signal received is not a detection signal, then making no response (ignoring), and continuing monitoring the bus to receive the next communication signal (col. 3, lines 25-39);
S302: according to a consistency detection result between the signal received and the detection signal, continuing to determine whether the monitoring device receives the detection signal for a first time; if the signal database of the monitoring device is empty, storing the received signal data in the local database, and considering the signal is a standard signal under normal conditions of the system; if the signal data is already stored in the signal database of the monitoring device, continuing performing the step S4 (col. 3, lines 1-24).
As per claim 6, it is disclosed of a method for detecting physical intrusion attack in the industrial control system based on analysis of signals on serial communication bus, as recited in claim 1, wherein in the step S5, the intrusion signal is a definite signal added to an original detection signal sent by the bus controller caused by the physical intrusion attack, and the intrusion signal has the same period with the detection signal (col. 3, lines 51-61 and col. 5, lines 21-29).
As per claim 7, it is taught of a method for detecting physical intrusion attack in the industrial control system based on analysis of signals on serial communication bus, as recited in claim 1, wherein the step S5 specifically comprises steps of: S501: performing noise reduction processing on the difference signal data obtained in step S4; S502: by a weak signal detection technology, detecting and determining whether the intrusion signal exists in the difference signal according to a result of the weak signal detection (col. 2, lines 59-67 and col. 3, lines 51-61).
As per claim 8, it is disclosed of a method for detecting physical intrusion attack in the industrial control system based on analysis of signals on serial communication bus, as recited in claim 1, further comprising a step of: alerting a master station after receiving the detection signal of the physical intrusion attack by the bus controller (col. 4, lines 6-11).



Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Kamir et al, US 2020/0380131 is relied upon for disclosing of detecting malicious hardware on a vehicle data communication network by using low current injection, see paragraph 0219.
Walker et al, US 2017/0046301 is relied upon for disclosing of low signal levels and noise that are physical characteristics indicating potential tampering or intrusion, see paragraph 0102.
Cherukuri et al, US 2021/0279373 is relied upon for disclosing of detecting tampering based upon a resistance differential, see paragraph 0086.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER A REVAK whose telephone number is (571)272-3794. The examiner can normally be reached 5:30am - 3:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LYNN FEILD can be reached on 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
























/CHRISTOPHER A REVAK/Primary Examiner, Art Unit 2431