DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This office action is a response to an application filed 12/09/2020 wherein claims 1 – 20 are pending and ready for examination.  

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 03/09/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 17 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.  Claim 17 asserts a method but there are no steps, processes, or sequential processes that define the meets and bounds of the claim.  Claim 17 refers to claim 16 that incorporate the steps of identifying, determining, and confirming based on the comparisons.  Per MPEP 2173.05(q) attempts to claim a process without setting forth any steps involved in the process raises an issue of indefiniteness.  Corrections are required.

Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.


Claims 1-14 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Black; Alistair et al, US 20180048674 A1, February 15, 2018 hereafter referred to as Black
in view of Coester; Marcus et al, US 20200164900 A1, May 28, 2020 hereafter referred to as Coester, in further view of Luckevich; Keigo et al. US 20220019661 A1, January 20, 2022, hereafter referred to as Luckevich.

             As to claim 1, Black teaches an air-gap device for cyber isolating mobility systems when a vehicle is in motion – Black [0342 and 0340] since at ‘342 In the instantiation of a routing system such as second routing system 6206 on a vehicle, the routing system is not directly connected either to the public network or to the vehicle systems, relying instead on the air gap structure and associated decoupled dual-data channel data diode structure since at ‘340 …  A core functionality of the set of routing systems is to block any ECU-related commands or critical vehicle system commands from reaching the ECU if these commands have been received via the public network while the vehicle is in motion.  Here, the claimed ‘air gap device’ is taught by Black as ‘decoupled dual-data channel data diode structure’ as the air gap structure), the air-gap device comprising:
            a housing comprising a plurality of input ports and a plurality of output ports – Black [0315] …  First routing system 6204 forwards the (encrypted) request to a second routing system 6206 via a first unidirectional data channel 6216 associated with a firebreak 6212. First unidirectional data channel 6216 is denoted by a diode symbol in FIG. 62.  Here, the claimed ‘housing’ is taught by Black as ‘firebreak 6212’), 
                    wherein the plurality of input ports comprise connections to a secure gateway – Black [0315] …  first routing system 6204 may include a request server and a response server (similar to FIG. 44), as described herein. First routing system 6204 forwards the (encrypted) request to a second routing system 6206 via a first unidirectional data channel 6216 associated with a firebreak 6212. First unidirectional data channel 6216 is denoted by a diode symbol in FIG. 62.  Here, the claimed ‘secure gateway’ is taught by Black as ‘routing system 6204’ because the system is in a secure perimeter), 
                    at least one pair of terminal contacts - Black [0315] … First unidirectional data channel 6216 is denoted by a diode symbol in FIG. 62),
                     wherein the at least one pair of terminal contacts comprise a first terminal contact – Black [0315] … First unidirectional data channel 6216 is denoted by a diode symbol in FIG. 62. Here, the claimed ‘first terminal contact’ is taught by Black as ‘diode symbol 6216’ and a second terminal contact – Black [0317] … Second unidirectional data channel 6214 is denoted by a diode symbol in FIG. 62. Here, the claimed ‘second terminal contact’ is taught by Black as ‘diode symbol 6214’); and 
         an air gap embedded in the housing – Black [0315] …  First routing system 6204 forwards the (encrypted) request to a second routing system 6206 via a first unidirectional data channel 6216 associated with a firebreak 6212. First unidirectional data channel 6216 is denoted by a diode symbol in FIG. 62.  Here, the claimed ‘housing’ is taught by Black as ‘firebreak 6212’),
                wherein the air gap is closed when the first terminal contact is in contact with the second terminal contact – Black [0283] Analogous to its electrical counterpart, data diode 5802 allows information flow only in one direction, with data flow in the opposite direction being blocked, and 
                wherein the air gap is open when the first terminal is not in contact with the second terminal contact – Black [0283] … A direction of permitted data flow 5804 shows an allowed direction of data flow by data diode 5802. On the other hand, data diode 5802 blocks any reverse flow of data as indicated by a blocked direction of reverse data flow 5806, with blocking depicted by a blocked symbol 5808. A key aspect of data diode 5802 is that a data package passes from one side to the other, and in only one direction. There is no protocol or high level intelligence in communication from one side to the other. In fact neither side of data diode 5802 has any information about the other side at all. Thus if a hacker controls one side of data diode 5802 they have no way to learn about the other side. Here, the claimed ‘air gap is closed’ is taught by Black as ‘a blocked direction’ whereas the claimed ‘air gap is opened’ is taught by Black as ‘an allowed direction’), BLACK DOES NOT TEACH 
              wherein the air-gap device is instructed to open the air gap when the vehicle is determined to be in motion or about to be in motion HOWEVER IN AN ANALAGOUS ART THA IS DIRECTED TO THE SAME FIELD OF ENDEAVOR COESTER TEACHES
              wherein the air-gap device is instructed to open the air gap when the vehicle is determined to be in motion or about to be in motion - Coester [0130] When vehicle (1BC′) passes the position of section isolation valve (17BC″), vacating subsection (SUB2), atmospheric valve (18BC′″) is commanded immediately to open and atmospheric valve (18BC′) and section isolation valve (17BC″) are commanded to shut, after which vehicle (1BC′) now moves exclusively in subsection (SUB3), leaving subsection (SUB2) free to combine with subsection (SUB1). At this moment, atmospheric valve (18BC″) and section isolation valve (17BC′) are commanded to open so that vehicle (1BC) can safely ingress in subsection (SUB2), now under exclusive action of power propulsion unit (10B), since in the regime phase only one power propulsion unit is made necessary. Here, the claimed ‘air gap’ is taught by Coester as ‘isolation value 17BC’.  THE COMBINATION OF BLACK AND COESTER DO NOT TEACH and 
            wherein the plurality of output ports comprise connections to one or more mobility Electronic Control Units (ECUs); HOWEVER IN AN ANALAGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR LUCKEVICH TEACHES and 
            wherein the plurality of output ports comprise connections to one or more mobility Electronic Control Units (ECUs) - Luckevich [0067] FIG. 5 illustrates a system 500 including example vehicle 550 and various ECUs included in vehicle 550. This illustration is intended to provide the reader with an idea of how many and what types of ECUs may be included in a modern vehicle. Many, if not all of these ECUs, may be controlled in part or fully be another vehicle, a NOC, or other devices. Thus, it would have been recognized by one of ordinary skill in the art that applying the known technique of opening and closing airgaps based on vehicle motion as taught by Coester to the routing system of Black would have yielded predicable results and resulted in an improved router, namely, a router that would positively isolate the ECUs from external devices based on the technique of Coester as applied to the airgap embedded in Blacks routers. It would have been further recognized by one of ordinary skill in the art before the effective filing date of the claimed invention that the combination of Black and Coester would benefit from Lukevich’s plurality of ECUs each providing discreet functions and data to Blacks routing system enabling Black router system to distinguish between various vehicle systems/ECUs for greater security and control).


