DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-3 and 9-10 are rejected under 35 U.S.C. 103 as being unpatentable over Atad et al. (US Publication 2018/0262466 A1) further in view of Galuta et al. (US Publication 2018/0300477 A1).
In regards to claims 1 and 9-10, Atad et al. (US Publication 2018/0262466 A1) teaches, an anomaly detection device in an in-vehicle network (see paragraph 52; a cyber threat may be identified based on the presence of anomalous or suspicious packets on an in-vehicle network) that includes a plurality of electronic control units (ECUs) (see figures 3, 4, 5, 6; compromised and non-compromised ECUs), a network, and the anomaly detection device, the anomaly detection device being located between the network and a first ECU included in the plurality of ECUs (see the intrusion detection and prevention system (IDPS) in figures 2 and 6 located between ECU and ETH switch), and comprising: a communication circuit; a processor; and at least one memory including at least one set of instructions that, when executed by the processor, causes the processor to perform operations including: receiving a message from the first ECU and transmitting the message to the network, and receiving a message from the network and transmitting the message to the first ECU, using the communication circuit (see figure 6, the transmission from ECU to ETH switch and the network beyond); and in the case where the message received by the communication circuit from the first ECU, causing the communication circuit not to transmit the message to the network (see figure 9 and paragraph 102; a system for securing an in-vehicle network in a vehicle includes a switch connected to at least two portions of the in-vehicle network (e.g., switch 300), and the system includes an IDPS unit (e.g., IDPS 200) adapted to identify a cyber threat based on messages received from the in-vehicle network. In some embodiments, the IDPS unit dynamically and/or automatically configures the switch according to the cyber threat; see figure 10 and paragraph 103, IDPS 200 determines some of the message received from switch 300 are related to a cyber threat. For example, a cyber threat is an event or situation whereby an ECU is compromised, e.g., controlled by malicious software installed thereon by a hacker. As shown by block 1020, a switch may be configured according to the cyber threat. For example, having identified a cyber threat related to an ECU being controlled by malicious software, IDPS 200 configures switch 300 to drop messages coming from the ECU).
In further regards to claims 1 and 9-10, Atad teaches, holding, in the at least one memory, a received list which is a list communication circuit has received from the network and transmitted to the first ECU; in the case where an ID of the message received by the communication circuit from the network is not included in the received ID list, adding the ID to the received ID list (see paragraph 58; model 147 or ruleset 225 may include a network specification enforcement layer or unit that may be designed and adapted to ensure that packets seen on the network are in accordance with a network's use-case specification. For example, this layer may include enforcing rules, criteria or other logic on gateway ports, VLAN, media access control (MAC) addresses, IP addresses, layer 4 (L4) ports and allowed application identifiers, e.g., a network layer may include rules related to SOME/IP service discovery, DoIP initiation and termination and the like). 
Atad however fails to teach, the memory storing in particularly an ID of the message.
Galula teaches, determining an anomalous message based on the id of the message (see paragraph 80; How critical messages of a same type as the anomalous message are to safe operation of the vehicle may be based on an optionally discrete or continuous, numerical criticality factor, also referred to as “criticality”, determined for the message. The message criticality may be a function of at least one or any combination of more than one of: an ID of the message; an ECU with which the message is associated; content of the message; a portion of in-vehicle network 60 (FIG. 1B) over which the message propagates; vehicle context; normative frequency of transmission of the message type of the anomalous message; and/or whether the message is classified as a black or gray list message).
Therefore it would have been obvious for one of ordinary skill in the art before the effective filing date of the present application to incorporate the specific us of message ID to further assist in detecting anomalies in in-vehicle system as taught by Galula into the teachings of Atad.  The motivation to do so would be to further protect vehicle sensors and provide safety to the sensors by filtering out malicious cyberattacks.
In regards to claim 2, Atad teaches, wherein, the operations further include, in the case where the ID of the message received by the communication circuit from the first ECU is included in the received ID list, isolating the first ECU from the network (see paragraph 66; upon or after identifying or determining that an ECU has been compromised (e.g., it is controlled by malicious software), switch 300 may, based on a configuration applied by IDPS 200 as further described herein, isolate the network segment that includes the compromised ECU from the rest of the network. For example, in order to isolate a network segment, switch 300 blocks the flow of packets to/from the network segment).
In regards to claim 3, Atad teaches, wherein, the operations further include, in the case where the communication circuit receives, from the network, anomalous ID information transmitted from a second ECU included in the plurality of ECUs and different from the first ECU, erasing the ID indicated by the anomalous ID information from the received ID list, the anomalous ID information indicating an ID that is anomalous (see paragraph 66; upon or after identifying or determining that an ECU has been compromised (e.g., it is controlled by malicious software), switch 300 may, based on a configuration applied by IDPS 200 as further described herein, isolate the network segment that includes the compromised ECU from the rest of the network. For example, in order to isolate a network segment, switch 300 blocks the flow of packets to/from the network segment).
Allowable Subject Matter
Claims 4-8 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Prior art Unagami et al. (US Publication 2017/0026386 A1) teaches, fraud detection in an in-vehicle network system (see figures 18 and 26).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAY P PATEL whose telephone number is (571)272-3086. The examiner can normally be reached M-F 9:30-6.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Faruk Hamza can be reached on 571-272-7969. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JAY P PATEL/Primary Examiner, Art Unit 2466