           As to claim 2, the combination of Black Coester, and Luckevich teaches the air-gap device of claim 1, 
          wherein the air-gap device is located between the secure gateway and the one or more mobility ECUs – Black [0328] FIG. 65 is a block diagram depicting an embodiment of a communication interface 6500. In some embodiments, communication interface 6500  includes an ECU interface 6502 that is configured to allow a routing system associated with communication interface 6500 to interface with an engine control unit (ECU) associated with vehicle 6210),
          wherein the gateway device is connected to one or more infotainment ECUs, one or more Body ECUs, one or more Telematics ECUs, or on-board diagnostics of the vehicle – Luckevich [0154] … The ECUs 23 are electronic control devices that implement respective functions. The ECUs 23 may be not limited to particular ones. Examples of ECU 23 include travel system electronic control devices controlling an engine, a steering wheel, a brake, and the like), and
           wherein the one or more mobility ECUs comprises one or more powertrain ECUs, one or more chassis ECUs, and one or more advance driver-assistance systems (ADAS) ECUs – Luckevich [0154] … Examples of ECU 23 include travel system electronic control devices controlling an engine). The rationale for Black to consider the features of Luckevich in claim 1 apply here in claim 2).

            As to claim 3, the combination of Black, Coester, and Luckevich teaches the air-gap device of claim 2,
               wherein the gateway device obtains a vehicle status of the vehicle, the vehicle status indicating whether the vehicle is in motion – Black [0341] … The set of routing systems can also be interfaced to receive real-time vehicle sensor data such as data from accelerometers, gyroscopes, engine RPM monitors and so on. This will allow the set of routing systems to detect whether the vehicle is in motion).

           As to claim 4, the combination of Black, Coester, and Luckevich teaches the air-gap device of claim 3,
            wherein the one or more mobility ECUs are a plurality of mobility ECUs - Black [0341] The vehicle systems interface includes interfaces to the public network, any available mobile devices, as well as the vehicle systems (including the ECUs. Here, the claimed ‘identifying’ is taught by Black as ‘interfaces’ because access parameters are exchanged via the interface permitting the function of identification whereas the claimed  ‘plurality of mobility ECUs’ is taught by Black as ‘vehicle systems’ because these systems include a plurality of ECUs), and wherein the plurality of mobility ECUs:
                  determine a status of the air-gap device – Black [0250] … These log files include not only routine transactional information and the operational status history of routing system 4608, but may also include machine learning algorithms to detect and identify any unauthorized hacking events or attack attempts. These log files are accessible to the administrator via routing system 4618, and can be analyzed to update the security rules enforced by routing system 4608.   Here, the claimed ‘air-gap device’ is taught by Black as ‘routing system 4608’), the status indicating whether the air-gap device is in a secured state – Black [0250] … These log files include not only routine transactional information and the operational status history of routing system 4608),
                  identify a plurality of mobility parameters corresponding to the plurality of mobility ECUs - Black [0328] … the routing system associated with communication interface 6500 may be configured to passively read (monitor) data or “listen” to data associated with the ECU), and 
                  determine a mobility state from the plurality of mobility parameters – Black [0346] … A three-way authentication process involving the vehicle systems, the automaker's remote server and the user's mobile device (all of which run a version of the routing system and associated symbolic https protocols) can be used to ensure that these strict security rules are enforce.  Here, the claimed ‘mobility parameters’ are taught by Black as ‘https protocols’).

             As to claim 5, the combination of Black, Coester, and Luckevich teaches the air-gap device of claim 4, 
             wherein the plurality of mobility ECUs:
              confirm whether the vehicle is in motion – Black [0346] … For example, a routing system may prohibit and firmware upgrade unless the vehicle is stationary and the parking brake is engaged),
               confirm a connectivity level requirement based on the comparison of the mobility state and the status of the air-gap device – Black [0250] These log files are accessible to the administrator via routing system 4618, and can be analyzed to update the security rules enforced by routing system 4608, for example. The log files thus generated by routing system 4608 are important sources of information for the administrator to update the lookup tables and security rules associated with routing system 4608 to keep ahead of and to deter any nefarious activity),
             determine a security level requirement based on the connectivity level requirement – Black [0131] The routing system can be made even more intelligent if it “learns” more about the user over time in order to detect changes in “behavior” during the authentication process. Further, because of the level of security of the connection due to the routing system 1102 isolation from the public network, this authentication information is much less likely to be exposed to hackers which would make the questions less useful in evaluating the user. Here, the claimed ‘determine’ is taught by Black as ‘authentication process’ because this process provides the analysis for access), and 
          generate an air-gap instruction indicating whether to enable the air gap or to disable the air gap based on the security level requirement determined – Black [0249]  Routing system 4618 is configured to receive commands or instructions (rather than requests) from an administrator, represented by an admin block 4612. … Routing system 4618 and routing system 4608 communicate via a bidirectional communications channel 4620. Bidirectional communications channel 4620 may be implemented, for example, using a parallel port connection or a Wi-Fi link so long as that connection is confined to the secure area and does not allow a route out to the public network (which would compromise the security of the system).  Here, the claimed ‘air-gap instruction’ is taught by Black as ‘commands’ issued to the routing system from the administrator whereas the claimed ‘disable’ is taught by Black as ‘does not allow’ as this action is functionally akin to disablement).
           
            As to claim 7, the combination of Black, Coester, and Luckevich teaches the air-gap device of claim 5,
           wherein the plurality of mobility ECUs coordinate generating the air-gap instruction with one or more additional authentication systems – Black [0259] At 5106, the second set of routing systems validates the request by performing, for example, authentication functions. The request may be encoded in a Base 64 format as discussed earlier, and the second set of routing systems may have a corresponding Base 64 decoding table that it can use to decode the request. Assuming that the request is a valid request and that the request has passed all security checks (conditions for handling invalid requests are discussed subsequently), the second set of routing systems, at 5108, retrieves the requested data from the secure system).

          As to claim 8, Black teaches a system for cyber isolating mobility systems – Black [0009] FIG. 4 is a block diagram depicting an embodiment of a routing system that uses an additional authentication channel for user authentication.  Here, the claimed ‘cyber isolating’ is taught by Black as ‘routing system’ because the router includes the diode structure that functions as an air-gap taught by Black at least at [0070] using three airgaps in Figure 61) when a vehicle is in motion  – Black [0340] A core functionality of the set of routing systems is to block any ECU-related commands or critical vehicle system commands from reaching the ECU if these commands have been received via the public network while the vehicle is in motion, the system comprising:
          a gateway device connected to one or more infotainment Electronic Control Units (ECUs), one or more Body ECUs, one or more Telematics ECUs, or on-board diagnostics of the vehicle – Black [0328] FIG. 65 is a block diagram depicting an embodiment of a communication interface 6500. In some embodiments, communication interface 6500  includes an ECU interface 6502 that is configured to allow a routing system associated with communication interface 6500 to interface with an engine control unit (ECU) associated with vehicle 6210.  Here, the claimed ‘gateway device’ is taught by Black as ‘routing system’ as the routing system whereas the claimed ‘connected’ is taught by Black as ECU interface 6502’ because this interface provides the connection);              a housing comprising a plurality of input ports and a plurality of output ports – Black [0315] …  First routing system 6204 forwards the (encrypted) request to a second routing system 6206 via a first unidirectional data channel 6216 associated with a firebreak 6212. First unidirectional data channel 6216 is denoted by a diode symbol in FIG. 62.  Here, the claimed ‘housing’ is taught by Black as ‘firebreak 6212’), 
                     wherein the plurality of input ports comprise connections to a secure gateway – Black [0315] …  first routing system 6204 may include a request server and a response server (similar to FIG. 44), as described herein. First routing system 6204 forwards the (encrypted) request to a second routing system 6206 via a first unidirectional data channel 6216 associated with a firebreak 6212. First unidirectional data channel 6216 is denoted by a diode symbol in FIG. 62.  Here, the claimed ‘secure gateway’ is taught by Black as ‘routing system 6204’ because the system is in a secure perimeter), and
                    wherein the plurality of output ports comprise connections to the one or more mobility ECUs, at least one pair of terminal contacts,
                    wherein the at least one pair of terminal contacts comprise a first terminal contact – Black [0315] … First unidirectional data channel 6216 is denoted by a diode symbol in FIG. 62. Here, the claimed ‘first terminal contact’ is taught by Black as ‘diode symbol 6216’ and a second terminal contact – Black [0317] … Second unidirectional data channel 6214 is denoted by a diode symbol in FIG. 62. Here, the claimed ‘second terminal contact’ is taught by Black as ‘diode symbol 6214’); and
            an air gap embedded in the housing – Black [0315] …  First routing system 6204 forwards the (encrypted) request to a second routing system 6206 via a first unidirectional data channel 6216 associated with a firebreak 6212. First unidirectional data channel 6216 is denoted by a diode symbol in FIG. 62.  Here, the claimed ‘housing’ is taught by Black as ‘firebreak 6212’), 
              wherein the air gap is closed when the first terminal contact is in contact with the second terminal contact – Black [0283] Analogous to its electrical counterpart, data diode 5802 allows information flow only in one direction, with data flow in the opposite direction being blocked), and wherein the air gap is open when the first terminal is not in contact with the second terminal contact – Black [0283] … A direction of permitted data flow 5804 shows an allowed direction of data flow by data diode 5802. On the other hand, data diode 5802 blocks any reverse flow of data as indicated by a blocked direction of reverse data flow 5806, with blocking depicted by a blocked symbol 5808. A key aspect of data diode 5802 is that a data package passes from one side to the other, and in only one direction. There is no protocol or high level intelligence in communication from one side to the other. In fact neither side of data diode 5802 has any information about the other side at all. Thus if a hacker controls one side of data diode 5802 they have no way to learn about the other side. Here, the claimed ‘air gap is closed’ is taught by Black as ‘a blocked direction’ whereas the claimed ‘air gap is opened’ is taught by Black as ‘an allowed direction’), wherein the air-gap device is instructed to open the air gap when the vehicle is determined to be in motion or about to be in motion. BLACK DOES NOT TEACH 
              wherein the air-gap device is instructed to open the air gap when the vehicle is determined to be in motion or about to be in motion HOWEVER IN AN ANALAGOUS ART THA IS DIRECTED TO THE SAME FIELD OF ENDEAVOR COESTER TEACHES
              wherein the air-gap device is instructed to open the air gap when the vehicle is determined to be in motion or about to be in motion - Coester [0130] When vehicle (1BC′) passes the position of section isolation valve (17BC″), vacating subsection (SUB2), atmospheric valve (18BC′″) is commanded immediately to open and atmospheric valve (18BC′) and section isolation valve (17BC″) are commanded to shut, after which vehicle (1BC′) now moves exclusively in subsection (SUB3), leaving subsection (SUB2) free to combine with subsection (SUB1). At this moment, atmospheric valve (18BC″) and section isolation valve (17BC′) are commanded to open so that vehicle (1BC) can safely ingress in subsection (SUB2), now under exclusive action of power propulsion unit (10B), since in the regime phase only one power propulsion unit is made necessary. Here, the claimed ‘air gap’ is taught by Coester as ‘isolation value 17BC’.  THE COMBINATION OF BLACK AND COESTER DO NOT TEACH
one or more mobility ECUs, the one or more mobility ECUs comprising one or more powertrain ECUs, one or more chassis ECUs, and one or more advance driver- assistance systems (ADAS) ECUs, HOWEVER IN AN ANALAGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR LUCKEVICH TEACHES one or more mobility ECUs - Luckevich [0067] FIG. 5 illustrates a system 500 including example vehicle 550 and various ECUs included in vehicle 550. This illustration is intended to provide the reader with an idea of how many and what types of ECUs may be included in a modern vehicle), the one or more mobility ECUs comprising one or more powertrain ECUs - Luckevich [0047] a platoon controller 310, receives inputs from a number of sensors 330 on the tractor and/or one or more trailers or other connected units, and a number of actuator controllers 350 (also referred to as electronic control units or ECUs) arranged to control operation of the tractor's powertrain and other vehicle systems, one or more chassis ECUs - Luckevich [0031] … In some embodiments, a chassis ECU may control and/or monitor other ECUs such as an engine ECU, a brake ECU, etc), and one or more advance driver- assistance systems (ADAS) ECUs - Luckevich [0071] FIG. 5 also includes an electronic power steering ECU 528 to make steering more comfortable. Also, vehicle 550 may include a radar ECU 530, which may be part of an Advanced Driver-Assistance System (ADAS) ECU and/or in compliance with ISO 26262.  Thus, it would have been recognized by one of ordinary skill in the art that applying the known technique of opening and closing airgaps based on vehicle motion as taught by Coester to the routing system of Black would have yielded predicable results and resulted in an improved router, namely, a router that would positively isolate the ECUs from external devices based on the technique of Coester as applied to the airgap embedded in Blacks routers. It would have been further recognized by one of ordinary skill in the art before the effective filing date of the claimed invention that the combination of Black and Coester would benefit from Lukevich’s plurality of ECUs each providing discreet functions and data to Blacks routing system enabling Black router system to distinguish between various vehicle systems/ECUs for greater security and control).

            As to claim 9, the combination of Black, Coester, and Luckevich teaches the system of claim 8, wherein the air gap device is located between the secure gateway and the one or more mobility ECUs – Black [0328] FIG. 65 is a block diagram depicting an embodiment of a communication interface 6500. In some embodiments, communication interface 6500 includes an ECU interface 6502 that is configured to allow a routing system associated with communication interface 6500 to interface with an engine control unit (ECU) associated with vehicle 6210)..

          As to claim 10, claim 10 is a system that is directed to the air-gap device of claim 3.  Therefore, claim 10 is rejected for the reasons as set forth in claim 3.

          As to claim 11, claim 11 is a system that is directed to the air-gap device of claim 4.  Therefore, claim 10 is rejected for the reasons as set forth in claim 4.

         As to claim 12, claim 12 is a system that is directed to the air-gap device of claim 5.  Therefore, claim 12 is rejected for the reasons as set forth in claim 5.

         As to claim 13, claim 13 is a system that is directed to the air-gap device of claim 6.  Therefore, claim 13 is rejected for the reasons as set forth in claim 6.

         As to claim 14, claim 14 is a system that is directed to the air-gap device of claim 7.  Therefore, claim 14 is rejected for the reasons as set forth in claim 7.


Claims 15-20 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Black; Alistair et al, US 20180048674 A1, February 15, 2018 hereafter referred to as Black
in view of Coester; Marcus et al, US 20200164900 A1, May 28, 2020 hereafter referred to as Coester,

          As to claim 15, Black teaches a method for isolating mobility systems - Black [0010] FIG. 5 is a flow diagram depicting an embodiment of a method for using the routing system to service a user request to access a secure database) when a vehicle is in motion - Black [0340] A core functionality of the set of routing systems is to block any ECU-related commands or critical vehicle system commands from reaching the ECU if these commands have been received via the public network while the vehicle is in motion, the method comprising:
           obtaining, by a gateway device, a vehicle status of the vehicle, the vehicle status indicating whether the vehicle is in motion or about to be in motion – Black [0340] Using routing system-based approaches for automobile security as described herein fundamentally focuses on instantiating one or more routing systems between the vehicle systems and any available interface to the public network as shown, for example, in FIG. 69. ... A core functionality of the set of routing systems is to block any ECU-related commands or critical vehicle system commands from reaching the ECU if these commands have been received via the public network while the vehicle is in motion); determining, by a plurality of mobility Electronic Control Units (ECUs), a status of an air- gap device, – Black [0250] … These log files include not only routine transactional information and the operational status history of routing system 4608, but may also include machine learning algorithms to detect and identify any unauthorized hacking events or attack attempts. These log files are accessible to the administrator via routing system 4618, and can be analyzed to update the security rules enforced by routing system 4608.   Here, the claimed ‘air-gap device’ is taught by Black as ‘routing system 4608’), the status indicating whether the air-gap device is in a secured state – Black [0250] … These log files include not only routine transactional information and the operational status history of routing system 4608); confirming, by the plurality of mobility ECUs, whether the vehicle is in motion – Black [0346] … For example, a routing system may prohibit and firmware upgrade unless the vehicle is stationary and the parking brake is engaged); confirming, by the plurality of mobility ECUs, a connectivity level requirement based on the vehicle status – Black [0250] These log files are accessible to the administrator via routing system 4618, and can be analyzed to update the security rules enforced by routing system 4608, for example. The log files thus generated by routing system 4608 are important sources of information for the administrator to update the lookup tables and security rules associated with routing system 4608 to keep ahead of and to deter any nefarious activity); determining a security level requirement based on the connectivity level requirement – Black [0131] The routing system can be made even more intelligent if it “learns” more about the user over time in order to detect changes in “behavior” during the authentication process. Further, because of the level of security of the connection due to the routing system 1102 isolation from the public network, this authentication information is much less likely to be exposed to hackers which would make the questions less useful in evaluating the user. Here, the claimed ‘determine’ is taught by Black as ‘authentication process’ because this process provides the analysis for access.  BLACK DOES NOT TEACH and generating an air gap instruction indicating whether to enable the air gap or to disable the air gap based on the security level requirement determined, HOWEVER IN AN ANALAGOUS ART COSETER TEACHES and generating an air gap instruction indicating whether to enable the air gap or to disable the air gap – Coester [0130] When vehicle (1BC′) passes the position of section isolation valve (17BC″), vacating subsection (SUB2), atmospheric valve (18BC′″) is commanded immediately to open and atmospheric valve (18BC′) and section isolation valve (17BC″) are commanded to shut, after which vehicle (1BC′) now moves exclusively in subsection (SUB3), leaving subsection (SUB2) free to combine with subsection (SUB1). At this moment, atmospheric valve (18BC″) and section isolation valve (17BC′) are commanded to open so that vehicle (1BC) can safely ingress in subsection (SUB2), now under exclusive action of power propulsion unit (10B), since in the regime phase only one power propulsion unit is made necessary. Here, the claimed ‘air gap’ is taught by Coester as ‘isolation value 17BC’), based on the security level requirement determined - Black [0131] The routing system can be made even more intelligent if it “learns” more about the user over time in order to detect changes in “behavior” during the authentication process. Further, because of the level of security of the connection due to the routing system 1102 isolation from the public network, this authentication information is much less likely to be exposed to hackers which would make the questions less useful in evaluating the user. Here, the claimed ‘determine’ is taught by Black as ‘authentication process’ because this process provides the analysis for access. To provide the routing system of  Black software or logic for generating an air gap instruction indicating whether to enable the air gap or to disable the air gap would have been obvious to one of ordinary skill in the art, in view of the teachings of Coester, since all the claimed elements were known in the prior art and one skilled in the art could have combined the elements as claimed by known methods (i.e. prior art element (s)) with no change in their respective functions, and the combination would have yielded nothing more than predictable results to one of ordinary skill in the art before the effective filing date of the claimed invention, i.e., one skilled in the art would have recognized that the instruction set used in Coester would allow the routing system of Black an enhanced ability that includes  generating an air gap instruction indicating whether to enable the air gap or to disable the air gap as provided by Coester). 



          As to claim 16, the combination of Black and Coester teaches the method of claim 15, the method further comprising:
            identifying, by the plurality of mobility ECUs - Black [0328] … the routing system associated with communication interface 6500 may be configured to passively read (monitor) data or “listen” to data associated with the ECU), a plurality of mobility parameters corresponding to the plurality of mobility ECUs [0346] … A three-way authentication process involving the vehicle systems, the automaker's remote server and the user's mobile device (all of which run a version of the routing system and associated symbolic https protocols) can be used to ensure that these strict security rules are enforce.  Here, the claimed ‘mobility parameters’ are taught by Black as ‘https protocols’); 
          determining, by the plurality of mobility ECUs, a mobility state from the plurality of mobility parameters – Black [0346] … A three-way authentication process involving the vehicle systems, the automaker's remote server and the user's mobile device (all of which run a version of the routing system and associated symbolic https protocols) can be used to ensure that these strict security rules are enforce.  Here, the claimed ‘mobility parameters’ are taught by Black as ‘https protocols’); and 
            confirming, by the plurality of mobility ECUs, the connectivity level requirement – Black [0250] These log files are accessible to the administrator via routing system 4618, and can be analyzed to update the security rules enforced by routing system 4608, for example. The log files thus generated by routing system 4608 are important sources of information for the administrator to update the lookup tables and security rules associated with routing system 4608 to keep ahead of and to deter any nefarious activity) based on comparing the mobility state and the vehicle status – Black [0250] These log files are accessible to the administrator via routing system 4618, and can be analyzed to update the security rules enforced by routing system 4608, for example. The log files thus generated by routing system 4608 are important sources of information for the administrator to update the lookup tables and security rules associated with routing system 4608 to keep ahead of and to deter any nefarious activity).

             As to claim 17, the combination of Black and Coester teaches the method of claim 16, the air-gap device comprising: a housing comprising a plurality of input ports and a plurality of output ports – Black [0315] …  First routing system 6204 forwards the (encrypted) request to a second routing system 6206 via a first unidirectional data channel 6216 associated with a firebreak 6212. First unidirectional data channel 6216 is denoted by a diode symbol in FIG. 62.  Here, the claimed ‘housing’ is taught by Black as ‘firebreak 6212’), 
             wherein the plurality of input ports comprise connections to the secure gateway – Black [0315] …  first routing system 6204 may include a request server and a response server (similar to FIG. 44), as described herein. First routing system 6204 forwards the (encrypted) request to a second routing system 6206 via a first unidirectional data channel 6216 associated with a firebreak 6212. First unidirectional data channel 6216 is denoted by a diode symbol in FIG. 62.  Here, the claimed ‘secure gateway’ is taught by Black as ‘routing system 6204’ because the system is in a secure perimeter) and;
          at least one pair of terminal contacts - Black [0315] … First unidirectional data channel 6216 is denoted by a diode symbol in FIG. 62), 
           wherein the at least one pair of terminal contacts comprise a first terminal contact – Black [0315] … First unidirectional data channel 6216 is denoted by a diode symbol in FIG. 62. Here, the claimed ‘first terminal contact’ is taught by Black as ‘diode symbol 6216’) and a second terminal contact – Black [0317] … Second unidirectional data channel 6214 is denoted by a diode symbol in FIG. 62. Here, the claimed ‘second terminal contact’ is taught by Black as ‘diode symbol 6214’); 
          an air gap embedded in the housing – Black [0315] …  First routing system 6204 forwards the (encrypted) request to a second routing system 6206 via a first unidirectional data channel 6216 associated with a firebreak 6212. First unidirectional data channel 6216 is denoted by a diode symbol in FIG. 62.  Here, the claimed ‘housing’ is taught by Black as ‘firebreak 6212’),
                wherein the air gap is closed when the first terminal contact is in contact with the second terminal contact – Black [0283] Analogous to its electrical counterpart, data diode 5802 allows information flow only in one direction, with data flow in the opposite direction being blocked, and 
                wherein the air gap is open when the first terminal is not in contact with the second terminal contact – Black [0283] … A direction of permitted data flow 5804 shows an allowed direction of data flow by data diode 5802. On the other hand, data diode 5802 blocks any reverse flow of data as indicated by a blocked direction of reverse data flow 5806, with blocking depicted by a blocked symbol 5808. A key aspect of data diode 5802 is that a data package passes from one side to the other, and in only one direction. There is no protocol or high level intelligence in communication from one side to the other. In fact neither side of data diode 5802 has any information about the other side at all. Thus if a hacker controls one side of data diode 5802 they have no way to learn about the other side. Here, the claimed ‘air gap is closed’ is taught by Black as ‘a blocked direction’ whereas the claimed ‘air gap is opened’ is taught by Black as ‘an allowed direction’), BLACK DOES NOT TEACH 
              wherein the air-gap device is instructed to open the air gap when the vehicle is determined to be in motion or about to be in motion HOWEVER IN AN ANALAGOUS ART THA IS DIRECTED TO THE SAME FIELD OF ENDEAVOR COESTER TEACHES
              wherein the air-gap device is instructed to open the air gap when the vehicle is determined to be in motion or about to be in motion - Coester [0130] When vehicle (1BC′) passes the position of section isolation valve (17BC″), vacating subsection (SUB2), atmospheric valve (18BC′″) is commanded immediately to open and atmospheric valve (18BC′) and section isolation valve (17BC″) are commanded to shut, after which vehicle (1BC′) now moves exclusively in subsection (SUB3), leaving subsection (SUB2) free to combine with subsection (SUB1). At this moment, atmospheric valve (18BC″) and section isolation valve (17BC′) are commanded to open so that vehicle (1BC) can safely ingress in subsection (SUB2), now under exclusive action of power propulsion unit (10B), since in the regime phase only one power propulsion unit is made necessary. Here, the claimed ‘air gap’ is taught by Coester as ‘isolation value 17BC’.  THE COMBINATION OF BLACK AND COESTER DO NOT TEACH and 
            wherein the plurality of output ports comprise connections to one or more mobility Electronic Control Units (ECUs); HOWEVER IN AN ANALAGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR LUCKEVICH TEACHES and 
            wherein the plurality of output ports comprise connections to one or more mobility Electronic Control Units (ECUs) - Luckevich [0067] FIG. 5 illustrates a system 500 including example vehicle 550 and various ECUs included in vehicle 550. This illustration is intended to provide the reader with an idea of how many and what types of ECUs may be included in a modern vehicle. Many, if not all of these ECUs, may be controlled in part or fully be another vehicle, a NOC, or other devices.

           As to claim18, claim 18 is a method that is directed to the air-gap device of claim 2.  Therefore, claim 18 is rejected for the reasons as set forth in claim 2.

As to claim 20, claim 20 is a method that is directed to the air-gap device of claim 7.  Therefore, claim 20 is rejected for the reasons as set forth in claim 7.

Allowable Subject Matter
Claims 6 and 19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM B. JONES whose telephone number is (571) 272-9637.  The examiner can normally be reached on Mon - Fri., 7:00 a.m. to 3:00 p.m.  If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-272-3900.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
 /WILLIAM B JONES/Examiner, Art Unit 249106/16/2022

/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491